Near all WannaCry ransomware infected users were running Windows 7

[GoodBytes]

1 minute ago, WMGroomAK said:

The nice thing about the older releases of Windows being hit (Windows XP, 7 and 2003?) is that there appears to be a tool that works around and breaks the encryption if the system has not been restarted.  Of course I wonder how long before somebody writes into the code to have the system restart after running the encryption...

 

https://arstechnica.com/security/2017/05/more-people-infected-by-recent-wcry-worm-can-unlock-pcs-without-paying-ransom/

heh, yea. I saw that. This is when lack of security helps you. Then again, Windows 8/10 has file history feature so assuming the ransomware doesn't manage to break that (this one doesn't seem to), you can simply go back in time on a file, or folder and undo the encryption and more on. You don't even need to reboot. So give and take... I guess.

[GoodBytes]

2 minutes ago, Qub3d said:

I work in a small business in the manufacturing sector. While our systems are in VMs, our hypervisor doesn't have enough headroom for redundancy across the board (seriously our SAN sends me emails every 6 hours telling me we have >90% disk usage!). That's actually on our list for this quarter though!

Well, it is the company fault for not taking action before. Glad to see that it will be resolved.

I don;'t know if your company is public or not, but just to say, companies need to make shareholder and investors understand that investing the IT infrastructure is not a waste of money, and should not be seen as "failed to meet targets because of it", in fact it should be encouraged, as this means no down times and boosting productivity, and you know what.. things can go wrong, and that is part of life.

[mynameisjuan]

7 minutes ago, Qub3d said:

I work in a small business in the manufacturing sector. While our systems are in VMs, our hypervisor doesn't have enough headroom for redundancy across the board (seriously our SAN sends me emails every 6 hours telling me we have >90% disk usage!). That's actually on our list for this quarter though!

 

The big businesses have this sort of thing covered. Wannacry gets their bread and butter off of companies our size, because they take advantage of an IT "department" (really just 1 or 2 people) that the rest of the company doesn't even think needs to exist.

Upgrade man!!!

 

Depending on how long you have been getting that email you are soon going to start seeing errors and major performance issues and if something goes your are going to lose it all.

 

But you are right in that smaller companies are better targets

[Misanthrope]

So let's pick how to spin it:

 

1) Stupid idiots deserve what's coming to them for not upgrading, it was free ffs

2) Stupid evil Microsoft is to blame for removing the rug from under us!

 

I personally think both are invalid: If one is on 7 one is also more unlikely to regularly update the rig anyways for a large number of reasons that might not have anything to do at all with Microsoft: Remember this were very often work computers, usually not under the control of the end user but large IT department with varying degrees of responsibility and due diligence when it comes to updates.

[Qub3d]

1 minute ago, GoodBytes said:

Well, it is the company fault for not taking action before. Glad to see that it will be resolved.

I don;'t know if your company is public or not, but just to say, companies need to make shareholder and investors understand that investing the IT infrastructure is not a waste of money, and should not be seen as "failed to meet targets because of it", in fact it should be encouraged, as this means no down times and boosting productivity, and you know what.. things can go wrong, and that is part of life.

We're an S Corporation, so no, not publicly listed. We also have cold storage backups so if Wannacry hit us we would lost at most 24hours of data.

 

Just now, mynameisjuan said:

Upgrade man!!!

 

Depending on how long you have been getting that email you are soon going to start seeing errors and major performance issues and if something goes your are going to lose it all.

 

But you are right in that smaller companies are better targets

We are on an upgrade path, and 90% of XXX Terabytes isn't too bad. I'm also just the college intern

[mynameisjuan]

2 minutes ago, GoodBytes said:

things can go wrong, and that is part of life.

I wish a lot of non-IT or even technical people realized this, part of the reason why directors dont like to invest in IT as they think it always just works. Tech has its problems and some are unexplained things that just cause random issues. Its always good to invest in your IT dept early on, get all the equipment you need and dont cheap out and in the long run will save you $10,000s of dollars.

[Qub3d]

Looks like WanaKiwi may also decrypt WannaCry on windows 7 IF YOU HAVEN'T RESTARTED.

https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d

[mynameisjuan]

1 minute ago, Qub3d said:

We are on an upgrade path, and 90% of XXX Terabytes isn't too bad. I'm also just the college intern

Like Goodbytes said its good that you have an upgrade path. Also even though you have terabytes of storage just keep a keen eye on it, you'll be surprised how quick it could fill with a rouge fill or someone saving the wrong files to the wrong drive. And congrats on the intern, especially upgrades of that size is good experience. 

[GoodBytes]

10 minutes ago, Qub3d said:

We're an S Corporation, so no, not publicly listed. We also have cold storage backups so if Wannacry hit us we would lost at most 24hours of data.

Now, THAT is what I want to hear!  Good! More small companies should take example of this. Large companies should have faster recovery, due to the budget allowing them to implement such system.

[XenosTech]

32 minutes ago, ARikozuM said:

I don't see the issue with the update system. There's the Pro that lets you define parameters for any updates and the Home version usually allows a week or two before it updates itself automatically.

I have 2 systems with windows 10 at home. My rig runs pro and the other system has home, once I was told I could set my updates to notify before they download, I went straight to doing that and before resigning from my job I showed them how to setup the GPO for windows 10 and 8 specifically since that's what they're running on the workstations.

[Qub3d]

3 minutes ago, GoodBytes said:

Now, THAT is what I want to hear!  Good! More small companies should take example of this. Large companies should have faster recovery, due to the budget allowing them to implement such system.

In the future, we're switching to a Datto ALTO. Its a pretty cool little machine.

[Doobeedoo]

Well not to surprised I must say. W10 is pretty much 2y old now and well established so yeah..

[vorticalbox]

4 hours ago, Coaxialgamer said:

Interesting . Don't know what to make of it though.

what you need is a relative %. So you that how many windows 7 there are / how many infected and do that fir all of them and get a better view that way. 

[WMGroomAK]

5 hours ago, GoodBytes said:

We can see that Windows 10 forced update seems to be beneficial for its users reducing significantly the risk of infections. Windows 7 users (including companies) seems to not like to update their OS as updates are released, which results in not being protected against critical security threats.

Don't think this needs it's own thread quite yet, but as a reminder on why it is important for people to secure their SMB connection (either by disabling or getting the security patch), a security researcher in Croatia found a new SMB worm that is using seven of the NSA exploits to deploy and while it currently isn't carrying a malicious payload, is opening the door for future malicious code.

 

https://www.bleepingcomputer.com/news/security/new-smb-worm-uses-seven-nsa-hacking-tools-wannacry-used-just-two/

[Lewellyn]

4 hours ago, H0R53 said:

WannaCry is a ransomware computer worm that targets computers running the Microsoft Windows operating system.

 

Literally copy paste from wikipedia with no link to the wiki article. It also has no relevance to who you are replying to.

[SpaceGhostC2C]

4 hours ago, Misanthrope said:

So let's pick how to spin it:

 

1) Stupid idiots deserve what's coming to them for not upgrading, it was free ffs

2) Stupid evil Microsoft is to blame for removing the rug from under us!

 

It's demoralizing how often people takes finding who to blame as a substitute for solving a problem.

[Guest Darth Revan]

Anyone is fine as long as you don't start opening e-mails from people you don't know, don't click on every single link that you find. Just learn not to be stupid.

This whole WannaCry ransomware is infecting everything in its path is really getting ridiculous.

[Misanthrope]

31 minutes ago, SpaceGhostC2C said:

It's demoralizing how often people takes finding who to blame as a substitute for solving a problem.

Not as demoralizing as realizing how many people don't read full posts. Not even ones that are reasonably sized.

[SpaceGhostC2C]

5 minutes ago, Misanthrope said:

Not as demoralizing as realizing how many people don't read full posts. Not even ones that are reasonably sized.

Even more demoralizing: when people don't realize others are agreeing with them (that's demoralized³)  

[LAwLz]

9 hours ago, Darth Revan said:

Anyone is fine as long as you don't start opening e-mails from people you don't know, don't click on every single link that you find. Just learn not to be stupid.

This whole WannaCry ransomware is infecting everything in its path is really getting ridiculous.

This is not true.

If you are vulnerable, you will become infected by simply being on the same network as someone else who is infected.

 

The user does not even have to touch his/her computer. Simply turning it on and going to get a coffee while it starts will be enough to get infected.

Not all malware are Trojan horses.

[DoctorWho1975]

15 hours ago, ARikozuM said:

That's a typo!? I thought this was about awesome thrift stores. 

 

 

Are you gonna pop some tags?

[vorticalbox]

19 hours ago, Being Delirious said:

My Server 2008 R2 wasn't hit. 1% isn't really anything.

is it open to the internet or has port 445 forwarded from your router to the server? If not it was never going to get infected b

[LAwLz]

7 minutes ago, vorticalbox said:

is it open to the internet or has port 445 forwarded from your router to the server? If not it was never going to get infected b

Unless someone that is infected is on the same network and has access to the server.

[mark_cameron]

20 hours ago, mynameisjuan said:

Seeing how almost every business is still on 7 and large corporations monitor and delay updates for compatibility reasons, this is not surprising. 

 

Short answer is keep your shit up to date people

 

People should read up about 'Advanced Persistent Threats' and the need to have multi-layer security.

 

By this meaning you should think of trying to make your computer/rig/network like 'an onion'

 

With multiple layers of security. So that if one layer fails (or is not up to date or vulnerable) other layers will stop the threat.

 

The words you use are pertinent.

 

Keep ALL your shit up to date people.

 

That means:

 

1. Firewall (if you have one)

2. Router/ASDL modems etc (Firmware) with the appropriate level of encryption for Wireless

3. Apply VPN (at home or outside your network) as this added level of encryption gives you further protection

4. OS (Windows, Linux other) up to date

5. Intelligent devices on the network - mobile phones, TV, Fridge, DVD player, BlueRay anything that is part of 'internet of things' needs to have its Firmware updated regularly

6. Security Software (Anti-virus/Anti-malware) online and up to date with live updates enabled

 

Then make sure that every computer or intelligent device on your network is up to date following the above.

 

There are probably more layers. Thats the best I can think of in terms of the multi-layer defence a consumer should employ. Off the top of my head.

[mark_cameron]

20 hours ago, AUniqueName said:

If you're referring to forced updates on W10, then I personally see no reason whatsoever to be pissed off about it. I can't understand why someone would want to delay security patches in the first place, and you can defer feature updates in W10 if you're worried about MS releasing a feature update which installs their shit all up your ass 

 

You can also defer security updates for a lesser amount of time than feature updates. 

 

Microsoft was not helping itself or its customers

 

By mixing CRITICAL UPDATES with PRODUCT UPDATES in 2015/2016 with the launch of Windows 10.

 

It needs to keep the two separate. More so. Critical security updates are those that people should be reminded about over and above simple product updates that basically are not about security.