Protect yourself from the WannaCrypt0r WannaCry Ransomware

[Dave 277]

Seems to be an epidemic on ransomware again.  Microsoft has a patch but you need to make sure your Windows systems are patched up.  

Here is Microsoft's patch - https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Quote

In a statement Friday, Microsoft said: “Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows Update enabled, are protected. We are working with customers to provide additional assistance.”

Kaspersky Software will also block the bad bits.  https://usa.kaspersky.com/home-security

 

Read more on WordFence.  (a security blog/company for WordPress)

https://www.wordfence.com/blog/2017/05/massive-global-ransomware-attack-underway-patch-available/

more on Washing Post - https://www.washingtonpost.com/world/hospitals-across-england-report-it-failure-amid-suspected-major-cyber-attack/2017/05/12/84e3dc5e-3723-11e7-b373-418f6849a004_story.html

[GavinCampbell 11]

I just got called into work about this... way to ruin my weekend.  Its actually a bit scary.

[Trig0r 118]

My boss rang up and said to go into the main office and tell everyone not to open email attachment's and be careful.

 

It was 17:05 on Friday, not quite sure what he was thinking lol

[Jason 56]

Is this coming in specifically from email attachments? I just flew out of London Heath Row on Fri. am as their hospitals were getting hit. Scary.


Sent from my iPhone using Tapatalk

[Dave 277]

Update for May 14th, 2017

Quote

In the past few hours, on Sunday May 14th, the WannaCry ransomware campaign has evolved. We are seeing new variants of the ransomware emerge.

How to protect yourself - https://www.wordfence.com/blog/2017/05/how-to-protect-yourself-against-wannacry/

 

[Dave 277]

An update to this madness. Interesting read about how a portion of the attack was stopped.

https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack



Sent from my Pixel XL using Tapatalk

[Dave 277]

A new Killswitch was found and registered further stopping the spread.

@msuiche: New kill switch detected ! http://www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com #WannaCry - Just pushed for an order ! pbs.twimg.com/media/C_yVpB2XUAE9QcU.jpg pbs.twimg.com/media/C_yWDeEXgAANlYS.jpg




Sent from my Pixel XL using Tapatalk

[ShadowPeo 33]

In some respects, in regards to this outbreak I am happy that it happened and garnered so much attention, for several reasons in particular. Yes it sucks that people will loose data but in the end I am hoping some good will come from it

Firstly, people and companies ditching their old XP/2003 installs and finally updating (I am sure Dell, HP and others are going to get a bunch of new orders for servers now) thus eliminating many other potential vulnerabilities and potential attack vectors

Secondly, Backups, again people and companies will hopefully learn the value of good backups, there are after all only 2 (or should that be 10) types of people in the world those that have lost data and those that will loose data, it is primarily the former that will have backups. As the recent podcast episode showed, no backup system is infallible as it is set up and maintained by humans after all, but every bit helps.

Thirdly and I am going to lump some things together here, specifically people/companies patching their equipment and AV/AM software. The damned patch for this was released a while back as I am sure everyone here is aware, so just how is it that this patch has not been deployed, I mean come on people. There should be getting some hard questions asked of IT staff and of management as to why patches are not deployed in a timely manner.

[Trig0r 118]

I patch our cluster a few times a month tbh, the boss was all panicing though, I was happy to just carry on as normal..

[ShadowPeo 33]

I have our internal systems set to do any patches that do not require a reboot at 8PM each day, anything that requires a reboot is done over the weekend with the majority being done in the first batch, only the secondary DC and one of the HV's not being rebooted (so the second DC has something to run on), that DC and HV is rebooted several hours later to complete the updates