[3rd Update]WCry ransomwsre has possible links to Lazarus Group & PRNK

[SCHISCHKA]

42 minutes ago, Ryan_Vickers said:

correct.  And it doesn't even affect any up to date Windows system

in that case i want to see MS add the value of bitcoins to their claims of lower total cost of ownership claims!

[vanished]

20 minutes ago, Kierlan said:

It does make you wonder if someone will take some of the NSA hacks for Linux etc and use them to distrubute hacks.. >.>

If they exist, someone will try it, that you can be sure of.

[Soonercoop]

10 hours ago, Zando Bob said:

Or... Snowden released all the program files to the internet, so anyone, good or bad could get them. They could have just showed a list of the applications and their capabilities, instead of the actual source files. The NSA and CIA were overstepping their bounds to make these programs, but it doesn't help to release them to the entire internet. 

The way that security gets better is by making problems known. At least the message that actual issues like this send to companies will heighten the opposition towards the NSA and CIA doing these things, which is good, since there is not enough of it.

 

(Or maybe they'll just blame Snowden until digital systems and interactions are so public and insecure that I will no longer contain the desire to live)

[Beskamir]

11 hours ago, Zando Bob said:

Or... Snowden released all the program files to the internet, so anyone, good or bad could get them. They could have just showed a list of the applications and their capabilities, instead of the actual source files. The NSA and CIA were overstepping their bounds to make these programs, but it doesn't help to release them to the entire internet. 

Great! Except most people would just yawn and have a false sense of security since shit wouldn't be hitting the fan. The way things are going now make change for the better much more likely since it's a demonstration of why backdoors and hoarding vulnerabilities is an idiotic idea.

 

 

Edit: Is it bad that I now kind of wanna take a course on viruses offered by my university to get some basic knowledge for how to make this kind of stuff? It's a good thing that I'm far more interested in AI and replacing the workforce than I am in making malware

[Master Disaster]

51 minutes ago, ElfFriend said:

Edit: Is it bad that I now kind of wanna take a course on viruses offered by my university to get some basic knowledge for how to make this kind of stuff? It's a good thing that I'm far more interested in AI and replacing the workforce than I am in making malware

As long its a healthy interest then there's nothing wrong with it at all. You have to learn how something works before you can learn how to fix it.

[Mooshi]

This is what you get when you mix shady government and fake currency with no accountability.

[Andreas Lilja]

How do you get the virus, it's a phishing e-mail?

 

Also, can't ransomware be removed with a rescue disk?

 

 

[Soonercoop]

1 hour ago, ElfFriend said:

Great! Except most people would just yawn and have a false sense of security since shit wouldn't be hitting the fan. The way things are going now make change for the better much more likely since it's a demonstration of why backdoors and hoarding vulnerabilities is an idiotic idea.

 

 

Edit: Is it bad that I now kind of wanna take a course on viruses offered by my university to get some basic knowledge for how to make this kind of stuff? It's a good thing that I'm far more interested in AI and replacing the workforce than I am in making malware

The way it's going now is not in a good direction. While this event may have an effect on it and yes, it's obviously a demonstration of what could potentially happen when government agencies do this, I assure you that the course of the shit is still for the fan at the moment.

[vorticalbox]

12 hours ago, Zando Bob said:

Or... Snowden released all the program files to the internet, so anyone, good or bad could get them. They could have just showed a list of the applications and their capabilities, instead of the actual source files. The NSA and CIA were overstepping their bounds to make these programs, but it doesn't help to release them to the entire internet. 

I would agree except that they were patched months ago and people just haven't updated.

 

This is exactly why Microsoft is pushing the updates so aggressively to everyone. If people just updated it would be much less of a problem.

 

if you have a mission critical system maybe use an OS where the OS isn't so tightly intertwined with the kernel that you need to reboot after installing updates. 

 

 

[vanished]

27 minutes ago, Raskolnikov said:

How do you get the virus, it's a phishing e-mail?

 

Also, can't ransomware be removed with a rescue disk?

 

 

That is something I have heard nothing about so far, despite all the news on this subject.  I would like to know as well, but until now I've assumed that it directly attacks computers over the internet

[vorticalbox]

1 hour ago, Ryan_Vickers said:

That is something I have heard nothing about so far, despite all the news on this subject.  I would like to know as well, but until now I've assumed that it directly attacks computers over the internet

it is using the NSA remote exploit, it scans ips and spreads with no user interaction.

 

if you're infection disconnect from the network, don't pay the ransom. I would count the data as lost of you don't have a back up and just fresh install. 

 

if you're not infected clicky that start button and update. 

[mark_cameron]

11 hours ago, RKRiley said:

Little late to the party but we're also hosting another election here in the UK next month, no doubt some of the "policies" the parties will then try to introduce will be involving internet security and this incident.

Last year it was talk talk.

 

Then there was the biggest hack in history - Yahoo! mail service.

 

This year its hospitals. Any government that does not take internet security seriously would be neglecting its duties.

 

When people start dying as a result of cyber attacks then see what happens.

[mark_cameron]

1 hour ago, vorticalbox said:

I would agree except that they were patched months ago and people just haven't updated.

 

This is exactly why Microsoft is pushing the updates so aggressively to everyone. If people just updated it would be much less of a problem.

 

if you have a mission critical system maybe use an OS where the OS isn't so tightly intertwined with the kernel that you need to reboot after installing updates. 

 

 

Microsoft needs to stop mixing SECURITY UPDATES with PRODUCT UPGRADES.

 

Or faulty updates.

 

Its this sort of thing that leads to people to shut off their automatic updates.

Also Microsoft needs to be more helpful with large scale infrastructure (critical infrastructure) that relies on their software. Giving it more support and making sure they work better with particuarly Western governments protecting systems that the societies rely on.

 

Further, Microsoft needs to ensure it is helping infrastructure update far more than it is.

 

The fact that a health system or power system is using 16 year old OS is not really acceptable. Microsoft have a  responsibilty to help its users.

[leadeater]

Microsoft official alert sent out to all Volume License and Premier Support customers.

 

Quote

What is the purpose of this alert?

 

This alert is to provide guidance regarding malware variously named WannaCrypt, WannaCry, WannaCryptor, or Wcry. This information is being provided to you so that you can assist customers who have questions related to the issue.

 

Summary

 

Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software.  Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. We are using the MSRC blog - Customer Guidance for WannaCrypt attacks to post information and resources in one place, to help customers respond to this latest threat.

 

The first and most important piece of guidance is to immediately deploy the security update associated with Microsoft Security Bulletin MS17-010, if you have not done so already. Customers that have automatic updates enabled or have deployed this update are already protected from the vulnerability these attacks are trying to exploit.

 

Malware Detection

 

Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/WannaCrypt.

 

In addition, the free Microsoft Safety Scanner http://www.microsoft.com/security/scanner/ is designed to detect this threat as well as many others.

 

Recommendations

 

Review the Microsoft Security Response Center (MSRC) blog at Customer Guidance for WannaCrypt Attacks for an overview of the issue, details of the malware, suggested actions, and links to additional resources.

 

Keep systems up-to-date. Specifically, for this issue, ensure Microsoft Security Bulletin MS17-010 Security Update for Microsoft Windows SMB Server is installed.

 

Customers who believe they are affected can contact Customer Service and Support by using any method found at this location: https://support.microsoft.com/gp/contactus81?Audience=Commercial.

 

Microsoft Malware Detection and Removal Tools

 

Use the following free Microsoft tools to detect and remove this threat:

• Windows Defender: https://www.microsoft.com/en-us/windows/windows-defender
• Microsoft Safety Scanner: http://www.microsoft.com/security/scanner/

 

Additional Resources

 

• Microsoft Security Response Center Blog: http://blogs.technet.microsoft.com/msrc
• Microsoft Malware Protection Center Blog: http://blogs.technet.microsoft.com/mmpc
• Microsoft Safety and Security Center webpage: http://www.microsoft.com/security/default.aspx

 

Regarding Information Consistency

 

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.

 

If you have any questions regarding this alert, please contact your Technical Account Manager (TAM)/Service Delivery Manager (SDM).

 

Thank you,

 

Microsoft Services

If you prefer not to receive these types of communications.  To learn how to manage your contact preferences for other parts of Microsoft, please read our Privacy Statement.

 

[TOMPPIX]

Password has been found WNcry@2ol7

Spoiler

Warning! there are links to malware samples on this github page.

Spoiler

https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168

 

 

 

[leadeater]

53 minutes ago, mark_cameron said:

Microsoft needs to stop mixing SECURITY UPDATES with PRODUCT UPGRADES.

 

Or faulty updates.

 

Its this sort of thing that leads to people to shut off their automatic updates.

Also Microsoft needs to be more helpful with large scale infrastructure (critical infrastructure) that relies on their software. Giving it more support and making sure they work better with particuarly Western governments protecting systems that the societies rely on.

 

Further, Microsoft needs to ensure it is helping infrastructure update far more than it is.

 

The fact that a health system or power system is using 16 year old OS is not really acceptable. Microsoft have a  responsibilty to help its users.

Microsoft already does these exact things you just talked about, anyone running out of date systems is totally on them and other factors and nothing to do with Microsoft. Microsoft cannot help organisations running non Microsoft software that are unable to upgrade due to that vendor, they can't do anything.

 

Microsoft already classifies it's updates really well:

 

How many update classifications do you need that aren't the above? We only approve Critical Updates and Security Updates every month for our servers, this is done automatically with a small group of servers that need to be done manually (SQL Clusters etc, application problems not that it's not possible).

 

Microsoft has tried very hard already for a long time to make it as easy as possible for people to keep systems patched and with flexibility on how to do so yet there are many absolute and wide spread failures to do so, the only thing left is the suck it up you are being force to now as you obviously are incapable of doing it which they ARE NOT doing.

 

Where I work we also have some systems stuck on Server 2003 due to the software that is running on those servers, they don't work on newer operating systems or to do the upgrade and migration it is an extremely big project as for a couple of them every business critical application feeds in to it or it pulls data from those.

 

As for faulty updates, those are extremely rare. Updates that makes changes to the OS you don't like aren't faulty, you just don't like it which is perfectly fine not everyone likes the same stuff.

 

Edit:

P.S. Applying a security update that breaks software due to it using no longer secure or supported methods is not faulty, it did it's job exactly as intended. That is a software issue not an update issue.

[leadeater]

Well Microsoft considers this bad enough to release a security patch for XP and Server 2003, that's rather scary.

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

 

Quote

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).

 

[leadeater]

15 hours ago, NumLock21 said:

That would be indeed scray, but most backup should be done on tape drives not SSD or HDD

Ever tried to do nightly incremental backups when your daily change rate is 80+ TB, yea tapes won't do that unless you spend RIDICULOUS amounts of money on tape drives.

 

Most backup systems now days are Disk to Disk to Tape (D2D2T).

[vorticalbox]

9 hours ago, Ryan_Vickers said:

so this only affects windows right? it doesnt spread onto bsd or linux based fileservers?

It potentially could if you have wine installed.

[LAwLz]

3 hours ago, Raskolnikov said:

How do you get the virus, it's a phishing e-mail?

 

Also, can't ransomware be removed with a rescue disk?

 

 

3 hours ago, Ryan_Vickers said:

That is something I have heard nothing about so far, despite all the news on this subject.  I would like to know as well, but until now I've assumed that it directly attacks computers over the internet

 It uses an SMBv1 vulnerability, so I assume it is carried out over the network.

 

 

36 minutes ago, leadeater said:

Microsoft already does these exact things you just talked about, anyone running out of date systems is totally on them and other factors and nothing to do with Microsoft. Microsoft cannot help organisations running non Microsoft software that are unable to upgrade due to that vendor, they can't do anything.

 

Microsoft already classifies it's updates really well:

Microsoft has labeled things such as Windows 10 installers "security updates" before. I do not blame anyone for not trusting an update labeled "security" to actually be a security fix from Microsoft anymore.

 

I don't think the person you replied to was talking about this, but it's worth pointing out.

Microsoft is pure fucking evil.

[Mihle]

Oh, this hits a lot of different companies and stuff...

Everything from Hospitals to Car companies (Renault) to Hotel Companies to Football clubs (that must go over to hand writing tickets and stuff)

I guess thats what happens when people dont updates ther windows computers...

[TetraSky]

I don't think I'll be affected, but just in case, ran my backup and disconnected it, I usually leave it plugged in since I'm "cautious" on the internet, but I'm not taking my chances anymore... So I just set a reminder on my Calendar to plug it once a week that will annoy me until I do so.

 

This will be "deadly" for all those companies who NEVER update their OS because they are too lazy to "validate" an update to make sure it "works" with their awfully made software that break with a windows update.

[leadeater]

11 minutes ago, LAwLz said:

Microsoft has labeled things such as Windows 10 installers "security updates" before. I do not blame anyone for not trusting an update labeled "security" to actually be a security fix from Microsoft anymore.

Yea that is shit and deceitful, however when that update comes in to WSUS it's not classified as a security update. But home networks don't use WSUS so a lot of good that does.

[mark_cameron]

1 hour ago, leadeater said:

Microsoft already does these exact things you just talked about, anyone running out of date systems is totally on them and other factors and nothing to do with Microsoft. Microsoft cannot help organisations running non Microsoft software that are unable to upgrade due to that vendor, they can't do anything.

 

Microsoft already classifies it's updates really well:

 

How many update classifications do you need that aren't the above? We only approve Critical Updates and Security Updates every month for our servers, this is done automatically with a small group of servers that need to be done manually (SQL Clusters etc, application problems not that it's not possible).

 

Microsoft has tried very hard already for a long time to make it as easy as possible for people to keep systems patched and with flexibility on how to do so yet there are many absolute and wide spread failures to do so, the only thing left is the suck it up you are being force to now as you obviously are incapable of doing it which they ARE NOT doing.

 

Where I work we also have some systems stuck on Server 2003 due to the software that is running on those servers, they don't work on newer operating systems or to do the upgrade and migration it is an extremely big project as for a couple of them every business critical application feeds in to it or it pulls data from those.

 

As for faulty updates, those are extremely rare. Updates that makes changes to the OS you don't like aren't faulty, you just don't like it which is perfectly fine not everyone likes the same stuff.

 

Edit:

P.S. Applying a security update that breaks software due to it using no longer secure or supported methods is not faulty, it did it's job exactly as intended. That is a software issue not an update issue.

Last year I had a forced update (to Windows 10) that was applied by Microsoft without my consent on to a hardware set that was not supported by Windows 10 or Microsoft:

 

 

 

 

Microsoft can and do have a greater responsibility to ensure that large users like the NHS have greater support - FREE OF CHARGE.

 

Up until last year the NHS was paying Microsoft £5 million per year for support on Windows XP.

 

When infact Microsoft should be ensuring large users like the NHS should be being helped to migrate to an updated system.

 

Microsoft should not be absolved of some responsibility in this. They advertise about how their 'cloud' is protecting users:

 

https://www.microsoft.com/en-us/trustcenter/security/cybercrime

 

https://www.ispot.tv/ad/Atby/microsoft-cloud-microsoft-cybercrime-center

 

Yet they're decidedly silent when an attack like this happens.

[leadeater]

30 minutes ago, mark_cameron said:

Last year I had a forced update (to Windows 10) that was applied by Microsoft without my consent on to a hardware set that was not supported by Windows 10 or Microsoft

 

 

Microsoft can and do have a greater responsibility to ensure that large users like the NHS have greater support - FREE OF CHARGE.

 

Up until last year the NHS was paying Microsoft £5 million per year for support on Windows XP.

 

When infact Microsoft should be ensuring large users like the NHS should be being helped to migrate to an updated system.

 

Microsoft should not be absolved of some responsibility in this. They advertise about how their 'cloud' is protecting users:

 

https://www.microsoft.com/en-us/trustcenter/security/cybercrime

 

https://www.ispot.tv/ad/Atby/microsoft-cloud-microsoft-cybercrime-center

 

Yet they're decidedly silent when an attack like this happens.

Yes that is shit what happened to you but the consumer world and large business world a much different, what you experience isn't the same. A lot of the high profile Windows 10 upgrade blunders that hit businesses and the media were also computers not centrally managed in any proper way so were hit by the bullshit forced upgrades

 

Every business that has a Volume License agreement has a Microsoft Technical Account Manager (TAM) and Service Delivery Manager (SDM) who helps out in the exact way you are asking at no extra cost.

 

Edit:

Basically what I'm saying is it isn't a simple problem and not one that is easy to solve as you think and Microsoft is not the only cog in the system and it only takes one cog to break in a chain of many to stop them all from spinning.

 

They also aren't silent, see the email I posted and the links provided in that which are all public. That email was sent to me btw, that was from my inbox.