WannaCry Ransomware attack: Your PC at risk

[Sirius_Bright]

Quote

ransomware

1. a type of malicious software designed to block access to a computer system until a sum of money is paid.

 

Quote

In the same way that bacteria mutate to become resistant to antibiotics, so has the WannaCry virus.

That malware was behind the massive ransomware attack that started Friday, hitting more than 150 countries and 200,000 computers, shutting down hospitals, universities, warehouses and banks.

The new ransomware demands 0.11943 bitcoin, or about $218. It uses all the same exploits as the WannaCry ransomware, including EternalBlue, a vulnerability first discovered by the NSA and leaked by the hacker group Shadow Brokers in April.

WannaCry takes advantage of a Windows flaw discovered by the NSA and made public by hackers in April. Microsoft (MSFT, Tech30) did release a patch for the vulnerability in March. But computers and networks that didn't update their systems were still at risk.

On Friday, a security researcher inadvertently created a "kill switch" to help stop the spread of this ransomware. However, a hacker could rewrite the code to omit the kill switch and start trying to infect new machines with a new version of it.

The worm is primarily impacting business, where it can spread quickly through a network to take down an entire company. Business take longer to install critical updates and patches, often to avoid impacting any legacy software they are running. But individuals with PCs running Windows should still take a few precautions.

Here are some preventive/precautionary measures:

1. Maintain updated Antivirus software on all systems.
2. Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.
3. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
4. Don't open attachments in unsolicited e-mails claiming to be from FedEx or similar organization (Most important), even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browser.
5. Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies.

https://www.cnet.com/news/wannacry-ransomware-patched-updated-virus-kill-switch/

http://money.cnn.com/2017/05/13/technology/ransomware-attack-protect-yourself/

[Ron_Burgundy]

I just received an email from security department and they were warning about same issue. 

[Sirius_Bright]

20 minutes ago, Ron_Burgundy said:

I just received an email from security department and they were warning about same issue. 

This one (WannaCry) is just one such attack. There were quite a few similar kinds in the past too. 

[Sirius_Bright]

I know dude behind this attack. @DigitalUmmahhas just cleared his Ethical hacking exam and now doing unethical things. Too bad dear. 

 

[DigitalUmmah]

22 minutes ago, Lover of Ahlulbait (ams) said:

I know dude behind this attack. @DigitalUmmahhas just cleared his Ethical hacking exam and now doing unethical things. Too bad dear. 

 

I can neither confirm nor deny this allegation.

In a totally unrelated matter, my "friend" is selling all the UK NHS patient data. PM if interested.

[hasanhh]

Starting Tuesday the 16th, the gov't and press are blaming the DPRK.

[Sirius_Bright]

On 2017-5-17 at 9:42 AM, hasanhh said:

Starting Tuesday the 16th, the gov't and press are blaming the DPRK.

Which government?

[Sirius_Bright]

I tried opening all unknown attachments on my office system today but no luck so far.

-Frustrated Employee

[hasanhh]

13 hours ago, Lover of Ahlulbait (ams) said:

Which government?

DPRK = Democratic Peoples' Republic of Korea = North Korea

 

RoK = Republic of Korea = South Korea

[hasanhh]

l posted this in another thread, yet this is more applicable here:

http://www.zdnet.com/article/how-almost-anyone-can-wiretap-the-internet/  date:23Nov15

In addition to computers and smartphones, https://www.wired.com/2017/03/medical-devices-next-security-nightmare/ 

And as SC has noted elsewhere:  loT  is advertised as the "lnternet of Things" but in reality is the "lnternet of Troubles"

[Sirius_Bright]

31 minutes ago, hasanhh said:

DPRK = Democratic Peoples' Republic of Korea = North Korea

 

RoK = Republic of Korea = South Korea

No. No. I know DPRK. I mean which govt is blaming. 

On 2017-5-17 at 9:42 AM, hasanhh said:

Starting Tuesday the 16th, the gov't and press are blaming the DPRK.

 

[hasanhh]

9 minutes ago, Lover of Ahlulbait (ams) said:

No. No. I know DPRK. I mean which govt is blaming. 

 

That was American news. NOW, if you search "ransomeware + blame" and you'll get "blame on ____" to include Microsoft (by a sociologist), the NSA, China, US(by Putin), hackers, ad nauseum .

For one short reference to the DPRK, http://www.dailymail.co.uk/news/article-4508736/North-Korea-global-cyber-hac.html 

[hasanhh]

8 hours ago, Lover of Ahlulbait (ams) said:

No. No. I know DPRK. I mean which govt is blaming. 

 

UPDATE: 7 hours later:

http://abcnews.go.com/Technology/wireStory/experts-question-north-korea-role-wannacry-cyberattack-47506652 

[Sirius_Bright]

Development: Decryption tool released. 

https://amp.thehackernews.com/thn/2017/05/wannacry-ransomware-decryption-tool.html

[Hameedeh]

Yesterday it was announced that there is a new strain of ransomware called Petya. From Symantec Official Blog:

https://www.symantec.com/connect/blogs/petya-ransomware-outbreak-here-s-what-you-need-know

From Norton:

How to deal with Ransomware:

1. Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
2. Be sure you are backing up your data on a regular basis. If you do become a victim of a ransomware attack, you will be able to restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
3. Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your coworkers receive suspicious calls.
4. Use reputable internet security software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of fake software out there.
5. Employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
6. Make sure that all systems and software are up-to-date with relevant patches. Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.
7. If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. Make sure you use a trustworthy Virtual Private Network (VPN) when accessing public Wi-Fi 

https://us.norton.com/internetsecurity-emerging-threats-what-to-know-petya-ransomware.html