The IDEAL Forum

Don't know if we have already some kind of topic regarding daily news, information and discussions, so I opened a new one.

Would like to start with this weekend top case in IT world - WannaCry ransomware malware

http://elpais.com/elpais/2017/05/12/inenglish/1494588595_636306.html
http://www.ibtimes.co.uk/telefonica-hack-ransomware-attack-internal-network-forces-computer-shut-down-1621350



Anyone of you had any issues with the same?

In my case, I was lucky this time since all servers (Enterprise customer) were up to date with the latest MS updates....

1) use backup from other server
2) profit ?

is this not only going for windows based customers? furthermore i doubt they got more then one crypting code, ez to crack.

My GF has not update her Win7 since 2014....

didnt this only affect people who were dumb enough to download a spam email attachment?

Xen wrote:didnt this only affect people who were dumb enough to download a spam email attachment?

No, it was infecting other devices on the network by a Windows security backdoor. Meaning that if you take your home infected laptop to school, it would infect other laptops at shool.

but what was the mechanism of getting ur shit infected? you had to do something, didnt you? Or how precisely does that shit work these days?

Actually, im interested in this on a very general level.

troolenhardy wrote:but what was the mechanism of getting ur shit infected? you had to do something, didnt you? Or how precisely does that shit work these days?

Actually, im interested in this on a very general level.

In the current case: an unpatched system gets infected and spreads the infection further. Ways to get infected: over the local network (Windows filesharing service - smb) or by opening some funny email attachments.

Generally: use outdated browser, don't patch your operating system, install every shit you can find on the interwebs, open *.pdf.exe files, ...

Correct what Thoryk is saying.
SPAM mails, mail attachments including a free Dubai ticket, internet sites adds, fake antivirus and mailware programs....all of these might be one of having this ransomware inside.
The biggest problem here was that you can have only one person to be infected and then it was easily spread out over the network using a backdoor, or let's call it a fail inside Windows systems having SMB 1.0 still active.
Latest March 2017 security monthly included this fix for the SMB, but if you have your environment having at least one server or computer which isn't properly patched you can be at risk to have your file shares, and other devices infected.
Brati asked about backup options. Yes, they might help, but imagine to have an enterprise environment that has a file share (like 20TB of files) infected...this take days to get back all the files back to normal. Also, mostly user computers are not backup daily or weekly, so all private storage on the hard drive can be forgotten (in most cases).

I store all my important files on my local linux "server", including mail, images, documents and so on. Every night there runs storeBackup creating an incremental backup on my usb hdd. For the private sector, this should be enough

I guess i was more wondering about the level below. I can see how one can get his shit rekt via installing something, by opening some files and shit. But how does it work "passively"?

Does it literally work in a way that, say, some signal (code) is being broadcast in a network/is just randomly a part of something that some programs/processes read by default (as in - no action of user is needed for the code to be read/run) and there are "passively listening" processes on the to be infected machine and those due to their weakness will upon passively registering said code (dunno how to say it, kinda like the difference between me going through a bookstore noticing they have some cookbooks and me actually taking the book home consciously and then deliberately acting out (cooking) a particular recipe that i like and chose to do) execute some commands that will download/install the virus/malware which can then start doing its own shit?

Thoryk wrote:I store all my important files on my local linux "server", including mail, images, documents and so on. Every night there runs storeBackup creating an incremental backup on my usb hdd. For the private sector, this should be enough

What is if i come to you home and infect the shit of ur hdd with ma hammer

troolenhardy wrote:I guess i was more wondering about the level below. I can see how one can get his shit rekt via installing something, by opening some files and shit. But how does it work "passively"?

Does it literally work in a way that, say, some signal (code) is being broadcast in a network/is just randomly a part of something that some programs/processes read by default (as in - no action of user is needed for the code to be read/run) and there are "passively listening" processes on the to be infected machine and those due to their weakness will upon passively registering said code (dunno how to say it, kinda like the difference between me going through a bookstore noticing they have some cookbooks and me actually taking the book home consciously and then deliberately acting out (cooking) a particular recipe that i like and chose to do) execute some commands that will download/install the virus/malware which can then start doing its own shit?

The used exploits: https://en.wikipedia.org/wiki/EternalBlue https://en.wikipedia.org/wiki/DoublePulsar.

Every service, in this case SMB, has open ports. The services read and interpret the data they get on those ports. If you fuck up reading the data, ie not handling code that is malformed in the right way, you can get remote code execution. Meaning the attacker can run his code on the server. For example opening a shell or downloading the worm itself. And then they can do shit on your PC. And since it's a worm it distributes itself on the network further.

So the worm is sneaking code into your pc and then downloading and running the worm itself.

Was curious how many people payed the decryption key with BitCoins:

"According to a bot watching the Bitcoin wallets tied to the ransomware attack, just 296 payments had been made as of Monday 22nd May, netting the perpetrators 48.86 Bitcoins -- a figure worth approximately $104,436. This mean means under 0.1 percent of victims paid up.

Considering the amount of chaos WannaCry caused -- and the high-profile nature of a truly global campaign -- a return of $100,000 is relatively low."

The_Un1que wrote:Was curious how many people payed the decryption key with BitCoins:

"According to a bot watching the Bitcoin wallets tied to the ransomware attack, just 296 payments had been made as of Monday 22nd May, netting the perpetrators 48.86 Bitcoins -- a figure worth approximately $104,436. This mean means under 0.1 percent of victims paid up.

Considering the amount of chaos WannaCry caused -- and the high-profile nature of a truly global campaign -- a return of $100,000 is relatively low."

wait for bitcoin to take more value

I expected more people to pay

Anyone from Manchester?

Again same shits....

http://www.mirror.co.uk/news/uk-news/ma ... o-10478842

Im sure thats going to help labour this election

Xen wrote:Im sure thats going to help labour this election