With all the ransomware going around with WannaCry and Petya, I figured this would be a good thread.
Things to ask:
>Where can I get [Virus]?
>What can I do to protect myself from [Virus]?
>What is [Virus] programmed in?
>What systems does [Virus] affect?
>How can I stop [Virus] if it is on my computer?
Now, a question I have is: Is there a way to infect a machine you don't care about, say a VM, with the Petya ransomware so you can break it down and examine it?
Other urls found in this thread:
youtube.com
xkcd.com
vxheaven.org
twitter.com
fuck off
yes, and somebody already has.
youtube.com
Thank you for this intelligent and helpful post.
install gentoo
obligatory 'this doesn't affect linux, right?'
Petya/NotPetya/etc. is not ransomware. It is a wiper that was probably designed by Russia to attack Ukraine.
If you get infected your data is gone. Load a backup or something.
You avoid getting infected by keeping your Windows machine patched or by using an operating system that doesn't have security by obscurity as a principle of its security strategy.
Ransomware exists for every major OS. There's no cure for stupidity.
>>Where can I get [Virus]?
From being stupid and not having an ad blocker.
>>What can I do to protect myself from [Virus]?
Have backups
Don't execute programs you don't trust
>>What is [Virus] programmed in?
C, ASM
Read Hacking - The Art of Exploitation
>>What systems does [Virus] affect?
Whatever system the virus targets
>>How can I stop [Virus] if it is on my computer?
Don't even try. Reinstall OS. Restore backups.
>Now, a question I have is: Is there a way to infect a machine you don't care about, say a VM, with the Petya ransomware so you can break it down and examine it?
Do it in a VM and take snapshots so you can always go back to a pre-infection stage
Relevant: xkcd.com
Where can i get these viruses? Serious question, I actually want to download them, where can I?
>From being stupid and not having an ad blocker
Heh, I assume your knowledge of this particular virus is very limited. Although, the 'being stupid' is mostly correct.
There was a forum somewhere made to research these viruses, but i can't remember the name.
at some point, someone has to fuck up
and the fuck up is usually from either ineptitude, laziness or some other form of idiocy. I'd say being stupid is a pretty good explanation,
Maybe this. I don't know shit about programming though.
vxheaven.org
I'm working in a huge german company and they just started randomly fire people 300+. Me including. I saw that NotPetya fucks big companies around the world. Where do I get this I want to fuck those idiots up like they did to us. Can someone help an user? I will show you and post everything with Timestamps if this shit goes down here.
Do you want a link to that ransomware?
Something like that
>Where can I get [Virus]?
I have a public email address, I can usually get virus du jour from its inbox, and confirm identity by uploading to virustotal. There are online depositories but I'm not naming them here.
>What can I do to protect myself from [Virus]?
Common Sense 2017. Still not a meme
>How can I stop [Virus] if it is on my computer?
No idea, never happened to me. Wipe and restore from backups?
says who? Western Media? Might as well be the USA trying to put the blame on Russia, as fucking always.
I have it but you're going to have to put $5 in my paypal :^)
Quality channel, thanks.
>says who?
researchers who have taken the code apart and seen it is practically identical to shamoon, which was a massive attack on us computers in saudi arabia following stuxnet
Read the Malwarebytes blogs and Kaspersky labs, they explain lots about malware analysis.
Many malwares employ some tricks to avoid being loaded in a VM or debugger, you'll have to work around them.
VM exploits that actually work on modern VM hosts are rare, though certain Stuxnet variants use them.
If you disable the MsMpEng thing you may be able analyse the exploit/logic for Petya/notPetya, but seems not to be an easy to analyse malware by far. Start with the more amateur ones (this is all on the blogs)
>security by obscurity
lol wtf is wrong with winblows. Thats a InfoSec 101 no-no. Wouldnt be surprised if MS servers store their admin passwords in plaintext.
>Don't even try. Reinstall OS. Restore backups.
Hashcat can bruteforce some weaker hashes. Need a couple hundred GPUs though.
K
S
Dumb toddler.
>Where can I get [Virus]?
port 445 gaping, if you're in an office space i would worry about active directoy too
>What can I do to protect myself from [Virus]?
close said port, try emet, hope for the best or just install GNU/Linux
>What is [Virus] programmed in?
C/C++ is my guess
>What systems does [Virus] affect?
any windows system that's neglected to install the march patch
>How can I stop [Virus] if it is on my computer?
u cant :)))))
virustotal like in vid