Karl`s PC Help Forums

Massive Ransomware Attack Hits 74 Countries
JackInCT - 12-5-2017 at 19:31

Massive Ransomware Attack Hits 74 Countries

Much too long to c & p. URL:
http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html

I would suggest that some level of healthy skeptism be applied to the CNN article of the 'do they really know whence they speak of' variety. In particular whether/how much this attack impacts, if at all, home users.

I presume that we all have a favorite website that we rely on for accurate tech news. It would pay to see what such a site has to say, especially with regard to proactive 'countermeasures' (not to mention to determine/assess vulnerability, etc.,).


Katzy - 12-5-2017 at 21:02

Luckily, for me, my appointment was yesterday. Our NHS has been badly hit.

Looks like it's hitting hard. Even Russia's been hit. Bloody silly, though. Thanks to our idiotic government, 90% of NHS machines are believed to be running Windows XP.


marymary100 - 12-5-2017 at 21:16

Hunt should be hunted out of office. The Government stopped paying Microsoft in 2015.


JackInCT - 12-5-2017 at 22:59

One of the take aways from this event is just how fragile/vulnerable these countries digital 'highways' are in the event of a bona fide all out cyberwar.

It is not like that the powers that be found out yesterday that such havoc was possible, if not likely.

The political folks controlling the purse strings are, for all practical purposes, digitally illiterate. Their votes are based on what so called self-appointed experts are telling them without any insight/comprehension as to whether their executive summaries hold water. And of course, it's safe to presume that the digital experts don't agree among themselves either which only confuses the matter. Digital experts are very likely to be digital media darlings and its their name recognition factor that attracts the likes of most politicians, i. e., media recognition is the tour de force of politicians.

It's clear that a quick resort to manual methods of doing the job has been sorely neglected. The staff contingency training time for such a scenario is of course non-revenue producing. That's the kiss of death as to why it's not being done apparently.


Katzy - 13-5-2017 at 08:21

Quote:
Originally posted by marymary100
Hunt should be hunted out of office. The Government stopped paying Microsoft in 2015.


All part of their privatisation plans, ay? ;)


John_Little - 13-5-2017 at 08:22

Buggered my repeat prescription request, then.


marymary100 - 13-5-2017 at 15:25

Blogger accidentally halts malware attack


Quote:

A security researcher has told the BBC how he "accidentally" halted the spread of ransomware affecting hundreds of organisations, including the UK's NHS.
The man, known online as MalwareTech, was analysing the code behind the malware on Friday night when he made his discovery.
He first noticed that the malware was trying to contact an unusual web address - iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - but this address was not connected to a website, because nobody had registered it.
So, every time the malware tried to contact the mysterious website, it failed - and then set about doing its damage.
MalwareTech decided to spend £8.50 and claim the web address. By owning the web address, he could also access analytical data and get an idea of how widespread the ransomware was.

But he later realised that registering the web address had also stopped the malware trying to spread itself.
"It was actually partly accidental," he told the BBC.
What happened?
Originally it was suggested that whoever created the malware had included a "kill switch" - a way of stopping it from spreading, perhaps if things got out of hand.
But MalwareTech now thinks the coder had included a mechanism to stop security researchers analysing the malware, which backfired.
Security researchers often analyse viruses on a virtual machine or "sandbox" - a secured, disposable computer environment with no important files that might be destroyed.
MalwareTech now thinks the software's attempt to contact the mysterious web address - iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - was a way of checking whether the malware was being analysed on a sandbox.
On a real computer, the website would fail to load. But a virtual machine might behave differently.
"The malware exits to prevent further analysis," MalwareTech wrote in a blog post.
"My registration... caused all infections globally to believe they were inside a sandbox and exit… thus we initially unintentionally prevented the spread and further ransoming of computers."
Does this mean the ransomware is defeated?
While the registration of the web address appears to have stopped one strain of the malware spreading, it does not mean the ransomware itself has been defeated.
Any files that were scrambled by the ransomware will still be held to ransom.
Security experts have also warned that new variants of the malware that ignore the "kill switch" will appear.
"This variant shouldn't be spreading any further, however there'll almost certainly be copycats," said security researcher Troy Hunt in a blog post.


JackInCT - 13-5-2017 at 16:19

Quote:
Originally posted by marymary100
Blogger accidentally halts malware attack
Quote:


I have to wonder (out loud) what it would take for your govt to hire this individual. But then again doing something like that makes sense and we ALL know that is not ANY govt strong suit.

Kind of like the way I keep failing at using the quote button correctly!!!


marymary100 - 13-5-2017 at 16:30

:D


scholar - 13-5-2017 at 19:42

Quote:
Originally posted by JackInCT
Quote:
Originally posted by marymary100
Blogger accidentally halts malware attack
Quote:


I have to wonder (out loud) what it would take for your govt to hire this individual. But then again doing something like that makes sense and we ALL know that is not ANY govt strong suit.

Kind of like the way I keep failing at using the quote button correctly!!!


I've noticed that. If I may suggest--

If you quote the whole post with the quote button, and then put your response after the full quotation, you'll be safe.

If you wish to delete any of the content of the quote, you'll also be okay, so long as you leave anything in square brackets intact.

The problems come in if a person puts responses in, inside the quoted material. This is even more likely to be a problem with nested quotes.


JackInCT - 13-5-2017 at 22:21

Anyone call to take any bets as to how many IT types will be fired for this fiasco?, i. e., they (and we know who THEY are) have already started laying the foundation for not being terminated by blaming an outdated MS OS (XP)/lack of funding/etc.,. Competence???? I bet on ZERO. Resignations due to embarrassments/humiliation/etc.,. Also ZERO.


LSemmens - 14-5-2017 at 09:41

Actually this code has been around in one form or another for many years. If a system is patched and up to date, then you are reportedly safe. The IT departments should be fairly safe unless they are the ones blocking security upgrades to the systems under their control. Sadly, it's often the Shareholders who fail to appreciate the need for updated security on their computer systems thinking "It ain't broke, so I ain't going to fix it", which should be more like "my car will last me for many years provided I maintain it"


JackInCT - 14-5-2017 at 16:18

A social commentary on today's CNN website re the recent ransomware attack known as WannaCrypt.: Wannacrypt Ransomware Attack Should Make Us Wanna Cry By Alexander Urbelis

http://www.cnn.com/2017/05/14/opinions/wannacrypt-attack-should-make-us-wanna-cry-about-vulnerability-urbelis/index.html

There are of course no lack of commentaries/editorials/etc. on this event; and if you look hard enough, you could probably even find a few that state, in effect, 'it was no big deal'.

Wouldn't be a "laugh" if the hacker turned out to be someone who wanted the bitcoins to pay for a date for someone he/she really wanted to impress!!!!!


John_Little - 14-5-2017 at 16:23

Updated avast and malwarebytes.


JackInCT - 14-5-2017 at 18:02

In the comments sections of various media articles [that allow for anyone to post them], there is no lack of a vast assortment/variations of conspiracy theories/accusations re the culprits.

One that caught my eye was that MS is behind the attack in order to motivate end users, et al, to switch over to the Win 10 OS. A variation on that is that Win 10's sending of user data to MS makes it even easier than it already is for the govt to "monitor", as in eavesdrop, what end users are up to.


JackInCT - 15-5-2017 at 15:39

For those across the pond: did any govt agency actually pay the ransomware??? [could NOT find anything in any of the media stories if that did/did not happen]


Katzy - 16-5-2017 at 10:05

The annoying thing, for many, is the repeated mantra of using Windows Update. Problem is, Microsoft has installed so much malware, itself, using that, that many of us have it disabled, rather then have W10 forced upon us.


JackInCT - 16-5-2017 at 13:37

Quote:
Originally posted by Katzy
The annoying thing, for many, is the repeated mantra of using Windows Update. Problem is, Microsoft has installed so much malware, itself, using that, that many of us have it disabled, rather then have W10 forced upon us.


In no particular order:
There is no lack of finger pointing as to how (never mind the 'who' of it) this could have occurred, i. e., a classic case of spin doctoring. I would guess that in the coming days, big time lawsuits will be filed. This spin doctoring is an early stage response to avoid, or a least, minimize the financial awards.

The political response is, as can be expected, the typical farce as those clowns are lucky if they know how to turn on a PC never mind understand anything about its inner working; but look for new legislation/regulations for no better reason as a pro forma response that they are on 'top of the matter'.

The major underlying scheme by the politicos is that terrorists are everywhere, and no one but no one wants to reign in the NSA just in case they use the Internet to plot dastardly deeds. So no one will tell NSA type organizations to stop developing hacking tools, or for that matter, have the NSA types from forging de facto alliances with MS type companies to leave "holes" in their hardware/software.

It will take a significant collapse of the financials systems due to hacking before they 'get the message' (and are voted out of office by the serfs).


marymary100 - 16-5-2017 at 16:10

Someone has been trying to hack my accounts today. There is a reason I don't do online banking.


JackInCT - 16-5-2017 at 20:23

There are a number of consequences to the magnitude of this ransomware episode.

One that's not gotten any attn that I have come across is that is has very likely emboldened amateur as well as advanced level hackers in a de facto contest to outdo one another.

Human nature being was it is/isn't is the rivalry that springs between individuals even in the realm of cyberwarfare, i. e., my skills are better than yours, or I can wreck more havoc than you can, etc.,. Bullying is not limited to the school yard/work place/etc.,. It exists online and bragging/chest thumping that you have accomplished some nefarious deed in this area falls in this category.


LSemmens - 16-5-2017 at 22:47

Quote:
Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today
from here


JackInCT - 16-5-2017 at 23:37

Quote:
Originally posted by LSemmens
Quote:
Additionally, we are taking the highly unusual step of providing a security update....


I am wondering at what level of MS who made the decision of leaving out [perhaps deleting] the word "FREE" in front of the phrase "security update".

MS, and its stakeholders, are now faced with the precedent of, among other things, giving end users something for nothing. They of course still have the option, after all they still are a de facto monopoly, of raising prices on other of their products.

Yes, I'm looking at a gift horse in the mouth and seeing a Trojan horse whose contents are like a piñata, but in this case all kinds of nasty things are apt to spew forth given MS's long, long history of disdain for its paying customer's feelings.


John_Little - 17-5-2017 at 05:45

Quote:
Additionally, we are taking the highly unusual step of providing a security update....


I am wondering at what level of MS who made the decision of leaving out [perhaps deleting] the word "FREE" in front of the phrase "security update".

MS, and its stakeholders, are now faced with the precedent of, among other things, giving end users something for nothing. They of course still have the option, after all they still are a de facto monopoly, of raising prices on other of their products.

Yes, I'm looking at a gift horse in the mouth and seeing a Trojan horse whose contents are like a piñata, but in this case all kinds of nasty things are apt to spew forth given MS's long, long history of disdain for its paying customer's feelings.


John_Little - 17-5-2017 at 05:45

Couldn't resist fixing the quote thing. Sorry Jack.

But thank you for that link, Leigh. I have an old XP desktop in the other room that could do with a fix.


JackInCT - 17-5-2017 at 12:30

Quote:
Originally posted by John_Little
Couldn't resist fixing the quote thing. Sorry Jack.

But thank you for that link, Leigh. I have an old XP desktop in the other room that could do with a fix.


I have a lobotomy on my 'to do' list. Hopefully, that will fix my ongoing issues with the quote button.

Thanks, although when I saw my error, I, NATURALLY, presumed that rather than attempt to fix my failing, given the savoir faire, sophistication, erudition, unlimited scholarship, etc., that all the posters on this board are possessed with in abundance, every man jack/jane would readily see what I was trying to say.


Katzy - 17-5-2017 at 17:33

Quote:
Originally posted by LSemmens
from here


Quote:

This update is only available via Windows Update.


Now... Do I want malware from Microsoft? I'll give that a miss, methinks.