Huge Ransomware Attack Spreads Across Globe: What to Do

Status
Not open for further replies.

Paul Wagenseil

Senior Editor
Apr 11, 2014
692
1
4,940


Yes, I've already linked to your blog posting in the story above.
 

Avast-Team

Estimable
Mar 3, 2017
225
1
5,165


Thanks Paul, I see it now! Apologies for the double post if it was already included.
 

Intishar

Prominent
May 12, 2017
1
0
510
Why should governments, hospitals, public offices and telecoms go around buying expensive Windows products which causes them much havoc form time to time, sometimes from rather minuscule malware codes?
 

kittyhundal

Commendable
Jan 25, 2017
4
0
1,510
Source: https://wikileaks.org/ciav7p1/

"Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published."
 

kittyhundal

Commendable
Jan 25, 2017
4
0
1,510
https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/

"The full list of tools documented by Hickey are:

ETERNALROMANCE?—?Remote privilege escalation (SYSTEM) exploit (Windows XP to Windows 2008 over TCP port 445)
ENTERNALCHAMPION, ETERNALSYSTEM?—?Remote exploit up to Windows 8 and 2012
ETERNALBLUE — Remote Exploit via SMB & NBT (Windows XP to Windows 2012)
EXPLODINGCAN?—?Remote IIS 6.0 exploit for Windows 2003
EWORKFRENZY?—?Lotus Domino 6.5.4 and 7.0.2 exploit
ETERNALSYNERGY?—?Windows 8 and Windows Server 2012
FUZZBUNCH?—?Exploit Framework (Similar to Metasploit) for the exploits."
 

PaulAndrewAnderson

Prominent
May 12, 2017
1
0
510
All these bugs (in this case, the ruse of encryption) work within the MS-OS files only (keyword: Server Message Block). It encrypts access to the files, not every individual file alone. Physically pull the HDD, buy a USB-to-SATA adapter cable (amazon.com, walmart.com, etc. I got 2 of them), then plug the infected HDD into a Linux-based (only) PC or laptop; it will pop-up as an external USB device. It will not boot because an OS is already running (and the Linux OS would not recognize or execute them anyway). Copy (not cut/paste) all the files you want to keep, onto another external storage device, ignoring the many Windows OS files. Then, buy and install an SSD back into the infected PC, and install on it, any popular Linux Distro. Then, reformat the infected HDD using gParted; it will wipe the entire HDD, removing all partitions, effectively turning it into an external USB storage device that can be left plugged in, via the adapter cable. Store everything on external devices; only use the internal SSD for the OS; thus, you'd only need a 128G SSD. I have successfully done this twice on supposedly encryption-ransomed equipment.
 

Snow77

Estimable
Feb 21, 2015
2
0
4,510
It's likely that there will be more leaks of more serious NSA exploits and hackers are creative at using them for their gains.

Always disable unsecure protocols you dont need and patch your systems. If you want to know whether SMB1 is enabled on your system, there are some easy ways to do that yourself. SMB1 is the protocol that is exploited by the ransomware: http://windows7themes.net/en-us/how-to-disable-smbv1-on-windows-7-8-and-10-to-protect-yourself-from-ransomware-wanacrypt0r-2-0/
 


only one thing..., the files get encrypted so copying them to Linux would do..... nothing...


 

aishsri

Prominent
May 13, 2017
2
0
510
Does this mean Mac book or apple phones are not affected or will not be affected by this Ransomware attack?.Please guide me.Would appreciate your reply with proper guidance. Many thanks in advance.
 

Paul Wagenseil

Senior Editor
Apr 11, 2014
692
1
4,940


The exploit of a previously unknown flaw in Windows that makes this attack possible was stolen from the NSA at some point over the past few years. This ransomware uses that exploit to break into computer, but the NSA itself did NOT develop this ransomware.

Think of the exploit as a key, and the ransomware as the burglar who gets a stolen copy of that key.
 

Paul Wagenseil

Senior Editor
Apr 11, 2014
692
1
4,940


What would you propose as an alternative?
 
Status
Not open for further replies.