It is currently Fri Jun 22, 2018 4:18 am

All times are UTC - 7 hours


Please visit our local business partnersSite Terms of ServicePrivacy Policy
Cactus Jack's Saloon and Grill Dan Smith, Loan Officer Evergreen, Conifer Elevation Dental El Rancho Brewing Co. Evergreen Towing Ferellgas Lynn Brown Nerium RE/MAX Alliance Evergreen Tree Top Thai Massage & Spa Tupper's Team

 




Post new topic Reply to topic  [ 8 posts ] 
Author Message
PostPosted: Fri May 12, 2017 12:24 pm 
Offline
User avatar

Joined: Sun Aug 05, 2012 2:19 pm
Posts: 1634
Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours. Most of the attacks have targeted Russia.

. . .ransomware, called "WannaCry," locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them.

. . ."Effected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."

http://money.cnn.com/2017/05/12/technol ... index.html


Top
 Profile  
 
PostPosted: Fri May 12, 2017 2:11 pm 
Offline
User avatar

Joined: Mon Jul 14, 2014 7:05 pm
Posts: 5717
Your tax dollars at work, shutting down Hospitals in the UK and Spain, as reported elsewhere, but it's widespread stuff. Perhaps this is a smoke screen for a few very particular attacks?

Image

Quote:
An NSA-derived ransomware worm is shutting down computers worldwide
arstechnica.com, Dan Goodin, 5/12/2017 12:11 PM

A highly virulent new strain of self-replicating ransomware is shutting down computers all over the world, in part by appropriating a National Security Agency exploit that was publicly released last month by the mysterious group calling itself Shadow Brokers.

The malware, known as Wanna, Wannacry, or Wcry, has infected at least 75,000 computers, according to antivirus provider Avast. AV provider Kaspersky Lab said organizations in at least 74 countries have been affected, with Russia being disproportionately affected, followed by Ukraine, India, and Taiwan. Infections are also spreading through the United States. The malware is notable for its multi-lingual ransom demands, which support more than two-dozen languages.

Wcry is reportedly causing disruptions at banks, hospitals, telecommunications services, and other mission-critical organizations in multiple countries, including the UK, Spain, Germany, and Turkey. FedEx, the UK government's National Health Service, and Spanish telecom Telefonica have all been hit. The Spanish CERT has called it a "massive ransomware attack" that is encrypting all the files of entire networks and spreading laterally through organizations.

Another cause for concern: wcry copies a weapons-grade exploit codenamed Eternalblue that the NSA used for years to remotely commandeer computers running Microsoft Windows. Eternalblue, which works reliably against computers running Microsoft Windows XP through Windows Server 2012, was one of several potent exploits published in the most recent Shadow Brokers release in mid-April. The Wcry developers have combined the Eternalblue exploit with a self-replicating payload that allows the ransomware to spread virally from vulnerable machine to vulnerable machine, without requiring operators to open e-mails, click on links, or take any other sort of action.

So-called worms, which spread quickly amid a chain of attacks, are among the most virulent forms of malware. Researchers are still investigating how Wcry takes hold. The awesome power of worms came to the world's attention in 2001 when Code Red managed to infect more than 359,000 Windows computers around the world in 14 hours.
(full article) https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide


Top
 Profile  
 
PostPosted: Fri May 12, 2017 4:44 pm 
Offline

Joined: Tue Jan 27, 2015 7:28 pm
Posts: 5912
This sounds real bad.

Everyone needs to do much more defensive computing and quit blindly clicking on links, ads and attachments.

Also you need to change a lot of destructive windows and browser default settings which are unsafe.

Good job NSA letting this out into the wild. Idiots!


Top
 Profile  
 
PostPosted: Fri May 12, 2017 4:49 pm 
Offline
User avatar

Joined: Mon Jul 14, 2014 7:05 pm
Posts: 5717
The entire model of building serious 0-day vulnerabilities into mainstream US technology with the use of National Security Letters needs to be stopped. The people behind that need to be exposed and then scrutinized in international courts of justice.


Top
 Profile  
 
PostPosted: Sun May 14, 2017 4:53 pm 
Offline
User avatar

Joined: Wed Mar 05, 2014 2:45 pm
Posts: 11067
Glad I am not an IT manager right now.

_________________
When given the choice between two evils, do the one you haven't done yet.


Top
 Profile  
 
PostPosted: Mon May 15, 2017 5:02 am 
Offline

Joined: Tue Jan 27, 2015 7:28 pm
Posts: 5912
It sounds like this particular threat is targeted at older windows machines like XP. And some old network message protocol called SMBv1 which is ~15 years old. It is not real easy to disable the unneeded SMBv1 in windows 7, I already tried. Apparently you need to run Powershell commands or edit the registry. Thanks Microsoft.
Or you can just keep up with monthly updates and trust mr softie to keep you safe. :(

http://windows7themes.net/en-us/how-to- ... ypt0r-2-0/


Top
 Profile  
 
PostPosted: Tue May 16, 2017 2:29 am 
Offline
User avatar

Joined: Tue Oct 19, 2010 8:50 am
Posts: 11444
Apparently all signs point to N. Korea being behind this. Interesting that they're provoking Russia.

"'WannaCry' ransomware shares code with Sony hack, raising possibility of North Korea connection."

http://www.latimes.com/world/europe/la- ... story.html


Top
 Profile  
 
PostPosted: Tue May 16, 2017 10:04 pm 
Offline
User avatar

Joined: Tue Oct 19, 2010 8:50 am
Posts: 11444
The attack includes elements that belong to the U.S. National Security Agency and were leaked online last month.

Shadow Brokers, the group that has taken credit for that leak, threatened on Tuesday to release more recent code to enable hackers to break into the world's most widely used computers, software and phones.

A blog post written by the group promised from June to release tools every month to anyone willing to pay for access to some of the tech world's biggest commercial secrets.

It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs. "More details in June," it promised.

http://www.reuters.com/article/us-cyber ... SKCN18B0AC


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
POWERED_BY