Gamers Bill Of Rights
Home | News | Case Studies | Forum
Search
Forum Home | Login
DrJBHL
DrJBHL
Join Date 04/2002
+4276

WannaCry worm history and what you should do.

The predicted nightmare.

May 13, 2017 6:56:25 AM from JoeUser ForumsJoeUser Forums

 

History: "Shadow Brokers" hacked the NSA in April 2016, and leaked the American cyber weapon ETERNALBLUE for the Microsoft Windows system. WannaCry's developers used ETERNALBLUE as the basis of their ransomware (not confirmed by experts), which gains access to a Windows computer, through a Windows vulnerability which was patched by MS on 3/14/17. 

"Organizations that lacked this security patch were affected for this reason, and there is so far no evidence that any were specifically targeted by the ransomware developers. Any organization still running the end-of-life Windows XP, would be particularly at risk, as no security patches for that have been issued by Microsoft since April 2014. As of 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running Windows XP." - Wikipedia 

It is passed by email, and infects after the email attachment is opened.

One enterprising British fellow got a look at it and found the hard coded "kill switch" and by purchasing the domain the worm turned to, effectively stopped its spread.

Now there's a variant version of the first worm together with which, the computers (large networks and small) in 94 countries or so have been attacked, including hospital systems, FedEx, Telefonica, etc.

So, what should you do? First, patch your system with MS's latest update through Windows update. To protect yourself, make sure Microsoft patch MS17-010  is applied to your PC.That will protect you against version one. Next, MAKE A DISK BACKUP, which you should have been doing all along. Update any anti-ransomware app you have. However, to the best of my knowledge, there's no specific update for version 2 just yet. At least not for the Malwarebytes app which I have.

I would avoid any email with an attachment. Yeah, it's a pita, but seriously, what else can you do?

 

My thanks to Fuzzy Logic for his initial warning about the second variant Forums post.

 

Sources:

https://mspoweruser.com/microsoft-release-statement-on-massive-worldwide-ransomware-attack/

https://www.binarydefense.com/wannacry-mass-ransomware-worm-campaign/

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

+1 Karma
Search this post
Advanced Search
Subscription Options
Reason for Karma (Optional)
Successfully updated karma reason!
Fuzzy Logic
DrJBHL
Cosiegas
Join Date 06/2017
+1
Reply #1 June 16, 2017 8:37:34 AM
from Offworld Trading Company ForumsOffworld Trading Company Forums

Just reposting this information here, in case someone needs it:

So now there is a possibility to unlock files encrypted by WannaCry ransomware using a free decryption program

https://blog.malwarebytes.com/cybercrime/2017/05/wannadecrypt-your-files/

http://thehackernews.com/2017/05/wannacry-ransomware-decryption-tool.html

https://malwareless.com/free-wannacry-ransomware-decryption-tool-unlock-files-without-paying-ransom/

The decryptor is only going to work if you haven't killed the ransomware process (should be wnry.exe or or wcry.exe) in Task Manager. 

+1
Reason for Karma (Optional)
Successfully updated karma reason!
View all recent posts
Mark all posts as read Delete cookies created by the forum Return to Top
Stardock Forums v        Server Load Time:   Page Render Time:
© 2025 Stardock. All rights reserved.
Home News Case Studies Forums