Jump to content


Windows Ransomware Attack


  • Please log in to reply
21 replies to this topic

#1 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,711 posts

Posted 12 May 2017 - 04:28 PM

Ouch--ransomware attack spreading worldwide:
https://www.washingt...a004_story.html
Registered Linux User 344759

#2 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,168 posts

Posted 12 May 2017 - 07:14 PM

Pardon me just a moment while I sit back and gloat.

What? You didn't have your network secured? You didn't have access to recently made backups of your data? Your anti-virus/anti-malware wasn't up-to-date? You still allowed telnet into your servers? You weren't using a fire-walled router?

Well, that's gonna' SUCK for you, then.

#3 OFFLINE   onederer

onederer

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,215 posts

Posted 13 May 2017 - 01:18 AM

Lucky me, I use Linux, so I'm still loose and free to operate.

With Windows, I was not able to install Win. 10 when it was free. Never able to complete the entire installation. In spite of using a proxy, and a firewall (ZoneAlarm), I got hit with ransomware. Disgusted, I just left it that way, since last year. I'd have to totally reinstall Win. 7, to overcome the disaster.

Actually the only reason that I need to use Windows, is to update my TomTom and Magillan gps devices. Too bad that can't be done via Linux, I could then totally dump Windows.

Cheers!
Le savant n'as pas peure de demander des questions.

#4 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,346 posts

Posted 13 May 2017 - 09:25 AM

I also read that a lot of folks affected by this are dumb enough to continue running Windows XP or Windows Server 2003. Microsoft has apparently released patches they do for their Custom Support clients to counteract this problem.
It's not much fun for anyone who gets nailed by one of these ransomware worms. I had a friend who was hit and we just scrapped all his data. We were able to get some photos and docs back from his old PC that he still kept in the basement.
What bugs me is why would anyone post a known and powerful hacking tool out on the Web for any Black Hat to download and modify.
Posted Image

Registered Linux User 445659

#5 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,168 posts

Posted 13 May 2017 - 01:14 PM

The dumbest thing of all about this massive ransom campaign is that it's activated (and spread) by the usual method...

CLICKING ON UNKNOWN ATTACHMENTS IN EMAILS

Can you believe that people still do this? Doesn't anyone know how to right click on an attachment and request that your AV run a scan before opening? How 'bout just NOT clicking on attachments at all? Yeeeesh! This method of infecting systems has been around since they ransomed the 2X2 animal data from Noah's system. C'mon, people!

#6 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,711 posts

Posted 13 May 2017 - 05:44 PM

Sadly, there are a lot of people like my mother and her friends who are indeed not capable. Of course, there are others who should be capable but aren't for some reason.
Registered Linux User 344759

#7 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,346 posts

Posted 13 May 2017 - 09:20 PM

If you are "not capable" you still have some options assuming you know someone who is capable:
  • Get a good security suite like ESET and keep it up to date.
  • Get Malware Bytes Pro with real time protection.
  • Run Linux.
  • Don't use email if you are too dumb to avoid attachments.
  • Don't connect to the Internet. Play games offline.
  • Don't use a computer at all.
There are many times I wish people like Lillian would just take option 6.
Posted Image

Registered Linux User 445659

#8 ONLINE   Dr. J

Dr. J

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 253 posts

Posted 14 May 2017 - 06:49 AM

I came across this a little while ago... seems even "technically competent" people can get sloppy and subsequently hacked...

https://forums.gento...-t-1060828.html

A little down the thread the poor sod admits to running Firefox as root... that's probably how they got in.

Quote

Yeah, I'm guilty of running FireFox as root. Shame on me - I should have known better.

Edited by Dr. J, 14 May 2017 - 06:49 AM.

/usr/bin/drinking
~/hungover

#9 OFFLINE   onederer

onederer

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,215 posts

Posted 14 May 2017 - 08:07 AM

Well, it looks like even Linux has gotten hit by ransomware. This time, Gentoo. Thus far, I've been spared of getting the end of the bad stick. I wonder if it's because I have a layer of IP addresses by using a Zenmate proxy, Clamav, and a Linux defrag program, and a keylogger sniffer?

It could also be because I still use PCLinuxOS, because of it's stability.

Another thing comes to mind. Have any of you ever heard of any BSD systems being attacked by ransomware? Not that many users would make that OS system a very low peofile target.

Cheers!
Le savant n'as pas peure de demander des questions.

#10 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,346 posts

Posted 14 May 2017 - 10:07 AM

I think that any Linux user could get hacked if they browse the Internet as root.
Posted Image

Registered Linux User 445659

#11 OFFLINE   onederer

onederer

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,215 posts

Posted 14 May 2017 - 12:19 PM

That's questionable, because the file system of Linux is different than Windows. Odds are that the ransomware was designed to attack Microsoft's baby. After all, Windows is the favorite target because there are so many users worldwide. That makes it very tempting for jerks that purvey their malware.

I suppose that there are a few worms floating around the Internet just looking for Linux users, and those could be disastrous for some poor users.
Le savant n'as pas peure de demander des questions.

#12 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,711 posts

Posted 14 May 2017 - 02:09 PM

View Postraymac46, on 13 May 2017 - 09:20 PM, said:

If you are "not capable" you still have some options assuming you know someone who is capable:
  • Get a good security suite like ESET and keep it up to date.

  • Get Malware Bytes Pro with real time protection.

  • Run Linux.

  • Don't use email if you are too dumb to avoid attachments.

  • Don't connect to the Internet. Play games offline.

  • Don't use a computer at all.
There are many times I wish people like Lillian would just take option 6.
Well, I have my mother utilizing your steps 1 and 2 and she uses a limited user account--doesn't even know the admin password. She usually asks me if she gets any attachments because she can't figure out how to access them. She's 89 now.
Registered Linux User 344759

#13 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,346 posts

Posted 14 May 2017 - 03:33 PM

View Postonederer, on 14 May 2017 - 12:19 PM, said:

That's questionable, because the file system of Linux is different than Windows. Odds are that the ransomware was designed to attack Microsoft's baby. After all, Windows is the favorite target because there are so many users worldwide. That makes it very tempting for jerks that purvey their malware.

I suppose that there are a few worms floating around the Internet just looking for Linux users, and those could be disastrous for some poor users.
You can still get hacked through things like Flash if you are dumb enough to run as root. Maybe not this particular thing but the Gentoo guy was infected and that's Linux. Don't assume you are totally immune if you don't practice safe computing.
Posted Image

Registered Linux User 445659

#14 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,168 posts

Posted 14 May 2017 - 06:59 PM

View Postraymac46, on 13 May 2017 - 09:20 PM, said:

  

3. Run Linux.


That's the one! Of course, option 6 wasn't a bad idea either. ;)

#15 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,394 posts

Posted 15 May 2017 - 11:14 AM

This is a really disgusting attack. Several freiends have been caused a great deal of trouble due to the NHS being compromised. Find the culprits and hang em high. Naturally you would need to hang the NHS techs for setting up th NHS system so sloppily. Oh and it might be a good idea to hang all the MP's past and present who allowed such a shoddy computer system to be built and run.

I think I will stand for Prime Minister at the upcoming elections with the policy outlined above. recon I would stand a decent chance of election. :Laughing:
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#16 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,168 posts

Posted 15 May 2017 - 11:27 AM

Don't forget to hang all those fatcat Microsoft folks.

#17 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,346 posts

Posted 15 May 2017 - 06:39 PM

Thanks to the action of a security geek in the UK who activated a domain in the code, WannaCry 1.0 was shut down via a kill switch. However looks like WannaCry 2.0 is already out there without the kill switch provision. So stay tuned.

https://www.neowin.n...bat-kill-switch
Posted Image

Registered Linux User 445659

#18 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,168 posts

Posted 16 May 2017 - 10:11 AM

Have I mentioned lately that I LOVE Linux?

#19 ONLINE   Dr. J

Dr. J

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 253 posts

Posted 16 May 2017 - 11:14 AM

I just found out that my local library got hit over the weekend... All of their public machines were running Windows 7, but god knows what was keeping their network up in the background. Oddly enough, I had previously noticed LibreOffice on the public machines instead of the MS variant... If they'll ever switch over to Ubuntu LTS on those, I guess it'll happen now...
/usr/bin/drinking
~/hungover

#20 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,054 posts

Posted 16 May 2017 - 11:21 AM

That means that the library's public Windows 7 machines had not received the March MS17-010 security update.
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#21 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,394 posts

Posted 17 May 2017 - 09:41 AM

View PostV.T. Eric Layton, on 15 May 2017 - 11:27 AM, said:

Don't forget to hang all those fatcat Microsoft folks.

Well they are not really at fault in this instance. :whistling:
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#22 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,168 posts

Posted 17 May 2017 - 12:47 PM

So?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users