>incompetent skiddies make ransomware using NSA code
>bring down health sector, cause millions in damages
>barely make 2000$
>MALWARE IS ALREADY DEAD BECAUSE THE KILL SWITCH GETS SINKHOLED
>will likely get thrown in jail for life
Incompetent skiddies make ransomware using NSA code
remember in office space how they put a decimal in the wrong place instead of taking pennies they took thousands?
the kill switch was just for incase the same thing happened. someone probably thought it would be funny if they could hit atleast one big target for the lulz, then they wound up shutting down hospitals and effecting 99 countries in days.
Try to put this in retard terms for me.
Did they somehow deactivate this whole thing, but have it somehow backfire and expose their identities through site registrations or something?
i find it ironic that the punishment will probably be far more severe simply because all these networks have such poor security can you shut them down on accident. its like throwing a stone at a house and getting 10 years in prison because it collapsed due to shitty construction.
You have no clue how many people actually payed up. They probably made 10-100x that amount.
And the same group of hackers probably have income from other ransomware attacks that are still in effect.
Just because "muh kill switch" was activated doesn't mean the encrypted files will magically be decrypted.
>>incompetent skiddies make ransomware using NSA code
yeah sure, it wasn't totally a falseflag by the nsa/cia or should I say RUSSIAN HACKERZ
>encrypting ransomware
Now that's just mean. What happened to the good old days where it would just lock you out of the OS?
According to Mikko Hypponen, most ransomware are actually truthful and they genuinely give your files back to you once you pay up.
The stats I saw showed Russia was disproportionately affected.
>You have no clue how many people actually payed up
I do because the malware authors were idiots and only used three BTC addresses, instead of generating a new one for each infected machine
Still it's mean to the tech guys paid to fix it that get yelled at for failing.
Tbqh I feel zero sympathy. In fact I find it extremely funny.
HAHA I bet authors are now scared as fuck
This is a test.
This is what the future of war will look like.
Except its more like you made an ICBM launcher from government blueprints and then fired it to random targets with the mindset that you didnt think anything bad would really happen.
Basically the virus tries to connect to a certain website and it deactivates itself if it can connect
This is probably a kill switch, and the website was taken by authorities and they activated the kill switch
construction is still crap which was the point
This worm doesn't need a specific program through which to infest a PC, does it? If it were still active it could out of the blue just infect your computer?
I seriously don't know how these things work.
The first infection happens through a single LAN-connected user running the program right? Does anyone know why all over the world users did this at the same time? Is it just that the infected package (I assume in a mail) was sent at about the same time everywhere and then people started opening it almost immediately?
They can just ddos the site and the malware should start working again.
This I wanna know too. Can anyone just get infected by doing nothing stupid and simply having their computer turned on and connected to the internet?
BTW, Apparently the fix for this flaw was released back in March by Microsoft. British hospitals aren't installing 2 month old CRITICAL security updates? Shouldn't they employ a computer security guy or whatever?
hey maybe you could apply there?
I mean if I don't need to do anything on the job like make sure 2 month old critical updates are installed.. I sure could apply. I'm qualified for doing nothing
that's what worries me the most, I bet they actually have an IT security department. These guys get paid real money. Well, "got paid", I don't think they'll be working there for much longer.
Making sure a nation-wide system is up to date is kind of tricky though, if you're only qualified for doing nothing.
It uses exploits to get access to your computer, no email attachments required
>MALWARE IS ALREADY DEAD BECAUSE THE KILL SWITCH GETS SINKHOLED
>malware is already dead
>kill switch
>sinkholed
fucking nerds with your gay ass fantasy words
just fuck off and die i fucking hate you so much
if we ever meet IRL i will FUCK you up
blog.talosintelligence.com
How is this .exe delivered to the initial user then? I'm not saying necessarily mail, but download or some sort, at least user-induced infection.
Don't ever talk to me again or I will sinkhole you
They use a vulnerability in Windows to remotely execute the files
>Another cause for concern: wcry copies a weapons-grade exploit codenamed Eternalblue that the NSA used for years to remotely commandeer computers running Microsoft Windows. Eternalblue, which works reliably against computers running Microsoft Windows XP through Windows Server 2012, was one of several potent exploits published in the most recent Shadow Brokers release in mid-April. The Wcry developers have combined the Eternalblue exploit with a self-replicating payload that allows the ransomware to spread virally from vulnerable machine to vulnerable machine, without requiring operators to open e-mails, click on links, or take any other sort of action.
>barely make 2000$
>barely make 2000$
>barely make 2000$
what a joke
But that doesn't mean that another person can just recreate it and change the address it's being sent to.
>BTW, Apparently the fix for this flaw was released back in March by Microsoft. British hospitals aren't installing 2 month old CRITICAL security updates? Shouldn't they employ a computer security guy or whatever?
Many places are forced to run old versions due to obscure software. They will have an expensive MRI scanner or something and the control software only runs on XP, the company that wrote it probably doesn't exist anymore and they can either discard millions worth of equipment or just keep using an old version of windows.
Is getting the figure wrong some ebin new meme? Last I checked the dude was sitting on at least $10k, and that was hours ago. Let's also keep in mind that it's only been ~24hrs and people get a week to pay iirc (well three days before the price hike but still, a week total)
yes, but that happens on the local subnet only. I'm not saying that it can't be done outside of the subnet, but the current attacks seem to happen on local subnets.
ha nice try chad but youre no match for my kung fu im compiling a zeroday trojan backdoor into your mainframe this very instant
Wow I didn't realize that Linux was nuke proof.
According to everything I read, this malware spreads in a P2P way
No human needed
it's a worm
it scans the internet for vulnerable machines and auto-exploits them
You just look at the bitcoin blockchain. They made around 20k. Not worth putting such a big bullseye on your back.
Yeah, but machines like that really shouldn't be in a network that's connected to the internet.
retards aren't going to know that russian hackers don't target russians, and I doubt the media will tell them.
for what purpose
Like I said in another thread, it's only been ~24h, and iirc it gives a week to pay. There will be more payments and more infected machines which means even more payments, guaranteed. This is far from over.
what does sinkhole mean in this context?
Not much the it security can do when they are constantly handicapped by paperwork, budget cuts and given zero priority.
but then you have to use, like, paper
or even discs
What kind of stone age shit is this? We all just want to sit on our fat asses and send shit through email and open random attachments on the computer that controls a machine that could easily put out enough radiation to kill someone if configured wrong
It is not like they can touch the stash either because any transactions from it will be highly monitored. Morons can't even use multiple addresses. So everyone knows which bitcoins they are holding onto.
They are using multiple addresses though, it's been discussed quite a few times already.
The source code for this shit is already out there. Literally a one line change to remove the killswitch. Change your bitcoin address in the place of the old one and you've got your own money making machine.
...
They are using 3 to 4 addresses. Only. Apparently.
I somehow doubt you. Any proof?
This entire thread would be an excellent way for the FBI to tease out the hackers, make them feel scared as shit, that everything they've done is worthless and they made absolutely nothing and they're doomed now. "for jail for life" seems to be a key thing across a few threads now.
Hi from Sup Forums
>incompetent skiddies have the foresight to put a kill switch in their worm
>it also just happens to be exploitable and gets exploited before the US gets hit
What an odd coincidence.
means some DNS servers are returning the wrong IP, so that the website is up even though the malware author that registered the domain hasn't pointed it to a valid IP
They aren't incompetent . They are small time that made it big. They are releasing a ransomware that relies on an exploit that has been patched for months now. They tried to fish for fishes but caught sharks instead.
oh, they could complain in advance that they can't function properly this way and that bad stuff might happen. I hope for them that they did.
thanks
>hey boss we gotta restart a couple machines and install critical security update
>> what for? nothing ever happens anyways it's just a waste of money and time
>hey boss our systems were encrypted because the critcal error i mentioned was not closed
>>can you imagine how much damage you caused for us? we employ you to prevent such things. iwill make sure you will not work for any other hospital ever again and of course you are fired
>They tried to fish for fishes but caught sharks instead.
Nice quote. Gotta remember that.
Time to apply for IT
I am sure they did but most companies see IT as a cost center. So if IT is doing their job, it isn't reflected in the bottom line. So when budget cuts or increases come up, management never considers IT. In fact IT is almost always the first in line when it comes to budget cuts, cause the upper management of government services are always almost ran by incompetent old people who don't understand the importance of having ip to date stuff in fucking 2017.
I want to cum on Bitcoin's face.
Fuck off back there, you tinfoil retard. Jesus Christ do we need to shut down the Reddit influx.
Since the exploit used to make this was leaked, and this entire debacle serves as a proof of concept for it's application, what's to stop literally anyone from making their own copy of this? Is this news even widespread enough that most people in the US will defend against it? Will antivirus companies be able to engineer a defense against it for lazy people?
>what's to stop literally anyone from making their own copy of this
Nothing. Except now most systems will probably be patched and it won't spread as expontentially.
MS released a patch some time ago and now people will finally understand why you should patch your OS
Nothing.
Shut down Sup Forums and you'll get an even bigger effect.
>now people will finally understand why you should patch your OS
Bahahahahahahahahahahahaha
Good one, user. Windows 10 users with the forced auto-updates will be fine, but all the normies still running 7, 8, or god forbid, XP, will still never install a single update.
Actually now that goobedygatechan exists they'd probably all just migrate over there and we'd be better off for it.
>we'd be better off for it.
That is the point I was making.
This. Let them moderate themselves into dumber and dumber circle-jerks.
I'm an IT tech in a cancer treatment facility, holy shit this crap is vulnerable as hell:
>Patient imaging, treatment plans, scheduling all run on MOSAIQ (on windows)
>Domain server is windows
>All company laptops are 2009s running windows 7
>All the transfer takes place with DICOM running on windows nodes
>Fileshares are all samba
>Average user is 45 something woman
Shit
Good luck. Hope you don't lose your job.
Also the fucking treatment plan and irradiation designer is on Raystation 5, that guess what, runs on windows
You can find a target organisation's IP addresses quite easily. You then manually send them the exploit, using a remote code execution exploit, elevated privilages, or some other kind of hack.
MRI scans dont use radiation. It uses a magnatic field which is completely harmless for humans.
well, they really fucked up on multiple levels
I just don't understand the intentional killswitch
it makes it seem like a false flag so the government can push for even more surveillance
It's also a way to get every single cyber intelligence agency in the world looking for you.
This post on Sup Forums would be enough for them to monitor you directly for more evidence.
Oh, I thought what you meant is you'd get an even bigger effect of crossboarding Sup Forumstards with their containment board gone.
MRIs don't, but x-rays do and those are still controlled by the same kinds of systems.
>raystation 5
As long as you have a firewall between you and the internet, like a router. If you're on a network install the MS patch from March.
why hasn't anyone made a worm yet that installs wubi on all affected machines
year of the linux desktop when
Any hackers out there? I'd like to know how they make command and control servers, do they rent vps or use a raspberry pi on a random wifi? it seems to me it's pretty easy to pinpoint the server.
X-ray machines are not able to produce a lethal amount of radiation, at least not the modern ones
>If you're on a network install the MS patch from March
fuck off cuck don't tell me what to do
say please or FUCK off
Yea but you're X-TRA-GAY and your faggotry is lethal
so FUCK OFF
>calls other people cucks
>still uses windows
Lol faggot.
Yeah terrible naming kek
Still this shit cold deliver a gamma dose enough to cause burns as this lad was pointing out
Read
>it seems to me it's pretty easy to pinpoint the server.
>why would the nsa/cia want to target russia
mmmm...
Imaging devices, sure
Treatment ones however... Very quickly
99% of them use a TOR hidden service, so you don't know the actual location of the machine, and if you just know the hidden service URL, you're not going to be able to take it down, since the TOR network is very slow, unless you take down the whole TOR network, obviously, but that is undesirable since there are many legitimate uses of TOR, such as protecting journalists in areas with limited freedom of speech.
...
Any half-decent tor service is run within a VM that only has access through tor, meaning that you'd have to do a VM breakout. Which is hard enough as it is, let alone doing it through the security of top end patched server software.
Ok so the malware itself is a TOR client.