WannaCry Worm

Discussion in 'Computers, Software, and Electronics' started by ironpony, May 13, 2017.

  1. ironpony

    ironpony Well-Known Member Supporter

    The world-wide computer hack going around right now, the WannaCry attack, is the marriage of a classic worm attack with ransomware.

    It attacks a vulnerability in the MS Windows OS, that was addressed in a security patch in March. If your computer becomes infected, it will encrypt your files, and demand payment of $300 in Bitcoin to regain access to your files. The price goes up at 3 days, and your files become unrecoverable after 6 days.

    Since the attack is through a worm, you can be attacked without any overt action on your part, like opening an email attachment. To protect your computer you must be up to date with your security updates, and have a good virus/malware app running. If you're still using a version of XP, it would probably be best to stay offline until this blows over.

    WannaCry: The Old Worms and the New
    By Steve Grobman on May 12, 2017


    This week’s attacks leveraging the WannaCry ransomware were the first time we’ve seen an attack combine worm tactics along with the business model of ransomware. The weaponization of the Eternal Blue exploit made public weeks ago, and unpatched MS-17-010 Windows OS vulnerabilities by the thousands enabled WannaCry to infect hundreds of thousands of computers, across industries, across continents, and within just a day. Furthermore, these attacks accomplished all this with little or no human involvement, as is typically the case in other ransomware campaigns.

    A hybrid of the proven, less the human

    WannaCry’s success comes down to its ability to amplify one attack through the vulnerabilities of many machines on the network. The impact of the attack is much greater than what we’ve seen from traditional data ransomware attacks.

    Almost all of the ransomware we see in the wild today attack individual users typically through spear-phishing, meaning victims receive an email that appears to be coming from a legitimate source, it lures the victim into clicking on a link or opening an attachment that downloads or executes malicious code on his or her system. But it only impacts that victim’s one computer.

    If you think back to the late 90s and early 2000s, when we had Code Red, NIMDA and SQL Slammer, those worms spread really rapidly because they didn’t require a human to take any action in order to activate the malware on the machine. This week’s attacks did something very similar.

    We’re still working to determine how a “patient zero” machine became infected, but, once it was, if other machines hadn’t received the MS-17-010 vulnerability patch, they were infected over their network.

    Instead of stealing data or damaging other machines, the malware executed a classic ransomware attack, encrypting files and demanding a ransom payment. The attack essentially combined two techniques to produce something that was highly impactful.

    With WannaCry, if the configuration of machines within an organization possessed the Microsoft vulnerability (addressed by Microsoft in March), the ransomware could infect one machine and then move very rapidly to spread and impact many other machines that still had not been patched.

    What we’ve typically seen with cybercrime is that when any technique is shown to be effective, there are almost always copycats. Given that this appears to have been quite an effective attack, it would be very reasonable for other attackers to look for other opportunities. One of the things that makes that difficult is you need to have a vulnerability in software that has characteristics that enable worm-like behavior.

    What’s unique here is that there is a critical vulnerability that Microsoft has patched, and an active exploit that ended up in the public domain, both which which created the opportunity and blueprint for the attacker to be able to create this type of malicious ransomware worm capability.

    WannaCry: The Old Worms and the New | McAfee Blogs
     
    Last edited: May 13, 2017
  2. (((ME)))

    (((ME))) Well-Known Member

    I had lightning hit my computer. I had hackers hit it. What they looking for is beyond me because my computer is used to get information and entertainment...Nothing of value in it. I am old school still keep everything on paper and in a file cabinet. I always figured with the upgrades I never be able to keep up with those either. I not naive enough to think everyone is a friend that contacts people. Same thing with my phone and tablet activities. Caution is best way to go with all the modern tech of today.
     
  3. GAnthony

    GAnthony Well-Known Member

    they can hack my pc, they can get into my files...so what..i can get a new HDD and start my prono collection all over again.
     
  4. Injun

    Injun Rabid Squaw Staff Member Supporter

    Okay, nerds. How does this work?

    'Accidental hero' halts ransomware attack and warns: this is not over

     
  5. ironpony

    ironpony Well-Known Member Supporter

    It's just a line of code that asks for a hit on a non-existant website. As long as nothing comes back, the worm keeps going. This guy registered the website, that is "turned it on," so the worm turned itself off instead of continuing to infect more computers.

    However, merely by changing or eliminating the kill switch code, the thing can be turned back on. It's a known vulnerability in Windows, so a copycat could easily turn out a different version.

    Today would be a good day to log into the MicroShaft website, and update your OS if you haven't been installing updates.
     
  6. Injun

    Injun Rabid Squaw Staff Member Supporter

    So, sort of like calling the dogs home after they killed the neighbor's chickens, but before they move on to the next neighbor in line?
     
  7. ironpony

    ironpony Well-Known Member Supporter

    Something like that.

    Except these dogs can self-clone. If they want to.
     
  8. ready to roll

    ready to roll I ain't got no panties

    Your giving away your age with all that 'old school' talk! :D
     
  9. (((ME)))

    (((ME))) Well-Known Member

    It okay....just long as no one finds out the mileage count:rolleyes:...Been a real interesting walk.:biglaugh:
     
    • Like Like x 3
  10. ironpony

    ironpony Well-Known Member Supporter

    Howdie-Doodie was yer baby sitter, huh?

    o_O
     
    • Like Like x 1
  11. ironpony

    ironpony Well-Known Member Supporter

  12. (((ME)))

    (((ME))) Well-Known Member

    Howdie-Doodie...:rolleyes:....The family unit I grew up in did not permit tv or comic books and at age 16 considered a adult, time to leave the nest....yea... IP life been quite a dance...:pickle:I came out a better person for it all too!!
     
    Last edited: May 13, 2017
  13. ironpony

    ironpony Well-Known Member Supporter

    The WannaCry worm ain't over yet...

    What's being called 2.0 is out there now - that's copycats of the original, and version 2.1 without the kill switch has been detected too.


    Russia, This Time the Victim of a Cyberattack, Voices Outrage

    https://nyti.ms/2rf22OT

    MOSCOW — Russia was again at the center of a global hacking scandal when computer systems the world over were frozen this weekend by a variant of malicious software known as WannaCry. But this time, Russians were among the victims of the attack, not suspected of being the perpetrators.

    In fact, of all the countries afflicted in the first wave of the spread of the malicious software, Russia was hit the hardest: The virus tried to infect more computers in Russia than anywhere else, according to an analysis by Kaspersky Lab, a Russian antivirus company.

    While government computers were crashing, banks, cellphone operators and railroads in Russia were fending off attacks designed to freeze their systems in demand for ransoms to unlock the data.
     
  14. Duck

    Duck Quack Supporter

    Some news channel that was on last night had a banner across the bottom saying that the origin of the virus was traced to North Korea.

    I didn't hear what they were saying because I didn't have the sound bar on.
     
  15. ironpony

    ironpony Well-Known Member Supporter

    It hasn't been "traced" there, but some of the cyber security firms are saying there are code fragments similar to code used in other North Korean attacks in this worm.
     
  16. rigjockey

    rigjockey Token Canadian.

    Have any o the pron sites been affected?
    Has the forum been infected?:confused-96:
    I am just asking for a friend:thumbsup:
     
    • Like Like x 3
  17. ironpony

    ironpony Well-Known Member Supporter

    Heck no! They pay their protection money doncha know?

    :toothpick:
     
    • Like Like x 2
  18. (((ME)))

    (((ME))) Well-Known Member

    [​IMG]???
     
Loading...

Share This Page