Worldwide ransomware attack general part 2

There are no other addresses though.

Is this the truly general?

how are they being distributed?

How do I properly protect myself against this?

Are the latest Windows Updates enough?

I haven't updated my Windows 7 in at least a year. There's like 50+ 'important' updates I need, according to Windows Updater.

Should I update to be on the safe side? Will I be forced to install Windows 10?

iirc there was some KB you can avoid to remain 7.

kb4012212 is the one you need.

there are exploits for win10 too. some of them work on all versions.

I have the Windows 10 equivalent, so I guess I'm on the safe side now

>Nobody updates Win7 because 'muh botnet'
>Gets infected with 0 day ransomeware
>Win10 users laugh

>0 day
More like 2 months, they use NSA's ETERNALBLUE exploit that was patched soon after it was leaked months ago.

intel.malwaretech.com/WannaCrypt.html
here is a real-time infection map, for those interested.

other thread currently active
I've been spoonfeeding retards in the other thread so I guess I'll lend my services here too

so all infected machines just decided to ping guy's server?

>there exist lists of which windows 7 updates are malware / pushware / "telemetry"
>people still throw babies out with bathwater and don't take perfectly fine security updates

that's a retard problem, not a windows 7 problem

>using windows in hospitals

how is this spread?

Does anyone know how initial infection happens? Is there malicious link in an email? A JavaScript file? An exe?

>telemetry
I still remember how people complained about telemetry found in Win XP on release day, yet it's a big deal with Microsoft became open about this.
I don't understand people...

this area in canada is getting fucking hammered

f a l s e
l
a
g

All they need is your IP from what I've heard.

Is there a list of all the identified btc addresses? Does it generate one for each computer or what?

I bet they trade everything for zcash to cash out. Buy buy buy

And how would that work? Is there no user interaction required whatsoever? No shady phishing mail with a link or file?

the fuck? what service is vulnerable? does this mean any retard can do an ipv4 space scan and infect people?

> running Windows servers

SMB protocol vulnerability. If an infected computer finds an unpatched target it will infect it over SMB.

to be fair like 10% of canada lives in that dot

Do you not know what a 0day is? He didn't mean the time elapsed moron.

Good luck running active directory or exchange on linux

It isn't an 0day if it's patched lmfao
You skids are so dumb

false flag to outlaw cryptos

>undisclosed computer-software vulnerability
>vulnerability was disclosed publicly in april after being patched in march
so it's a 30 day

That's exactly what it means, retard. 0day is an unrevealed exploit, and this one has been revealed for months.

day 0 means no one knows about it. In here, everyone knew about it for months

We front page lead on BBC

www.bbc.com/news/

>wanting to use AD or Exchange in the first place
hehe mm

Looks like countries that are known for not keeping their pirated windows up to date are hit the worst

I think it's more likely that the hackers mainly targeted ruskies and it just spread naturally from there.

Кeк

>NSA spying tools leak
>someone rolls some shitty romanian crypto as a payload
>almost all the infected machines HAPPEN TO BE in russia

to repeat
>NSA payload released in wild
>happens to attack russia out of pure coincidence

sounds like eternalblue had a target

How does it spread? Is it the normal click this link thing?

it can spread over the network but arrives via an email attachment initially.

You click that link and every vulnerable computer in your network gets aids.

holy shit dude can you not read three posts up

I'll spoonfeed anyways

>SMB protocol is compromised (but patched in march)
>remote code execution
>if an infected computer can get an SMB connection to a vulnerable computer, the worm spreads

fair point, and an interesting one

the number of hits china is getting is worth noting as well

Anyone wireshark the ransomware? What mechanism if any verifies the bitcoins were deposited?

I have been getting weird unsolicted emails lately, when i normally dont at work.

I can't see that anywhere despite updating a few days ago.

Is it just companies being affected or are individual users at risk as well?
>tfw running wandows xp

Maybe russians have poor security practices

Could be related, but we got two malicious emails exactly today at work.
We do keep our machines up to date WSUS-wise though.

huh same, but I opened it in unpatched VM just to see what happens it was some russian website with some random youtube video, full of javascript through. nothing happened

Here's a cozy little website that's tracking the number of infected computers. Currently standing on 71,690.

intel.malwaretech.com/botnet/wcrypt

You already got infected and the virus already blocked the update then, it triggers in waves to synchronize it with several computers for maximum effect so it will probably trigger for you in about 2 weeks if it works like WCRY 1.0, maybe they changed the timer though.

I'm not clicking that

>wincucks have to worry about clicking on malicious links

Why did the initial infection surge and then stop? I would have expected a worm to spread way faster than this.

>none in Sweden
why are 3rd-worlders so stupid?

Someone confirm that if there is no result at port 445 here canyouseeme.org/ I'm safe

Weird. over on reddit(lelelelele) i heard people from i believe canada, whose main offices were in sweden, were affected as well

Assuming that's the only port that matters, then your network can't be infected from the internet. But if someone in your network clicks a dodgy attachment it might still infect you.

>Hospital I got laid off from right after Christmas is entirely on Windows 7 in their 2,000+ client network

I hope they got fucked hard

>canyouseeme.org/

Cool, thanks. I got no network at home.

It's also in kb4012215

What if I manually install that update?

>tfw safe

I'm still using Vista. If it's true that they only need your ip I'm in great danger.

Realistically how far will this spread? Can microsoft force updates on w7 even if they're disabled?

7 isn't the main issue because only a small portion of 7 users disable all updates. The main issue is XP and older Windows Server installs.

Why would they? They already patched it.
It's same with vaccinations. They exists, but if you decided not to take them then it's your own fault if you die

not really. just install gentoo or disable the network share services.

It's just that everything is running on unupdated and/or pirated windows. In my institute we have unactivated windows 7 on all computers and are running shit like photoshop in VMs on trial.

What updates was it?

What about kb4019112? It was in May.

can you download and install ONLY the security updates for Win 7?

just block the fucking port ffs

Global "back your data up" day

How? What am I even doing on Sup Forums. I am not good with computers. I'm using fucking Vista.

installed manually, wew.

catalog.update.microsoft.com/search.aspx?q=4012212

If you have KB4015549 you also have it. KB4015549 is an update of KB4012212

Here :
catalog.update.microsoft.com/v7/site/search.aspx?q=4012215
catalog.update.microsoft.com/v7/site/search.aspx?q=4012212

It can get your backups, too.

1. Pull out Ethernet cable
2. Apply condom
3. Return Ethernet cable

>Born too late to properly experience Y2K
>Born just in time for the Ransom Pandemic

Has Madagascar been infected yet?
This is an important question!

What kind of retard uses SMB shares over the internet anyways?

...

rapefugees are too stupid to use computers, come on now.

The 4012215 one is saying "not applicable" for my computer but I hace the 4012212 one.