HiFlyer

An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak

Recommended Posts

Help AVSIM continue to serve you!
Please donate today!

I read that earlier, that's why it is always a good idea to create a system image regularly and have the drive  disconnect from your network. 

Share this post


Link to post

In another scare article I read, a Microsoft spokesperson provided the following comment:

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.”

I also use the Malwarebytes software.  Ransomware is a mess but I was able to help a friend remove the virus by following guides I found on the Internet.  But realistically, the best thing to do is to reformat your HDD and reinstall everything.  I keep a backup of My Documents and My Pictures folders on another drive because those drives are not damaged by Ransomware.

Best regards,

Jim

  • Upvote 1

Share this post


Link to post
38 minutes ago, Jim Young said:

I keep a backup of My Documents and My Pictures folders on another drive because those drives are not damaged by Ransomware.

My ex-girlfriend called me up a few months ago, frantic that years of family pictures and other important documents had been locked up by one of these. We were unable to save anything, and unfortunately the infection did indeed manage to spread to all of her drives and essentially lock up everything. It even encrypted a connected usb stick.

All gone.

By the way, the MS patch that should address the Eternal Blue infection is MS17-010

 

Share this post


Link to post

Ransomware does not spread to all of your drives unless it is the encryption ransomware.  My friends computer had the other type which just locks up your computer.  So, if you shutdown your system and reformat and reinstall everything, any other drives should not be harmed in any way.  What happened to your "ex-girlfriend's" (uh, sorry to hear it did not work out) computer was the more devious ransomware that encrypts your files.  Still, I would think that after reinstalling Windows on the main drive, you probably could find some software that could unencrypt the files on the other HDD's.

In any case, it's a nasty, nasty malware.

Best regards,

Jim

Share this post


Link to post
1 hour ago, Jim Young said:

Ransomware does not spread to all of your drives unless it is the encryption ransomware. 

Yup, the ransomware in the posted article that's causing the current issues (eternal blue) definitely encrypts your drives. The thing about these particular ransomwares is that the only real way to break the encryption seems to be to find an identical file that has not been encrypted, and then run a comparison software that may be able to find a key.

My ex was hoping that I had enough old pictures around that I might have a match for some of hers and thus be able to decrypt the drive she sent me, but sadly If absolutely all files have been encrypted and you have no unencrypted examples to be examined (I had no matching files since I gave everything to her) you really are up the creek without a paddle.

People on forums like this might have a slightly better chance since digging around in CFG files and whatnot may create a higher computer familiarity, but your average person would likely have no idea where to even begin to figure out how to address stuff like this.

Unfortunately.

Probably something that might be done is save important documents and photos to the web, but if this ever happens to me, I'm probably toast, since I trust "the cloud" about as far as I can throw it. :blush:

Share this post


Link to post

I was a victim of ransomware sometime ago and I was able to fix and unlock my computer. Rebooted in safe mode and searched for any files that had been added or modified on the day the attack took place. Once those files were deleted I rebooted normally and that got things back to normal. Not saying this will work for all ransomware but that help me get back to normal. Ransomware can be very frustrating that's for sure.

I should mention this attack was probably 10 years ago when ransomware was just making an appearance, I'm sure it has gotten a lot more sophisticated over the years!

 

Martin

Share this post


Link to post
1 hour ago, MartinRex007 said:

Ransomware can be very frustrating that's for sure.

I haven't been hit with a virus in years and years, but I'm the guy people bring their busted computers to.

I've sent out warnings to friends and family so hopefully I don't get drowned in pleas for help over the next few weeks.

Share this post


Link to post
1 hour ago, HiFlyer said:

Yup, the ransomware in the posted article that's causing the current issues (eternal blue) definitely encrypts your drives. The thing about these particular ransomwares is that the only real way to break the encryption seems to be to find an identical file that has not been encrypted, and then run a comparison software that may be able to find a key.

My ex was hoping that I had enough old pictures around that I might have a match for some of hers and thus be able to decrypt the drive she sent me, but sadly If absolutely all files have been encrypted and you have no unencrypted examples to be examined (I had no matching files since I gave everything to her) you really are up the creek without a paddle.

People on forums like this might have a slightly better chance since digging around in CFG files and whatnot may create a higher computer familiarity, but your average person would likely have no idea where to even begin to figure out how to address stuff like this.

Unfortunately.

Probably something that might be done is save important documents and photos to the web, but if this ever happens to me, I'm probably toast, since I trust "the cloud" about as far as I can throw it. :blush:

Uh, no.. what you're supposed to do is take reglar backups to a removable drive that you only connect to take the backup...

Share this post


Link to post
1 hour ago, MartinRex007 said:

I was a victim of ransomware sometime ago and I was able to fix and unlock my computer. Rebooted in safe mode and searched for any files that had been added or modified on the day the attack took place. Once those files were deleted I rebooted normally and that got things back to normal. Not saying this will work for all ransomware but that help me get back to normal. Ransomware can be very frustrating that's for sure.

I should mention this attack was probably 10 years ago when ransomware was just making an appearance, I'm sure it has gotten a lot more sophisticated over the years!

 

Martin

No, it won't and you were lucky. Had they done the "encrypt your files" attack, you would not have had access to those files anymore without paying...

Share this post


Link to post
43 minutes ago, Raven9000 said:

Uh, no.. what you're supposed to do is take reglar backups to a removable drive that you only connect to take the backup...

You realize that the vast majority of human beings have the one drive that comes with their machine, and never ever get more than that? The better option for them might be the cloud.

I myself have tons'o drives and my files are backed up and decentralized. but I also realize that's not the norm.

Share this post


Link to post

Don't keep anything on a computer that you can't afford to lose.

We live in a disposable society now. In the future this time period will be a big blank :) There will be no archaeology for anyone to find.

Share this post


Link to post

Cyber security is joke, it's a vast problem driven by user ignorance and fear. A vast majority of end users know absolutely nothing about what goes on beyond the monitor they are staring at! It's also a problem that is going to get much worse as the younger generation of computer savvy criminals realise that the large majority of their peers are living and working in blissful ignorance in a society that relies more and more on the power of cyberspace. If you want total protection from cyber attacks then don't connect to the Internet or at least train end users and make them aware that opening that unsolicited email might be a bad idea.

Share this post


Link to post
9 hours ago, HiFlyer said:

You realize that the vast majority of human beings have the one drive that comes with their machine, and never ever get more than that? The better option for them might be the cloud.

I myself have tons'o drives and my files are backed up and decentralized. but I also realize that's not the norm.

That might have been true 10 years ago. I p. This day, I don't know a single person who doesn't have a removable/portable drive, or a flash drive etc. 

Share this post


Link to post
6 hours ago, SierraHotel said:

Cyber security is joke, it's a vast problem driven by user ignorance and fear. A vast majority of end users know absolutely nothing about what goes on beyond the monitor they are staring at! It's also a problem that is going to get much worse as the younger generation of computer savvy criminals realise that the large majority of their peers are living and working in blissful ignorance in a society that relies more and more on the power of cyberspace. If you want total protection from cyber attacks then don't connect to the Internet or at least train end users and make them aware that opening that unsolicited email might be a bad idea.

All the reasons you cite is precisely why it is not a joke...

with your line of reasoning, medicine is a joke because thevast majority of people don't know how to eat right, take care of their bodies, etc...

Share this post


Link to post
3 hours ago, Raven9000 said:

That might have been true 10 years ago. I p. This day, I don't know a single person who doesn't have a removable/portable drive, or a flash drive etc. 

And that's the thing about computer savvy people: they tend to assume a certain level of knowledge in those around them and unfortunately that isn't necessarily true. When I worked at AT&T people started bringing me their computers when they had problems. 

At first I worked for free, because it was fun, and I thought it would be a temporary thing. After all, how many broken computers could there be in one building albeit one stuffed with hundreds of people.

Eventually my house became full of other people's computers, and I was charging $100 a pop, bringing in significant extra income. The flood started and it never ever stopped for literally years until I left the company.

Getting a glimpse of what people were really using in their homes, real people, not techies, was both informative and kind of horrifying.

Do you know how many people are using refurbished school computers? Ymca computers, hand-me-downs? Do you know how many people have not had working antivirus for years? How many people's computers take 20 minutes and more to boot up because there is so much random bloatware on the machine? How many times I have had to try and delete hundreds and hundreds of viruses on a single machine?

There is the world of techies, and there is the world that most of the rest of the planet inhabits.

Yes people have flash drives, maybe 4gig ones from Walmart. Not nearly enough to save years and years of memories, and honestly, non techies don't tend to think that way. For them, the computer works (grudgingly and slowly) and then suddenly they can't get on the web and have no intention of paying possibly hundreds to find out what's wrong.

Time to use a phone, or get a little tablet. Too bad about all those years of memories. Just goes to prove to them that computers are unreliable, slow, and suck.

By the way, that directly contributes to how many people have to go to libraries to get access to a working computer and the internet.

 

 

Share this post


Link to post

UPDATE: Crisis Averted?

 

 

Share this post


Link to post
4 hours ago, Raven9000 said:

All the reasons you cite is precisely why it is not a joke...

with your line of reasoning, medicine is a joke because thevast majority of people don't know how to eat right, take care of their bodies, etc...

Well that is actually true judging by the levels of obesity, heart failure etc World wide, and while medicine per say is not a joke, big pharma takes the p** constantly and leaves hundreds if not thousands dead in their wake.

  • Upvote 1

Share this post


Link to post

Well, I think our old friend Microsoft is clearly to blame. The MS OS is like a Swiss cheese and they keep on putting band aids on it instead of making it impossible to attack or at least reducing the risk significantly once and for all.

They have fixed the hole on Windows 10, but the fast majority of users have not upgraded.

Add to it the ignorance of many users that click on everything and anything they receive, you have the perfect storm. 

I am afraid this is only the beginning. Wait until they attack the infrastructures (power grid/essential services, etc) of the Western world and we will have a real problem on our hands, that will have a much larger and destructive impact.

 

Share this post


Link to post
1 hour ago, Silicus said:

I am afraid this is only the beginning. Wait until they attack the infrastructures (power grid/essential services, etc) of the Western world and we will have a real problem on our hands, that will have a much larger and destructive impact.

Wow!  Sounds like "Doomsday".  This malware has been around for some time in various forms.  Programs like Malwarebytes (payware version) will tell you if you are surfing someplace unsafe and I remember the one I got several years ago was a notice on my system that a problem existed on my computer and a security scan had to be conducted and the scan began.  Next thing I knew my system was locked up.  Was able to fix it myself though.  Whenever I get a security warning on my computer while surfing, I immediately shutdown my computer.  But now, that might be unnecessary as Microsoft says they have fixed the problem.

A good explanation of Ransomware is at the following link - https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

Best regards,

Jim

 

Share this post


Link to post

The thing about this "outbreak" is that it is affecting computers in Europe and Russia more than here.

The Russians are saying this was deliberate and in retaliation.

I would not doubt it.

Share this post


Link to post

Thank goodness for the "patch"

 

RJ

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now