Incompetent skiddies make ransomware using NSA code

>You have no clue how many people actually payed up
I do because the malware authors were idiots and only used three BTC addresses, instead of generating a new one for each infected machine

Still it's mean to the tech guys paid to fix it that get yelled at for failing.

Tbqh I feel zero sympathy. In fact I find it extremely funny.

HAHA I bet authors are now scared as fuck

This is a test.
This is what the future of war will look like.

Except its more like you made an ICBM launcher from government blueprints and then fired it to random targets with the mindset that you didnt think anything bad would really happen.

Basically the virus tries to connect to a certain website and it deactivates itself if it can connect

This is probably a kill switch, and the website was taken by authorities and they activated the kill switch

construction is still crap which was the point

This worm doesn't need a specific program through which to infest a PC, does it? If it were still active it could out of the blue just infect your computer?

I seriously don't know how these things work.

The first infection happens through a single LAN-connected user running the program right? Does anyone know why all over the world users did this at the same time? Is it just that the infected package (I assume in a mail) was sent at about the same time everywhere and then people started opening it almost immediately?

They can just ddos the site and the malware should start working again.

This I wanna know too. Can anyone just get infected by doing nothing stupid and simply having their computer turned on and connected to the internet?

BTW, Apparently the fix for this flaw was released back in March by Microsoft. British hospitals aren't installing 2 month old CRITICAL security updates? Shouldn't they employ a computer security guy or whatever?

hey maybe you could apply there?

I mean if I don't need to do anything on the job like make sure 2 month old critical updates are installed.. I sure could apply. I'm qualified for doing nothing

that's what worries me the most, I bet they actually have an IT security department. These guys get paid real money. Well, "got paid", I don't think they'll be working there for much longer.
Making sure a nation-wide system is up to date is kind of tricky though, if you're only qualified for doing nothing.

It uses exploits to get access to your computer, no email attachments required

>MALWARE IS ALREADY DEAD BECAUSE THE KILL SWITCH GETS SINKHOLED

>malware is already dead
>kill switch
>sinkholed

fucking nerds with your gay ass fantasy words

just fuck off and die i fucking hate you so much

if we ever meet IRL i will FUCK you up

blog.talosintelligence.com/2017/05/wannacry.html
How is this .exe delivered to the initial user then? I'm not saying necessarily mail, but download or some sort, at least user-induced infection.

Don't ever talk to me again or I will sinkhole you

They use a vulnerability in Windows to remotely execute the files

>Another cause for concern: wcry copies a weapons-grade exploit codenamed Eternalblue that the NSA used for years to remotely commandeer computers running Microsoft Windows. Eternalblue, which works reliably against computers running Microsoft Windows XP through Windows Server 2012, was one of several potent exploits published in the most recent Shadow Brokers release in mid-April. The Wcry developers have combined the Eternalblue exploit with a self-replicating payload that allows the ransomware to spread virally from vulnerable machine to vulnerable machine, without requiring operators to open e-mails, click on links, or take any other sort of action.

>barely make 2000$
>barely make 2000$
>barely make 2000$
what a joke

But that doesn't mean that another person can just recreate it and change the address it's being sent to.

>BTW, Apparently the fix for this flaw was released back in March by Microsoft. British hospitals aren't installing 2 month old CRITICAL security updates? Shouldn't they employ a computer security guy or whatever?
Many places are forced to run old versions due to obscure software. They will have an expensive MRI scanner or something and the control software only runs on XP, the company that wrote it probably doesn't exist anymore and they can either discard millions worth of equipment or just keep using an old version of windows.

Is getting the figure wrong some ebin new meme? Last I checked the dude was sitting on at least $10k, and that was hours ago. Let's also keep in mind that it's only been ~24hrs and people get a week to pay iirc (well three days before the price hike but still, a week total)

yes, but that happens on the local subnet only. I'm not saying that it can't be done outside of the subnet, but the current attacks seem to happen on local subnets.

ha nice try chad but youre no match for my kung fu im compiling a zeroday trojan backdoor into your mainframe this very instant

Wow I didn't realize that Linux was nuke proof.

According to everything I read, this malware spreads in a P2P way
No human needed

it's a worm
it scans the internet for vulnerable machines and auto-exploits them

You just look at the bitcoin blockchain. They made around 20k. Not worth putting such a big bullseye on your back.

Yeah, but machines like that really shouldn't be in a network that's connected to the internet.

retards aren't going to know that russian hackers don't target russians, and I doubt the media will tell them.

for what purpose

Like I said in another thread, it's only been ~24h, and iirc it gives a week to pay. There will be more payments and more infected machines which means even more payments, guaranteed. This is far from over.

what does sinkhole mean in this context?

Not much the it security can do when they are constantly handicapped by paperwork, budget cuts and given zero priority.

but then you have to use, like, paper
or even discs
What kind of stone age shit is this? We all just want to sit on our fat asses and send shit through email and open random attachments on the computer that controls a machine that could easily put out enough radiation to kill someone if configured wrong

It is not like they can touch the stash either because any transactions from it will be highly monitored. Morons can't even use multiple addresses. So everyone knows which bitcoins they are holding onto.

They are using multiple addresses though, it's been discussed quite a few times already.

The source code for this shit is already out there. Literally a one line change to remove the killswitch. Change your bitcoin address in the place of the old one and you've got your own money making machine.

...

They are using 3 to 4 addresses. Only. Apparently.

I somehow doubt you. Any proof?

This entire thread would be an excellent way for the FBI to tease out the hackers, make them feel scared as shit, that everything they've done is worthless and they made absolutely nothing and they're doomed now. "for jail for life" seems to be a key thing across a few threads now.

Hi from Sup Forums

>incompetent skiddies have the foresight to put a kill switch in their worm
>it also just happens to be exploitable and gets exploited before the US gets hit

What an odd coincidence.

means some DNS servers are returning the wrong IP, so that the website is up even though the malware author that registered the domain hasn't pointed it to a valid IP

They aren't incompetent . They are small time that made it big. They are releasing a ransomware that relies on an exploit that has been patched for months now. They tried to fish for fishes but caught sharks instead.

oh, they could complain in advance that they can't function properly this way and that bad stuff might happen. I hope for them that they did.

thanks

>hey boss we gotta restart a couple machines and install critical security update
>> what for? nothing ever happens anyways it's just a waste of money and time

>hey boss our systems were encrypted because the critcal error i mentioned was not closed
>>can you imagine how much damage you caused for us? we employ you to prevent such things. iwill make sure you will not work for any other hospital ever again and of course you are fired

>They tried to fish for fishes but caught sharks instead.
Nice quote. Gotta remember that.

Time to apply for IT

I am sure they did but most companies see IT as a cost center. So if IT is doing their job, it isn't reflected in the bottom line. So when budget cuts or increases come up, management never considers IT. In fact IT is almost always the first in line when it comes to budget cuts, cause the upper management of government services are always almost ran by incompetent old people who don't understand the importance of having ip to date stuff in fucking 2017.

I want to cum on Bitcoin's face.

Fuck off back there, you tinfoil retard. Jesus Christ do we need to shut down the Reddit influx.

Since the exploit used to make this was leaked, and this entire debacle serves as a proof of concept for it's application, what's to stop literally anyone from making their own copy of this? Is this news even widespread enough that most people in the US will defend against it? Will antivirus companies be able to engineer a defense against it for lazy people?

>what's to stop literally anyone from making their own copy of this
Nothing. Except now most systems will probably be patched and it won't spread as expontentially.

MS released a patch some time ago and now people will finally understand why you should patch your OS

Nothing.

Shut down Sup Forums and you'll get an even bigger effect.

>now people will finally understand why you should patch your OS
Bahahahahahahahahahahahaha
Good one, user. Windows 10 users with the forced auto-updates will be fine, but all the normies still running 7, 8, or god forbid, XP, will still never install a single update.

Actually now that goobedygatechan exists they'd probably all just migrate over there and we'd be better off for it.

>we'd be better off for it.
That is the point I was making.

This. Let them moderate themselves into dumber and dumber circle-jerks.

I'm an IT tech in a cancer treatment facility, holy shit this crap is vulnerable as hell:
>Patient imaging, treatment plans, scheduling all run on MOSAIQ (on windows)
>Domain server is windows
>All company laptops are 2009s running windows 7
>All the transfer takes place with DICOM running on windows nodes
>Fileshares are all samba
>Average user is 45 something woman
Shit

Good luck. Hope you don't lose your job.

Also the fucking treatment plan and irradiation designer is on Raystation 5, that guess what, runs on windows

You can find a target organisation's IP addresses quite easily. You then manually send them the exploit, using a remote code execution exploit, elevated privilages, or some other kind of hack.

MRI scans dont use radiation. It uses a magnatic field which is completely harmless for humans.

well, they really fucked up on multiple levels
I just don't understand the intentional killswitch
it makes it seem like a false flag so the government can push for even more surveillance

It's also a way to get every single cyber intelligence agency in the world looking for you.

This post on Sup Forums would be enough for them to monitor you directly for more evidence.

Oh, I thought what you meant is you'd get an even bigger effect of crossboarding Sup Forumstards with their containment board gone.

MRIs don't, but x-rays do and those are still controlled by the same kinds of systems.

>raystation 5

As long as you have a firewall between you and the internet, like a router. If you're on a network install the MS patch from March.

why hasn't anyone made a worm yet that installs wubi on all affected machines
year of the linux desktop when

Any hackers out there? I'd like to know how they make command and control servers, do they rent vps or use a raspberry pi on a random wifi? it seems to me it's pretty easy to pinpoint the server.

X-ray machines are not able to produce a lethal amount of radiation, at least not the modern ones

>If you're on a network install the MS patch from March

fuck off cuck don't tell me what to do

say please or FUCK off

Yea but you're X-TRA-GAY and your faggotry is lethal

so FUCK OFF

>calls other people cucks
>still uses windows

Lol faggot.

Yeah terrible naming kek
Still this shit cold deliver a gamma dose enough to cause burns as this lad was pointing out

Read

>it seems to me it's pretty easy to pinpoint the server.

>why would the nsa/cia want to target russia
mmmm...

Imaging devices, sure
Treatment ones however... Very quickly

99% of them use a TOR hidden service, so you don't know the actual location of the machine, and if you just know the hidden service URL, you're not going to be able to take it down, since the TOR network is very slow, unless you take down the whole TOR network, obviously, but that is undesirable since there are many legitimate uses of TOR, such as protecting journalists in areas with limited freedom of speech.

...

Any half-decent tor service is run within a VM that only has access through tor, meaning that you'd have to do a VM breakout. Which is hard enough as it is, let alone doing it through the security of top end patched server software.

Ok so the malware itself is a TOR client.