Alright Sup Forums so I'm an idiot

Why do I get the feeling this is a false flag to get the mainstream to support the banning of encryption? Seems a bit weird that this hack/virus/whatever uses the term "encryption" so heavily. You would think they would simply say 'your files are being held ransom' or something similar, considering 90% of the oldheads who will get this problem have no idea what encryption is. Now they will see 'encryption' in the news or whatever and think 'encryption = bad because of that one virus i got'

It might. There's no known solution for Wannacry at this point that I'm aware of, but you can try here:
nomoreransom.org/

Some people are skeptical that paying the ransom will work in this case:
bbc.com/news/technology-39920269

That being said, if no backups and the nomoreransom site does not have free decryption method, you either pay no money and kiss your files goodbye and pay, might get a decryption key, might get burned.

And whose fault is that?

Here's the truth (source: I'm a time traveler)

>The NSA and Microsoft work in collusion (always have, lookup PRISM)
>The NSA and MS coordinated together to release these exploits
>Windows 10 collects more data than the NSA ever did/could
>by forcing everyone to update to windows 10 the NSA doesn't need to use exploits, just get the data from MS
>By making people fear encryption and cyber terrorism they will be able to crack down on it
>darkweb, torrents, etc will all be watched
>raids on hackers will become more and more common

it's all over Sup Forums.

We need to annex a part of canada and create a new utopia.

yandex.com/images/search?rpt=imageview&img_url=http://i.4cdn.org/g/1494858542953.png

At least pick an image that hasn't been posted in every forum and news article on the fucking internet.

Sounds like your boss is a smart guy. Finally treating the disease instead of the symptoms.

1) Restart the computers.
2) Before the windows starts press F8
3) Choose Safe Mode with networking
4) Find the ransomware files and registries and delete them
5) Install your favorite antivirus, scan the computer and delete the viruses
6) ???
7) If that doesn't work, [spoiler]cut your dick[/spoiler]

This does not seem too far off, sadly.

>macs
>paying extra for a picture of a half eaten apple and the inability to work on your own machines

>he thinks he will be able to run his computer and access ransomware files when all files get encrypted

He should have done it immediately and quickly or just reinstall the OS.

how can i prevent this (windows 7)?

does this encrypt files on all drives, or just main drive?

and would reformatting fix it?

>WTF do I do now?

Enjoy your new utopia of an all-OSX userbase. It's fuckin lit compared to the shitshow that is Windows AD

install linux

>update to latest
>yes all files connected on the same network
>format fixes everything

The popup doesn't happen until the files are already encrypted, ya dingus.

I swear, Sup Forums sure likes giving out advice about shit they don't know anything about

>for my company

Goddamn, this whole thing makes me glad I am in charge of the patching procedure of our Windows machines at our company. I patch those bitches every month. Pretty sure the desktop monkeys also patch my laptop every month too. It amazes me how many professional organizations run an outdated version of Windows.

Even a Mac is cheaper than Windows when accounting for shit like this that seems to plague Windows constantly. Though I would stick with the same machines and just install Linux, desu

R u boss retarded? Isn't easier teach them how to use Linux? Something close to Windows like kubuntu or mint?

I never understood the price argument when it comes to buying Apple products. It's usually a difference of

>in house techs can't do shit with them
>thinking finance people aren't going to be asking questions about extra cost for the same power of equipment
to say nothing of all the extra costs for mac only software

Look at me, I'm a mental who pays a thousand extra for a 200 bucks hardware

Every Windows PC which has NOT booted then infected over the LAN may be safely booted using a live Linux USB, CD, or DVD to rescue the data.

Wintards should know Linooks. Lintards should know Winshit.

Windows can be protected using Faronics Deep Freeze on workstations for where you need Windows apps.

OP could use boxes he'd have to format anyway as test machines.

Everyone even slightly into computers should know these basic concepts.

You're acting like paying an extra $1000 for a product you will have for at least several years is at all significant? That's like buying shitty generic 1-ply toilet paper because it's $1 cheaper than 3-ply Charmin Ultra-Soft

I dealt with ransomware like this when I was working at a repair shop. Encrypted my ass, boot from usb and delete whatever was at startup. Done.

Just use CCleaner to clean up the infection.

ITT: literal fucking morons

If the files weren't encrypted then why would this even make the fucking news.

"like" is not "identical"

You don't know anything about this particular ransomware. Go prove your assertion or FOBTR.

>WTF do I do now?
something-something-gentoo

You can't be serious. What pc r u using that u have to change every time? I have the same fucking pc since 2013 and it works great for everything I need, even gameplay. And I paid 400 USD on that

Are you expecting actual tech knowledge from news of all things? It made the news because it was a large scale infection. Also.

>If A is true then why does B happen?

You know that's the most used argument when people don't know what they're defending, right?

Proof that wannacry doesn't actually encrypt the files or gtfo

Apple Macbook doesn't have this problem

way to fuck it up.

RIght. No possibility this is different than your repair shop days...

As far as ive heard nobody that has payed the ransom has gotten their files. But for the love of god disconnect ur computer from the internet dont let this shit spread.

Instead of tracking down the perpetrator and bringing him to justice, the media is telling the people that they are the problem and must be cleansed of their sins

>browsing darkweb
>using windows
you might as well ask around for drugs in the NSA HQ, not much difference

To be fair, you fucks spreading about the "turn off auto update to avoid the windows botnet" meme caused a lot of Normies to turn off auto update...

...so, they missed the security update.

Good going, Sup Forums.

>As far as ive heard nobody that has payed the ransom has gotten their files

How's this any different to pic related? From what I can tell it's the exact same virus it's just more widespread because goys are moronic.

>Being THIS naive as to how the news works

Am I on reddit?

you still have provided NO proof that wannacry doesn't encrypt the files bucko

Does this malware use the same exploit? Wannacry can spread on a local network without any user action.

update happened after it got out in the wild

Internet as well, depending on how retarded they were with opening ports.
Windows update was in March, before the shadowbrokers leak.

Yours, of course. Should've updated to Windows 10 Good Goy Edition right away. Microsoft did nothing wrong.

Shadowbroker approached Microsoft. The patch came out in March. Shadowbroker released EternalBlue in April. WannaCry hits in May. Microsoft realises they forgot to release patches for XP, 2k3, and Vista and does so.

Try again.

en.wikipedia.org/wiki/EternalBlue

Oh shut up, install windows 10, and swap drives or dual boot with some Unix-like like the rest of us for your non-gaming needs.

Vista, 2k3, and XP were all out of support completely and ordinarily do not get security patches at all. The problem is that some companies (and individuals) still run machines with important duties that run these out of maintenance OSes, thus Wannacry was able to infect them automatically

What are you talking about? That's exactly my point lol. You only buy a computer once every several years, so an extra $1000 (max) is hardly significant.

Running those OS's is not inherently bad though. It's only bad when they're connected to the internet in some form.

The problem is that even if they're not directly internet connected, if one person runs wannacrypt or another malware that has self propagation across the network and the exploit for SMB, then those machines that are not directly internet connected can be infected.

If they're airgapped from the internet it can still be okay but you have other infection vectors.

>$CURRENT_YEAR
>not using EMET

I meant airgapped. Sure there are other methods of infection, but they're irrelevant for this specific case, and would require other unsafe actions like plugging in external hardware or something.

Well aware. I used to be a sysadmin response for the management of a ton of servers responsible for backups. A major regional energy company and an IRS subcontractor are still on 2k and 2k3.

We kept trying to get them to migrate. No luck.

EMET is being discontinued with EOL mid-2018

Boy, an IRS subcontractor? They do like playing with fire eh?

You have nothing to fear if you weren't directly audited. However, if you were, I'm pretty certain your financial info has been stolen at some point or another.

Fucking USB in parking lot attacks, man.

Either bait or you are fucking tech illiterate. Just because it looks similar, it doesn't mean it is the same thing.

My father's was for many years and I was as a dependent. IRS said it was laptop theft and they couldn't even say if it was encrypted or not. We got a year of credit monitoring and that was it.

tru tru

Sounds about right.

We kept telling them to stop sticking strange USB sticks into their work computers.

Did not listen.

So glad I do not work there anymore.

>company

I know this is bait and all but any competent admin would have backups ready to roll in for the sitaution like this.

Really, ransomware shit happens rather frequently for companies, the bigger the more often targeted, which is why IT have everything on backups.

...

>he thinks "the fucking news" are tech literate
Oh boy. Look a DDOS attack on the rampage too. The end nigh

It wouldn't surprise me if this actually works

>not paying the fine
It's like you don't want to be a speedy speed boy.

>tfw decide to pay ransom so I can get all my documents back
>tfw I transpose the "l" and "I" (that's lower-case 'ell' and upper-case "eye") in the bitcoin address

back to coinbase :-(

>not using the copy button

>clicking on a virus

How much computing power is necessary to break the encryption?

Probably around the same as to break into one of the btc wallets.

is it sha256?

More than we have available here on Earth. It's 128-bit AES.

>SHA-256
>encryption

Even with all the computers in the world clustered together it would still take until well past the heat death of the universe to decrypt a single file. They are encrypted with a 2048-bit public key. So, around 6 quadrillion years.

>It's 128-bit AES.

Say what? It's not AES, is it? Pretty sure all the Cryptolocker variants use 2048-bit RSA pairs. Unless they are just using RSA for the key exchange and are generating symmetric AES keys?

>128-bit
>2048-bit

which one?

kiss your sister, you'll feel better afterward

"The Trojan generates a random symmetric key for each file it encrypts, and encrypts the file’s content with the AES algorithm, using that key. Then, it encrypts the random key using an asymmetric public-private key encryption algorithm (RSA) and keys of over 1024 bits (we’ve seen samples that used 2048-bit keys), and adds it to the encrypted file. This way, the Trojan makes sure that only the owner of the private RSA key can obtain the random key used to encrypt the file. Also, as the computer files are overwritten, it is impossible to retrieve them using forensic methods."

So, it uses RSA 2048 bit for encryption of the AES key. The AES key has been reported as 128 or 256, depending on which loltechjournalist is writing about it. AES128 will still take a billion billion years to brute force, though.

Here:
gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168

>Each infection generates a new RSA-2048 keypair.
>The public key is exported as blob and saved to 00000000.pky
>The private key is encrypted with the ransomware public key and saved as 00000000.eky
>Each file is encrypted using AES-128-CBC, with a unique AES key per file.
>Each AES key is generated CryptGenRandom.
>The AES key is encrypted using the infection specific RSA keypair.

There. It's not rocket science.

I was considering this idea last night (except fuck Canada). There are a whole lot of machines on mostly private networks that just got a whole mess of new code dumped onto them.

You just can't trust these fucks. If the NSA or (((them))) wanted access to something, they are getting the globe to DL a bunch of shit for free. Meanwhile MS will sell some updated licenses, while they screech about getting fucked by big brother.

>wants to try to get the data
is your company doing regular backups? Because you'll need to restore the data from backups.

Yes, because obviously the answer of "someone used a well-known $2900 commercial malware variant and some Shadow Broker EXEs he found on github and hit a jackpot" is just totally unbelievable compared to "This is a false flag by intelligence agencies worldwide to get people to switch off of Windows 7 onto Windows 10"

It's not the switch to w10, it's the downloading of new code via the update system, into normally dark networks. It's also not a worldwide conspiracy, just a single agency is needed to do it.

I think you protest too much.

>dark networks
>running a proprietary OS

It happens all the time. Industrial plants running PLC's (Iranian centrifuges anyone) would need windows machines to run the programming software. Networks of workstations for intelligence analysts. The office machines for government employees. Most of this stuff would have to run Windows.

How to get new code into these dark networks? A global scare, with some pajeet mole dropping malicious code into an update.

Except what we're telling you is that they're the same thing.

Your shitroll analogy fails because it assumes you're buying 1-ply to save money, when in reality they're both 2-ply and they're both equally comfy.

What you're not paying for is print on paper you're just going to put in your asshole that says "you're super cool and super smart for buying this."

Its just a patch to the software installed by the Patriots claiming to fix Y2K.

Do people use WSUS Offline for Windows 7?