+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 39

Thread: Ransomware Attack - Worldwide (12 May 2017)

  1. Link to Post #1
    France On Sabbatical
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,763
    Thanks
    60,315
    Thanked 95,891 times in 15,481 posts

    Default Ransomware Attack - Worldwide (12 May 2017)

    Thousands of ransomware cyberattacks reported worldwide

    RT
    Published time: 12 May, 2017 17:46
    Edited time: 12 May, 2017 20:09
    Get short URL


    © intel.malwaretech.com

    A ransomware virus is reported to be spreading aggressively around the globe, with over 50,000 computers having been targeted. The virus infects computer files and then demands money to unblock them.

    An increase in activity of the malware was noticed starting from 8am CET (07:00 GMT) Friday, security software company Avast reported, adding that it "quickly escalated into a massive spreading."

    In a matter of hours, over 57,000 attacks have been detected worldwide, the company said.

    Seventy-four countries around the globe have been affected, with the number of victims still growing, according to the Russian multinational cybersecurity and anti-virus provider, the Kaspersky Lab.

    Quote
    Costin Raiu @craiu
    So far, we have recorded more than 45,000 attacks of the #WannaCry ransomware in 74 countries around the world. Number still growing fast.
    7:01 PM - 12 May 2017
    The ransomware, known as WanaCrypt0r 2.0, or WannaCry, is believed to have infected National Health Service (NHS) hospitals in the UK and Spain's biggest national telecommunications firm, Telefonica.

    Britain and Spain are among the first nations who have officially recognized the attack. In Spain, apart from the telecommunications giant, Telefonica, a large number of other companies has been infected with the malicious software, Reuters reported.

    The virus is said to attack computers on an internal network, as is the case with Telefonica, without affecting clients.

    Computers at Russia's Interior Ministry have been infected with the malware, the ministry said Friday evening.

    Some 1,000 Windows-operated PCs were affected, which is less than one percent of the total number of such computers in the ministry, spokeswoman Irina Volk said in a statement.

    The virus has been localized and steps are being taken to eliminate it.

    The servers of the ministry have not been affected, Volk added, saying it’s operated by different systems for Russia-developed data processing machines.

    Russian telecom giant, Megafon has also been affected.

    "The very virus that is spreading worldwide and demanding $300 to be dealt with has been found on a large number of our computers in the second half of the day today," Megafon's spokesperson Pyotr Lidov told RT.

    Quote View image on Twitter

    Даниил Баздырев @dabazdyrev

    Вот что появилось на экранах всех рабочих компьютеров Мегафон Ритейл @eldarmurtazin
    4:12 PM - 12 May 2017
    The internal network had been affected, he said, adding that in terms of the company's customer services, the work of the support team had been temporarily hindered, "as operators use computers" to provide their services.

    The company immediately took appropriate measures, the spokesperson said, adding that the incident didn't affect subscribers' devices or Megafon signal capabilities in any way.

    Quote
    RT UK @RTUKnews
    Reports of hackers demanding ransom in #nhscyberattack. https://on.rt.com/8bgz pic.twitter.com/nKRi1JD70A

    RT UK‏Verified account @RTUKnews

    Doctors report bitcoin pop-up messages asking users to pay $300 to be able to access their PCs: https://on.rt.com/8bgz #nhscyberattack

    8:08 AM - 12 May 2017
    British Prime Minister Theresa May has said the cyberattack on UK hospitals is part of a wider international attack.

    In Sweden, the mayor of Timra said "around 70 computers have had a dangerous code installed," Reuters reported.

    According to Avast, the ransomware has also targeted Ukraine and Taiwan.

    The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to ".WNCRY."

    It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.

    While the victim's wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn.

    According to the New York Times, citing security experts, the ransomware exploits a "vulnerability that was discovered and developed by the National Security Agency (NSA)." The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  2. The Following 32 Users Say Thank You to Hervé For This Post:

    Alekahn2 (13th May 2017), aoibhghaire (13th May 2017), avid (13th May 2017), betoobig (13th May 2017), Bill Ryan (12th May 2017), Billy (28th May 2017), BMJ (22nd May 2017), Bruno (15th May 2017), Daughter of Time (13th May 2017), Ewan (13th May 2017), Fellow Aspirant (12th May 2017), gaiagirl (13th May 2017), genevieve (13th May 2017), Gillian (18th May 2017), Innocent Warrior (12th May 2017), Ivanhoe (13th May 2017), justntime2learn (13th May 2017), KiwiElf (12th May 2017), Mercedes (13th May 2017), Michelle Marie (12th May 2017), Mike (12th May 2017), NancyV (13th May 2017), Nasu (13th May 2017), Noelle (12th May 2017), norman (12th May 2017), rgray222 (12th May 2017), seko (13th May 2017), Sophocles (13th May 2017), TargeT (12th May 2017), uzn (13th May 2017), Watching from Cyprus (18th May 2017), WhiteLove (13th May 2017)

  3. Link to Post #2
    France On Sabbatical
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,763
    Thanks
    60,315
    Thanked 95,891 times in 15,481 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Updates:

    Mass cyberattack strikes computer systems worldwide Live updates

    RT
    Published time: 12 May, 2017 19:25
    Get short URL


    © Oliver Berg / Global Look Press

    Tens of thousands of computers in 74 countries have been infected by a ransomware virus which extorts users by blocking Windows files and demanding payment to restore access.
    • 12 May 2017
      19:56 GMT Computers at Russia's Interior Ministry have been infected with the malware, the ministry said Friday evening.
      Some 1,000 Windows-operated PCs were affected, which is less than one percent of the total number of such computers in the ministry, spokeswoman, Irina Volk said in a statement.
      The virus has been localized and steps are being taken to eliminate it.
      The servers of the ministry has not been affected, Volk added, saying it’s operated by different systems; for Russia-developed data processing machines.
    • 19:55 GMT Microsoft has been providing additional assistance to its clients in the wake of the attack, a spokesman said on Friday. The company added detection and protection tools to counter the major malicious software, he added.
      "Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt," he said.
    Quote

    MalwareTech @MalwareTechBlog
    Something like this is incredibly significant, we've not seen P2P spreading on PC via exploits at this scale in nearly a decade.
    6:39 PM - 12 May 2017
    • 19:39 GMT In Russia, telecom giant Megafon has been affected.
      "The very virus that is spreading worldwide and demanding $300 to be dealt with has been found on a large number of our computers in the second half of the day today," Megafon's spokesperson Pyotr Lidov told RT.
      The internal network had been affected, he said, adding that in terms of the company's customer services, the work of the support team had been temporarily hindered, "as operators use computers" to provide their services.
      The company immediately took appropriate measures, the spokesperson said, adding that the incident didn't affect subscribers' devices or Megafon signal capabilities in any way.
    • 19:19 GMT Swedish authorities have reported that 70 computers have been infected in the locality of Timra, central Sweden. Victims have seen their computers shut down, then restart, with a message saying their files have been encrypted with access only possible after payment.
      "We have around 70 computers that have had a dangerous code installed," Andreaz Stromgren, the mayor of Timra, told Reuters.
    • 19:18 GMT
    Quote
    Edward Snowden @Snowden
    In light of today's attack, Congress needs to be asking @NSAgov if it knows of any other vulnerabilities in software used in our hospitals.
    9:08 PM - 12 May 2017
    • 19:12 GMT According to the New York Times, citing security experts, the ransomware exploits a "vulnerability that was discovered and developed by the National Security Agency (NSA)." The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.
    • 18:51 GMT The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to ".WNCRY."
      It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.
      While the victim's wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom.
    • 18:50 GMT The ransomware, known as WanaCrypt0r 2.0, is believed to have infected National Health Service (NHS) hospitals in the UK and Spain's biggest national telecommunications firm, Telefonica.
      British Prime Minister Theresa May has said the cyberattack on UK hospitals is part of a wider international attack.
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  4. The Following 23 Users Say Thank You to Hervé For This Post:

    betoobig (13th May 2017), Bill Ryan (12th May 2017), Billy (28th May 2017), BMJ (22nd May 2017), Daughter of Time (13th May 2017), Ewan (13th May 2017), gaiagirl (13th May 2017), Gillian (18th May 2017), Innocent Warrior (12th May 2017), justntime2learn (13th May 2017), Kate (12th May 2017), KiwiElf (12th May 2017), Mike (12th May 2017), NancyV (13th May 2017), Nasu (13th May 2017), Noelle (12th May 2017), rgray222 (12th May 2017), seko (13th May 2017), Sophocles (13th May 2017), TargeT (12th May 2017), uzn (13th May 2017), WhiteLove (13th May 2017), wnlight (13th May 2017)

  5. Link to Post #3
    France On Sabbatical
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,763
    Thanks
    60,315
    Thanked 95,891 times in 15,481 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    • 21:11 GMT “It would be deeply troubling if the NSA knew about this vulnerability but failed to disclose it to Microsoft until after it was stolen,” Patrick Toomey, a staff attorney with the ACLU National said in a statement.
      “These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world. It is past time for Congress to enhance cybersecurity by passing a law that requires the government to disclose vulnerabilities to companies in a timely manner,” he added.
    Quote

    ACLU National @ACLU
    It would be deeply troubling if the NSA knew Microsoft was vulnerable in this way but waited to disclose. Congress can and should fix this. https://twitter.com/nytimes/status/863089876631248897 …
    10:23 PM - 12 May 2017
    • 21:03 GMT Bruno Kramm, the chairman of the Berlin branch of the Pirate Party, said that a lot of vulnerabilities lie in the backdoors built into many, especially outdated, operating systems, and that we must rethink our approach to cybersecurity.
      “We should much more work with open-source software, with Linux systems which are open-source, and we have to use encryption, and we have to take more security measures for the more dangerous infrastructure, for example hospitals.” he told RT.
      Kramm also believes that the leaked NSA tools helped facilitate the attack.
      “But the sad thing is the more we find out [about] the NSA having this software, the more we also know that this software is also of course traded. There is no software which you can keep inside of the system. From the moment the NSA works with the software, you can also get the software, and once you get the software you can use it in your own way. So basically it’s really a problem they have started.”
    • 20:50 GMT One of Russia's largest banks, the state-owned Sberbank, said it had also detected attempts to target its computers but no malware penetrated their systems.
    • 20:46 GMT FedEx Corporation, the American multinational delivery services company, said it is dealing with the same type of cyberattack.
      “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers,” a FedEx spokesperson told RT.
    • 20:42 GMT The UK National Health Service has been attacked by ransomware as well, presumably by Wanna Decryptor, the NHS said in a statement.
      “At this stage we do not have any evidence that patient data has been accessed,” the statement said, adding, that the National Cyber Security Centre is assisting in dealing with the malware.
    • 20:37 GMT "Several" computers of Russia's Emergency Ministry had also been targeted, its representative told TASS, adding, that "all of the attempted attacks had been blocked, and none of the computers were infected with the virus."
    • 20:34 GMT In the wake of the attack, WikiLeaks reminded of its release of a series of leaks on the Central Intelligence Agency (CIA), code-named "Vault 7," back in March.
      Claiming that "the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans," the whistleblowing site said the lost data "amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA."
      "Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike," WikiLeaks warned in their release.
    Quote View image on Twitter




    Follow
    WikiLeaks @wikileaks

    If you can't secure it--don't build it: #Vault7 whistleblower warned US cyber weapons are extreme proliferation risk https://wikileaks.org/ciav7p1/
    9:01 PM - 12 May 2017
    • 19:56 GMT




    Updates here: https://www.rt.com/news/388165-mass-...ikes-globally/
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  6. The Following 21 Users Say Thank You to Hervé For This Post:

    betoobig (13th May 2017), Bill Ryan (12th May 2017), Billy (28th May 2017), BMJ (22nd May 2017), Daughter of Time (13th May 2017), Ewan (13th May 2017), gaiagirl (13th May 2017), Gillian (18th May 2017), Innocent Warrior (12th May 2017), justntime2learn (13th May 2017), Kate (12th May 2017), KiwiElf (12th May 2017), Mike (12th May 2017), mojo (13th May 2017), Nasu (13th May 2017), Noelle (12th May 2017), rgray222 (12th May 2017), seko (13th May 2017), Sophocles (13th May 2017), TargeT (12th May 2017), uzn (13th May 2017)

  7. Link to Post #4
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,658 times in 8,694 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Funny.... Didn't that trove of NSA tools get released to the wild not too long ago?
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  8. The Following 17 Users Say Thank You to TargeT For This Post:

    avid (13th May 2017), betoobig (13th May 2017), Bill Ryan (13th May 2017), Billy (28th May 2017), BMJ (22nd May 2017), Bob (12th May 2017), Ewan (13th May 2017), Gillian (18th May 2017), Hervé (13th May 2017), Innocent Warrior (12th May 2017), justntime2learn (13th May 2017), KiwiElf (12th May 2017), Mike (12th May 2017), Nasu (13th May 2017), Noelle (12th May 2017), seko (13th May 2017), Sophocles (13th May 2017)

  9. Link to Post #5
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,798
    Thanks
    27,109
    Thanked 29,551 times in 3,482 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Quote Posted by TargeT (here)
    Funny.... Didn't that trove of NSA tools get released to the wild not too long ago?
    Yep, April 9.

    See posts #231 & #232 - https://projectavalon.net/forum4/show...Vault-7/page10
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  10. The Following 12 Users Say Thank You to Innocent Warrior For This Post:

    betoobig (13th May 2017), Bill Ryan (13th May 2017), Billy (28th May 2017), BMJ (22nd May 2017), Ewan (13th May 2017), Hervé (13th May 2017), justntime2learn (13th May 2017), KiwiElf (12th May 2017), Nasu (13th May 2017), seko (13th May 2017), Sophocles (13th May 2017), TargeT (12th May 2017)

  11. Link to Post #6
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,658 times in 8,694 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Quote Posted by Rachel (here)
    Quote Posted by TargeT (here)
    Funny.... Didn't that trove of NSA tools get released to the wild not too long ago?
    Yep, April 9.

    See posts #231 & #232 - https://projectavalon.net/forum4/show...Vault-7/page10
    we need a sarcasm font... haha

    I've been working my ass off to mitigate that "trove of tools" for about a month now @ the debtslave daycare, luckily a lot of it is easily done (vendor patches, closing a port or two).... but not all.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  12. The Following 10 Users Say Thank You to TargeT For This Post:

    avid (13th May 2017), betoobig (13th May 2017), Bill Ryan (13th May 2017), Billy (28th May 2017), BMJ (22nd May 2017), Hervé (13th May 2017), Innocent Warrior (12th May 2017), justntime2learn (13th May 2017), KiwiElf (12th May 2017), Nasu (13th May 2017)

  13. Link to Post #7
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,798
    Thanks
    27,109
    Thanked 29,551 times in 3,482 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Quote Posted by TargeT (here)
    Quote Posted by Rachel (here)
    Quote Posted by TargeT (here)
    Funny.... Didn't that trove of NSA tools get released to the wild not too long ago?
    Yep, April 9.

    See posts #231 & #232 - https://projectavalon.net/forum4/show...Vault-7/page10
    we need a sarcasm font... haha

    I've been working my ass off to mitigate that "trove of tools" for about a month now @ the debtslave daycare, luckily a lot of it is easily done (vendor patches, closing a port or two).... but not all.
    Oh OK haha. Well now there's some background on the SB here anyway.

    I wonder how hard it it is to decrypt the files or to get rid of the ransomware off the computers without paying?

    * * *

    From The Intercept - LEAKED NSA MALWARE IS HELPING HIJACK COMPUTERS AROUND THE WORLD

    From ZeroHedge - "Worst-Ever Recorded" Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools
    Last edited by Innocent Warrior; 12th May 2017 at 23:52. Reason: added articles and text
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  14. The Following 8 Users Say Thank You to Innocent Warrior For This Post:

    betoobig (13th May 2017), Bill Ryan (13th May 2017), BMJ (22nd May 2017), Hervé (13th May 2017), justntime2learn (13th May 2017), KiwiElf (12th May 2017), Nasu (13th May 2017), TargeT (13th May 2017)

  15. Link to Post #8
    Avalon Member norman's Avatar
    Join Date
    25th March 2010
    Location
    too close to the hot air exhaust
    Age
    68
    Posts
    8,893
    Thanks
    9,940
    Thanked 55,016 times in 8,167 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Ransomeware has been a problem for at least a couple of years that I know of. It's never been as widespread in one hit before though, which is why it's making the news.

    Hospitals, clinics, police departments, fire services etc make good targets because they pay up just to keep going.

    I've heard a report that one target payed up but still didn't get the files unlocked.

    There are quite a few different ones going around. The best, but nothing's perfect, defense is frequent backups to an external storage device. What I've been reading over the last couple of years is that they target work files that have all your data in them, not the operating system. That could easily change at any time.

    As this is so widespread, it's a serious risk for anyone, not just organisations. Make a backup right now of every work/data file you have on your computer. Whatever happens in the next few days and weeks, you'll have the backups to get going with again ( even if it's with a new PC ).
    ..................................................my first language is TYPO..............................................

  16. The Following 11 Users Say Thank You to norman For This Post:

    betoobig (13th May 2017), Bill Ryan (13th May 2017), BMJ (22nd May 2017), Hervé (13th May 2017), Innocent Warrior (12th May 2017), justntime2learn (13th May 2017), KiwiElf (12th May 2017), Nasu (13th May 2017), seko (13th May 2017), TargeT (13th May 2017), wnlight (13th May 2017)

  17. Link to Post #9
    New Zealand Unsubscribed
    Join Date
    1st September 2011
    Posts
    5,984
    Thanks
    34,888
    Thanked 38,520 times in 5,690 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    *SIGH* Anything to get us to use Windows 10! *kidding*

    (It would be interesting to know which versions of Windows OS were affected - and what anti-virus systems were in place - amazingly, a large number of govt and Bank operations are still based on XP.

    If it continues to spread ... (now, aren't you glad you stayed with a Mac, Bill? (I say that and cringe as I unpack my just-delivered new PC!) Maybe I'll leave it offline for a while
    Last edited by KiwiElf; 12th May 2017 at 23:42.

  18. Link to Post #10
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,798
    Thanks
    27,109
    Thanked 29,551 times in 3,482 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Wcrypt ransomware infections over the last 24 hours - https://intel.malwaretech.com/botnet...?t=24h&bid=all

    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  19. The Following 11 Users Say Thank You to Innocent Warrior For This Post:

    Alekahn2 (13th May 2017), betoobig (13th May 2017), Bill Ryan (13th May 2017), BMJ (22nd May 2017), Bruno (15th May 2017), Hervé (13th May 2017), justntime2learn (13th May 2017), KiwiElf (13th May 2017), Nasu (13th May 2017), seko (13th May 2017), TargeT (13th May 2017)

  20. Link to Post #11
    Avalon Member
    Join Date
    30th July 2014
    Posts
    149
    Thanks
    35
    Thanked 715 times in 131 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Quote Posted by KiwiElf (here)
    *SIGH* Anything to get us to use Windows 10! *kidding*

    (It would be interesting to know which versions of Windows OS were affected
    This lists all versions. The fix was released in March Rollup, but some people have not updated yet.

    https://technet.microsoft.com/en-us/.../ms17-010.aspx

  21. The Following 10 Users Say Thank You to EWO For This Post:

    Anchor (13th May 2017), betoobig (13th May 2017), Bill Ryan (13th May 2017), BMJ (22nd May 2017), dynamo (18th May 2017), Hervé (13th May 2017), Innocent Warrior (13th May 2017), justntime2learn (13th May 2017), KiwiElf (13th May 2017), Nasu (13th May 2017)

  22. Link to Post #12
    Australia On Sabbatical
    Join Date
    30th October 2014
    Location
    Great Northern Hotel, Twin Peaks.
    Posts
    3,798
    Thanks
    27,109
    Thanked 29,551 times in 3,482 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Excerpt from - WannaCry ransomware used in widespread attacks all over the world By GReAT: Kaspersky Lab's Global Research & Analysis Team (May 12, 2017)

    Mitigation and detection information

    Quite essential in stopping these attacks is the Kaspersky System Watcher component. The System Watcher component has the ability to rollback the changes done by ransomware in the event that a malicious sample managed to bypass other defenses. This is extremely useful in case a ransomware sample slips paste defenses and attempts to encrypt the data on the disk.



    Mitigation recommendations:

    1. Make sure that all hosts are running and have enabled endpoint security solutions.
    2. Install the official patch (MS17-010) from Microsoft, which closes the affected SMB Server vulnerability used in this attack.
    3. Ensure that Kaspersky Lab products have the System Watcher component enabled.
    4. Scan all systems. After detecting the malware attack as MEM:Trojan.Win64.EquationDrug.gen, reboot the system. Once again, make sure MS17-010 patches are installed.

    Samples observed in attacks so far:

    4fef5e34143e646dbf9907c4374276f5
    5bef35496fcbdbe841c82f4d1ab8b7c2
    775a0631fb8229b2aa3d7621427085ad
    7bf2b57f2a205768755c07f238fb32cc
    7f7ccaa16fb15eb1c7399d422f8363e8
    8495400f199ac77853c53b5a3f278f3e
    84c82835a5d21bbcf75a61706d8ab549
    86721e64ffbd69aa6944b9672bcabb6d
    8dd63adb68ef053e044a5a2f46e0d2cd
    b0ad5902366f860f85b892867e5b1e87
    d6114ba5f10ad67a4131ab72531f02da
    db349b97c37d22f5ea1d1841e3c89eb4
    e372d07207b4da75b3434584cd9f3450
    f529f4556a5126bba499c26d67892240

    Kaspersky Lab detection names:

    Trojan-Ransom.Win32.Gen.djd
    Trojan-Ransom.Win32.Scatter.tr
    Trojan-Ransom.Win32.Wanna.b
    Trojan-Ransom.Win32.Wanna.c
    Trojan-Ransom.Win32.Wanna.d
    Trojan-Ransom.Win32.Wanna.f
    Trojan-Ransom.Win32.Zapchast.i
    PDM:Trojan.Win32.Generic

    Kaspersky Lab experts are currently working on the possibility of creating a decryption tool to help victims. We will provide an update when a tool is available.

    For more, including their full analysis of the attack and links, see source.
    Last edited by Innocent Warrior; 13th May 2017 at 05:36.
    Never give up on your silly, silly dreams.

    You mustn't be afraid to dream a little BIGGER, darling.

  23. The Following 12 Users Say Thank You to Innocent Warrior For This Post:

    betoobig (13th May 2017), Bill Ryan (13th May 2017), BMJ (22nd May 2017), Ewan (13th May 2017), Gillian (18th May 2017), Hervé (13th May 2017), justntime2learn (15th May 2017), KiwiElf (13th May 2017), Nasu (13th May 2017), norman (13th May 2017), uzn (13th May 2017), wnlight (13th May 2017)

  24. Link to Post #13
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,658 times in 8,694 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Quote Posted by Rachel (here)
    I wonder how hard it it is to decrypt the files or to get rid of the ransomware off the computers without paying?
    Depending on the level of encryption, easy to very hard to practically impossible...

    however, you'll notice a timer normally exists on these things, which effectively negates the chances of the data being decrypted for most people (you can take the hard drive out of the computer and work on it separately, but who's set up to do that?)

    Encryption can always be broken, the question is: how long will it take. Usually the answer is far too long to be useful.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  25. The Following 5 Users Say Thank You to TargeT For This Post:

    betoobig (13th May 2017), BMJ (22nd May 2017), Innocent Warrior (13th May 2017), justntime2learn (16th May 2017), Nasu (13th May 2017)

  26. Link to Post #14
    France On Sabbatical
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,763
    Thanks
    60,315
    Thanked 95,891 times in 15,481 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Don’t WannaCry? 5 easy tips to protect yourself from ransomware

    RT
    Published time: 13 May, 2017 01:00
    Edited time: 13 May, 2017 06:12
    Get short URL


    © jaberalre / Instagram

    An aggressive new strain of ransomware is shutting down Windows operating computers all over the world. Although the virus known as WannaCry has already infected over 75,000 PCs in 99 countries, it is actually not that hard to secure your digital data.

    The latest ransomware employs asymmetric encryption to hold the target's information for ransom, using a pair of keys uniquely generated by the attacker for the victim. The attacker makes the private key available to the victim only after the ransom is paid – or very likely does not.

    Here are some easy steps to protect your machine and secure your files from falling hostage to online scammers.

    #0 Patch!
    Security experts advise to install the Microsoft fix—MS17-010—right away. Following the installation, make sure to reboot the system.

    The patch that closes the backdoor used by WannaCry to penetrate the system was released by Microsoft on March 14 – apparently shortly after the NSA became aware that its exploit has been stolen, and roughly a month before the Shadow Brokers hacking group exposed it to the world.

    Quote
    Ryan Naraine @ryanaraine
    Regarding today's ransomware nightmare, it's very bad. Apply MS17-010 immediately, and urgently!
    6:09 PM - 12 May 2017
    In general, patching your system and installing regular Microsoft updates should secure an average PC user from unwanted vulnerabilities.

    #1 Beware!
    Just as with many other ransomware, the virus can penetrate the system not only through a Windows vulnerability, but also through the “spray-‘n’-pray” phishing attack, which involves spamming users with emails that carry a malicious attachment. The attackers can also lure a victim to click on a URL where malware will be ready to crawl into your machine.

    Because ransomware targets everyday Internet users, businesses and public service providers, any individuals or organizations that needs continuous access to its systems should be especially careful what sites they visit and which attachments they open up.

    #2 Backup!
    It is highly advised, in order to protect yourself from being held hostage to data thieves, to create secure backups of important data on a regular basis. Simply backing up is not enough though, as physically disconnecting the storage device is required to avoid it being infected with ransomware as well. Cloud storage is another option to use, but it makes your data vulnerable to all other kinds of attacks.

    #3 Don’t pay ransom!
    This one is quite simple – there’s no guarantee that victims will get their data back even if they caught up cash cyber crooks demand from them. Plus there is no guarantee that the attackers won’t strike you again or demand more.

    #4 Install antivirus (at least a trial version)!
    Make use of your antivirus software’s ransomware removal tool, which should scan for and wipe out any ransomware attempts found on your computer.

    Most paid subscriptions use real-time protection to keep their clients. Even if ransomware gets past your antivirus, chances are good that within a short while an automatic antivirus update will clear the intruder from your system. Most antivirus companies offer trial versions free of charge to test before subscribing for a paid service, which should be enough if one needs to urgently remove a stray malware.
    Ransomware known as WannaCry, Wanna, or Wcry went on a global cyber infection rampage on Friday, infecting at least 75,000 computers in at least 99 countries. The malware adopted to a multi-lingual platform has caused complete data paralysis at banks, hospitals and telecommunications service providers, most notably in the UK, Spain, and Germany.

    The virus demands a ransom of $300 to $600 in bitcoin by May 15 to unlock access to data held hostage. The malware is widely believed to have been developed based on the National Security Agency’s zero-day exploit which was leaked last month by the Shadow Brokers hacker group.

    LIVE UPDATES: Mass cyberattack strikes computer systems worldwide


    Related:
    Leaked NSA exploit blamed for global ransomware cyberattack

    ----------------------------------------------------


    Microsoft releases urgent OS patch in wake of #WannaCry ransomware blitz

    RT
    Published time: 13 May, 2017 10:58
    Get short URL

    Microsoft has taken the “highly unusual” step of securing early operating systems in the wake of a massive ransomware attack that wreaked havoc on global computer networks, including the UK’s National Health Service.

    Microsoft XP received the new security patch three years after the computer giant discontinued support for the OS.

    The patch release comes after a virus known as ‘WannaCry’ ransomware, which encrypts files and demands users pay for their release, infected more than 100,000 computers worldwide on Friday.

    Malware Tech reports that approximately 124,000 computers have now been affected by the virus, with parts of the UK’s National Health Service, including patient records and other administrative data, debilitated by the sudden attack.

    “Seeing businesses and individuals affected by cyberattacks, such as the ones reported today [Friday], was painful,” a Microsoft statement read.


    “We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.”

    An investigation is currently underway to determine the source of the cyberattack. According to the European Cybercrime Centre, Europol is “working closely” with countries affected by the blitz to identify the culprits.

    NSA exploit codes were released by The Shadow Brokers, a hacking group, this year. The US government cyber weapons were later offered at auction for billions of dollars in bitcoin.

    Earlier this year, Microsoft created a patch called MS17-010 to guard against the virus. But older, unsupported operating systems were not included in the update.

    “WannaCrypt’s spreading mechanism is borrowed from well-known public SMB exploits, which armed this regular ransomware with worm-like functionalities, creating an entry vector in machines still unpatched even after the fix had become available,” Microsoft said.

    Quote
    MalwareTech @MalwareTechBlog
    I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
    2:20 AM - 13 May 2017
    Elsewhere, a Twitter user posting under the name of @malwaretechblog is being hailed an unlikely hero after they registered a domain name referenced in the virus code. The domain registry acts as a kill switch in the code, halting the ransomware.


    Darien Huss, a security research engineer who reportedly helped find the loophole, explained: “WannaCry propagation payload contains previously unregistered domain, execution fails now that domain has been sinkholed.”


    Quote View image on Twitter


    Follow
    Darien Huss @darienhuss

    #WannaCry propagation payload contains previously unregistered domain, execution fails now that domain has been sinkholed
    7:29 PM - 12 May 2017
    Related:
    Ransomware virus plagues 100k computers across 99 countries
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  27. The Following 7 Users Say Thank You to Hervé For This Post:

    Bill Ryan (13th May 2017), BMJ (22nd May 2017), Innocent Warrior (13th May 2017), KiwiElf (13th May 2017), Nasu (13th May 2017), norman (13th May 2017), uzn (13th May 2017)

  28. Link to Post #15
    United States Avalon Member bearcow's Avatar
    Join Date
    24th January 2011
    Location
    left of west
    Posts
    539
    Thanks
    103
    Thanked 2,055 times in 472 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    wonder how many people were dumb enough to pay the ransom
    "You have brains in your head. You have feet in your shoes. You can steer yourself any direction you choose. You're on your own. And you know what you know. And YOU are the one who'll decide where to go..."
    — Dr. Seuss

  29. The Following 2 Users Say Thank You to bearcow For This Post:

    BMJ (22nd May 2017), Nasu (13th May 2017)

  30. Link to Post #16
    Ecuador Honored, Retired Member. Warren passed on 2 July, 2020.
    Join Date
    28th March 2014
    Location
    Cuenca, Ecuador
    Age
    80
    Posts
    953
    Thanks
    5,175
    Thanked 5,540 times in 864 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    I use a disconnected, full backup. THis way even operating files are replaceable. It means that now and then I must buy a larger disk drive to accommodate my growing size of total files. This technique will only allow me to return my computer to the date of the last backup so I should backup frequently. I also frequently make an additional backup of data files to a separate, device. I also use an attached disk for very frequent auto backups, but that will not help fight some malware. My paranoia stems from fifteen years as a database specialist for large commercial systems.

  31. The Following 4 Users Say Thank You to wnlight For This Post:

    BMJ (22nd May 2017), Hervé (13th May 2017), KiwiElf (13th May 2017), Nasu (13th May 2017)

  32. Link to Post #17
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,658 times in 8,694 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Safe for now... but patch regularly anyway... That's literally 60% of my job (patching).

    Quote 'Accidental hero' halts ransomware attack and warns: this is not over


    The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.
    The ransomware used in Friday’s attack wreaked havoc on organisations including FedEx and Telefónica, as well as the UK’s National Health Service (NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.
    But the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.
    https://www.theguardian.com/technolo...e-cyber-attack
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  33. The Following 4 Users Say Thank You to TargeT For This Post:

    avid (13th May 2017), BMJ (22nd May 2017), Bob (13th May 2017), Nasu (13th May 2017)

  34. Link to Post #18
    France On Sabbatical
    Join Date
    7th March 2011
    Location
    Brittany
    Posts
    16,763
    Thanks
    60,315
    Thanked 95,891 times in 15,481 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Interesting accidental flipping of the kill-switch

    Quote Posted by Hervé (here)
    [...]
    Quote

    MalwareTech @MalwareTechBlog
    I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
    2:20 AM - 13 May 2017
    Elsewhere, a Twitter user posting under the name of @malwaretechblog is being hailed an unlikely hero after they registered a domain name referenced in the virus code. The domain registry acts as a kill switch in the code, halting the ransomware.
    [...]
    "La réalité est un rêve que l'on fait atterrir" San Antonio AKA F. Dard

    Troll-hood motto: Never, ever, however, whatsoever, to anyone, a point concede.

  35. The Following 4 Users Say Thank You to Hervé For This Post:

    avid (13th May 2017), BMJ (22nd May 2017), Nasu (13th May 2017), TargeT (13th May 2017)

  36. Link to Post #19
    Avalon Member
    Join Date
    26th May 2010
    Location
    Albuquerque, NM, USA
    Age
    73
    Posts
    2,450
    Thanks
    11,320
    Thanked 22,056 times in 2,419 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    Hmmmm. What are the odds? How convenient.

    Does this imply that whenever something like this happens, all that needs to be done to defeat it is register codes?
    Last edited by Satori; 13th May 2017 at 21:19.

  37. The Following User Says Thank You to Satori For This Post:

    BMJ (22nd May 2017)

  38. Link to Post #20
    Avalon Member norman's Avatar
    Join Date
    25th March 2010
    Location
    too close to the hot air exhaust
    Age
    68
    Posts
    8,893
    Thanks
    9,940
    Thanked 55,016 times in 8,167 posts

    Default Re: Ransomware Attack - Worldwide (12 May 2017)

    For those, like me, who prefer listening to reading, Lisa Haven video blogs her version of the news. She points out that the biggest cluster of hits is in Russia. I noticed myself last night that China doesn't look bady hit, but that might be because most of China doesn't even have computers yet?





    and..... if you've got a British chuckle bone....



    [ but someone should tell him the nukes are still being run off 5 1/4" floppies ]
    ..................................................my first language is TYPO..............................................

  39. The Following 2 Users Say Thank You to norman For This Post:

    BMJ (22nd May 2017), Hervé (14th May 2017)

+ Reply to Thread
Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts