Home
Posted By: Virtual1 Wanna Cry - 05/15/17 04:08 PM
It seems the whole internet is collectively losing their mind over winders ransomware spam, this one is apparently named "Wanna Cry". I'd like to hear Tacit's assessment of the threat. Sounds like something that comes down to a social engineering / "you can't fix stupid" sort of thing?
Posted By: grelber Re: WannaCry - 05/15/17 05:07 PM
Of course it is. But Microsoft's (lack of) implementation of security updates is equally at fault.

FYI: The government of Saskatchewan's website is one of the latest to fall under the thrall of WannaCry.* They cry that their security procedures are "robust", and yet ....
Politicians just can't help lying; that's what qualifies them to be politicians.
Makes ya wanna cry.

* EDIT: Apparently the attack was a DDoS; it remains to be determined whether it was related to WannaCry.
Posted By: artie505 Re: WannaCry - 05/15/17 05:14 PM
Originally Posted By: grelber
...Microsoft's (lack of) implementation of security updates is equally at fault.

Apparently, it's not necessarily Microsoft that's at fault.

Originally Posted By: Wikipedia
A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems,[20] but many organizations had not yet applied it.[21]
Posted By: grelber Re: WannaCry - 05/15/17 07:41 PM
Originally Posted By: artie505
Apparently, it's not necessarily Microsoft that's at fault.

Yes, that's what I said.
Microsoft also withheld the security update for some its older OS versions unless users ponied up some shekels for same.
Posted By: tacit Re: Wanna Cry - 05/16/17 12:47 AM
WannaCry is a menace because it is not being spread through social engineering tricks like emails or phishing. It's being spread as payload for a completely automated worm that exploits a flaw in Microsoft's SMB networking protocol.

The Windows vulnerability was discovered by the NSA some time ago. Rather than inform Microsoft of the vulnerability, which allows a person to remotely compromise a network-connected Windows machine without the owner of the machine doing anything, the NSA used it as a spying tool.

The NSA itself got hacked by a hacking group calling itself Shadow Brokers, who lifted detailed NSA documents describing a large number of security vulnerabilities the NSA had discovered and used as hacking tools. Shadow Brokers released the documents, and then a second group of hackers combined the vulnerability with the WannaCrypt ransomware to create WannaCry.

WannaCry spreads itself silently and automatically, without social engineering. Microsoft has taken the problem so seriously that not only have they released a security update to close the vulnerability, they went back and released the same update for ancient, unsupported Windows installs like Windows XP (the first XP update in a very long time). Imagine if Apple released a new security update for OS X Panther; that'll tell you how unusual that was.

Posted By: artie505 Re: WannaCry - 05/16/17 12:51 AM
Originally Posted By: grelber
Originally Posted By: artie505
Apparently, it's not necessarily Microsoft that's at fault.

Yes, that's what I said.
Microsoft also withheld the security update for some its older OS versions unless users ponied up some shekels for same.

confused   But you blamed Microsoft - "But Microsoft's (lack of) implementation of security updates is equally at fault.
" - when they had, in fact, issued a patch two months ago.

More: Can you document Microsoft's having charged for the XP, et. al, updates? My search turned up nothing of the sort.
Posted By: grelber Re: WannaCry - 05/16/17 08:30 AM
Originally Posted By: artie505
Can you document Microsoft's having charged for the XP, et al, updates? My search turned up nothing of the sort.

I recall seeing it in an early news article (most likely in The New York Times) — but it was a comment made en passant and it may have been removed in subsequent updates, and since I didn't make a copy of the article, I can't oblige with a legitimate quote.
(If I hadn't read it, I wouldn't have said it. I'm not in the habit of promulgating "false news".)
Posted By: artie505 Re: WannaCry - 05/16/17 09:17 AM
Originally Posted By: grelber
Originally Posted By: artie505
Can you document Microsoft's having charged for the XP, et al, updates? My search turned up nothing of the sort.

I recall seeing it in an early news article (most likely in The New York Times) — but it was a comment made en passant and it may have been removed in subsequent updates, and since I didn't make a copy of the article, I can't oblige with a legitimate quote.
(If I hadn't read it, I wouldn't have said it. I'm not in the habit of promulgating "false news".)

Not all "real news" turns out to be real in the end. crazy

After having read three articles that mentioned nothing about Microsoft having charged for the update, I was wondering whose sources were more credible.

Hmmm... I wonder if you maybe saw an incorrectly referenced mention of the fact that when Microsoft dropped support for (I think it was) XP they did offer continued support - at what I assume was a hefty fee - to major corporate/institutional users.
Posted By: Virtual1 Re: WannaCry - 05/16/17 03:32 PM
Originally Posted By: artie505
After having read three articles that mentioned nothing about Microsoft having charged for the update, I was wondering whose sources were more credible.

Hmmm... I wonder if you maybe saw an incorrectly referenced mention of the fact that when Microsoft dropped support for (I think it was) XP they did offer continued support - at what I assume was a hefty fee - to major corporate/institutional users.

"Worried about WannaCry attacking your legacy Windows XP business computers? Worry no more! We have a fix! For only $100 in bitcoin we will send you an executable to run on your..."
Posted By: grelber Re: Wanna Cry - 05/17/17 07:17 AM
Malware Case Is Major Blow for the NSA

Ya think ?!
Posted By: artie505 Re: WannaCry - 05/17/17 10:30 AM
Did you or anybody else run across anything about WannaCry being able or unable to get to a mounted volume other than the one it's infected?
Posted By: grelber Re: WannaCry - 05/17/17 03:22 PM
Originally Posted By: artie505
Did you or anybody else run across anything about WannaCry being able or unable to get to a mounted volume other than the one it's infected?

No.
The prevailing wisdom is to backup remotely (where remote seems to mean off-site) for protective/restorative purposes.
It may take a while before it or similar malware jumps into the Apple realm, but it would be good to know if a separate volume (even though physically attached to the same computer) is sufficiently "remote backup" to escape the ravages of ransomware.
Posted By: artie505 Re: WannaCry - 05/17/17 03:36 PM
Originally Posted By: grelber
...it would be good to know if a separate volume (even though physically attached to the same computer) is sufficiently "remote backup" to escape the ravages of ransomware.

I think that as far as WannaCry and other such things go, "unmounted" equals "remote".
Posted By: grelber Re: WannaCry - 05/17/17 04:07 PM
Originally Posted By: artie505
Originally Posted By: grelber
...it would be good to know if a separate volume (even though physically attached to the same computer) is sufficiently "remote backup" to escape the ravages of ransomware.

I think that as far as WannaCry and other such things go, "unmounted" equals "remote".

Let's hope and pray so ... although tacit's chiming in here wouldn't hurt.
© FineTunedMac