Meanwhile on Russian and Ukrainian petrol companies
Meanwhile on Russian and Ukrainian petrol companies
Other urls found in this thread:
bleepingcomputer.com
hindustantimes.com
m.slashdot.org
technet.microsoft.com
twitter.com
notawfulsecurity.blogspot.ca
twitter.com
gist.github.com
twitter.com
twitter.com
New zero day?
:^)
>using the smiley with a carat nose
Nah it's just MS17-010 again.
I guarantee you this is the work of the NSA.
>failing to spell caret properly
this is not 100% yet, I have read reports that it is not is
Ukraine mostly hit harder, Ukrainian corporations, ministries and even fucking grocery stores are RIP (pic related)
Ruskies got hit only at petrol companies from what I know
>not patching SMB exploit
>patch was released back in fucking March
>not learning mistakes from last WanaCry outbreak
>not having backups ready to go
Our whole world is ran by people that don't know what they're doing. God help us all.
it is most probably not using SMB
except it is
It's using the same ETERNALBLUE exploit. Most people are just retarded and didn't patch the exploit from the last attacks.
Let me guess. Windows computers?
fake news. well, outdated, at least, some people confirm it is not petya.
>it's not even written in Chinglish
I think that is right.
should've gone diskless or at least redeploy disk images
Yeah, you know. The same OS that like 90% of the world uses. That one.
If anyone besides neckbeards on Sup Forums actually used Linux, then maybe hackers would start developing malware for it.
>maybe hackers would start
We complete our work already.
Fuck personal PC, what about my money.
Using Super Mario Bros to break into a computer
These nigga crayyy
>The same OS that like 90% of the world uses
You mean the same OS with a userbase dumber than Mac users? >
Say thank you NSA
>winfags literally dumber than Mac users
LMAO
so is smbv1 the only problem child or does v2 and v3 need to be disabled as well?
HAHAHAHAHAHAHAHHAHAHAHAHA
no wonder you retards get so much malware
>Not using it
:^)
You shouldn't brag about having such a large userbase when the majority of that userbase is made up of tech illiterates. Also, it's the most insecure OS in existence. Full of holes.
Should I be worried?
>using the smiley with a carat nose
>Not using it
:^)
Bump
is this real
>diamond what
Thank you NSA for the day off
(you)
(you)
(you)
Also, blah blah blah, preinstalled, work use, larger sample size, more expensive, yadda yadda yadda.
Real wizards use Arch.
>Still not spelling carrot right
>failure to spell Kakarot
This shit is worldwide:
I should done some heroes3 message box...
"Petya have been launched.
Number of Linux users increase."
About the attack? Probably not. Unless your computer is outdated or it's on a large company network
how could you be on Sup Forums and not be aware of what this is.
2017 Year of Linux Desktop confirmed
OSX exists
Huh. That's a new Petya variant.
Last time I saw this they fucked up and made a ChaCha20 (or was it Salsa20?) variant with only 16-bit registers instead of 32-bit, which is a catastrophic crypto fail that allows key recovery.
Anyone got a sample?
A lot people are making Sup Forums threads about this ransomware but are deleted in few minutes. Are Mods deleting because dont fit in the board culture of /general/ and headphones?
The mods are in on it
NSA EternalBlue work in mac and linux, but there are fixes since a lot of time ago.
The average Windows user dont like install fixes.
because we dont need the entire front page filled with one single news story
>using the smiley with a carat nose
Are you Russian or Ukranian? if not you're safe, its mysteriously targeted only at those regions
>close TCP ports 1024-1035, 135 and 445
can anyone confirm this?
>The average Windows user dont like install fixes.
It doesn't help that half the updates are microsoft trying to install spyware / nagware.
that's cnn quality, where did you get that from?
>hindustantimes
ETERNALBLUE is FOREVER baby
>Not using the reversed version
(^:
>using the backward smiley with a carat nose
Yes. technet.microsoft.com
It's the same SMB exploit that the NSA wrote malware for. It's kind of amazing and pathetic that this can still be used against big corporations.
>caret
If we are talking about Eastern Europe they probably have updates disabled because pirated Windows.
>get ransomware
>get telemetry
choose one
It's only a potential chance of getting ransomware.
There is another option. Install gentoo
>get depressed and stop using the computer
pirated windows can update though
more like updates disabled because W10
It's not only MS17-010 being used. This is quite more than that, it uses WMIC, I'm still reading through some updates from some hobby sec guy for what exactly the infection factor is. It does use EternalBlue.
twitter.com
It also does shit through PsExec it seems
Oh and also
>using hardcoded windows paths
I got to say, lazy but efficient with how the spread has been so far.
It also uses WMI as an additional spread vector, so disabling admin shares wouldn't hurt as well
notawfulsecurity.blogspot.ca
twitter.com
>infection factor
HAHA
oh wow
I still haven't slept properly wew, can't be bothered to proof read my posts
I checked my services list on WMI, and if I could disable it without worries.
I paused the service earlier, scanned with MalwareBytes to see side-effects, when cancelling the scan, 'Windows popped me an error message about Server could not execute operation.' That's about it.
>reading through blogpost
Design thought: NotPetya's initial targets appear to be unpatched systems, and then it uses dumped credentials to pivot onto patched systems. Clever.
I can't not agree with this. It's very cleverly designed. Just lazy, since there are hardcoded paths.
>installing on any letter aside from C: might save you trouble too.
>disabling WMI
Retard here. If I disable it then Windows Security Center (Firewall, Antivirus?) will be shut down too.
>windows
>on an ATM
kek nobody is this stupid
Hmm, as far as I can tell and if you look at the screenshot here. I paused it and opened control panel and looked over Windows Firewall settings and made some changes, nothing to be alarmed about and nothing of the usual Windows messages came up that my Computer isn't protected shit. I will test some more and see how much my system gets unstable.
>he doesn't know
You can leave WMI enabled but disable admin shares used by the malware ($admin, $c etc). I did it on my PC and Defender and Firewall are still working
HKLM>System>CurrentControlSet>Services>lanmanserver>parameters
Create DWORD key AutoShareServer and set it to 0
Create DWORD key AutoShareWks to 0
Reboot
>kek nobody is this stupid
That's naive as fuck of you
Why only $300? Is there a transaction limit to bitcoin? Or are hackers this much [/cpde] stupid?
>Ukraine
wonder who could be behind this
they have a guilty conscience, what a bunch of pussies
gist.github.com
Found this bit, quite interesting really and I despite the annoyance of this ransomware, props to the guys that made it,
>#Petya uses LSADump to get Admin password and infect all network. There is no need for #EternalBlue vulnerable PCs.
$300 has the purchasing power of $10000 in eastern Europe
if the hackers had asked for more, nobody could afford to get their shit back
good, make them pay the stupid tax
it couldn't have been Russian hackers if Russia was also hacked
do they actually give you the key if you pay them? If so why don't these banks just pay and afterwards update their systems?
I get it, but didn't the "other" hackers last month who also infected computers with the same similar malware also asked for exactly $300?
So why only $300? I think these hackers are fucking retards and trying to get caught.
Anyone try out the local killswitch?
nice try loonix tard
i can see by your fonts that you'er a linux user
stop smearing microsoft for your linux ransomware
bulletproof logic there
>stop smearing microsoft
Microsoft is doing that themselves by tracking their users.
How is it spread and how come it's localized?
Like every single fucking one runs Posready2009 i shit you not.
Been listening to the 3rd program of the Polish Radio, they reported about Ukraine being hit.
Allegedly everything stopped from railways through banks to government administration because every single fucking thing there runs on an ancient pirated copy of windows.
Ukrainian correspondent already blamed the Russians.
If MS hadn't made updating an inconvenience and made people be more afraid of updating than infections we wouldn't in this mess.
>karrot
>why only $300?
are you actually this fucking dense? if the ransom is lower more people are likely to pay. sub-500 is probably strikes a decent balance between payout likelihood and per-payout margins.
MYSTERIOUSLY DELETED
hmm, i wonder why...
>Leenuk ith tho thecure
Windows XP embedded is the main operating system for ATMs...
what was it?
Weren't the western world meant to have an oil shortage?
This could have been done to sure up supply. If you can't sell fuel it'll go elsewhere.
Australia has been hit as well, a chocolate factory has shutdown because of it