1. Welcome to DNTrade. If you want to find out about the latest domain name industry news or talk, share, learn, buy, sell, trade or develop domain names - then you've come to the right place. It's a diverse and active community, with domain investors, web developers and online marketers - and it's free! Click here to join now.
    Dismiss Notice

Ransomware Outbreak

Discussion in 'General Chat' started by Suzabro, May 14, 2017.

  1. Suzabro

    Suzabro Administrator

    Joined:
    Jul 18, 2012
    Messages:
    530
    Likes Received:
    119
    Good reminder to update!

    Read More: http://www.abc.net.au/news/2017-05-...ak-in-history-hits-nearly-100-nations/8523102
     
    chris and Scott7 like this.
  2. Christopher

    Christopher Membership: Community

    Joined:
    Jun 13, 2014
    Messages:
    467
    Likes Received:
    178
    So its a little more complex. Its a rootkit worm, that takes advantage of a backdoor hack that Microsoft has in fact fixed back in March, the only problem is there are so many people still running XP, vista, version 7 and some copies of version 8 & 8.1 that the patch doesn't auto update on. These all are vulnerable. The worm spread by a payload in an email, quickly downloads malware that inturn ads a trojan which goes to work and encrypts the victims computer, blocks other things, then uses the internal email and mailbombs your email contacts with a email that looks un suspicious. It also runs network scans and can push payloads to other computers in the same network. This is why it has been wide spread. And fast acting.
    Things to know, the encryption goes beyond Windows, and has the potentiality to encrypt other attached and installed hard drives.
    Without the encryption keys data recovery is next to zero. Unlike other rootkit viruses, a boot disk wont restore the system.

    If you are still running an old version of windows, that obviously doesn't have updates, because they don't issue them for older systems anymore, then you need to either put linux on instead. Or Have your system in a sandbox, something like Comodo internet security suite creates a virtual container to work inside, and anything opened inside this can be blown away if gets out of control.
    I also would move all personal and important files to external removed drives.
     
  3. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,334
    Likes Received:
    1,508
    auDA Member:
    Yes
    when i read that i just have to think " did microsoft create it" ?
    surely its VERY advantageous for them to kill off old microsoft versions !

    tim
     
    Christopher likes this.
  4. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,334
    Likes Received:
    1,508
    auDA Member:
    Yes
  5. Christopher

    Christopher Membership: Community

    Joined:
    Jun 13, 2014
    Messages:
    467
    Likes Received:
    178
    I know what your saying, but apparently NSA had developed the hack tool for it, but other hackers, hacked NSA and released all their hack tools to the open market, including undisclosed vulnerabilities they failed to tell MSoft about.
     
    Blue Wren likes this.
  6. chris

    chris Administrator

    Joined:
    Mar 7, 2010
    Messages:
    2,250
    Likes Received:
    820
    auDA Member:
    Yes
    Interesting story, here's an excellent write up from a researcher in the UK that ended up slowing down the attack up by registering a domain:

    https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

    This highlights the importance that domains are critical infrastructure.
     
    Christopher likes this.
  7. Christopher

    Christopher Membership: Community

    Joined:
    Jun 13, 2014
    Messages:
    467
    Likes Received:
    178
  8. Christopher

    Christopher Membership: Community

    Joined:
    Jun 13, 2014
    Messages:
    467
    Likes Received:
    178
    Just to validate my thoughts that Comodo's internet security suite would sandbox the threat. Here is someone testing just that. Note mute the sound, its just an annoying music backing.
     
    Cherie Quin likes this.
  9. snoopy

    snoopy Membership: VIP

    Joined:
    Jul 14, 2010
    Messages:
    4,364
    Likes Received:
    1,630
    Just thinking the same thing.
     
    Christopher likes this.
  10. chris

    chris Administrator

    Joined:
    Mar 7, 2010
    Messages:
    2,250
    Likes Received:
    820
    auDA Member:
    Yes
    Cherie Quin and johno69 like this.
  11. Cherie Quin

    Cherie Quin Membership: Community

    Joined:
    Dec 17, 2016
    Messages:
    14
    Likes Received:
    7
    thanks guys that's really nasty
     
  12. Blue Wren

    Blue Wren Membership: VIP

    Joined:
    Jan 23, 2012
    Messages:
    909
    Likes Received:
    107
    N S A created a tool against an MS Windows exploit; then developed further by malcious people for neferious purposes.
     
  13. Christopher

    Christopher Membership: Community

    Joined:
    Jun 13, 2014
    Messages:
    467
    Likes Received:
    178
    This can still outbreak again. We tried updating old Vista computers, and the patches MS supplied didn't work. Infact no update works. The current payload looked for a particular domain, if it found that domain it stopped replicating and pushing out the payload. So the current fix was registering that domain. But when I say this could outbreak again, all the attackers would have to do is modify their code to not have it need to look for that domain name. It could simply not have an exit in its code. So it still could happen again in a weeks time. The question is how did it get opened in the first place. Where did it originate from first, have they tracked down who sent the first payload. And why did it out break in hospitals predominately. Why are these places using older systems.
     
  14. Blue Wren

    Blue Wren Membership: VIP

    Joined:
    Jan 23, 2012
    Messages:
    909
    Likes Received:
    107
    Tonnes of older equipment/machines that use PC's often run older OS'es. They are usually negleted.
     
    Christopher likes this.
  15. Rhythm

    Rhythm Membership: VIP

    Joined:
    Sep 25, 2008
    Messages:
    1,162
    Likes Received:
    118
    why on earth are you still running vista?!!
     
  16. Rhythm

    Rhythm Membership: VIP

    Joined:
    Sep 25, 2008
    Messages:
    1,162
    Likes Received:
    118
    qazwsxedc4er3d42wq1AzxSEDRW23Q14w32q1azxR5TW2Q1AZAfvhk/'[
    {/;pky4ewQA
     
  17. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,334
    Likes Received:
    1,508
    auDA Member:
    Yes
    backup, backup, backup
     
  18. Blue Wren

    Blue Wren Membership: VIP

    Joined:
    Jan 23, 2012
    Messages:
    909
    Likes Received:
    107
    ...and don't open / click on email attachments.
     
  19. Christopher

    Christopher Membership: Community

    Joined:
    Jun 13, 2014
    Messages:
    467
    Likes Received:
    178
    I have an old machine, not connected to the internet. With Legacy software on it. I use photoshop on, and other software on. The old hardware has prevented it been upgraded. The chipset on the mboard is in compatible with windows 10 so its impossible to do software upgrades further. Cost is a big factor in these descions. I have other machines that are up to date with current software. Just wanted to use the patches to keep them current, but even they don't work.
     
  20. snoopy

    snoopy Membership: VIP

    Joined:
    Jul 14, 2010
    Messages:
    4,364
    Likes Received:
    1,630
    Not worth paying to upgrade, I still use xp and vista.