lets wait now: problem, reaction, solution


Ransomware virus 'WannaCry' plagues 100k computers across 99 countries
RT

https://www.youtube.com/watch?v=96nIZUc7JVE

https://www.rt.com/news/388165-mass-cyberattack-strikes-globally/?utm_source=browser&utm_medium=aplication_chrome&utm_campaign=chrome

good advice

http://gold-silver.us/forum/showthread.php?95572-Wanna-Cry-Crypto-bot-net-outbreak

Maybe they should look into Linux.

Maybe they should look into Linux.

https://www.linuxmint.com/edition.php?id=226

that reminds me, is Avast still da bomb?

I recall it saved my bacon 2-3 years ago; got some (((nasty virus))) whose name I forgot; but that puppy would only go 10-20 sec's between throwing you another popup (after you'd X-out the last) about how your comp is infected, go here to fix yada yada. I joogled the supposed name of the virus which the fake popups (titled like, "Windows System Defender" or some such non-existent program) said I had, and they'd joogle-bombed joogle with an array of supposedly 'different' tech sites offering advice, all of which ultimately funneled down to buying (((their own BS))) "fix"... which, after "running", would undoubtedly set up my box as some sort of spam/virus central hub! And, perish the thought of what would be in store for any personal/CCard info they attained. I mean, (((they))) really had a full circle dinjoo-nuffin-esque business model set up! :o

I didn't already have Avast on that latest box, and I can't recall what prevented me from downloading it (prolly that same virus?), but a friend passed Avast on to me over skype, I ran it, (((problem))) solved. :)

yes still good AV. I think they bought AVG which might be a good thing for AVG. It started out good but started bloating and getting some kind of inconsistencies in versions. Strange situation to describe. Was getting back on track when bought up. Dropped quite a bit in user satisfaction rankings. But then what people like and whats good are often not the same thing.

but.....but......but....does this affect the "children"?

They'll find a connection.........<>...........somehow

lets wait now: problem, reaction, solution


Ransomware virus 'WannaCry' plagues 100k computers across 99 countries
RT

https://www.youtube.com/watch?v=96nIZUc7JVE

https://www.rt.com/news/388165-mass-cyberattack-strikes-globally/?utm_source=browser&utm_medium=aplication_chrome&utm_campaign=chrome

Bitcoin labeled as terrorware...

What happens if the bitcoin world exchanges get hit and cleaned out? Is that possible?

I suspect

KYAGB for recent transactions.

Flush/reload system then load clean backups,
And take the loss.

So far if file is encrypted = no recovery without the keys.

the story of the guy who fixed the problem is quite a yarn

Temp fix, no cure yet.

Need the microshit patch to plug the hole, for the uninfected, infected comps, think still sol. Total reload of the OS, and if lucky, restore from a clean backup for they do that regular backups.

Sent using Forum Runner

story stinky

https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack?utm_medium=social&utm_campaign=postplanner&utm_source=facebook.com

'Accidental hero' halts ransomware attack and warns: this is not over

Expert who stopped spread of attack by activating software’s ‘kill switch’ says criminals will ‘change the code and start again’

The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.

The ransomware used in Friday’s attack wreaked havoc on organisations including FedEx and Telefónica, as well as the UK’s National Health Service (NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.

But the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.

Disruption from cyber-attack to last for days, says NHS Digital – as it happened

British prime minister thanks NHS staff for working overnight after attack of ‘unprecedented’ scale

The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who works for Kryptos logic, an LA-based threat intelligence company.

“I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”

The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.

MalwareTech explained that he bought the domain because his company tracks botnets, and by registering these domains they can get an insight into how the botnet is spreading. “The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain,” he said. But the following hours were an “emotional rollercoaster”.

“Initially someone had reported the wrong way round that we had caused the infection by registering the domain, so I had a mini freakout until I realised it was actually the other way around and we had stopped it,” he said.

MalwareTech said he preferred to stay anonymous “because it just doesn’t make sense to give out my personal information, obviously we’re working against bad guys and they’re not going to be happy about this.”

He also said he planned to hold onto the URL, and he and colleagues were collecting the IPs and sending them off to law enforcement agencies so they can notify the infected victims, not all of whom are aware that they have been affected.

He warned people to patch their systems, adding: “This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”

He said he got his first job out of school without any real qualifications, having skipped university to start up a tech blog and write software.

“It’s always been a hobby to me, I’m self-taught. I ended up getting a job out of my first botnet tracker, which the company I now work for saw and contacted me about, asking if I wanted a job. I’ve been working there a year and two months now.”

But the dark knight of the dark web still lives at home with his parents, which he joked was “so stereotypical”. His mum, he said, was aware of what had happened and was excited, but his dad hadn’t been home yet. “I’m sure my mother will inform him,” he said.

“It’s not going to be a lifestyle change, it’s just a five-minutes of fame sort of thing. It is quite crazy, I’ve not been able to check into my Twitter feed all day because it’s just been going too fast to read. Every time I refresh it it’s another 99 notifications.”

Proofpoint’s Ryan Kalember said the British researcher gets “the accidental hero award of the day”. “They didn’t realise how much it probably slowed down the spread of this ransomware”.

The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organisations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember.

The kill switch won’t help anyone whose computer is already infected with the ransomware, and it’s possible that there are other variants of the malware with different kill switches that will continue to spread.

The malware was made available online on 14 April through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA).

Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

The ransomware demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.

“This was eminently predictable in lots of ways,” said Kalember. “As soon as the Shadow Brokers dump came out everyone [in the security industry] realised that a lot of people wouldn’t be able to install a patch, especially if they used an operating system like Windows XP [which many NHS computers still use], for which there is no patch.”

Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 74 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefónica were infected.

By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.

that reminds me, is Avast still da bomb?

I recall it saved my bacon 2-3 years ago; got some (((nasty virus))) whose name I forgot; but that puppy would only go 10-20 sec's between throwing you another popup (after you'd X-out the last) about how your comp is infected, go here to fix yada yada. I joogled the supposed name of the virus which the fake popups (titled like, "Windows System Defender" or some such non-existent program) said I had, and they'd joogle-bombed joogle with an array of supposedly 'different' tech sites offering advice, all of which ultimately funneled down to buying (((their own BS))) "fix"... which, after "running", would undoubtedly set up my box as some sort of spam/virus central hub! And, perish the thought of what would be in store for any personal/CCard info they attained. I mean, (((they))) really had a full circle dinjoo-nuffin-esque business model set up! :o

I didn't already have Avast on that latest box, and I can't recall what prevented me from downloading it (prolly that same virus?), but a friend passed Avast on to me over skype, I ran it, (((problem))) solved. :)

I recommend Rkill and Combofix.

Combofix is pretty hard core and should be used carefully. You should fully review what it is telling you before hitting the button to let it do it's thing. It can determine that some things should be removed which you might want to keep. Especially 3rd party software. SO be cautious with it. Once it gets the go ahead from you there is no turning back. In that regard it is very effective. It "will" remove "the thing". No second chances.

who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name

Were I a skeptical being I might consider that the guy who has possession of the domain name used as a kill switch might also be considered the perp who started it all. I don't know if I would volunteer to help society out if it means I could be considered the author.

Were I a skeptical being I might consider that the guy who has possession of the domain name used as a kill switch might also be considered the perp who started it all. I don't know if I would volunteer to help society out if it means I could be considered the author.

indeed. or working for same org

Could also be an orchestrated attack on Bitcoin specifically. Could be another .gov backdoor attempt into XP, because Microsoft issued a patch.
Microsoft Issues WanaCrypt Patch for Windows 8, XP (https://krebsonsecurity.com/2017/05/microsoft-issues-wanacrypt-patch-for-windows-8-xp/)

Could also be an orchestrated attack on Bitcoin specifically. Could be another .gov backdoor attempt into XP, because Microsoft issued a patch.
Microsoft Issues WanaCrypt Patch for Windows 8, XP (https://krebsonsecurity.com/2017/05/microsoft-issues-wanacrypt-patch-for-windows-8-xp/)

Myth: The government wants society to go cashless because cash is used for money laundering and illegal black market dealings
Fact: Money laundering and black market activity has been digital for some time.
Why would the government want to remove currency for the reason above, but not go after crypto currencies where all the illegal activity is?

How could our various government agencies such as the IRS, FBI and others not get hit by this??? You know they run old software and such.

Things that make you go hmmmmm.

even avast opens a small window reminding of this ransom threat every now and then

havent read these articles but the headline speak by themselves again

========================
‘Like letting Tomahawk missiles get stolen’: Microsoft slams NSA mishandling of exploits
‘Microsoft has criticized the NSA for their major role in spreading the WannaCry ransomware epidemic which paralyzed hundreds of thousands of computers worldwide. The tech giant urged governments to use and store their cyber warfare tools responsibly.
https://www.rt.com/usa/388374-microsoft-ransomware-tomahawk-attack/?utm_source=browser&utm_medium=aplication_chrome&utm_campaign=chrome

and
Top NSA Whistleblower: Ransomware Hack Due to 'Swindle of the Taxpayers' by Intelligence Agencies
http://www.washingtonsblog.com/2017/05/ransomware-hack.html

I've was riding in a truck all day today and scanned the radio stations.
The reporting on this was ALL deceptive, for example, the MEME being given is that you MUST install certain updates to be "safe", this is LIE #1
Next, another jackass said, if you get this, you either PAY UP or (now get this) BUY A NEW COMPUTER
WHAT?!?!
Why would you need to BUY an NEW computer?? This does not destroy your computer!!!
Wipe the drive and reinstall. What's so hard about that?
IMO, the updates they are so anxious for you to install are what you should be concerned about and should be avoided like the plague!!!

Lol @ payup now.

I would shoot my own computer with pleasure if infected.

Guys, if you still have not patched your Windows, you should do this now. The WannaCry ransomware is still active. New variant of WannaCry ransomware is able to infect 3,600 computers per hour - https://malwareless.com/new-variant-wannacry-ransomware-able-infect-3600-computers-per-hour/. If your computer is infected with this virus, don't pay the ransom - many people who have paid Bitcoins don't receive the decryptor. All top security companies are currently working to develop a decryption solution

Guys, if you still have not patched your Windows, you should do this now. The WannaCry ransomware is still active. New variant of WannaCry ransomware is able to infect 3,600 computers per hour - https://malwareless.com/new-variant-wannacry-ransomware-able-infect-3600-computers-per-hour/. If your computer is infected with this virus, don't pay the ransom - many people who have paid Bitcoins don't receive the decryptor. All top security companies are currently working to develop a decryption solution

A new variant of the WannaCry ransomware strain started to infect computers on Monday, according to cyber security company Check Point Software Technologies. The Israeli company managed to stop new attacks by activating a “kill switch” in the software.
The security researchers discovered the new variant of the WannaCry at about 7 a.m. New York time on Monday (11:00 GMT), as it was infecting computers at a rate of about 1 connection per second, or 3,600 computers per hour.
Check Point Software experts registered Check Point Software ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf.com domain and activated new kill switch that saved thousands of to-be WannaCry victims.
Check Point Anti-Ransomware vs WannaCry

No shortage of idiots on the radio either.
I've was riding in a truck all day today and scanned the radio stations.
The reporting on this was ALL deceptive, for example, the MEME being given is that you MUST install certain updates to be "safe", this is LIE #1
Next, another jackass said, if you get this, you either PAY UP or (now get this) BUY A NEW COMPUTER
WHAT?!?!
Why would you need to BUY an NEW computer?? This does not destroy your computer!!!
Wipe the drive and reinstall. What's so hard about that?
IMO, the updates they are so anxious for you to install are what you should be concerned about and should be avoided like the plague!!!

My system is allegedly the most vulnerable kind - I run WindowsXP using SMB to connect to local network shares. Bring it on, bitches!

What is this 'Windows' you speak of?https://lh3.googleusercontent.com/CxGISI9quC03KZUvFLyH4qcyEYp8ZMptpRyfUzg0l2AxTFuQCH m81yRnNlbvU9S8ltQ4K6FjzXFC2rSy7qYzMQ0ggmthPXPiMHvl 4OYxjIDi-Dp4FPnxPJMYw74emW6MrjiS8H3q
My system is allegedly the most vulnerable kind - I run WindowsXP using SMB to connect to local network shares. Bring it on, bitches!

ooops, I also fell for it... it was a psyop, going linux wouldnt be a bad idea, really

WannaCry Ransomware Exposed As A False Flag Attack On Bitcoin
20 May 2017 GMT

https://www.youtube.com/watch?v=8J9gHErQgpU

Chinese computers (http://guides.uufix.com/how-to-remove-wannacry-ransomware-and-recover-files/) at nearly 30,000 institutions ranging from government offices to universities, ATMs and hospitals had been “infected” by WannaCry.
According to data from Kaspersky, Windows 7 accounted for more than 98% of WannaCry infections:https://www.theverge.com/2017/5/19/15665488/wannacry-windows-7-version-xp-patched-victim-statistics

russia hit the most and ((they)) do not know where it is going to hit next ;D

give you a scent of what may life be looking like when minds are uploaded in computers, full fledged cyber war 24/7

=============

Cyber attack hits CHERNOBYL radiation system: 'Goldeneye' ransomware strikes across the globe, with US drug firm Merck, advertising giants WPP and Ukrainian power grid among victims

New ransomware attack hit computers around the globe on Tuesday
Ukraine is worst hit so far, with Chernobyl radiation monitoring system affected
Country's deputy leader said all computers are down in 'unprecedented' attack
Companies in UK, US, France, Norway, Denmark have also confirmed issues
IT experts dubbed new virus GoldenEye and say it is similar to 'WannaCry'


Read more: http://www.dailymail.co.uk/news/article-4643752/Europe-hit-new-WannaCry-virus.html#ixzz4lHkjc5T3
Follow us: @MailOnline on Twitter | DailyMail on Facebook



https://www.youtube.com/watch?v=JLxZMz_-qgk



‘Britain could launch air strikes in response to cyber attacks, the Defence Secretary warned today.

Sir Michael Fallon sent out a tough message to hackers in the wake of a ‘sustained and determined’ assault on the parliamentary network.

He said the UK had the ability to respond to online attacks ‘from any domain – air, land, sea or cyber’.

Sir Michael also highlighted the success of the UK’s ability to carry out cyber attacks against ISIS in Iraq and Syria and offered similar British support to future Nato operations.’

Read more: Britain could launch air strikes to respond to cyber attacks, warns Fallon after hackers target parliament
http://www.dailymail.co.uk/news/article-4643612/UK-launch-air-strikes-against-hackers-says-Fallon.html

‘Britain could launch air strikes in response to cyber attacks, the Defence Secretary warned today.

Sir Michael Fallon sent out a tough message to hackers in the wake of a ‘sustained and determined’ assault on the parliamentary network.

He said the UK had the ability to respond to online attacks ‘from any domain – air, land, sea or cyber’.

Sir Michael also highlighted the success of the UK’s ability to carry out cyber attacks against ISIS in Iraq and Syria and offered similar British support to future Nato operations.’

Read more: Britain could launch air strikes to respond to cyber attacks, warns Fallon after hackers target parliament
http://www.dailymail.co.uk/news/article-4643612/UK-launch-air-strikes-against-hackers-says-Fallon.html

I think this is probably enough to tell us what is going on. The UK claims they can blow up any building in any country because they determined a cyber attack came from there?

So now another arrow in the quiver in the war on freedom. And the flip side to this is, no kill switch, no ransom, maximum destruction. If someone was really going to target something like UK parliament, it's all in or nothing.

excellent twist!!!

it wouldnt be surprising if the hacker hadnt landed a job at google already - or any other big monopoly network

=======================
British computer geek hailed a hero for stopping Wannacry global hack 'admitted to police he created program which steals bank customers' details'
Marcus Hutchins, the hero who stopped WannaCry virus, held by FBI in USA
23-year-old, who lives with parents in Devon, will appear in a Nevada court today
He was grabbed in a first class airport lounge and stopped from flying to the UK
Hacking expert had been partying with friends at a Vegas hacking convention
Star IT expert rented a £5m mansion, a Lamborghini and went shooting guns
Department of Justice has said he was arrested for working on 'banking Trojan'
This year his actions saved hundreds of thousands of people from PC infection
Supporters claim he's been set up and arrested in US to avoid extradition case

5 August 2017 GMT
http://www.dailymail.co.uk/news/article-4762608/Marcus-Hutchins-admits-malware-code-Las-Vegas.html