|
Wanna Cry
|
|
OP
Joined: Aug 2009
|
It seems the whole internet is collectively losing their mind over winders ransomware spam, this one is apparently named "Wanna Cry". I'd like to hear Tacit's assessment of the threat. Sounds like something that comes down to a social engineering / "you can't fix stupid" sort of thing?
I work for the Department of Redundancy Department
|
|
Re: WannaCry
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
Of course it is. But Microsoft's (lack of) implementation of security updates is equally at fault.
FYI: The government of Saskatchewan's website is one of the latest to fall under the thrall of WannaCry.* They cry that their security procedures are "robust", and yet .... Politicians just can't help lying; that's what qualifies them to be politicians. Makes ya wanna cry.
* EDIT: Apparently the attack was a DDoS; it remains to be determined whether it was related to WannaCry.
Last edited by grelber; 05/15/17 11:22 PM. Reason: More info
|
|
Re: WannaCry
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
...Microsoft's (lack of) implementation of security updates is equally at fault. Apparently, it's not necessarily Microsoft that's at fault. A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems,[20] but many organizations had not yet applied it.[21]
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: WannaCry
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
Apparently, it's not necessarily Microsoft that's at fault. Yes, that's what I said. Microsoft also withheld the security update for some its older OS versions unless users ponied up some shekels for same.
|
|
Re: Wanna Cry
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
WannaCry is a menace because it is not being spread through social engineering tricks like emails or phishing. It's being spread as payload for a completely automated worm that exploits a flaw in Microsoft's SMB networking protocol.
The Windows vulnerability was discovered by the NSA some time ago. Rather than inform Microsoft of the vulnerability, which allows a person to remotely compromise a network-connected Windows machine without the owner of the machine doing anything, the NSA used it as a spying tool.
The NSA itself got hacked by a hacking group calling itself Shadow Brokers, who lifted detailed NSA documents describing a large number of security vulnerabilities the NSA had discovered and used as hacking tools. Shadow Brokers released the documents, and then a second group of hackers combined the vulnerability with the WannaCrypt ransomware to create WannaCry.
WannaCry spreads itself silently and automatically, without social engineering. Microsoft has taken the problem so seriously that not only have they released a security update to close the vulnerability, they went back and released the same update for ancient, unsupported Windows installs like Windows XP (the first XP update in a very long time). Imagine if Apple released a new security update for OS X Panther; that'll tell you how unusual that was.
|
|
Re: WannaCry
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Apparently, it's not necessarily Microsoft that's at fault. Yes, that's what I said. Microsoft also withheld the security update for some its older OS versions unless users ponied up some shekels for same. Â Â But you blamed Microsoft - "But Microsoft's (lack of) implementation of security updates is equally at fault. " - when they had, in fact, issued a patch two months ago. More: Can you document Microsoft's having charged for the XP, et. al, updates? My search turned up nothing of the sort.
Last edited by artie505; 05/16/17 05:53 AM.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: WannaCry
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
Can you document Microsoft's having charged for the XP, et al, updates? My search turned up nothing of the sort. I recall seeing it in an early news article (most likely in The New York Times) — but it was a comment made en passant and it may have been removed in subsequent updates, and since I didn't make a copy of the article, I can't oblige with a legitimate quote. (If I hadn't read it, I wouldn't have said it. I'm not in the habit of promulgating "false news".)
|
|
Re: WannaCry
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Can you document Microsoft's having charged for the XP, et al, updates? My search turned up nothing of the sort. I recall seeing it in an early news article (most likely in The New York Times) — but it was a comment made en passant and it may have been removed in subsequent updates, and since I didn't make a copy of the article, I can't oblige with a legitimate quote. (If I hadn't read it, I wouldn't have said it. I'm not in the habit of promulgating "false news".) Not all "real news" turns out to be real in the end. After having read three articles that mentioned nothing about Microsoft having charged for the update, I was wondering whose sources were more credible. Hmmm... I wonder if you maybe saw an incorrectly referenced mention of the fact that when Microsoft dropped support for (I think it was) XP they did offer continued support - at what I assume was a hefty fee - to major corporate/institutional users.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: WannaCry
|
|
OP
Joined: Aug 2009
|
After having read three articles that mentioned nothing about Microsoft having charged for the update, I was wondering whose sources were more credible.
Hmmm... I wonder if you maybe saw an incorrectly referenced mention of the fact that when Microsoft dropped support for (I think it was) XP they did offer continued support - at what I assume was a hefty fee - to major corporate/institutional users. "Worried about WannaCry attacking your legacy Windows XP business computers? Worry no more! We have a fix! For only $100 in bitcoin we will send you an executable to run on your..."
I work for the Department of Redundancy Department
|
|
Re: Wanna Cry
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
|
|
Re: WannaCry
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Did you or anybody else run across anything about WannaCry being able or unable to get to a mounted volume other than the one it's infected?
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: WannaCry
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
Did you or anybody else run across anything about WannaCry being able or unable to get to a mounted volume other than the one it's infected? No. The prevailing wisdom is to backup remotely (where remote seems to mean off-site) for protective/restorative purposes. It may take a while before it or similar malware jumps into the Apple realm, but it would be good to know if a separate volume (even though physically attached to the same computer) is sufficiently "remote backup" to escape the ravages of ransomware.
|
|
Re: WannaCry
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
...it would be good to know if a separate volume (even though physically attached to the same computer) is sufficiently "remote backup" to escape the ravages of ransomware. I think that as far as WannaCry and other such things go, "unmounted" equals "remote".
Last edited by artie505; 05/17/17 03:54 PM. Reason: Rewrite
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: WannaCry
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
...it would be good to know if a separate volume (even though physically attached to the same computer) is sufficiently "remote backup" to escape the ravages of ransomware. I think that as far as WannaCry and other such things go, "unmounted" equals "remote". Let's hope and pray so ... although tacit's chiming in here wouldn't hurt.
|
|
|
|
|