1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 at

Discussion in 'Site & Server Administration' started by netid, May 13, 2017.

  1. #1
    We have observed a massive peak in WanaCrypt0r 2.0 (aka WCry) ransomware attacks today, with more than 57,000 detections, so far. According to our data, the ransomware is mainly being targeted to Russia, Ukraine and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica.

    Below is a map showing the countries being targeted most by WanaCrpytor 2.0: [​IMG]

    e saw the first version of WanaCrypt0r in February and now the ransomware is available in 28 different languages, from languages like Bulgarian to Vietnamese. Today at 8 am CET, we noticed an increase in activity of this strain, which quickly escalated into a massive spreading, beginning at 10 am.

    The ransomware changes the affected file extension names to “.WNCRY”, so an infected file will look something like: original_name_of_file.jpg.WNCRY, for example. The encrypted files are also marked by the “WANACRY!” string at the beginning of the file.

    This ransomware drops the following ransom notes in a text file: [​IMG]

    This image has been resized to fit in the page. Click to enlarge.


    Furthermore, the ransom being demanded is $300 worth of bitcoins. The ransom message, where instructions on how to pay the ransom, an explanation of what happened, and a countdown timer are displayed in what the cybercriminals behind the ransomware are referring to as “Wana Decrypt0r 2.0”:[​IMG]

    This image has been resized to fit in the page. Click to enlarge.


    Additionally, the victim’s wallpaper is changed to the following image:[​IMG] This attack once again proves that ransomware is a powerful weapon that can be used against consumers and businesses alike. Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger.

    Infection vector: WanaCrypt0r 2.0

    WanaCrypt0r 2.0 is most likely spreading on so many computers by using an exploit the Equation Group, which is a group that is widely suspected of being tied to the NSA, used for its dirty business. A hacker group called ShadowBrokers has stolen Equation Group’s hacking tools and has publicly released them. As confirmed by security researcher, Kafeine, the exploit, known as ETERNALBLUE or MS17-010, was probably used by the cybercriminals behind WanaCrypt0r and is a Windows SMB (Server Message Block, a network file sharing protocol) vulnerability.

    Avast detects all known versions of WanaCrypt0r 2.0, but we strongly recommend all Windows users fully update their system with the latest available patches. We will continue to monitor this outbreak and update this blog post when we have further updates.

    IOCs:

    09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa

    24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c

    2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd

    2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d

    4A468603FDCB7A2EB5770705898CF9EF37AADE532A7964642ECD705A74794B79

    B9C5D4339809E0AD9A00D4D3DD26FDF44A32819A54ABF846BB9B560D81391C25

    d8a9879a99ac7b12e63e6bcae7f965fbf1b63d892a8649ab1d6b08ce711f7127

    ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
    SEMrush
    f8812f1deb8001f3b7672b6fc85640ecb123bc2304b563728e6235ccbe782d85
     
    netid, May 13, 2017 IP
    SEMrush
  2. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,630
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #2
    The fact that there IS an outbreak is completely stupid. All one has to do is keep up with the Windows updates. Then there is no problem. At all. Hence, what is happening here is stupid management (in most cases) or just stupid users.
     
    PoPSiCLe, May 14, 2017 IP
    sarahk likes this.
  3. bluepencil

    bluepencil Member

    Messages:
    9
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    33
    #3
    Also, as the avast blog article also states
    Infection vector: WanaCrypt0r 2.0

    WanaCrypt0r 2.0 is most likely spreading on so many computers by using an exploitthe Equation Group, which is a group that is widely suspected of being tied to the NSA, used for its dirty business. A hacker group called ShadowBrokers has stolen Equation Group’s hacking tools and has publicly released them. As confirmed by security researcher, Kafeine, the exploit, known as ETERNALBLUE or MS17-010, was probably used by the cybercriminals behind WanaCrypt0r and is a Windows SMB (Server Message Block, a network file sharing protocol) vulnerability.
    It's the NSA's own hacking tools that are responsible for this. Haha wow. (insert doge meme here) Much protecting our digital rights and defeating cybercrime by being better criminals. :p
     
    bluepencil, May 14, 2017 IP
  4. BrookeHarper

    BrookeHarper Greenhorn

    Messages:
    52
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    23
    #4
    The best protection against ransomware is to back up all of the information and files on your devices in a completely separate system. A good place to do this is on an external hard drive that isn't connected to the internet. This means that if you suffer an attack you won't lose any information to the hackers. Another effecient preventive measure is to install updates. Companies often release software updates to fix vulnerabilities that can be exploited to install ransomware. It is therefore advisable to always download the newest version of a software as soon as it is available.
     
    BrookeHarper, May 14, 2017 IP
  5. tel_E_v1s0r

    tel_E_v1s0r Greenhorn

    Messages:
    36
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    18
    #5
    Why CIS region so weak with all hacking utilities?
     
    tel_E_v1s0r, May 14, 2017 IP
  6. SolaDrive

    SolaDrive Active Member

    Messages:
    79
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #6
    How is a backup drive going to help you though if it is also infected. You really need to use a offsite backup method that uses secure entry/password authentication.
     
    SolaDrive, May 14, 2017 IP
  7. JoshDylan

    JoshDylan Well-Known Member

    Messages:
    133
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    130
    #7
    If you backup files and sync them with for example dropbox, they may encrypt the files on your desktop's version of the files but unaffected files will be in your dropbox account. Dropbox for example has built in protection against infected files just based on the way they store your files on their end.
     
    JoshDylan, May 26, 2017 IP
  8. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,630
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #8
    That is blatantly false. If you have on automatic sync (which most users of Dropbox have), your files online will be the exact same files on your computer, after they've been encrypted. Most modern malware / crypto-software will allow for Dropbox to sync after encryption, when EVERY SINGLE FILE has been changed, and hence needs to be synced again... And oops, you have an encrypted Dropbox-folder as well.

    If you're lucky enough to discover this, however, there is a way to save most (if not all) files on your Dropbox (depending on how much data you have, and how fast your internet connection is) - if you discover it fast enough, Dropbox might not have had time to sync, and if that is true, you can turn off your computer - and the sync will stop. Only the newly synced files will be broken, the rest will still work. If you then (using another computer) go online and disconnect all local Dropbox-copies, you will not sync anything if you boot up your infected computer again.

    But no, "the way Dropbox stores your files" does not protect them from crypto malware.
     
    PoPSiCLe, May 26, 2017 IP
  9. JoshDylan

    JoshDylan Well-Known Member

    Messages:
    133
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    130
    #9

    I suggest you research what you are attempting to call out as false. While files can be synced once encrypted, dropbox's system will flag it as malware. Additionally, if you use dropbox, you can always restore a previous file version right from their site. Regardless if dropbox syncs or not, the original unaltered files are obtainable.
     
    JoshDylan, May 28, 2017 IP
  10. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,630
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #10
    In a perfect world, Dropbox' security will flag the files - that doesn't always happen. Also, there are ways to get rid of the file-history - I haven't yet seen any encryption-software smart enough to do this, but it's not that hard, and it would be a smart way to make sure that even Dropbox-backup isn't safe.
     
    PoPSiCLe, May 29, 2017 IP
  11. Norton Support

    Norton Support Greenhorn

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    21
    #11
    Protection From Ransomware
    Norton Advanced Software Protect it From All Threats
    Protect Your Computer , Network, Social Media Account And all other from hackers,infection ,Virus and other online threats ,Norton Internet Security Software very Important to Install or Setup with the Official Link www.norton.com/setup
     
    Norton Support, Jun 2, 2017 IP
  12. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,630
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #12
    Seriously? THAT is your suggestion? NIS is... okay, not the worst suggestion ever, but still... NIS is DEFINITELY not "the best solution", and it will NOT protect you against ransomware. Stupid suggestion, stupid claim.
     
    PoPSiCLe, Jun 3, 2017 IP