News Article: That big ransomware attack yesterday

AUDub · May 14, 2017

Don't know if y'all have been keeping up with this, but a huge cyberattack caught everyone off guard over the last few days.

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

Luckily, we didn't get hit and are hoping to keep it that way. We're shoring up our defenses and emergency patching everything. In spite of the fact that I was in Tuscaloosa yesterday for a soccer invitational (won one, lost one, but Sadiebug scored in both games yay!), I spent practically the whole day in conference calls with our VP of ops, head of IT, various rank and file folks and various vendors like GE, AirStrip and ExcelMedical.

A 22 year old white hat accidently discovered a kill switch to stop its spread, which bought everyone some breathing room.

https://www.ncsc.gov.uk/blog-post/finding-kill-switch-stop-spread-ransomware-0

Microsoft took the highly unusual step of releasing an emergency patch for XP.

http://www.zdnet.com/article/wannac...s-patch-for-windows-xp-and-other-old-systems/

Everyone, be on the lookout. Don't click on any email attachments from unfamiliar sources. PATCH PATCH PATCH! Patch everything!

Jon · May 14, 2017

scary stuff going on, especially in Europe were this hit a bunch of hospitals. Can you imagine not having access to any hospital systems due to ransomware when prepping for surgery?

AUDub · May 14, 2017

Jon said:
scary stuff going on, especially in Europe were this hit a bunch of hospitals. Can you imagine not having access to any hospital systems due to ransomware when prepping for surgery?

Yep. It terrifies us. Luckily we have a good IT department and other operational divisions (I'm biomedical engineering) and this dropping was like kicking a beehive.

Jon · May 14, 2017

AUDub said:
Yep. It terrifies us. Luckily we have a good IT department and other operational divisions (I'm biomedical engineering) and this dropping was like kicking a beehive.

I haven't heard of this hitting in the US but the stories flying around reddit from the UK Yesterday were a bit terrifying. This is why the NSA shouldn't be building these weapons they get into the wrong hands

PacadermaTideUs · May 14, 2017

Live global WannaCrypt infection map. Good-guy researchers have tapped into the programming in such a way as to be able to track where the malware is propagating in real time. Hope none of you see a green dot appear at your location.

https://intel.malwaretech.com/WannaCrypt.html

AUDub · May 14, 2017

Jon said:
I haven't heard of this hitting in the US but the stories flying around reddit from the UK Yesterday were a bit terrifying.

Fedex and a few others got it, but it luckily didn't spread much here. The aforementioned white hat bought us that time. If I ever find out who he is, I might send him the 10 dollars he dropped to register that domain and incidentally activate the kill switch. A temporary reprieve, but an invaluable one to buy us time to patch.

Jon said:
This is why the NSA shouldn't be building these weapons they get into the wrong hands

This. And I really wish it would bite them, even though I know it won't.

Bazza · May 14, 2017

From what I understand the program was designed to attack only Microsoft operating systems. Not, for example Apple.

Anyone know how true this is?

And if so, why wouldn't a hospital (for example) get away from MS and go to an OS that is less vulnerable?

Bazza · May 14, 2017

AUDub said:
---snip---If I ever find out who he is---snip---

I thought it was a young man from Indiana...they mentioned him by name on last night's World News Tonight (ABC).

PacadermaTideUs · May 14, 2017

Bazza said:
From what I understand the program was designed to attack only Microsoft operating systems. Not, for example Apple.

Anyone know how true this is?

And if so, why wouldn't a hospital (for example) get away from MS and go to an OS that is less vulnerable?

Exploits a vulnerability specific to Microsoft Windows, particularly, older versions. Not to say you shouldn't patch up if you're running Win 10, but you're less vulnerable on 10 than say 8,or XP. If you're not on any version of Microsoft Windows, you should be good to go with respect to this particular ransomware.

AUDub · May 14, 2017

Bazza said:
From what I understand the program was designed to attack only Microsoft operating systems. Not, for example Apple.

Anyone know how true this is?

This is an exploit that takes advantage of a known vulnerability in Windows. Everyone runs Windows, so nobody puts much effort into exploiting UNIX like OSs like OSX. If they did, the situations would be similar. Windows rules the roost, so it gets targeted.

Bazza said:
And if so, why wouldn't a hospital (for example) get away from MS and go to an OS that is less vulnerable?

All OSs can be exploited. The problem is that this really stings the no longer supported legacy OSs like Windows XP, Server 03 etc. Ones MS no longer patches.

A lot of places run legacy hardware. Making a huge technology change such as an operating system at a hospital isn't easy. Cost, compatibility, people who are "tech challenged" and the amount of time and money that it would take to train the employees to make such a change is usually not financially worth it. Unfortunately, it results in situations like this.

PacadermaTideUs · May 14, 2017

Bazza said:
I thought it was a young man from Indiana...they mentioned him by name on last night's World News Tonight (ABC).

The link I posted to the real-time map is actually run by the guy who registered the domain. He's anonymous, British, and goes only by "MalwareTech". He and a guy in Michigan named Darien Huss together identified the kill-switch. But the Brit is who registered the domain name.

That's how he's tracking the real-time propagation - pings to his domain. The ransomware has a line of code that pings that domain name. If the domain is registered and active, the ransomware is turned off. Hense, the kill-switch. Before he registered the domain name, the ping wasn't answered, and the ransomware remained active.

Bazza · May 14, 2017

PacadermaTideUs said:
Exploits a vulnerability specific to Microsoft Windows, particularly, older versions. Not to say you shouldn't patch up if you're running Win 10, but you're less vulnerable on 10 than say 8,or XP. If you're not on any version of Microsoft Windows, you should be good to go with respect to this particular ransomware.

Wow...you mean to tell me there are people out there still running XP?

They should at least move up to Vista...like me!

Thanks, Pac...I have a new PC with W10 but haven't set it up yet. Getting good mileage from this Vista!

Bazza · May 14, 2017

AUDub said:
This is an exploit that takes advantage of a known vulnerability in Windows. Everyone runs Windows, so nobody puts much effort into exploiting UNIX like OSs like OSX. ---snip---

That makes a lot of sense...thanks for the explanation, AUDub!

rgw · May 14, 2017

Seems like this could be related to an NSA 0-day exploit they were holding onto that got leaked into the hands of the bad guys.

Guess that just about wraps up the argument for letting the NSA have backdoors into commo systems and hardware.

AUDub · May 14, 2017

Bazza said:
Wow...you mean to tell me there are people out there still running XP?

They should at least move up to Vista...like me!

Thanks, Pac...I have a new PC with W10 but haven't set it up yet. Getting good mileage from this Vista!

Yep. A lot of places. We're still on the tail end of our upgrade to 7. Probably 50ish machines in the hospital that run XP, and several servers run server 03. Vast majority of PCs are 7, and RHEL on the server side now.

Bazza · May 14, 2017

PacadermaTideUs said:
The link I posted to the real-time map is actually run by the guy who registered the domain. He's anonymous, British, and goes only by "MalwareTech". He and a guy in Michigan named Darien Huss together identified the kill-switch. But the Brit is who registered the domain name.---snip---

Somehow I got mixed up with what i thought was on the news. Thanks for the clarification, Pac! I agree...someone buy that man a black and tan...at least!

PacadermaTideUs · May 14, 2017

Bazza said:
Wow...you mean to tell me there are people out there still running XP?

They should at least move up to Vista...like me!

Thanks, Pac...I have a new PC with W10 but haven't set it up yet. Getting good mileage from this Vista!

Upgraded from 8 to 10 about a year ago. Took some getting used to, but I love it now.

AUDub · May 14, 2017

rgw said:
Seems like this could be related to an NSA 0-day exploit they were holding onto that got leaked into the hands of the bad guys.

Guess that just about wraps up the argument for letting the NSA have backdoors into commo systems and hardware.

It is. It's the "EternalBlue" samba exploit.

AUDub · May 14, 2017

PacadermaTideUs said:
Upgraded from 8 to 10 about a year ago. Took some getting used to, but I love it now.

Debian FTW

jthomas666 · May 14, 2017

PacadermaTideUs said:
Upgraded from 8 to 10 about a year ago. Took some getting used to, but I love it now.

I'm transitioning from 7 to 10. Didn't upgrade the home PC even though it was free, but my new laptop and my company laptop are both 10. They've moved enough controls around to make it annoying, but I'm getting there.

News Article: That big ransomware attack yesterday

Hall of Fame

Hall of Fame

Hall of Fame

Hall of Fame

All-American

Hall of Fame

TideFans Legend

TideFans Legend

All-American

Hall of Fame

All-American

TideFans Legend

TideFans Legend

Suspended

Hall of Fame

TideFans Legend

All-American

Hall of Fame

Hall of Fame

Hall of Fame

TideFans.shop - NEW Stuff!