Jump to content
piemadd
piemadd piemadd

Wanna cry got my school system. They managed to stop it though. We have actually good IT guys. What a surprise. Well, they do have to care for hundreds of thousands of student devices, and keep them clean.

 

Anyway, i could theoretically stop it. You could have a bait vm, get that infected and then you would be good. A file on your machile can have a hidden in tracker installed. Once going to pay the hackers, you can ask them to verify that they have your files. If they unzip whatever folder or whatever, you get where I am going. It tracker initializes, sending ip to me/other people. After getting ip, pretend to be getting bitcoin bought, while reporting to authorities.

 

 

it could work.

  1. RadiatingLight

    RadiatingLight

    I'm pretty sure that if that idea worked, people would've already used it to stop the worm.

  2. Sauron

    Sauron

    I think the "trial" uses a locally stored key that was only used to encrypt a file or two.

  3. piemadd

    piemadd

    @RadiatingLight it encrypts the data, 

     

    @AUniqueName it encrypts the data, sends it to them, and then it is deleted offf of your machine. Somehow getting a vm infected might work. Trust me.

     

    @Sauron there is a trial? Pls inform more.

     

     

  4. thenastyjbenny

    thenastyjbenny

    Then @AUniqueName what does it do exactly? Implosive is the only one doing the thinking here, you're just shooting down his idea and then not explaining where your reasoning came from...

  5. Sauron

    Sauron

    @AUniqueName I believe he meant THE KEY is sent to the attackers and deleted from your system.

  6. Sauron

    Sauron

    @Implosivetech from what I've seen there's a "trial" button in the ransom window that will decrypt a file or two to supposedly prove they have the key and paying will work.

  7. MoonlightSylv

    MoonlightSylv

    It doesn't send them the files, it just locally encrypts them. 

     

    I don't think a bait VM would work because you're never going to be directly connected to their IP, you probably just transfer the funds to their bitcoin wallet or something.

  8. vanished

    vanished

    Quote

    Wanna cry got my school system. [...] We have actually good IT guys. [...]

    Hm...

  9. piemadd

    piemadd

    @Ryan_Vickers most schools outside of Fulton County(my county) don't have very good IT.

  10. vanished

    vanished

    What I'm saying is if you had good IT you wouldn't have been hit by this.  It was very easy to avoid

  11. piemadd

    piemadd

    Well, they didn't know about it, until it hit them. The thing is, if they shut down and update a server for a few hours, the wifi on school iPads and surfaces go down. RIP

  12. vanished

    vanished

    Quote

    Well, they didn't know about it, until it hit them.

    Again, that's just pitiful IT.  This has been big news for quite some time now so for them to be unaware would require that either they intentionally ignored the problem, or are grossly incompetent.

  13. piemadd

    piemadd

    @AUniqueName +1 i agree

×