An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak

[Raven9000 272]

9 hours ago, HiFlyer said:

You realize that the vast majority of human beings have the one drive that comes with their machine, and never ever get more than that? The better option for them might be the cloud.

I myself have tons'o drives and my files are backed up and decentralized. but I also realize that's not the norm.

That might have been true 10 years ago. I p. This day, I don't know a single person who doesn't have a removable/portable drive, or a flash drive etc. 

[Raven9000 272]

6 hours ago, SierraHotel said:

Cyber security is joke, it's a vast problem driven by user ignorance and fear. A vast majority of end users know absolutely nothing about what goes on beyond the monitor they are staring at! It's also a problem that is going to get much worse as the younger generation of computer savvy criminals realise that the large majority of their peers are living and working in blissful ignorance in a society that relies more and more on the power of cyberspace. If you want total protection from cyber attacks then don't connect to the Internet or at least train end users and make them aware that opening that unsolicited email might be a bad idea.

All the reasons you cite is precisely why it is not a joke...

with your line of reasoning, medicine is a joke because thevast majority of people don't know how to eat right, take care of their bodies, etc...

[HiFlyer 9,358]

3 hours ago, Raven9000 said:

That might have been true 10 years ago. I p. This day, I don't know a single person who doesn't have a removable/portable drive, or a flash drive etc. 

And that's the thing about computer savvy people: they tend to assume a certain level of knowledge in those around them and unfortunately that isn't necessarily true. When I worked at AT&T people started bringing me their computers when they had problems. 

At first I worked for free, because it was fun, and I thought it would be a temporary thing. After all, how many broken computers could there be in one building albeit one stuffed with hundreds of people.

Eventually my house became full of other people's computers, and I was charging $100 a pop, bringing in significant extra income. The flood started and it never ever stopped for literally years until I left the company.

Getting a glimpse of what people were really using in their homes, real people, not techies, was both informative and kind of horrifying.

Do you know how many people are using refurbished school computers? Ymca computers, hand-me-downs? Do you know how many people have not had working antivirus for years? How many people's computers take 20 minutes and more to boot up because there is so much random bloatware on the machine? How many times I have had to try and delete hundreds and hundreds of viruses on a single machine?

There is the world of techies, and there is the world that most of the rest of the planet inhabits.

Yes people have flash drives, maybe 4gig ones from Walmart. Not nearly enough to save years and years of memories, and honestly, non techies don't tend to think that way. For them, the computer works (grudgingly and slowly) and then suddenly they can't get on the web and have no intention of paying possibly hundreds to find out what's wrong.

Time to use a phone, or get a little tablet. Too bad about all those years of memories. Just goes to prove to them that computers are unreliable, slow, and suck.

By the way, that directly contributes to how many people have to go to libraries to get access to a working computer and the internet.

 

 

[HiFlyer 9,358]

UPDATE: Crisis Averted?

 

 

[SierraHotel 980]

4 hours ago, Raven9000 said:

All the reasons you cite is precisely why it is not a joke...

with your line of reasoning, medicine is a joke because thevast majority of people don't know how to eat right, take care of their bodies, etc...

Well that is actually true judging by the levels of obesity, heart failure etc World wide, and while medicine per say is not a joke, big pharma takes the p** constantly and leaves hundreds if not thousands dead in their wake.

[Silicus 879]

Well, I think our old friend Microsoft is clearly to blame. The MS OS is like a Swiss cheese and they keep on putting band aids on it instead of making it impossible to attack or at least reducing the risk significantly once and for all.

They have fixed the hole on Windows 10, but the fast majority of users have not upgraded.

Add to it the ignorance of many users that click on everything and anything they receive, you have the perfect storm. 

I am afraid this is only the beginning. Wait until they attack the infrastructures (power grid/essential services, etc) of the Western world and we will have a real problem on our hands, that will have a much larger and destructive impact.

 

[HiFlyer 9,358]

Microsoft thinks things are serious enough that they have broken policy and issued a patch for older systems: https://krebsonsecurity.com/2017/05/microsoft-issues-wanacrypt-patch-for-windows-8-xp/

This customer guidance from MS has links to the patch at the bottom. https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

 

[Jim Young 2,356]

1 hour ago, Silicus said:

I am afraid this is only the beginning. Wait until they attack the infrastructures (power grid/essential services, etc) of the Western world and we will have a real problem on our hands, that will have a much larger and destructive impact.

Wow!  Sounds like "Doomsday".  This malware has been around for some time in various forms.  Programs like Malwarebytes (payware version) will tell you if you are surfing someplace unsafe and I remember the one I got several years ago was a notice on my system that a problem existed on my computer and a security scan had to be conducted and the scan began.  Next thing I knew my system was locked up.  Was able to fix it myself though.  Whenever I get a security warning on my computer while surfing, I immediately shutdown my computer.  But now, that might be unnecessary as Microsoft says they have fixed the problem.

A good explanation of Ransomware is at the following link - https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

Best regards,

Jim

 

[Zatoichi 45]

The thing about this "outbreak" is that it is affecting computers in Europe and Russia more than here.

The Russians are saying this was deliberate and in retaliation.

I would not doubt it.

[3Green 80]

Thank goodness for the "patch"

 

RJ

[JLSeagull 191]

3 hours ago, Silicus said:

..... Wait until they attack the infrastructures (power grid/essential services, etc) of the Western world and we will have a real problem on our hands, that will have a much larger and destructive impact.

 

I don't know whereabouts in the World you are Silicus (or what your local Newsfeeds are telling you), but this latest attack has just trashed our National Health Service here in the UK - BIG style! We are talking about people's lives here. Doctors' Practices, Hospitals, Clinical Support Agencies, the whole shooting match - Kaput! The impact of this is immeasurable in terms of lives that WILL have been lost due to this outage of IT facilities.

What makes me so damn ******** angry about this is not so much the morons that initiated this attack - but the morons who actually allowed it to happen.

I have two unanswered questions about this shambles that I wish someone could answer;

It would appear that a large majority of our NHS Hospitals in the UK are still running on Windows XP?   Why? 

and..

A ransom demand is only successful when there is a payoff. Money has to move from A to B (by whatever means). There has to be a recipient somewhere in the World who will benefit from this.

Is this problem really (?) beyond the very best and elite IT guys of the collective countries involved (UK, USA, Russia, China, Japan et.al., all affected Countries), to track down these people and start prosecuting to the max extent?
 

 

[3Green 80]

1 hour ago, J.L.Seagull said:

Is this problem really (?) beyond the very best and elite IT guys of the collective countries involved (UK, USA, Russia, China, Japan et.al., all affected Countries), to track down these people and start prosecuting to the max extent?

Hope they catch them..

RJ

[Zatoichi 45]

1 hour ago, J.L.Seagull said:

...and..

A ransom demand is only successful when there is a payoff. Money has to move from A to B (by whatever means). There has to be a recipient somewhere in the World who will benefit from this.

Is this problem really (?) beyond the very best and elite IT guys of the collective countries involved (UK, USA, Russia, China, Japan et.al., all affected Countries), to track down these people and start prosecuting to the max extent?
 

 

Bitcoin used as payment method. No physical money.

I agree with everything you pointed out. We have been very lax as far as protecting resources.

[n4gix 4,947]

If a person's computer is "hijacked" just how are they supposed to go online and buy any Bitcoins?

[HiFlyer 9,358]

7 minutes ago, n4gix said:

If a person's computer is "hijacked" just how are they supposed to go online and buy any Bitcoins?

Its nasty stuff!!!

It locks/encrypts certain files on your computer: Music, pictures and documents. Otherwise the computer generally works as expected.

The virus searches the whole computer for any file with any of the following file name extensions: .123, .jpeg , .rb , .602 , .jpg , .rtf , .doc , .js , .sch , .3dm , .jsp , .sh , .3ds , .key , .sldm , .3g2 , .lay , .sldm , .3gp , .lay6 , .sldx , .7z , .ldf , .slk , .accdb , .m3u , .sln , .aes , .m4u , .snt , .ai , .max , .sql , .ARC , .mdb , .sqlite3 , .asc , .mdf , .sqlitedb , .asf , .mid , .stc , .asm , .mkv , .std , .asp , .mml , .sti , .avi , .mov , .stw , .backup , .mp3 , .suo , .bak , .mp4 , .svg , .bat , .mpeg , .swf , .bmp , .mpg , .sxc , .brd , .msg , .sxd , .bz2 , .myd , .sxi , .c , .myi , .sxm , .cgm , .nef , .sxw , .class , .odb , .tar , .cmd , .odg , .tbk , .cpp , .odp , .tgz , .crt , .ods , .tif , .cs , .odt , .tiff , .csr , .onetoc2 , .txt , .csv , .ost , .uop , .db , .otg , .uot , .dbf , .otp , .vb , .dch , .ots , .vbs , .der” , .ott , .vcd , .dif , .p12 , .vdi , .dip , .PAQ , .vmdk , .djvu , .pas , .vmx , .docb , .pdf , .vob , .docm , .pem , .vsd , .docx , .pfx , .vsdx , .dot , .php , .wav , .dotm , .pl , .wb2 , .dotx , .png , .wk1 , .dwg , .pot , .wks , .edb , .potm , .wma , .eml , .potx , .wmv , .fla , .ppam , .xlc , .flv , .pps , .xlm , .frm , .ppsm , .xls , .gif , .ppsx , .xlsb , .gpg , .ppt , .xlsm , .gz , .pptm , .xlsx , .h , .pptx , .xlt , .hwp , .ps1 , .xltm , .ibd , .psd , .xltx , .iso , .pst , .xlw , .jar , .rar , .zip , .java , .raw

WannaCrypt encrypts all files it finds and renames them by appending “.WNCRY” to the file name. For example, if a file is named “picture.jpg”, the ransomware encrypts and renames to “picture.jpg.WNCRY”.

This ransomware also creates the file “@Please_Read_Me@.txt” in every folder where files are encrypted. The file contains the same ransom message shown in the replaced wallpaper image (screenshot below).

After completing the encryption process, the malware deletes the volume shadow copies by running the following command:

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

It then replaces the desktop background image with the following message:

It also runs an executable showing a ransom note which indicates a $300 ransom and a timer:

The text is localized into the following languages: Bulgarian, Chinese (simplified), Chinese (traditional), Croatian, Czech, Danish, Dutch, English, Filipino, Finnish, French, German, Greek, Indonesian, Italian, Japanese, Korean, Latvian, Norwegian, Polish, Portuguese, Romanian, Russian, Slovak, Spanish, Swedish, Turkish, and Vietnamese.

The ransomware also demonstrates the decryption capability by allowing the user to decrypt a few random files, free of charge. It then quickly reminds the user to pay the ransom to decrypt all the remaining files.