Model Boat Mayhem

Mess Deck: General Section => Chit-Chat => Topic started by: HawkEye on May 20, 2017, 09:24:24 pm

Title: Windows security WannaCry ransomware
Post by: HawkEye on May 20, 2017, 09:24:24 pm
A quick summery regarding the recent WannaCry, WNCry, WanaCrypt0r, Wana Decrypt0r ransomware and it's varients for those using Microsoft Windoze.

Note, those of you using Windoze 10 were immune from the network exploit, but not from email / web infections.

Most is common sense but I'll state it anyway.

The first important thing to do is Check all Microsoft updates have been installed on your system,check anti-virus/anti-malware software is up to date,
Make sure you have backups of all your important data ,documents,photo's on to a device that can be removed from your computer or network and put away.
Do not open emails from unknown sources, take care in clicking links to other web sites.

The Wannacry malware that hit like a global mega-bomb, showed everyone how vulnerable we are to a global cyber attack. Billed as “one of the largest global ransomware attacks the cyber community has ever seen,” the infection started in London and then emerged almost instantly in Seattle, New York, and Tokyo. Within ten minutes, the coordinated attack became epidemic throughout the world, covering the better part of every continent but Antarctica. By the end of one day, the malware had infected over 200,000 computers in 150 nations, encrypting all their data and locking the users out. More at link - http://news.goldseek.com/GoldSeek/1495209107.php

For a brief history and how it's allegedly using tools from the NSA see this link - https://thehackernews.com/2017/05/how-to-wannacry-ransomware.html

An initial analysis of what it drops and how it proceeds can be found here - http://blog.talosintelligence.com/2017/05/wannacry.html

Next cyber-attack could be imminent, warn experts http://www.bbc.co.uk/news/uk-39911385

Phishing emails seen coming from alertatnb@serviciobancomer causing one source of infection.

Microsoft released a patch that stops the malware automatically spreading across networks it's posted here ( even for Windoze XP ) but if your 7/8/10 system is up to date then you already have it - http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

If the worst has happened, you see the screen below and you don't have backups do not pay the ransom,those that have still don't have access to their files, you can check these sites for possible decrypting keys, although at the time of writing none had keys for the current outbreak -

https://decrypter.emsisoft.com/

https://www.bleepingcomputer.com/download/windows/ransomware-decryptors/

https://noransom.kaspersky.com/

All links here checked safe to visit.

Tony

Linux Mint 18.1
Title: Re: Windows security WannaCry ransomware
Post by: tr7v8 on May 20, 2017, 10:37:56 pm
More on this here:- https://www.theregister.co.uk/2017/05/19/wannacrypt_key_recovery_tool/
There is a lot more on the Register about this.
Title: Re: Windows security WannaCry ransomware
Post by: dreadnought72 on May 21, 2017, 01:40:34 am
Tony, your insistence on misspelling 'Windows' due to an obvious dedication to Linux belittles your information somewhat.


Andy




Title: Re: Windows security WannaCry ransomware
Post by: HawkEye on May 21, 2017, 07:40:56 am
Tony, your insistence on misspelling 'Windows' due to an obvious dedication to Linux belittles your information somewhat.
Andy
Purely light hearted, no malice intended towards windows users, this is a very serious issue for a lot of people and may still develop further depending on what other tools are implemented , dedication? - no I still use windows very occasionally.
Tony
Title: Re: Windows security WannaCry ransomware
Post by: TheLongBuild on May 21, 2017, 07:53:11 am
All links here checked safe to visit.
Isn't that what hackers, spammers always say  :-)
Title: Re: Windows security WannaCry ransomware
Post by: HawkEye on May 21, 2017, 07:56:45 am
All links here checked safe to visit.
Isn't that what hackers, spammers always say  :-)
Don't shoot the messenger, I'm only trying to save people's valuable data .
Title: Re: Windows security WannaCry ransomware
Post by: Martin (Admin) on May 21, 2017, 08:05:07 am
 
Windows updates:

NB: 'Windows update' is not foolproof, you need to check to what date it's been updated, i.e. has it updated in the last few days..... not 2015!  You need to check update date for yourself!


https://support.microsoft.com/en-gb/help/4013550/windows-protect-your-pc-from-ransomware

https://technet.microsoft.com/library/security/ms17-010.aspx

https://support.microsoft.com/en-gb/help/12373/windows-update-faq

https://support.microsoft.com/en-gb/help/10164

https://www.lifewire.com/how-to-check-for-install-windows-updates-2624596

Title: Re: Windows security WannaCry ransomware
Post by: TheLongBuild on May 21, 2017, 08:37:57 am
 %% %%
Don't shoot the messenger, I'm only trying to save people's valuable data .
I know, but its tradition that messengers always get shot..
 
Title: Re: Windows security WannaCry ransomware
Post by: HawkEye on May 21, 2017, 08:52:30 pm
If anyone would like to pass a few minutes, the following links supply live cyber attack maps worldwide, these are not truly accurate as they tend to rely on honeypots and/or endpoints to collect their data but they give an idea of what's going on 24 hours a day every day, the one supplied by Kaspersky Labs is more like a video game.
Hopefully if more people become aware of the various threats then they will take more care with important data and general computer usage,I was contacted last week by a self employed individual who got infected with this ransomware on his home network through no fault of his own,he currently has no access to his business documents or early digital photo's of his wife and children and of course no backup.
I will add a bit of good news for a large percentage of users, the NAT in your average home router will protect you from most of the port scanning exploits that are bouncing around the net providing no one has been playing around with port forwarding .


An example image is supplied below for non link clickers -


http://map.norsecorp.com/#/
https://cybermap.kaspersky.com/
https://threatmap.fortiguard.com/
https://threatmap.checkpoint.com/ThreatPortal/livemap.html