[3rd Update]WCry ransomwsre has possible links to Lazarus Group & PRNK

[NumLock21]

18 hours ago, ashypanda said:

pulling the power cord might not work just as the systems affected would be on UPS's, pouring gas on them and torching them might be more effective.

But they have a fire retardant coating, so fire won't work. Best way is to just use a EMP.

[goodtofufriday]

7 minutes ago, DeadEyePsycho said:

It actually depends on the user account that got infected since ransomware really only use exploits for the initial infection onto a network (the grand majority at least, especially non-targeted ones). Whatever the user has write access to, the virus will encrypt. 

This is why on my network no one user has complete access to everything. And the admin accounts dont have any access to networked directories. Limits what can get hit. 

[Zodiark1593]

Glad I updated my backup, not as though my systems are on the Internet much. 

 

How much data do updates require nowadays. My systems are behind by a number of months, and will have to use my mobile data plan to do the updates (which is why they're so far behind btw). 

[TimeOmnivore]

40 minutes ago, Master Disaster said:

When would you say would be the right time for MS to do the "still think forced updates are a bad idea" press conference?

They really wouldn't be so bad if they didn't go through the whole process of notifying you of an update and then restarting your computer so damn quickly. Case in point, yesterday I was using my computer as normal, got up to go take a piss, came back 2 minutes later and my computer was in the middle of restarting/updating, with me having no notification prior. Luckily I wasn't in the middle of a project (had just finished) or I would've been very, very pissed off right now. If they had an option that said something like, "Don't bother me until [Date+Time]" that would be helpful, but they don't, and "Active Hours" are completely useless. Not having any choice when your computer updates/restarts whatsoever makes people forced to just turn updates off entirely, leading to (or at least not helping prevent) a lot of these problems we're currently seeing.

[NumLock21]

That BBC article got the name wrong. It's WanaCrypt0r, not wannacryptor.

 

Below is the name for deceyptor

 

 

 

 

[Monkey Dust]

1 hour ago, NumLock21 said:

That would be indeed scray, but most backup should be done on tape drives not SSD or HDD

Knowing the public sector in the UK it is probably done on punch cards

40 minutes ago, ESPImperium said:

This is freaking scary. My dad is getting his second blood test results on Monday and if our doctors are hit, we may not get them.

 

However, as someone who works for a major UK supermarket, our systems have venerability in them, we run with Windows 2000 and 7 32bit across 2 server systems. I am worried that one day we will be affected and will have to shut for unknown lengths of time.

 

I have spent most of the night explaining to my Dad what things mean, and will do so tomorrow at work I think to the folk who don't know computer speak.

I noticed the other day while one was rebooting the self-service checkouts in my local Sainsbury's run XP.

 

I guess updating hardware for a large organisation is horrendously expensive, and will be a tough sell until it's too late for some.

[Princess Luna]

So how far is this going? I just saw on the news that stuff like government systems have been compromised and all in my country, what world are we living

[TAHIRMIA]

Does anyone know if there is any source code available from anywhere for this?

[vanished]

4 minutes ago, TAHIRMIA said:

Does anyone know if there is any source code available from anywhere for this?

I assume so, since it seems to be in use 

[WMGroomAK]

2 hours ago, goodtofufriday said:

Currently EVERY IT admin in the world (myself included)

 

And when someone gets hit 

 

 

1 hour ago, TAHIRMIA said:

I think they did apparently patch this in march

 

1 hour ago, M.Yurizaki said:

So other than a vulnerability in Windows that was patched last month that was exploited by NSA/CIA malware, is there any thing else we know about that can mitigate infection?

 

2 hours ago, Ryan_Vickers said:

There's lots of things that "should" be done, and if they had been, we wouldn't be talking about this story right now.

 

1 hour ago, Master Disaster said:

 

Yeah they did, I think the main issue is most of the affected systems would come under Microsoft's corporate edition target rather than consumer edition and in these cases updates are normally handled by internal admins anyway. Forced updates wouldn't be relevant.

Bleeping Computers recently put out a fairly detailed article on how this attack is working as well as what it's targeting.

 

https://www.bleepingcomputer.com/news/security/wana-decryptor-wanacrypt0r-technical-nose-dive/

 

[TAHIRMIA]

Just now, Ryan_Vickers said:

I assume so, since it seems to be in use 

I can't seem to find it anywhere. Only places I can think of are torrenting sites.

[vanished]

1 minute ago, TAHIRMIA said:

I can't seem to find it anywhere. Only places I can think of are torrenting sites.

Probably on the deep web or something  

[iRileyx]

2 hours ago, Master Disaster said:

Yeah but Donald Trump wasn't in charge of the USA when those other things happened. Both the USA & UK governments have shown their distain towards internet freedom in the past few years, this might just be the excuse they need to finally do something about it.

Little late to the party but we're also hosting another election here in the UK next month, no doubt some of the "policies" the parties will then try to introduce will be involving internet security and this incident.

[NumLock21]

1 hour ago, Princess Cadence said:

So how far is this going? I just saw on the news that stuff like government systems have been compromised and all in my country, what world are we living

You are currently living in the 21st century, under the 3rd millennium. Year is 2017.

 

Future events

• Quote

   

  • April 27, 2109 – A time capsule placed under the floor boards of the Old Queens Building at Rutgers University, in New Jersey, United States buried on April 27, 2009, is scheduled to be opened on April 27, 2109.[7]
  • 2968 – The Helium Centennial Time Columns Monument in Amarillo, Texas, contains four separate time capsules, the last of which is intended to be opened 1,000 years after the Time Columns Monument was locked in 1968.
  • October 27, 2088 – Mercury occults Jupiter, the first time since 1708, but very close to the Sun and impossible to view with the naked eye
  • The LongPlayer is set to restart on December 31, 2999, after it's been playing for non-stop without any repetition when it began playing on January 1st, 2000.
  • Riddle for Trials Evolutions, will finally be solved on August 1, 2113. 1 of the 5 keys found by the players using actual geographic coordinates, will unlock a box placed underneath the Eiffel Tower.
  • In 2252, the planetoid Orcus will have completed one orbit of the Sun since its discovery in 2004, based upon current orbital measurements which give it a period of 248 Earth years.
  • In 2288, the planetoid Quaoar will have completed one orbit of the Sun since its discovery in 2002, which, based upon current orbital measurements, gives it a period of 286 Earth years.
  • Sunday, August 28, 2287 – Closest approach between Mars and Earth since Wednesday, August 27, 2003.
  • FAT file systems theoretically support dates up to December 31, 2107 (though officially only up to December 31, 2099).
  • The Year type in MySQL supports dates up to December 31, 2155.
  • The One Hundred Year Study on Artificial Intelligence (AI100) initiated by Stanford University will be concluded in 2115.
  • 3183: The time pyramid, a public art work at Wemding, Germany, is scheduled for completion.
  • In the year 6939, the Westinghouse Time Capsules from the years 1939 and 1964 are scheduled to be opened after 5,000 years.
  • In the year 6970, the Expo'70 Time Capsule from the year 1970, buried under a monument near Osaka Castle, Japan, is scheduled to be opened after 5,000 years.
  • The Crypt of Civilization, a time capsule located at Oglethorpe University in Atlanta, Georgia, is scheduled to be unsealed on May 28, 8113.

   

   

[WMGroomAK]

3 minutes ago, GamingMemeKing said:

I wonder if this worldwide event will influence the value of the BTC (Bitcoin)...

 

It would be hilarious if the BTC crashed and went down to something like £1 = 1 Bitcoin.

Not sure if they have separate bitcoin blockchains that they are collecting on, but the three that are hardcoded into the Ransomware appear to have collected about 5.23 bitcoins worth of value...

[WMGroomAK]

2 minutes ago, GamingMemeKing said:

Someone earlier in the thread said they collected about 100 bitcoins already?

Yeah, I saw that as well... I'm basing my numbers off of the links to the bitcoin blockchains provided in the Bleeping Computers article on a breakdown of this ransomware:

 

https://www.bleepingcomputer.com/news/security/wana-decryptor-wanacrypt0r-technical-nose-dive/

Quote

There are three hard coded bitcoin addresses in the WanaCrypt0r ransomware. These bitcoin addresses are 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94, 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw, and 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn. Maybe I am missing something, but what I do not understand is if so many people are utilizing the same bitcoin address, how will the ransomware developers be able to differentiate the victims that have paid from those who have not?

Not sure if there are other Bitcoin Blockchains that are being used to receive payments that are not hard coded into the ransomware...

[MorganO]

as a single user, what would be the likley hood of this happening to me?

A. Very High

B. high

C. medium

D. low

E. very low

?

[WMGroomAK]

5 minutes ago, KOMTechAndGaming said:

as a single user, what would be the likley hood of this happening to me?

A. Very High

B. high

C. medium

D. low

E. very low

?

If you've kept your Windows version up to date with update MS17-010 and windows defender, then very low to non-existent.   Otherwise, I would place it at medium.

[MorganO]

1 hour ago, WMGroomAK said:

If you've kept your Windows version up to date with update MS17-010 and windows defender, then very low to non-existent.   Otherwise, I would place it at medium.

idk, i havent had any updates for a while....

but all the data on my pc can be redownloaded 

ive used this program to stop 'spying' http://www.majorgeeks.com/files/details/destroy_windows_10_spying.html 

im on version 1607,  build 14393.953

 

[LAwLz]

This is just a tiny taste of what the world would be like if we had backdoors in all our systems.

I want to remind everyone that this could have been avoided if the NSA had shared their discoveries instead of hoarding them and used them for their own gains.

 

Please keep this in mind whenever you think it is acceptable to enforce backdoors into products. This is what happens when the backdoors inevitably gets found by someone with more malicious intentions.

[2FA]

25 minutes ago, KOMTechAndGaming said:

idk, i havent had any updates for a while....

but all the data on my pc can be redownloaded 

ive used this program to stop 'spying' http://www.majorgeeks.com/files/details/destroy_windows_10_spying.html 

im on version 1607,  build 14393.953

 

You're patched, it was fixed in build 14393.693.

[Ekst4zy]

If I have this patche... I should be good, right?

 

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212

[SCHISCHKA]

so this only affects windows right? it doesnt spread onto bsd or linux based fileservers?

[vanished]

16 minutes ago, SCHISCHKA said:

so this only affects windows right? it doesnt spread onto bsd or linux based fileservers?

correct.  And it doesn't even affect any up to date Windows system

[Kierlan]

It does make you wonder if someone will take some of the NSA hacks for Linux etc and use them to distrubute hacks.. >.>