Near all WannaCry ransomware infected users were running Windows 7

[jaggysnake57]

1 minute ago, SpaceGhostC2C said:

Exactly. So it didn't matter which OS you were running.

But because one OS forces updates on you, and the other leaves the choice to you, let us all jump to conclusions and praise Big Brother for doing What's Best For Us (TM) rather than letting us choose the risks we take and the time to do things like grown ups.

Who cares that this doesn't take into account the pool of potential targets (i.e., market share, but not just in general: market share among institutions worth targeting), etc. The obvious conclusion is that less choice is better, and the less you decide for yourself, the happier you will be.

what are you on about? for a start off most people dont know the risks of not updating all they see is another update that they cant be arsed to install secondly how is that big brother? there not trying to tell you what to do there trying to help........as for the rest of your rant, you think they targeted anything? it was an infected email, thats not targeting thats carpet bombing

 

[Foxxer]

Will this work? 

 

 

On a serious note, I have a windows 7 thinkpad, scared to turn it on lol.

[H0R53]

3 minutes ago, GoodBytes said:

Maybe it was targeting Windows 7. It is the most used version of Windows, especially in businesses. Ransomware makers seeks companies more than individuals, as they can pay the big bucks. It takes advantage of the fact that many businesses have poor backup, and system recovery procedures in place, and take advantage of the fact that many businesses and many people follow the "If it works, I don't update" mentality, which is wrong.

I'm using 7 x64 on every machine under my ownership, not one of them has had issues so far.

 

I don't even use antivirus.

 

I have a large HOSTS file (1,000,000+ entries) and I use AdBlock, but that's it.

 

I've disabled Windows Defender because it sucks.

 

Basically the only defenses I have are my network firewall and my extremely slow hosts resolve...

[Guest]

7 minutes ago, SpaceGhostC2C said:

Exactly. So it didn't matter which OS you were running.

But because one OS forces updates on you, and the other leaves the choice to you, let us all jump to conclusions and praise Big Brother for doing What's Best For Us (TM) rather than letting us choose the risks we take and the time to do things like grown ups.

Who cares that this doesn't take into account the pool of potential targets (i.e., market share, but not just in general: market share among institutions worth targeting), etc. The obvious conclusion is that less choice is better, and the less you decide for yourself, the happier you will be.

If you're referring to forced updates on W10, then I personally see no reason whatsoever to be pissed off about it. I can't understand why someone would want to delay security patches in the first place, and you can defer feature updates in W10 if you're worried about MS releasing a feature update which installs their shit all up your ass 

 

You can also defer security updates for a lesser amount of time than feature updates. 

 

[GoodBytes]

4 minutes ago, H0R53 said:

I'm using 7 x64 on every machine under my ownership, not one of them has had issues so far.

 

I don't even use antivirus.

 

I have a large HOSTS file (1,000,000+ entries) and I use AdBlock, but that's it.

 

I've disabled Windows Defender because it sucks.

 

Basically the only defenses I have are my network firewall and my extremely slow hosts resolve...

I won't criticize your setup, as this is off topic. You do what you want, I don't care.

 

But as mentioned, AGAIN, if your system is updated, you are safe. The problem is for those who don't update their Windows. If you keep Windows 7 up to date, you are safe from it.

 

The chart does NOT say "98% of windows 7 uses" It says "98% who WERE affected are running Windows 7", see the difference.

[SpaceGhostC2C]

24 minutes ago, tlink said:

whoa i thought wannacry was mostly targeted at win xp.

It exploited a vulnerability that was present in all versions of Windows. It wasn't a targeted attack, but rather a loose worm infecting whatever it could on its way.

22 minutes ago, weed said:

Shit. I run Windows 7 Ultimate on my Desktop and laptop.

How would you get infected, though?

 

1 minute ago, jaggysnake57 said:

what are you on about? for a start off most people dont know the risks of not updating all they see is another update that they cant be arsed to install secondly how is that big brother? there not trying to tell you what to do there trying to help........

They are not trying to tell you, of course not. They are not even trying to tell you what to do: they are just directly doing it.

Regarding the res of your paternalistic rant, that's just your point of view. I have a different one, which dislikes the "it's for your own sake" mentality, and likes the freedom to live and let die when it comes to computers, even if it means opening the "Iamavirus.exe" i got as an attachment from a wealthy Nigerian Prince.

 

1 minute ago, jaggysnake57 said:

as for the rest of your rant, you think they targeted anything? it was an infected email, thats not targeting thats carpet bombing

 

I know. But how did it got released, and who is going to have anything worth paying for?

[H0R53]

1 minute ago, GoodBytes said:

I won't criticize your setup, as this is off topic. You do what you want, I don't care.

 

But as mentioned, AGAIN, if your system is updated, you are safe. The problem is for those who don't update their Windows. If you keep Windows 7 up to date, you are safe from it.

 

The chart does NOT say "98% of windows 7 uses" It says "98% who WERE affected are running Windows 7"

I update the second I get the notification. The security patch was released by microsoft two months before the attack back in March and was included in their monthly rollup.

[LAwLz]

11 minutes ago, Iggledude said:

That's very interesting how it's made to look (in this report) as if Windows 7 was the intended target of the attack.

 

And I wanna be clear, I'm not doubting the validity of this report at all.  Kaspersky has no reason to be bias in any way.

 

Any conspiracy theorists out there?  Hmm...

It did not target Windows 7 specifically. The malware literally generated random IPs that it tried to connect to and infect.

 

4 minutes ago, jaggysnake57 said:

it was an infected email, thats not targeting thats carpet bombing

No it wasn't. It spread by making SMB connections.

 

3 minutes ago, AUniqueName said:

I can't understand why someone would want to delay security patches in the first place

Because security patches has broken things in the past, and Microsoft has pushed out "security updates" which for example contained ads for Windows 10 upgrades.

[jaggysnake57]

2 minutes ago, SpaceGhostC2C said:

They are not trying to tell you, of course not. They are not even trying to tell you what to do: they are just directly doing it.

Regarding the res of your paternalistic rant, that's just your point of view. I have a different one, which dislikes the "it's for your own sake" mentality, and likes the freedom to live and let die when it comes to computers, even if it means opening the "Iamavirus.exe" i got as an attachment from a wealthy Nigerian Prince.

yeah but your a PC enthusiast most pc users are not and thats the thing

[H0R53]

3 minutes ago, LAwLz said:

 

Because security patches has broken things in the past, and Microsoft has pushed out "security updates" which for example contained ads for Windows 10 upgrades.

WannaCry is a ransomware computer worm that targets computers running the Microsoft Windows operating system.

The "payload" works in the same fashion as most modern ransomware: it finds and encrypts a range of data files, then displays a "ransom note" informing the user and demanding a payment in bitcoin. It is considered a network worm because it also includes a "transport" mechanism to automatically spread itself. This transport code scans for vulnerable systems, then uses the EternalBlue exploit to gain access, and the DoublePulsar exploit to install and execute a copy of itself.

 

EternalBlue

The network infection vector, EternalBlue, was released by the hacker group The Shadow Brokers on 14 April 2017, along with other tools apparently leaked from Equation Group, which is widely believed to be part of the United States National Security Agency.

EternalBlue exploits vulnerability MS17-010 in Microsoft's implementation of the Server Message Block (SMB) protocol. This Windows vulnerability was not a zero-day flaw, but one for which Microsoft had released a "critical" advisory, along with a security patch to fix the vulnerability two months before, on 14 March 2017. The patch was to the Server Message Block (SMB) protocol used by Windows, and fixed several client versions of the Microsoft Windows operating system, including Windows Vista onwards (with the exception of Windows 8), as well as server and embedded versions such as Windows Server 2008 onwards and Windows Embedded POSReady 2009 respectively, but not the older Windows XP, according to Microsoft. According to Dona Sarkar, head of the Windows Insider Program at Microsoft, Windows 10 was not affected.

 

DoublePulsar

DoublePulsar is a backdoor tool, also released by The Shadow Brokers on 14 April 2017, Starting from 21 April 2017, security researchers reported that computers with the DoublePulsar backdoor installed were in the tens of thousands. By 25 April, reports estimated the number of infected computers to be up to several hundred thousands, with numbers increasing exponentially every day. The WannaCry code can take advantage of any existing DoublePulsar infection, or installs it itself.

 

"Kill switch"

The software contained a URL that, when discovered and registered by a security researcher to track activity from infected machines, was found to act as a "kill switch" that shuts down the software, stopping the spread of the ransomware. The researcher speculated that this had been included in the software as a mechanism to prevent it being run on quarantined machines so that it is harder for anti-virus researchers to investigate the software; he observed that some sandbox environments will respond to all queries with traffic in order to trick the software into thinking that it is still able to access the internet, so the software queried an "intentionally unregistered domain" to verify it was receiving traffic that it should not. He also noted that it was not an unprecedented technique, having been observed in the Necurs trojan.

 

Attribution

Although cybersecurity companies Kaspersky Lab and Symantec have both said the code has some similarities with that previously used by the Lazarus Group, (believed to have carried out the cyberattack on Sony Pictures in 2014 and a Bangladesh bank heist in 2016 – and linked to North Korea), this may be either simple re-use of code by another group, or an attempt to shift blame – as in a false flag operation.

[SpaceGhostC2C]

14 minutes ago, AUniqueName said:

If you're referring to forced updates on W10, then I personally see no reason whatsoever to be pissed off about it.

I do, for two reasons:

1) choosing what and when to update is better than having no choice

2) the update philosophy makes no distinction: any change MS decides to make to the OS gets pushed through forced update, no matter if it's a life & death security patch or a cosmetic change to the UI. I would always prefer to have the choice, but if I was given the choice, and could trust MS about it, to set these things separately, I would be much more likely to set the security part to auto (of course, provided they don't embarrass themselves with surprise reboots as in the early Win10 days. But it should be better by now).

 

 

[SpaceGhostC2C]

2 minutes ago, jaggysnake57 said:

yeah but your a PC enthusiast most pc users are not and thats the thing

Well, if you are trying to tell me that Windows is becoming less enthusiast-firendly, then maybe, I don't know.

Still, when we think about all those corporate PCs infected, we are not talking about the decisions made by "most PC users", but professional sysadmins... (including the possible sysadmin decision of running all corporate PCs as if they were home computers with no centralized management tools).

 

[Guest]

8 minutes ago, SpaceGhostC2C said:

I do, for two reasons:

1) choosing what and when to update is better than having no choice

2) the update philosophy makes no distinction: any change MS decides to make to the OS gets pushed through forced update, no matter if it's a life & death security patch or a cosmetic change to the UI. I would always prefer to have the choice, but if I was given the choice, and could trust MS about it, to set these things separately, I would be much more likely to set the security part to auto (of course, provided they don't embarrass themselves with surprise reboots as in the early Win10 days. But it should be better by now).

 

 

 

[XenosTech]

39 minutes ago, GoodBytes said:

Maybe it was targeting Windows 7. It is the most used version of Windows, especially in businesses. Ransomware makers seeks companies more than individuals, as they can pay the big bucks. It takes advantage of the fact that many businesses have poor backup, and system recovery procedures in place, and take advantage of the fact that many businesses and many people follow the "If it works, I don't update" mentality, which is wrong.

Can confirm this... At my last job I was baffled at the amount of updates some of the servers there were lacking and the same for one of the clients. The OS was so outdated that when new software had to be installed that they had to update the OS and it made everything painful to do.

[SpaceGhostC2C]

12 minutes ago, AUniqueName said:

 

Several important words:

-"includes" (we also get "quality rollups" in Win 7 - actually, it's supposed to be the only thing we get)

-"deferred" (non-security related updated can be just that: delayed)

and of course "trust"  

 

In any case, I explained why I'm against forced, non optional updates. Obviously, the closer Windows 10 gets to solving my 2 issues, the better, from my point of view.

[XenosTech]

26 minutes ago, SpaceGhostC2C said:

I do, for two reasons:

1) choosing what and when to update is better than having no choice

2) the update philosophy makes no distinction: any change MS decides to make to the OS gets pushed through forced update, no matter if it's a life & death security patch or a cosmetic change to the UI. I would always prefer to have the choice, but if I was given the choice, and could trust MS about it, to set these things separately, I would be much more likely to set the security part to auto (of course, provided they don't embarrass themselves with surprise reboots as in the early Win10 days. But it should be better by now).

 

 

This is why you run the pro version of windows 10, you can change all of that through a group policy

[Qub3d]

Hey, @GoodBytes, the thread title has a typo in it: "radnsomeware"

[GoodBytes]

 

2 minutes ago, Qub3d said:

Hey, @GoodBytes, the thread title has a typo in it: "radnsomeware"

Thanks!

[ARikozuM]

4 minutes ago, Qub3d said:

Hey, @GoodBytes, the thread title has a typo in it: "radnsomeware"

That's a typo!? I thought this was about awesome thrift stores. 

 Please don't ban me, Goodbytes...

 

 

7 minutes ago, XenosTech said:

This is why you run the pro version of windows 10, you can change all of that through a group policy

I don't see the issue with the update system. There's the Pro that lets you define parameters for any updates and the Home version usually allows a week or two before it updates itself automatically.

[Qub3d]

9 minutes ago, ARikozuM said:

That's a typo!? I thought this was about awesome thrift stores. 

 Please don't ban me, Goodbytes...

You're the one with the Grammar Nazi avatar... Then again, this is spelling, not grammar.

 

In regards to everyone who is flabbergasted that Prod. environments don't update on schedule with consumer/standard user PCs, see my earlier post. The short and sweet version of it is:

Most updates require restarts, restarts can take time, when a server is restarting it isn't serving files = lost time, and therefore lost money for a business.

 

Edit: Hey! This was my πX10² post!

[ARikozuM]

4 minutes ago, Qub3d said:

Edit: Hey! This was my πX10¹ post!

To the 2nd power of 10...

 

Going to get a photo of Euler and put a certain mustache on said photo...

[Qub3d]

1 minute ago, ARikozuM said:

To the 2nd power of 10...

 

Going to get a photo of Euler and put a certain mustache on said photo...

Um, yeah. Right. Listen, it's summer for us collegiates, OK?

[GoodBytes]

4 minutes ago, Qub3d said:

In regards to everyone who is flabbergasted that Prod. environments don't update on schedule with consumer/standard user PCs, see my earlier post. The short and sweet version of it is:

Most updates require restarts, restarts can take time, when a server is restarting it isn't serving files = lost time, and therefore lost money for a business.

That is why your server, you run it under VM's, and have redundancy. Update one while the other is providing service, once done, you test, switch, test, and update second one. This also give you load balancing abilities so that things always flow and no "Sorry, the system is loading... please stand by.... " like I am sure some people here has encountered in their life time when dealing with a company (tech support, bank, etc.)

[WMGroomAK]

1 hour ago, GoodBytes said:

The chart says: 98% of those who WHERE affected ran Windows 7, NOT 98% of Windows 7 users are/can be infected. The Ransomware affects all version of Windows. A patch were made before the attack even started and delivered for all version of Windows. If you have Windows 10 not updated at all, day 1 release, you could have been very well infected as much as Windows 7 user with their update also disabled.

The nice thing about the older releases of Windows being hit (Windows XP, 7 and 2003?) is that there appears to be a tool that works around and breaks the encryption if the system has not been restarted.  Of course I wonder how long before somebody writes into the code to have the system restart after running the encryption...

 

https://arstechnica.com/security/2017/05/more-people-infected-by-recent-wcry-worm-can-unlock-pcs-without-paying-ransom/

[Qub3d]

2 minutes ago, GoodBytes said:

That is why your server, you run it under VM's, and have redundancy. Update one while the other is providing service, once done, you test, switch, test, and update second one. This also give you load balancing abilities so that things always flow and no "Sorry, the system is loading... please stand by.... " like I am sure some people here has encountered in their life time when dealing with a company (tech support, bank, etc.)

I work in a small business in the manufacturing sector. While our systems are in VMs, our hypervisor doesn't have enough headroom for redundancy across the board (seriously our SAN sends me emails every 6 hours telling me we have >90% disk usage!). That's actually on our list for this quarter though!

 

The big businesses have this sort of thing covered. Wannacry gets their bread and butter off of companies our size, because they take advantage of an IT "department" (really just 1 or 2 people) that the rest of the company doesn't even think needs to exist.