Would you pay the ransom?

Fuck I thought it was just a lie.
How does it actually encrypt your files?

I always found it cute that randsomware always tries to play it off as if they're a professional company or the FBI that found your CP.

It's just so bold and cheeky.

No, I'd just restore it from my backup :^)

I'm a winshit user, and I'd just install Linux, all my important files are backed up

No, I've been needing a good reason to format my drive and do a clean install. All my registry files are fucked anyways because a warped GPU (physically warped... it was a heavy twin frozr GTX 480) meant that my computer would randomly crash while installing or updating shit. Even today, I can't update any graphic utility other than the driver and every time I start my computer all my USB drivers are "not working" and I have to manually restart them through the hardware panel. It's fucking stupid.

Bring it on, fucker. Give me an excuse to wipe my shit.

I'd say it's pretty fucked m8

At least you know now why having a registry is retarded

It runs in the background.
Reminder that ransomware, like all viruses, mainly targets 40ish year old office ladies and grandpas. They won't notice their computer sitting at 100% CPU for an hour.

>How does it actually encrypt your files?
RSA public-key cryptography, with the private key stored only on the malware's control servers.
basically, even the NSA would have trouble cracking that shit.

It's really retarded. I tried wiping my GPU drives like 10 times with a laundry list of programs and methods and I still cannot reinstall a GPU driver correctly. My computer is just generally slow too. Searching windows for a file through their util is fucking slow and sometimes I notice windows opening at alarmingly slow rates. Fucked installation, fucked life. I'm ready to blow it all up.

I have a SSD now, I'll just reinstall my OS on that now.

We need to escape to Namibia

it takes an hr to encrypt a HDD?

I was speaking hypothetically, the actual speed is highly dependent on the program and type of encryption, as well as the speed of the CPU and the hard drive

I only have games on my winshit pc so I can just redownload them after I format the HDD
All important data are on my second pc running linux

How retarded a person has to be to not have 3rd party antivirus on win?

I am going to ask pretty retarded question so please bear with me.
Can't you decrypt it with public key ?
Can't use use the public key to guess the private key ?
Can't you find the key with some brute force method ?
Can't you find the key by observing the encryption pattern ?

if i was a retarded winshit user, probably.

or cry to the news, dad, banks, politicians and demand they fix it for me after neglecting my tech.

u can't
but mr. roboto can
with raspbi linux

>sudo apt-get update && ./p0r75n1ff3r.sh

>wincucks

They never learn, do they?

no, no, yes*, and no
*anything protected by a string of digits can be brute forced but brute forcing modern encryption with any currently existing computer would in all likelihood take longer than the remainder of your lifespan, and you getting lucky and getting the key would probably be one of the most statistically unlikely events in the history of the universe.

>being cryptographically illiterate

Kek. It's not a padlock that you can pick with a hairpin.

they're gluttons for punishment

No. I got offsite backups of everything

>be me
>save the sensible files on MEGA
>WANACRY.exe
>wipe disk
>reinstall the OS
>???
>profit

> tfw hackintosh

Feels good running on a better developed OS. If Apple released MacOS as a standalone OS people would be leaving Winshit in DROVES

Is there a program for Windows that can warn you if your CPU is over 90% for 5+ minutes?

i am and i definately would this ismost beautiful piece for malware created :3 i would also add some bonuses for such wonderful work.
cant wait to get infected with that

Are you retarded
Nuke the computer and restore from backups
Paying will only encourage these weebs to hit more targets

What, you think you can honor a deal with some random Russian basement dweller and count on his word?

yeah go download not being a retard 20XX
if your fans are whining and everything is chugging for no apparent reason, something might be wrong.

THIS

They honor it because it's absolutely no trouble for them to do so, they can easily automate the system and it wouldn't hurt them at all to do that, and if it was known that they wouldn't give your shit back nobody would pay them.

Yeah, there are these things called ears most people just get for free
If your cpu is louder than usual check task manager

So why did it take this long for blackhats to use nsa's leaked haxor suite?

>What, you think you can honor a deal with some random Russian basement dweller and count on his word?
not honoring it would be bad for business you retard. they always honor it because it makes them more money. you're a baka. post less.

Not him, but can they configure it so that encryption takes longer and they utilize fewer system resources to avoid detection?

I have nightly backups of my data HD going back two weeks. I'd save the malware sample to toy around with it and reverse it in a VM, then install a fresh image and restore everything with a single command. While I wait for the process to finish I read for a bit.

Yeah but there's a greater risk of the computer being turned off, I'm sure they have thought of that, there's also the fact that people generally don't think that they're being hacked because their cpu got louder

They could but that won't help them much to get past computer literate people and their targets are old grandmas who don't want to lose their kids' photos and companies staffed by 40 year old women anyway. Tech savvy people generally won't pay.

>be Winblows user
>disable upgrades to be able to remove OS spyware
>get infected because of running old and vulnerable software
FeelsBadMan

Sure. Just use nanosleep every X iterations and it'll keep the CPU footprint low. Of course it will take longer to finish the encryption, but who cares.

>greater risk of the computer being turned off
So the process needs to run uninterrupted? Can it not continue from where the computer shut down the next time it boots up?

If the malware spread in an office and 20 people there noticed their systems starting to get laggy, they're more likely to call the IT guy than if it takes 3-4 times longer but theres no indication of anything happening that the average dude can detect.

no, my useful shit is on a usb

No, I backup all my important data.

I suppose their potential market is so big that they don't care if 5 out of every 10 infected is tech savvy enough to save himself and 4 don't pay when they can make $300 out of just 1 of 10 guys.

How do I get into it? Seems like easy money.

my theory is as follows:

>microsoft rolled an important patch weeks ago? because NSA no longer monopolize the exploit in light of 'leaked secrets'
>someone perhaps saw the importance of this patch (being administered into XP and other discontinued editions?)
>exploit is reverse engineered by another hacker to actualize
>too bad(good) everyone wasn't able to install updates timely or regularly plus fact that few editions have broken windows update esp. Windows Jupiter/Midori (8.0)
>exploit uses the SMB protocol (port 445) which is active by default if bad INFOSEC
>Samba is used for printing or file sharing via WLAN-LAN or even over WAN
>modern linux routers have open source implementation of SMB which is called Samba (works on both linux and windows) and the problem is modern routers activate the feature by default. Either way, SMBv1-3 are affected by ETERNALBLUE so anyone can get infected unless they blocked RDP and SMB protocol on their local computer (doubt this works because backdoor still works regardless of configuration)
>Samba is harmful IMO
>Luckily those who still use fax machines for printing and had done proper OPSEC aren't gonna be infected

Everyone who have the following will be infected without user intervention (as seen on kiosk screens):
>Operating System with outdated security (updating doesn't mean you're protected. there's a history of patches containing even more of the NSAdoor)
>router that is connected to WAN with the critical ports active

This is how NSA backdoors work and a good lesson to all of you NSA deniers who aren't NSA shills.
Pic related. You might want to uncheck everything except TCP/IPv4.
After that disable RDP (remote desktop) and SMB (at services.msc?).
That's just the tip of the iceberg. If you wan't to dive deeper into the rabbit hole try looking at task scheduler and drwatson/event viewer until you hit a brickwall: metadata everywhere

? = yet to confirm or iirc

You gots to become an haxor with no morality or empathy

Why no ipv6?

That's cute

I'm no haxor, but this shit is probably easier than other types of hacking methods, right?

If I were a top hacker, what would be the most profitable and least risky way for me to make money? And if I were not a hacker, which would require the least skill?

No, worms that take full control of the os are some of the hardest viruses to make. This particular worm didn't even require social engineering.

No haxor- then you're a script kiddie. Good luck finding a script that hasn't already been used a million times

Some ISPs don't support ipv6, and it's not as secure (from what I've heard, not sure though).

How likely is it that this is all just created to desperately shill linux ?

at your own risk

>wasn't able to install updates timely
Two. Fucking. Months.

>he doesn't deepfreeze his C drive.

Ah, make sense. Shit that uses less social engineering is more dependent on programming, hence more difficult.

rsa was cracked a bit ago faggot

>not backing up files

anyone "hit" by this deserves it for using shitty windows

The ransom uses 2048 bits RSA

Being a hacker means you always think that anything can be possible. Even you getting caught should be carefully planned out in advance. Be mindful, make no mistake.
It's like the combination of pessimism and optimism. Yin Yang.

The hacker who executed the happening carefully thought the outcome and succeeded it in a timely manner. It's not as easy or simple as you think it is. Still not sure if he can get away with the whole world hunting him down. Hackers can't be faint-heart.

>If I were a top hacker, what would be the most profitable and least risky way for me to make money?
Hacking a server remotely and grabbing the whole database. You can sell the database or use the credz. It's as simple as stealing secrets and selling secrets. On the bright side you can be a legitimate white hat hacker and use your hunting skillz for bug bounty.

>executed the happening
Do you mean the fappening? You mean if I managed to get the data, I'd also have to work out how to safely distribute/sell it without it linking back to me?

>stealing secrets and selling secrets
But a company with secrets worth selling is likely to have paid someone thousands if not millions to keep them safe. A single hacker can still find a way in?

Reminder that the only ones who got this "le ebin virus xD" are autists who disabled updates.

Wait, this thing uses port 445? I remember disabling those a while ago. Phew.

>disabling
enjoy not being able to connect to anything

>madagascar and greenland still uninfected
some things never change

Thanks for replying but I just stress tested my CPU at 100% and notice zero noise difference. It's fan cooled but noise does not increase.

And before you say that I Fd up my build, It's been purring since 2011 and no cpu issues whatsoever.

>i5 2500k, zalman cpu cooler

where?

>be me
>take out hard drive
>either toss it or clear it externally (better get a big ass magnet)
>ensure it's cleared
>remake all like 5 of my personal files on windows

Alternatively:
>be me
>have ssd backup at all times
>take out hard drive, put in fresh one
>boot from ssd
>set it up again from there

I'd rather invest maybe a day of work than $300 (ish), i couldn't give less of a shit about my pc's files being kept in one piece.

No. Because I am not a retard and actually backup my stuff.

> bad for business
Fucking top kek. Cyber criminals is a business now? Where the fuck do I hand my cv in Lad?

If the virus got my media drives, which don't have [current] offline backups since I'm a lazy sod, I'd probably pay the ransom. (It'd take a week straight of maxing out my connection to redownload all my shit. I'm sure many of these torrents are defunct by now.)

If it only touched my boot drive? I'd just nuke it from orbit.

if they don't nobody will pay to have they files backs since they wont have them back anyways

no, in any practical sense

>A single hacker can still find a way in?
Yes.
There is no such thing as perfectly secured system.
If you are hacker you are trying to find exploit. If you do find it you might be closer to your treasure or even you might be able to jump over the whole system.
But that's not all. the defender might have realized there was someone inside, or that THERE IS someone inside.
Your timing and execution have to be perfect.
It is possible for 1 person to do this.

>Can't you decrypt it with public key ?
no
>Can't use use the public key to guess the private key ?
no
>Can't you find the key with some brute force method ?
not really, no
>Can't you find the key by observing the encryption pattern ?
no

It's encryption, it's designed to resist all this shit

But 445 isn't really used for anything other than SMB. If it were 443, then he wouldn't be able to do anything.

So they lose nothing if no one pays anyway, heck if you pay you just encourage them to increase the ransom.

>Would you pay?

Never.

I'd nuke my drive from orbit and restore from backups. Might be a month old, but it's nothing hugely important anyway, just some furry porn and some hour sheets.

>Total Received $ 5,923.59

So a skilled hacker basically finds the flaw in millions of lines of code that he can exploit.

What are some (in)famous hackers that have done precisely this? Any documentaries?

So bascially like a robber that only steals the money from one till and even forgets to look under it for the 100$ bills. Nice.

Chances are these people that paid are wealthy enough that $300-600 was pocket change and was worth it just to see if it would actually unlock their shit.

>paying for 1's and 0's

I would just pirate everything again.

>>Total Received $ 5,923.59
there are 3 BTC addresses associated witht this attack. about $30k was paid so far.

100k+ infected computers, whole world is scared, whole world is hunting you... and all that for $30k.

that's some stupid shit right there.

I wonder if he/they already in the woods.

I always keep my important files backed up on Google Drive (which doesn't sync automatically because I disabled its autostart). What's left is a bunch of memes and torrents, not even remotely worth 300 bucks (especially in an Eastern European country, ie poorfag). So no, I wouldn't pay.

if it was me, I'd be hammering my HDDs hours ago.

that guy will look behind his back for the rest of his life. this is some serious shit. everyone will want you dead or in jail.

It only affects Windows. Linux shills are out in force.

In reality the infection window (hue) was only 3 hours, but it took down a bunch of massive networks in that time. People died in the UK because their socialist hospitals got fucked. Turns out the NSA has good toys.

No. There's nothing in my PC I cannot replace at the moment

retarded gaymer detceted

I'm literally going to lose my job over this hack

Boss found out that there was a windows update that would have prevented this and asked me why the fuck we didn't update.