Worldwide ransomware attack general part 2
Worldwide ransomware attack general part 2
Other urls found in this thread:
intel.malwaretech.com
intel.malwaretech.com
canyouseeme.org
catalog.update.microsoft.com
catalog.update.microsoft.com
catalog.update.microsoft.com
twitter.com
someone redpill me
whats going on
...
That's a lot of buttcoins
That's, what, $1000?
still quite a lot for putting a gui on top of nsa's exploit
how many of them will actually pay? 5%, 10%?
i imagine that the numbers will build up a lot in next days
No problem here. I'm comfortable!
that's just one address.
They deserve it. Now their files are just as readable as the source code of their operating system.
There are no other addresses though.
Is this the truly general?
how are they being distributed?
How do I properly protect myself against this?
Are the latest Windows Updates enough?
I haven't updated my Windows 7 in at least a year. There's like 50+ 'important' updates I need, according to Windows Updater.
Should I update to be on the safe side? Will I be forced to install Windows 10?
iirc there was some KB you can avoid to remain 7.
kb4012212 is the one you need.
there are exploits for win10 too. some of them work on all versions.
I have the Windows 10 equivalent, so I guess I'm on the safe side now
>Nobody updates Win7 because 'muh botnet'
>Gets infected with 0 day ransomeware
>Win10 users laugh
>0 day
More like 2 months, they use NSA's ETERNALBLUE exploit that was patched soon after it was leaked months ago.
intel.malwaretech.com
here is a real-time infection map, for those interested.
other thread currently active
I've been spoonfeeding retards in the other thread so I guess I'll lend my services here too
so all infected machines just decided to ping guy's server?
>there exist lists of which windows 7 updates are malware / pushware / "telemetry"
>people still throw babies out with bathwater and don't take perfectly fine security updates
that's a retard problem, not a windows 7 problem
>using windows in hospitals
how is this spread?
Does anyone know how initial infection happens? Is there malicious link in an email? A JavaScript file? An exe?
>telemetry
I still remember how people complained about telemetry found in Win XP on release day, yet it's a big deal with Microsoft became open about this.
I don't understand people...
this area in canada is getting fucking hammered
f a l s e
l
a
g
All they need is your IP from what I've heard.
Is there a list of all the identified btc addresses? Does it generate one for each computer or what?
I bet they trade everything for zcash to cash out. Buy buy buy
And how would that work? Is there no user interaction required whatsoever? No shady phishing mail with a link or file?
the fuck? what service is vulnerable? does this mean any retard can do an ipv4 space scan and infect people?
> running Windows servers
SMB protocol vulnerability. If an infected computer finds an unpatched target it will infect it over SMB.
to be fair like 10% of canada lives in that dot
Do you not know what a 0day is? He didn't mean the time elapsed moron.
Good luck running active directory or exchange on linux
It isn't an 0day if it's patched lmfao
You skids are so dumb
false flag to outlaw cryptos
>undisclosed computer-software vulnerability
>vulnerability was disclosed publicly in april after being patched in march
so it's a 30 day
That's exactly what it means, retard. 0day is an unrevealed exploit, and this one has been revealed for months.
day 0 means no one knows about it. In here, everyone knew about it for months
We front page lead on BBC
www.bbc.com/news/
>wanting to use AD or Exchange in the first place
hehe mm
Looks like countries that are known for not keeping their pirated windows up to date are hit the worst
I think it's more likely that the hackers mainly targeted ruskies and it just spread naturally from there.
Кeк
>NSA spying tools leak
>someone rolls some shitty romanian crypto as a payload
>almost all the infected machines HAPPEN TO BE in russia
to repeat
>NSA payload released in wild
>happens to attack russia out of pure coincidence
sounds like eternalblue had a target
How does it spread? Is it the normal click this link thing?
it can spread over the network but arrives via an email attachment initially.
You click that link and every vulnerable computer in your network gets aids.
holy shit dude can you not read three posts up
I'll spoonfeed anyways
>SMB protocol is compromised (but patched in march)
>remote code execution
>if an infected computer can get an SMB connection to a vulnerable computer, the worm spreads
fair point, and an interesting one
the number of hits china is getting is worth noting as well
Anyone wireshark the ransomware? What mechanism if any verifies the bitcoins were deposited?
I have been getting weird unsolicted emails lately, when i normally dont at work.
I can't see that anywhere despite updating a few days ago.
Is it just companies being affected or are individual users at risk as well?
>tfw running wandows xp
Maybe russians have poor security practices
Could be related, but we got two malicious emails exactly today at work.
We do keep our machines up to date WSUS-wise though.
huh same, but I opened it in unpatched VM just to see what happens it was some russian website with some random youtube video, full of javascript through. nothing happened
Here's a cozy little website that's tracking the number of infected computers. Currently standing on 71,690.
You already got infected and the virus already blocked the update then, it triggers in waves to synchronize it with several computers for maximum effect so it will probably trigger for you in about 2 weeks if it works like WCRY 1.0, maybe they changed the timer though.
I'm not clicking that
>wincucks have to worry about clicking on malicious links
Why did the initial infection surge and then stop? I would have expected a worm to spread way faster than this.
>none in Sweden
why are 3rd-worlders so stupid?
Someone confirm that if there is no result at port 445 here canyouseeme.org
Weird. over on reddit(lelelelele) i heard people from i believe canada, whose main offices were in sweden, were affected as well
Assuming that's the only port that matters, then your network can't be infected from the internet. But if someone in your network clicks a dodgy attachment it might still infect you.
>Hospital I got laid off from right after Christmas is entirely on Windows 7 in their 2,000+ client network
I hope they got fucked hard
Cool, thanks. I got no network at home.
It's also in kb4012215
What if I manually install that update?
>tfw safe
I'm still using Vista. If it's true that they only need your ip I'm in great danger.
Realistically how far will this spread? Can microsoft force updates on w7 even if they're disabled?
7 isn't the main issue because only a small portion of 7 users disable all updates. The main issue is XP and older Windows Server installs.
Why would they? They already patched it.
It's same with vaccinations. They exists, but if you decided not to take them then it's your own fault if you die
not really. just install gentoo or disable the network share services.
It's just that everything is running on unupdated and/or pirated windows. In my institute we have unactivated windows 7 on all computers and are running shit like photoshop in VMs on trial.
What updates was it?
What about kb4019112? It was in May.
can you download and install ONLY the security updates for Win 7?
just block the fucking port ffs
Global "back your data up" day
How? What am I even doing on Sup Forums. I am not good with computers. I'm using fucking Vista.
installed manually, wew.
If you have KB4015549 you also have it. KB4015549 is an update of KB4012212
It can get your backups, too.
1. Pull out Ethernet cable
2. Apply condom
3. Return Ethernet cable
>Born too late to properly experience Y2K
>Born just in time for the Ransom Pandemic
Has Madagascar been infected yet?
This is an important question!
What kind of retard uses SMB shares over the internet anyways?
...
rapefugees are too stupid to use computers, come on now.
The 4012215 one is saying "not applicable" for my computer but I hace the 4012212 one.