Author Topic: WanaCrypt0r ransomware hits it big just before the weekend  (Read 7462 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
I saw one report of 99 countries having been hit.
Quote
Reports of a massive, worldwide ransomware attack are dominating the news. As workers in Europe headed home for the weekend, ransomware started shutting down their systems. It soon spread to many other countries across the globe. Here’s what we know so far.

Big targets

National Health Service (NHS) England, and Telefonica, one of the largest telecom providers in the world, have each given out statements indicating that their systems have been brought to a grinding halt by a ransomware called WanaCrytp0r, which Malwarebytes detects as Ransom.WanaCrypt0r. The ransomware has also been observed hitting companies in Spain, Russia, Ukraine, and Taiwan.

More at WanaCrypt0r ransomware hits it big just before the weekend

BTW, Malwarebytes consumer and business products protect against this threat.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Frands

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1065
  • Esbjerg, Denmark
    • View Profile
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #1 on: May 13, 2017, 11:43:08 AM »
What a mess! Wondering why on earth organisations, firms and private users still make use of outdated software such as Windows XP

More:

https://mspoweruser.com/microsoft-release-statement-on-massive-worldwide-ransomware-attack/

https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #2 on: May 13, 2017, 12:14:53 PM »
What a mess! Wondering why on earth organisations, firms and private users still make use of outdated software such as Windows XP

I can understand home users on a tight budget using a PC with XP or Windows Vista which has also reached EoL.  After all, both my laptop and desktop originally came with Windows Vista and I haven't been in a position to replace them.  Businesses, however, that is another story.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Frands

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1065
  • Esbjerg, Denmark
    • View Profile
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #3 on: May 13, 2017, 12:38:51 PM »
Quote
I can understand home users on a tight budget using a PC with XP or Windows Vista which has also reached EoL.  After all, both my laptop and desktop originally came with Windows Vista and I haven't been in a position to replace them.  Businesses, however, that is another story.

I can also understand that home users with a low budget still are using XP or Vista. But I must say it's completely insane when f.ex it's used in hospitals, organisations or for businenes.
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #4 on: May 13, 2017, 01:33:57 PM »
Although the catalog page referenced in Microsoft release Wannacrypt patch for unsupported Windows XP, Windows 8 and Windows Server 2003 times out for me, hopefully users and businesses with those systems will get the update.

Edit Note:  This BC article has a screen copy from the catalog, Microsoft Releases Patch for Older Windows Versions to Protect Against Wana Decrypt0r.

Edit Note 2:  After further reading, the update for older Windows versions is for platforms in custom support only.  See Customer Guidance for WannaCrypt attacks – MSRC.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Metallica

  • Malware Experts
  • Full Member
  • *****
  • Posts: 94
    • View Profile
    • Metallica's blog
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #5 on: May 13, 2017, 02:32:02 PM »
Kudos to MalwaretechBlog who had the smarts to register the domain that functioned as a killswitch. Or the mess might have been even bigger.


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #6 on: May 13, 2017, 02:40:13 PM »
You can say that again, Pieter!  I just finished reading How to Accidentally Stop a Global Cyber Attacks | MalwareTech -- fascinating!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 664
    • View Profile
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #7 on: May 13, 2017, 07:03:01 PM »
My read of https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ is that the patch [kb4012598] is available for ALL XP users. 

Specifically, the direct download link for Windows XP SP3 x86 is http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe 

I have downloaded and, to the best of my understanding (looking at the list of installed updates) successfully installed it on [one of] my XP systems.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #8 on: May 13, 2017, 07:24:38 PM »
You're right.  Re-reading that sentence, I see what you mean:

Quote
We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).
[Bold added]


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline darksurfer

  • Full Member
  • ***
  • Posts: 88
  • We are all One under the Internet Sun
    • View Profile
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #9 on: May 14, 2017, 10:15:50 PM »
It is unfortunate about this latest ransom-ware attack. The corporate mainstream media sort covers it but prevention methods and awareness are very important. As for myself besides my Holy Triad of Protection, firewall, anti-virus and non-Microsoft browser, I use anti-malware, anti-ransomware, scanners and other items.  Oh, and one more crucial item, keep backups of your documents and system of your computer--and keep them current.

I've been almost hit by ransom-ware at least four times, and I repeat ALMOST hit but I had protection that blocked the hackers. I've told family and friends how to do this and have shown them--if they are interested.

Tomorrow could be quite interesting once businesses and folk turn on their computers. They may get a big unpleasant surprise.

http://money.cnn.com/2017/05/13/technology/ransomware-attack-protect-yourself/
http://www.npr.org/sections/thetwo-way/2017/05/14/528355526/repercussions-continue-from-global-ransomware-attack

This is what many folk may see tomorrow if they go to certain web sites, unfortunately. :o >:( ??? :'(

https://i0.wp.com/opensources.info/wp-content/uploads/2017/01/wrm5sysfkg-flywheel.netdna-ssl.comRansomware-Leads-the-Way-6b887dd7359a008ed1a494b6959a540c4641de83.png?fit=731%2C627


Hold on, be safe and grab your you-know-what!!!

Offline Frands

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1065
  • Esbjerg, Denmark
    • View Profile
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #11 on: May 14, 2017, 10:41:46 PM »
It isn't over until its over -- and it isn't likely to be over yet, from Are you ready for a second wave of WannaCry ransomware?:
Quote
After this revelation came another one: security researcher Didier Stevens found that the domain check is not proxy-aware, meaning that the worm will still work on any system that uses a proxy to access the Internet.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline darksurfer

  • Full Member
  • ***
  • Posts: 88
  • We are all One under the Internet Sun
    • View Profile
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #12 on: May 15, 2017, 12:00:49 PM »
I hope so, I got my anti-ransomware software up to date, etc.  ::) :-\

Offline plodr

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1307
    • View Profile
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #13 on: May 15, 2017, 02:52:12 PM »
I'm still trying to figure out why MS released a patch for XP since XP computers don't get infected.
Quote
Why didn’t WannaCrypt infect Windows XP computers?
Because the author didn’t include code that would infect WinXP computers.
Source: http://www.infoworld.com/article/3196673/malware/faq-are-you-in-danger-from-the-wannacrypt-ransomware.html

Also, if your Windows 7 computers have a specific March 2017 patch, you are not susceptible.

All bets are off if you run Win 8 and haven't updated to 8.1 because you are unpatched. Not sure about Vista either.

You are also safe on Win 10
Quote
Why didn’t WannaCrypt infect Windows 10 computers?
Because the author didn’t include code that would infect Win10 computers.
Same source as above url.

Of course when the copycats start appearing, who knows what will happen.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: WanaCrypt0r ransomware hits it big just before the weekend
« Reply #14 on: May 15, 2017, 03:15:05 PM »
I'm still trying to figure out why MS released a patch for XP since XP computers don't get infected.
Quote
Why didn’t WannaCrypt infect Windows XP computers?
Because the author didn’t include code that would infect WinXP computers.
Source: http://www.infoworld.com/article/3196673/malware/faq-are-you-in-danger-from-the-wannacrypt-ransomware.html

Also, if your Windows 7 computers have a specific March 2017 patch, you are not susceptible.

All bets are off if you run Win 8 and haven't updated to 8.1 because you are unpatched. Not sure about Vista either.

You are also safe on Win 10
Quote
Why didn’t WannaCrypt infect Windows 10 computers?
Because the author didn’t include code that would infect Win10 computers.
Same source as above url.

Of course when the copycats start appearing, who knows what will happen.
As to updates, Windows Vista and above were included in the March MS17-010 security update and Microsoft released a patch for those systems that had reached EoL, including Windows XP -- which was indeed vulnerable as evidenced by the NHS hospitals (and other organizations throughout the world) in the UK that are still running XP.  So that InfoWorld article is incorrect.

From the above-referenced TechNet article that I originally misread:
Quote
We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).
[Bold added]
[/quote]

Even though MS17-010 was issued in March and this is May, the problem is the organizations that had not installed the patch.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.