/RANSOMWARE GENERAL/

lmao watch it be a Firefox exploit

No, it's MS17-010 again.

>use linux on all my machines
>nothing to fear
Wintards and braindead sysadmins will never know this feel.

Here's your reply

Nothing to fear from windows bugs, yes. But if you're running an old linux system there's plenty of shit that can get you.

fuck off

>ITT we laugh at winfags

pssst hey kid

the ISS runs commodity Intel hardware both on the ground and in space

don't tell nobody

...

Protip: Stealthed ports doesn't protect against RCE SMB exploits

I know I'm probably very wrong but some of the people that have been hit, how the fuck would they of not patched since March?

Do these companies not have Risk Registers?

FUCK NSA

Last time for iwannacry I stealthed my ports so hard that Kodi Exodus isnt' working right. WTF?

>Veteran security expert Chris Wysopal from Veracode said the malware seemed to be spreading via some of the same Windows code loopholes exploited by Wannacry.

>Many firms did not patch those holes because Wannacry was tackled so quickly, he added.

It's called being stupid and not understanding the risk of running networked computer systems. I'd bet that most of them never even heard of wannacry. Companies really don't put resources into prevention since that affects the bottom line tomorrow, and as a CEO you can be prosecuted for not looking after tomorrow's bottom line.

It's almost as if unfettered capitalism is self-destructive. Take this as a little lesson in human behaviour- if you don't see it coming it doesn't exist.

Some people just don't know. I saw an internet facing xp box the other day.

>But if you're running an old linux system
"Braindead" applies here. If your kernel and packages are no longer getting security patches, it's time to upgrade. And there are tools for automatic updates, e.g. unattended-upgrades in Debian and its derivatives, which is safe for stable distros, and for critical environments you should have some method of kernel livepatching in place.

>being this mad

Well good news for the non-braindead, MS17-010 is literally the code for the patch.

works really good on linux if you have wine

I disabled smb 1.0 last time. Anything else we can do for prevention assuming your ports are stealthed?

C-c-can we play too?

welivesecurity.com/2017/02/22/new-crypto-ransomware-hits-macos/

>I saw an internet facing xp box the other day
So what? Not "some people", nobody knows if the average consumer is in question. Look how many people connect their smart TVs, use mobile phones, and give internet access to to general IoT devices running stock firmware without a second thought.

There's no reason to do that though

It's not like newer versions of Debian add telemetry for example

>[email protected]

MACTODDLERS KUCKED AGAIN

>there's no reason to do that
Do you seriously not remember the korean hack from last week? you know, the one where the korean servers were running decade old linux distros?

Corporations are brain-dead when it comes to security.

I bet they had no reason to do that either and were just lazy

Im running win 7 without updates for 4 years and tons of old versions of program. How the hell do normies get this shit?

justinbeiber.newestgaysong.fullalbum.listenhere.mp3.FREE.CLICKNOW.exe

If it has comprised PII or PCI data then yes CTO, CIO and CEO's could go to prison for this.

In my company we have several XP machine still, running a lot of legacy software for Mitel phone systems and door locking which we are slowly upgrading. We patched straight away when Microsoft released the hot fix, we also have the firewalls locked down and NAC to isolate what ports and IPs these devices need.

>Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That's why patched systems can get hit.

Fug.

Beat me too it Adults and kids who don't know any better go clicking/downloading/opening shit without thinking.
Also lack basic computer knowledge.

How come faggots still haven't updated their OS'es to fix that exploit? Fucking retards had been warned to update their fucking systems to prevent further attacks?

After WannaCry and now this and you want to talk about Mactoddlers? Just install Linux. It really does
>just werk

Haha. You Windows faggots are so stupid

>Being retarded enough to download a completely random adobe activation tool

Yeah nah. Bring something actually useful, like ransomware through Transmission.

wew lads, MS17-010, using PSExec and making use of WMI, oh boy, oh boy!

I can't help wonder how long it'll be before some end result of a failed abortion develops a strain of ransomware that instead of encrypting files or whatever, it... ugh... downloads CP (ugh) until you pay for it to stop.

The idea of this just seems fucking terrifying...

...and the long term ramifications would be even worse.

Wait until ISIS develops malware

> it... ugh... downloads CP (ugh)
You need to go back
What's worse than downloading CP onto your computer is if it forces you to finish a bullethell game with zero death to unlock a single file, and then keeps making you play those games until you unlock them all. And you only have 99 hours to get it done.

So another one of these where the vulnerability is already patched? Yawn

>t. mad WinPOO

I'm mad how exactly? Still no problems with Windows.

all you have to do is convince them a computer is a musical instrument (not hard) and they'll blow it up as blasphemy.

not quite.

>gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759

Since it uses a mix of EternalBlue, PsExec and WMI it won't need EternalBlue vuln. once it has infected one machine, after that it's up to PsExec and WMI to fuck up your network and other devices. They use the office vuln. bypassing macros, quite sophisticated if you ask me.

It uses unpatchable Windows pass-the-hash weaknesses and in-memory lsass queries to spread. Windows is bad security to its core. Windows 10 fixes some of the issues (credential guard mitigates some of the lsass issues), but most are still present.

>They use the office vuln. bypassing macros, quite sophisticated if you ask me.

That was a false initial report from a different malware sample. This outbreak doesn't use the macro bypass vuln. Just EternalBlue/PsExec/WMI

>it... ugh... downloads CP (ugh)
Fuck, imagine having to sort through all the duplicated files.

Thanks for clearing that up. Anyone tried the local killswitch yet?

twitter.com/ptsecurity/status/879779327579086848

>Decide to do some dual booting, deciding between Windows 7 and 8.1 since I haven't used them for a while and 10 left a sour taste in my mouth
>See this bullshit

Ah, fuck. What do I do? Wait until it's over? Or is it just hitting retards that download stupid shit from the innernets?

Submerge the computer completely in rice and let sit for at least 24 hours

Damn, I'm glad this doesn't affect Android. I don't even have a computer - haven't in years.

You can always disable network drivers in Windows...

Half of this shit shouldn't even be connected to the internet or able to read usb sticks to begin with.

but shitty ISPs blocking ports behind NAT do

We made the decision in January to block all USB removal devices, the shitstorm it caused was amazing.

Despite the fact we had Dropbox and Google Apps people were still complete luddites wanting to save data to memory sticks and external hard drives which were always going missing or bring malware onto the network.

Just slap every single one of them.

>they can still connect MTP

I WANT A SAMPLE

I literally couldn't be bothered to care about this ial just reinstall i save nothing of value that isnt backed up remotely

virustotal.com/en/file/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745/analysis/

>mfw forced updates was the best thing to happen to windows

I'm not really scared of getting hit by ransomware on my machines, but the fact that hospitals, airports, banks and so on get hit by basically get brought down for some time really scares me. And then there's even scarier shit like electricity companies, nuclear power plants and so on.

It didn't stop Widows 10 from getting hit
If the update system worked it would be fine, but it doesn't work

I doubt high security sites like NPPs run Windows

Correct me if I'm wrong, but wasn't Stuxnet this exact scenario?

windows update are to apparent they should have made them able to update in the background

You'd be surprised. The people who set them up are just as dumb and lazy as anyone else.

you'd be wrong

Iran isn't a first world country. I'm pretty sure countries like France which rely a lot on NPPs use specific OS'es for the sake of state security.

>iran

It actually did you fucking retard.

It didn't, WU stops working for no reason, this is well documented

I doubt that being first or third world has anything to do with this. Stuxnet targeted Windows computers that contained Siemens' WinCC control software designed for Windows. I doubt that Iran is the only country where they use Siemens' software for Windows to manage places like nuclear power plans.

How do I avoid this as a tech illiterate?

A new wave of media clickbait?
It's like its 1999

Many of these things were built way before computer security was even considered a serious issue. They'll just be running XP.

So if you dont care about your information should you be able to just swap out drives?

Install gentoo

Keep backups that cannot be nuked by malware.

>muh linux invincibility

Yes. At least until the next major generation of malware which installs itself into firmware.

>- Ukraine
Heard the report over the radio. Entire fucking country stopped. Everything, banks, government administration, railway. Everything's running windows.

They're already blaming russians.

mfw

I have all my personal amateur porn backed up on a USB Flash drive. I have a lot of files I wouldn't want to lose on my computer also though, so I guess I should buy an external HD.

>things that never happened

Good try pajeet

yawn

>muh russians

It was supposed to be North Korea at some point too.

...

thought so, and spooky!
i'm confused, dont you have to download something to get it?

What exactly did big companies do to get the ransomware on their computers?