Meanwhile on Russian and Ukrainian petrol companies

except it is

bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/

It's using the same ETERNALBLUE exploit. Most people are just retarded and didn't patch the exploit from the last attacks.

Let me guess. Windows computers?

fake news. well, outdated, at least, some people confirm it is not petya.

>it's not even written in Chinglish
I think that is right.

should've gone diskless or at least redeploy disk images

Yeah, you know. The same OS that like 90% of the world uses. That one.

If anyone besides neckbeards on Sup Forums actually used Linux, then maybe hackers would start developing malware for it.

>maybe hackers would start
We complete our work already.

Fuck personal PC, what about my money.

Using Super Mario Bros to break into a computer

These nigga crayyy

>The same OS that like 90% of the world uses
You mean the same OS with a userbase dumber than Mac users? >

Say thank you NSA

>winfags literally dumber than Mac users
LMAO

so is smbv1 the only problem child or does v2 and v3 need to be disabled as well?

HAHAHAHAHAHAHAHHAHAHAHAHA

no wonder you retards get so much malware

>Not using it
:^)

You shouldn't brag about having such a large userbase when the majority of that userbase is made up of tech illiterates. Also, it's the most insecure OS in existence. Full of holes.

Should I be worried?

>using the smiley with a carat nose

>Not using it
:^)

Bump

is this real

>diamond what

Thank you NSA for the day off

(you)
(you)
(you)

Also, blah blah blah, preinstalled, work use, larger sample size, more expensive, yadda yadda yadda.

Real wizards use Arch.

>Still not spelling carrot right

>failure to spell Kakarot

This shit is worldwide:

hindustantimes.com/world-news/live-new-cyberattack-causes-mass-disruption-in-europe-hits-ukraine-russia-netherlands-and-several-major-companies/story-bW5HYW4ZG1YEHJbpno2I2J.html

I should done some heroes3 message box...
"Petya have been launched.
Number of Linux users increase."

About the attack? Probably not. Unless your computer is outdated or it's on a large company network

how could you be on Sup Forums and not be aware of what this is.

2017 Year of Linux Desktop confirmed

OSX exists

Huh. That's a new Petya variant.

Last time I saw this they fucked up and made a ChaCha20 (or was it Salsa20?) variant with only 16-bit registers instead of 32-bit, which is a catastrophic crypto fail that allows key recovery.

Anyone got a sample?

A lot people are making Sup Forums threads about this ransomware but are deleted in few minutes. Are Mods deleting because dont fit in the board culture of /general/ and headphones?

The mods are in on it

NSA EternalBlue work in mac and linux, but there are fixes since a lot of time ago.
The average Windows user dont like install fixes.

because we dont need the entire front page filled with one single news story

>using the smiley with a carat nose

Are you Russian or Ukranian? if not you're safe, its mysteriously targeted only at those regions

m.slashdot.org/story/328035

>close TCP ports 1024-1035, 135 and 445
can anyone confirm this?

>The average Windows user dont like install fixes.
It doesn't help that half the updates are microsoft trying to install spyware / nagware.

that's cnn quality, where did you get that from?

>hindustantimes

ETERNALBLUE is FOREVER baby

>Not using the reversed version
(^:

>using the backward smiley with a carat nose

Yes. technet.microsoft.com/en-us/library/security/ms17-010.aspx

It's the same SMB exploit that the NSA wrote malware for. It's kind of amazing and pathetic that this can still be used against big corporations.

>caret

If we are talking about Eastern Europe they probably have updates disabled because pirated Windows.

>get ransomware
>get telemetry
choose one

It's only a potential chance of getting ransomware.

There is another option. Install gentoo
>get depressed and stop using the computer

pirated windows can update though

more like updates disabled because W10

It's not only MS17-010 being used. This is quite more than that, it uses WMIC, I'm still reading through some updates from some hobby sec guy for what exactly the infection factor is. It does use EternalBlue.

twitter.com/0x09AL/status/879702450038599681

It also does shit through PsExec it seems

Oh and also
>using hardcoded windows paths
I got to say, lazy but efficient with how the spread has been so far.

It also uses WMI as an additional spread vector, so disabling admin shares wouldn't hurt as well

notawfulsecurity.blogspot.ca/2017/06/petya-good-practices-final-exam.html
twitter.com/HackingDave/status/879735897205460992

>infection factor
HAHA
oh wow

I still haven't slept properly wew, can't be bothered to proof read my posts

I checked my services list on WMI, and if I could disable it without worries.

I paused the service earlier, scanned with MalwareBytes to see side-effects, when cancelling the scan, 'Windows popped me an error message about Server could not execute operation.' That's about it.

>reading through blogpost
Design thought: NotPetya's initial targets appear to be unpatched systems, and then it uses dumped credentials to pivot onto patched systems. Clever.

I can't not agree with this. It's very cleverly designed. Just lazy, since there are hardcoded paths.
>installing on any letter aside from C: might save you trouble too.

>disabling WMI
Retard here. If I disable it then Windows Security Center (Firewall, Antivirus?) will be shut down too.

>windows
>on an ATM
kek nobody is this stupid

Hmm, as far as I can tell and if you look at the screenshot here. I paused it and opened control panel and looked over Windows Firewall settings and made some changes, nothing to be alarmed about and nothing of the usual Windows messages came up that my Computer isn't protected shit. I will test some more and see how much my system gets unstable.

>he doesn't know

You can leave WMI enabled but disable admin shares used by the malware ($admin, $c etc). I did it on my PC and Defender and Firewall are still working

HKLM>System>CurrentControlSet>Services>lanmanserver>parameters

Create DWORD key AutoShareServer and set it to 0
Create DWORD key AutoShareWks to 0
Reboot

>kek nobody is this stupid
That's naive as fuck of you

Why only $300? Is there a transaction limit to bitcoin? Or are hackers this much [/cpde] stupid?

>Ukraine
wonder who could be behind this

they have a guilty conscience, what a bunch of pussies

gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759

Found this bit, quite interesting really and I despite the annoyance of this ransomware, props to the guys that made it,

>#Petya uses LSADump to get Admin password and infect all network. There is no need for #EternalBlue vulnerable PCs.

$300 has the purchasing power of $10000 in eastern Europe

if the hackers had asked for more, nobody could afford to get their shit back

good, make them pay the stupid tax

it couldn't have been Russian hackers if Russia was also hacked

do they actually give you the key if you pay them? If so why don't these banks just pay and afterwards update their systems?

I get it, but didn't the "other" hackers last month who also infected computers with the same similar malware also asked for exactly $300?

So why only $300? I think these hackers are fucking retards and trying to get caught.

Anyone try out the local killswitch?

twitter.com/ptsecurity/status/879779327579086848

nice try loonix tard

i can see by your fonts that you'er a linux user

stop smearing microsoft for your linux ransomware

bulletproof logic there

>stop smearing microsoft
Microsoft is doing that themselves by tracking their users.

How is it spread and how come it's localized?

Like every single fucking one runs Posready2009 i shit you not.

Been listening to the 3rd program of the Polish Radio, they reported about Ukraine being hit.
Allegedly everything stopped from railways through banks to government administration because every single fucking thing there runs on an ancient pirated copy of windows.

Ukrainian correspondent already blamed the Russians.

If MS hadn't made updating an inconvenience and made people be more afraid of updating than infections we wouldn't in this mess.

>karrot

>why only $300?
are you actually this fucking dense? if the ransom is lower more people are likely to pay. sub-500 is probably strikes a decent balance between payout likelihood and per-payout margins.

MYSTERIOUSLY DELETED
hmm, i wonder why...

>Leenuk ith tho thecure

Windows XP embedded is the main operating system for ATMs...

what was it?

Weren't the western world meant to have an oil shortage?
This could have been done to sure up supply. If you can't sell fuel it'll go elsewhere.

Australia has been hit as well, a chocolate factory has shutdown because of it