Massive global ransomware attack affecting 74 countries and counting

Forums › Desktop computing › Massive global ransomware attack affecting 74 countries and counting

1 | ... | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10

3141 posts

Uber Geek
+1 received by user: 1143

#1782568 15-May-2017 14:17

richms:

Its when people do stupid things like allow unsupported operating systems to browse the net or have email or be on the same lan as computers with customer data etc that the IT staff have to tell them no.

everyone is ignoring the REAL WORLD security issue is the user , not if the OS or if its patched or not.
Thats why fully patched Win7/10 PC's can get infected while unpatched/NEVER patched XP's can go without ever having infections/malware

Sure , better to be fully up to date with Win patches, but lets not pretend lack of updates is the cause of most malware infections .
When XP was current, most XP PC's I saw werent even doing winupdates: didnt cause meltdowns .

Last year, known Win7 update issues saw many thousands of Win7 PC's stop updating for several months, wasnt that big an issue (most didnt even notice).
There are still many XP PC's out there in NZ businesses. They arnt the big security issue. Users opening bogus emails & clicking on links & attachments is.

IT make suggestions , they cant dictate to management/owners .
They can choose to walk away from the job of course, its then someone else's issue, but nothing will have changed .

wpcharged

18 posts

Geek
+1 received by user: 4

#1782577 15-May-2017 14:42

1101:

They arnt the big security issue. Users opening bogus emails & clicking on links & attachments is.

In this case a computer can still become infected without even opening an email

Rikkitic

Awrrr
19071 posts

Uber Geek
+1 received by user: 16316

Lifetime subscriber

#1782578 15-May-2017 14:45

wpcharged:

In this case a computer can still become infected without even opening an email

Only if they are on a network that has been infected.

Plesse igmore amd axxept applogies in adbance fir anu typos

gzt

18685 posts

Uber Geek
+1 received by user: 7826

Lifetime subscriber

#1782663 15-May-2017 15:47

and only if SMB1 is enabled.

Edit: on the target

wpcharged

18 posts

Geek
+1 received by user: 4

#1782664 15-May-2017 15:51

Rikkitic:

wpcharged:

In this case a computer can still become infected without even opening an email

Only if they are on a network that has been infected.

"The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers."

From the microsoft blog:
https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

From what I understand that means it can infect unpatched systems on other networks which have TCP port 445 open.

gzt

18685 posts

Uber Geek
+1 received by user: 7826

Lifetime subscriber

#1782672 15-May-2017 16:12

One thing I'm not clear on yet. If the first machine is already patched when the ware runs on it, can it still infect unpatched machines?

Dell

Shop now for Dell laptops and other devices (affiliate link).

michaelmurfy

meow
13581 posts

Uber Geek
+1 received by user: 10914

Moderator

ID Verified

Trusted

Lifetime subscriber

#1782674 15-May-2017 16:14

gzt: One thing I'm not clear on yet. If the first machine is already patched when the ware runs on it, can it still infect unpatched machines?

Yes it can. I've tested this with a sample in a lab environment.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Rikkitic

Awrrr
19071 posts

Uber Geek
+1 received by user: 16316

Lifetime subscriber

#1782683 15-May-2017 16:44

Are there likely to be many machines, even older ones, that are both unpatched and have port 445 open? The initial attack vector seems to have been an executable in an email attachment masquerading as a zip file by using a double extension. This is straight out of hacking 101 from the 1990s. It doesn't seem very sophisticated to me. On the other hand, it has obviously been pretty effective.

Plesse igmore amd axxept applogies in adbance fir anu typos

bagheera

544 posts

Ultimate Geek
+1 received by user: 189

#1782703 15-May-2017 17:46

Rikkitic:

Are there likely to be many machines, even older ones, that are both unpatched and have port 445 open? The initial attack vector seems to have been an executable in an email attachment masquerading as a zip file by using a double extension. This is straight out of hacking 101 from the 1990s. It doesn't seem very sophisticated to me. On the other hand, it has obviously been pretty effective.

any pc using a modem or them old adsl card that got put into pc when adsl first came out.

edit: and maybe a USB tethered phone using direct apn

edit 2 : ipv6 setup by someone not knowing what they are doing

kiwifidget

"Cookie"
3640 posts

Uber Geek
+1 received by user: 1969

Lifetime subscriber

#1783058 16-May-2017 12:39

Rikkitic:

I just tried the link again and it works fine. It also worked several times earlier today. It takes you to a page where you can choose a patch for your specific OS version. You can choose to patch only the vulnerability, or do a roll-up for the month.

There is no patch for my version of Windows 10 (1703).

Was it included in Insider Preview 15063?

Delete cookies?! Are you insane?!

Batman

Mad Scientist
30014 posts

Uber Geek
+1 received by user: 6217

Trusted

Lifetime subscriber

#1783072 16-May-2017 12:42

I'm quite sure I don't want to drive a smart car or live in a smart house or fly in a smart plane.

That way I won't be at risk of being held ransom in my car, house or halfway into the stratosphere, just because someone, somewhere, forgot to apply/didn't make a patch every 2 days.

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

Rikkitic

Awrrr
19071 posts

Uber Geek
+1 received by user: 16316

Lifetime subscriber

#1783074 16-May-2017 12:43

Does Win 10 require patching? I thought it wasn't vulnerable.

Plesse igmore amd axxept applogies in adbance fir anu typos

Rikkitic

Awrrr
19071 posts

Uber Geek
+1 received by user: 16316

Lifetime subscriber

#1783077 16-May-2017 12:49

joker97:

I'm quite sure I don't want to drive a smart car or live in a smart house or fly in a smart plane.

That way I won't be at risk of being held ransom in my car, house or halfway into the stratosphere, just because someone, somewhere, forgot to apply/didn't make a patch every 2 days.

In an unsmart car you can always have a heart attack and wipe out a dozen smart car passengers. Your unsmart house may burn down around you while you are sleeping. There are no more unsmart planes. The pilots are just there for ballast.

Plesse igmore amd axxept applogies in adbance fir anu typos

MikeB4

MikeB4
18775 posts

Uber Geek
+1 received by user: 12766

ID Verified

Trusted

Subscriber

#1783078 16-May-2017 12:49

Rikkitic:

Does Win 10 require patching? I thought it wasn't vulnerable.

If you a up to date you have been patched, you are however still vulnerable

Here is a crazy notion, lets give peace a chance.

frankv

5705 posts

Uber Geek
+1 received by user: 3666

Lifetime subscriber

#1783081 16-May-2017 13:04

joker97:

I'm quite sure I don't want to drive a smart car or live in a smart house or fly in a smart plane.

That way I won't be at risk of being held ransom in my car, house or halfway into the stratosphere, just because someone, somewhere, forgot to apply/didn't make a patch every 2 days.

You're still liable to die from some other programmer's (i.e. excluding security) mistake in most cars and planes. Or some mistake by a mechanical or aerodynamics or whatever designer.

1 | ... | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10