Jump to content

[3rd Update]WCry ransomwsre has possible links to Lazarus Group & PRNK

Master Disaster

(3rd Update)

This is one that was posted in this thread yesterday but I wanted to wait for an actual article before updating...

 

A security expert from Google believes he has discovered code in Wanna Cry which is "remarkably similar" to code taken from another malware that's been attributed to Lazarus, a mysterious hacking group who are believed to operate on behalf of the Peoples Republic Of North Korea. They're the same group who are believed to be responsible for the 2014 Sony hack and the 2016 Bangladeshi bank raid.

Quote

Who was behind the huge global cyber-attack? One prominent theory right now is North Korea - but what we know is far from conclusive.

 

You may not have heard of the Lazarus Group, but you may be aware of its work. The devastating hack on Sony Pictures in 2014, and another on a Bangladeshi bank in 2016, have both been attributed to the highly sophisticated group.

 

It is widely believed that the Lazarus Group worked out of China, but on behalf of the North Koreans.

 

Security experts are now cautiously linking the Lazarus Group to this latest attack after a discovery by Google security researcher Neel Mehta. He found similarities between code found within WannaCry - the software used in the hack - and other tools believed to have been created by the Lazarus Group in the past.

Experts admit that other groups could have reused the code to make it look like Lazarus but say that's unlikely

Quote

In the case of WannaCry, it is possible that hackers simply copied code from earlier attacks by the Lazarus Group.

 

But Kaspersky said false flags within WannaCry were "possible" but "improbable", as the shared code was removed from later versions.

 

"There's a lot of ifs in there," added Prof Woodward.

 

"It wouldn't stand up in court as it is. But it's worth looking deeper, being conscious of confirmation bias now that North Korea has been identified as a possibility."

They are calling for caution however stating that China was also hit hard by the attack and its unlikely the PRNK would want to hit their closest ally

Quote

First, China was among the countries worst hit, and not accidentally - the hackers made sure there was a version of the ransom note written in Chinese. It seems unlikely North Korea would want to antagonise its strongest ally. Russia too was badly affected.

 

Second, North Korean cyber-attacks have typically been far more targeted, often with a political goal in mind.

 

In the case of Sony Pictures, hackers sought to prevent the release of The Interview, a film that mocked North Korean leader Kim Jong-un. WannaCry, in contrast, was wildly indiscriminate - it would infect anything and everything it could.

 

Finally, if the plan was simply to make money, it’s been pretty unsuccessful on that front too - only around $60,000 (£46,500) has been paid in ransoms, according to analysis of Bitcoin accounts being used by the criminals.

 

With more than 200,000 machines infected, it's a terrible return. But then of course, maybe the ransom was a distraction for some other political goal not yet clear.

 

Another possibility is that the Lazarus Group worked alone, without instruction from North Korea. Indeed, it could be that the Lazarus Group isn’t even linked to North Korea.

http://www.bbc.co.uk/news/technology-39931635

 

Well I remember posting the story about NK hacking Sony here and getting laughed at by a lot of people, look how that one turned out. I'm not sure I believe it this time though, seems odd hackers operating for NK out of China would infect China so badly, don't bite the hand that feeds you and all that.

 

(2nd Update)

Some industry experts and virus labs are saying they're starting to see Wcry V3 out in the wild (V2 was the version that caused chaos on Friday as the original V1 variant didn't use the EternalBlue exploit at all) and this variant appears to have no kill switch.

Quote

If you are following the news, by now you might be aware that a security researcher has activated a "Kill Switch" to stop WannaCry ransomware from spreading further, but it's not over, criminals are now launching attacks using WannaCry 2.0 that do not have 'kill-switch' domain connect function.

WannaCry infections are raising even hours after kill-switch was triggered, from 100,000 to 213,000 computers across 99 countries, and now this latest version can take over other hundreds of thousands of unpatched computers without any disruption.

Industry expert Costin Raiu from Kaspersky confirmed that they've seen variants with no kill switch in their labs since Friday which would be just hours after the original kill switch was activated

Quote

Costin Raiu, the director of global research and analysis team at Kaspersky Labs has confirmed that they have seen samples on Friday that did not have the kill switch.

 

"I can confirm we've had versions without the kill switch domain connect since yesterday," told The Hacker News via messages.

^^^^ Turns out he was wrong on this, the new version has a new domain check in place, Raiu said "Sorry guys, my bad"^^^^

 

The expert responsible for accidentally disabling Wcry has also confirmed that his sinkhole server has been DDOSed but said "the DDOS failed hardcore"

Quote

MalwareTech also confirmed us that some "Mirai botnet skids tried to DDoS the [sinkhole] server for lulz," to make it unavailable for WannaCry, when attempts to connect it, which triggers infection if the connection fails. But far now, DDoS attack "failed hardcore."

http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html

 

Guys, if your systems are not patched then GET THE PATCHED ASAP!!!

 

(Original Post)

In this thread it was reported the malware had ransacked the NHS in the UK, well reports are now coming in from various companies in up to 74 countries saying they have been affected by the attack.

Quote

A massive ransomware campaign appears to have infected a number of organisations around the world.

 

Computers in thousands of locations have apparently been locked by a program that demands $300 (£230) in Bitcoin

.

There have been reports of infections in as many as 74 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan.

 

Many security researchers are linking the incidents together.

Experts from Kaspersky have said "this is huge" and are indicating the malware is spreading like a worm using an exploit posted by the shadow brokers as part of their NSA leak. Latest reports say 45,000 attacks in 74 countries and still growing.

Quote

One cyber-security researcher tweeted that he had detected many thousands of cases of the ransomware - known as WannaCry and variants of that name - around the world.

 

"This is huge," said Jakub Kroustek at Avast.

 

Another, at cyber-security firm Kaspersky, said that the ransomware had been spotted cropping up in 74 countries and that the number was still growing.

 

Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the US National Security Agency (NSA).

 Microsoft have already patched the exploit in March, obviously a lot of businesses don't update regularly

Quote

A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.

 

Some security researchers have pointed out that the infections seem to be deployed via a worm - a program that spreads by itself between computers.

Affected firms so far are

Quote

The NHS

TELEFONICA

Iberdrola

FedEX

Italian universities

Gas Natural

Portugal Telecom

Megafon

Russian Interior Minister

a large number of universities in China.

http://www.bbc.co.uk/news/technology-39901382

https://www.twitter.com/craiu/status/863076786887852032

 

Well hot damn, Fri May 12th 2017, the day the internet changed forever.

 

[Update]

 

A British expert managed to stop the worm from delivering its payload but it is still active and spreading - https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

 

Microsoft have released patches for the exploit for all OSes going back to Windows XP, if your running an unsupported OS get the patch from Windows Update or here - http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598 (thanks Lawlz)

 

Experts have discovered the master password used by the worm to lock the zip file as it was spreading but this won't help you if your infected as the malware seems to encrypt every single file individually meaning each file needs its own unique key to decrypt.

 

@The Benjamins provided the 3 BTC block chains associated with Wcry

 

https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, Master Disaster said:

I wonder if Snowden will comment on this at all?

Oh, someone's gonna comment, but it's not hard to predict what they'll say.  Something along the lines of "this is what happens when you hoard vulnerabilities for your own use... one day they get out all at once and wreak havoc.  Don't do it anymore!"

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Kamina said:

The NSA and CIA have left the entire world vulnerable to attacks.

Or... Snowden released all the program files to the internet, so anyone, good or bad could get them. They could have just showed a list of the applications and their capabilities, instead of the actual source files. The NSA and CIA were overstepping their bounds to make these programs, but it doesn't help to release them to the entire internet. 

Intel HEDT and Server platform enthusiasts: Intel HEDT Xeon/i7 Megathread 

 

Main PC 

CPU: i9 7980XE @4.5GHz/1.22v/-2 AVX offset 

Cooler: EKWB Supremacy Block - custom loop w/360mm +280mm rads 

Motherboard: EVGA X299 Dark 

RAM:4x8GB HyperX Predator DDR4 @3200Mhz CL16 

GPU: Nvidia FE 2060 Super/Corsair HydroX 2070 FE block 

Storage:  1TB MP34 + 1TB 970 Evo + 500GB Atom30 + 250GB 960 Evo 

Optical Drives: LG WH14NS40 

PSU: EVGA 1600W T2 

Case & Fans: Corsair 750D Airflow - 3x Noctua iPPC NF-F12 + 4x Noctua iPPC NF-A14 PWM 

OS: Windows 11

 

Display: LG 27UK650-W (4K 60Hz IPS panel)

Mouse: EVGA X17

Keyboard: Corsair K55 RGB

 

Mobile/Work Devices: 2020 M1 MacBook Air (work computer) - iPhone 13 Pro Max - Apple Watch S3

 

Other Misc Devices: iPod Video (Gen 5.5E, 128GB SD card swap, running Rockbox), Nintendo Switch

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Ryan_Vickers said:

Oh, someone's gonna comment, but it's not hard to predict what they'll say.  Something along the lines of "this is what happens when you hoard vulnerabilities for your own use... one day they get out all at once and wreak havoc.  Don't do it anymore!"

And if he/the shadow brokers didn't leak them this would never of happened.

 

Right now I feel torn because I understand the importance of what he/they have done but on the flip they basically started the downfall of the internet. I'm calling it right now, governments around the world will use today as an excuse to legislate the internet and the freedom we have right now will all disappear.

 

Thanks Ed *slow clap*

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Ryan_Vickers said:

Oh, someone's gonna comment, but it's not hard to predict what they'll say.  Something along the lines of "this is what happens when you hoard vulnerabilities for your own use... one day they get out all at once and wreak havoc.  Don't do it anymore!"

 

8 minutes ago, Master Disaster said:

I wonder if Snowden will comment on this at all?

Not sure why or what Snowden really would have to say on this besides that he worked for the NSA.  The more interesting thing appears to be that this is all stemming from vulnerabilities that were broadcast by 'The Shadow Brokers', being the EternalBlue exploit and the DoublePulsar exploit.  I guess a good lesson from this as well is to make sure you keep up-to-date with your security updates.  Kind of beginning to wonder if this is all set up by The Shadow Brokers to get cash themselves considering it is written using at least two exploits that they published...

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Master Disaster said:

And if he/the shadow brokers didn't leak them this would never of happened.

 

Right now I feel torn because I understand the importance of what he/they have done but on the flip they basically started the downfall of the internet. I'm calling it right now, governments around the world will use today as an excuse to legislate the internet and the freedom we have right now will all disappear.

 

Thanks Ed *slow clap*

I think you might be overreacting just slightly.  No question this is a big deal, but there've been big deals in the past too and it wasn't the end of the world

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, Ryan_Vickers said:

I think you might be overreacting just slightly.  No question this is a big deal, but there've been big deals in the past too and it wasn't the end of the world

Yeah but Donald Trump wasn't in charge of the USA when those other things happened. Both the USA & UK governments have shown their distain towards internet freedom in the past few years, this might just be the excuse they need to finally do something about it.

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites

Link to post
Share on other sites

Damn, that's scary, maybe it's time to go dark for a few days...

If you want my attention, quote meh! D: or just stick an @samcool55 in your post :3

Spying on everyone to fight against terrorism is like shooting a mosquito with a cannon

Link to comment
Share on other sites

Link to post
Share on other sites

8 minutes ago, Zando Bob said:

Or... Snowden released all the program files to the internet, so anyone, good or bad could get them. They could have just showed a list of the applications and their capabilities, instead of the actual source files. The NSA and CIA were overstepping their bounds to make these programs, but it doesn't help to release them to the entire internet. 

That, in the eyes of the majority of people, isn't credible. 

 

Unfortunately, people need source files and actual documents to believe. So no, they couldn't. 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Master Disaster said:

Yeah but Donald Trump wasn't in charge of the USA when those other things happened. 

Off Topic, non-sequitur...  Whoever is president of the US has nothing to do with this and isn't relevant to the topic of discussion.

 

On Topic:  It should be interesting to see if there is a delay in package deliveries from FedEx as they may have had to shut down their PCs as well...

 

https://www.bleepingcomputer.com/news/security/wana-decrypt0r-ransomware-using-nsa-exploit-leaked-by-shadow-brokers-is-on-a-rampage/

Quote

Other victims also include the Russian Interior Minister, Portugal Telecom, and a large number of universities in China.

 

In the meantime, Bleeping Computer has learned from an inside source that Telenor Hungary — a local telecommunications provider — also suffered a similar incident. Just like Telefonica, had issued an SMS alert warning customers to shut down PCs or disconnect them from internal VPN networks. Another source also told Bleeping Computer that FedEx's Memphis office is currently telling employees to shut down their PCs in a somewhat similar incident.

 

Link to comment
Share on other sites

Link to post
Share on other sites

12 minutes ago, Zando Bob said:

Or... Snowden released all the program files to the internet, so anyone, good or bad could get them. They could have just showed a list of the applications and their capabilities, instead of the actual source files. The NSA and CIA were overstepping their bounds to make these programs, but it doesn't help to release them to the entire internet. 

The other issue is writing any form of malware really doesn't take to much time

IM BACK BABY

Link to comment
Share on other sites

Link to post
Share on other sites

20 minutes ago, Kamina said:

The NSA and CIA have left the entire world vulnerable to attacks.

somehow, i hope politicians that is on the fence with cyber stalking shit get the picture. 

 

If you have it, eventually someone will steal it, and abuse it.

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, AUniqueName said:

That, in the eyes of the majority of people, isn't credible. 

 

Unfortunately, people need source files and actual documents to believe. So no, they couldn't. 

Good point. So is it better to have some people distrust your info, or release those programs into the wild? Isn't there something else they could of done? 

 

 

They need to make some way to sue the government, then they could take up a case against the NSA and CIA, and stop them form making these exploits. Though they probs have virtually unlimited $$$, so you might lose. 

Intel HEDT and Server platform enthusiasts: Intel HEDT Xeon/i7 Megathread 

 

Main PC 

CPU: i9 7980XE @4.5GHz/1.22v/-2 AVX offset 

Cooler: EKWB Supremacy Block - custom loop w/360mm +280mm rads 

Motherboard: EVGA X299 Dark 

RAM:4x8GB HyperX Predator DDR4 @3200Mhz CL16 

GPU: Nvidia FE 2060 Super/Corsair HydroX 2070 FE block 

Storage:  1TB MP34 + 1TB 970 Evo + 500GB Atom30 + 250GB 960 Evo 

Optical Drives: LG WH14NS40 

PSU: EVGA 1600W T2 

Case & Fans: Corsair 750D Airflow - 3x Noctua iPPC NF-F12 + 4x Noctua iPPC NF-A14 PWM 

OS: Windows 11

 

Display: LG 27UK650-W (4K 60Hz IPS panel)

Mouse: EVGA X17

Keyboard: Corsair K55 RGB

 

Mobile/Work Devices: 2020 M1 MacBook Air (work computer) - iPhone 13 Pro Max - Apple Watch S3

 

Other Misc Devices: iPod Video (Gen 5.5E, 128GB SD card swap, running Rockbox), Nintendo Switch

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, WMGroomAK said:

Off Topic, non-sequitur...  Whoever is president of the US has nothing to do with this and isn't relevant to the topic of discussion.

I'm sorry but you'd better believe that's relevant, a fossilised Luddite has control of the most powerful nation on the planet right now.

 

Perhaps I am overreacting but I have this feeling that the US and the UK (at least) will try and use this to remove the freedom from the internet. Note I said try!

 

 

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites

Link to post
Share on other sites

I think it's kind of like the nuke problem. The US has them because Russia has them, who has them because N. Korea has them, who has them since everyone else has them, and everyone else has them because the other nations have them.... It's the same with these programs. The NSA and CIA will have them because everyone else has them, and they think they need them to keep tabs on the other people who might have them. Also, data is king in cybersecurity. The more data you have on someone or something, the more accurately you can predict behaviors or events. Good news is (at least so far) if you aren't doing anything wrong, you won't be an NSA or CIA target. :D

Intel HEDT and Server platform enthusiasts: Intel HEDT Xeon/i7 Megathread 

 

Main PC 

CPU: i9 7980XE @4.5GHz/1.22v/-2 AVX offset 

Cooler: EKWB Supremacy Block - custom loop w/360mm +280mm rads 

Motherboard: EVGA X299 Dark 

RAM:4x8GB HyperX Predator DDR4 @3200Mhz CL16 

GPU: Nvidia FE 2060 Super/Corsair HydroX 2070 FE block 

Storage:  1TB MP34 + 1TB 970 Evo + 500GB Atom30 + 250GB 960 Evo 

Optical Drives: LG WH14NS40 

PSU: EVGA 1600W T2 

Case & Fans: Corsair 750D Airflow - 3x Noctua iPPC NF-F12 + 4x Noctua iPPC NF-A14 PWM 

OS: Windows 11

 

Display: LG 27UK650-W (4K 60Hz IPS panel)

Mouse: EVGA X17

Keyboard: Corsair K55 RGB

 

Mobile/Work Devices: 2020 M1 MacBook Air (work computer) - iPhone 13 Pro Max - Apple Watch S3

 

Other Misc Devices: iPod Video (Gen 5.5E, 128GB SD card swap, running Rockbox), Nintendo Switch

Link to comment
Share on other sites

Link to post
Share on other sites

pretty easy to say that sys admins, along with SIGNIT organisations won't be getting much sleep tonight.

Intel i5-6600K@4.2GHz, 16GB Crucial DDR4-2133, Gigabyte Z170X-UD3, Be quiet shadow rock slim, Sapphire RX 480 Nitro+ OC, Fractal design Integra M 550W, NZXT S340, Sandisk X110 128GB, WD black 750GB, Seagate momentus 160GB, HGST 160GB

Link to comment
Share on other sites

Link to post
Share on other sites

Still using Bitcoins? It's difficult to get stupid Bitcoins. Why can't they accept McDonald's gift cards dagnabbit!

Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, ashypanda said:

pretty easy to say that sys admins, along with SIGNIT organisations won't be getting much sleep tonight.

The smart ones will have already made the call to head office and said 

 

"We have 2 options, we pay the ransom or we restore to an earlier backup"

 

because there's nothing else they can do without the keys.

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Master Disaster said:

The smart ones will have already made the call to head office and said 

 

"We have 2 options, we pay the ransom or we restore to an earlier backup"

 

because there's nothing else they can do without the keys.

Depends on the backup. If it's connected the there is a chance its infected too. Only safe backup is a offline backup, that means it's never physically connected to the system, when the infection occurred.

Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to comment
Share on other sites

Link to post
Share on other sites

7 minutes ago, NumLock21 said:

Depends on the backup. If it's connected the there is a chance its infected too. Only safe backup is a offline backup, that means it's never physically connected to the system, when the infection occurred.

The scary thought being a UK citizen is imagining what is going to happen should Wcry make it onto the NHS's record servers. I struggle to imagine they keep backups of 60 million patient records so what happens if our records get encrypted?

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Master Disaster said:

The smart ones will have already made the call to head office and said 

 

"We have 2 options, we pay the ransom or we restore to an earlier backup"

 

because there's nothing else they can do without the keys.

worth while back ups are on tape, which is going to take a while to restore, and to disconnect everything from the internet to install the patches, and to make sure there is no way they can get reinfected, but it's still going to be a long headache filled night.

Intel i5-6600K@4.2GHz, 16GB Crucial DDR4-2133, Gigabyte Z170X-UD3, Be quiet shadow rock slim, Sapphire RX 480 Nitro+ OC, Fractal design Integra M 550W, NZXT S340, Sandisk X110 128GB, WD black 750GB, Seagate momentus 160GB, HGST 160GB

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Master Disaster said:

The scary thought being a UK citizen is imagining what is going to happen should Wcry make it onto the NHS's record servers. I struggle to imagine they keep backups of 60 million patient records so what happens if our records get encrypted?

That would be indeed scray, but most backup should be done on tape drives not SSD or HDD

Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to comment
Share on other sites

Link to post
Share on other sites

They almost have 100 bitcoins already, damn.

Also it's still growing, infecting 80-100 pc's per minute.

https://intel.malwaretech.com/botnet/wcrypt

If you want my attention, quote meh! D: or just stick an @samcool55 in your post :3

Spying on everyone to fight against terrorism is like shooting a mosquito with a cannon

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×