ransom ware worm

This ransomware attack encrypts all of your important files with a method with which only the hacker has the key. In order to get infected you have to click on an e-mail that was sent to you by a friend who has also been hacked. You pay $300 bitcoin and they let you decrypt your files. You don't pay and you've pretty much lost everything and need to reformat your drive.

Like I said before, the way the ransomware works is that it looks to a command & control host for further instructions. If it can't find the host then it locks the machine (encrypts all of the files). If it does find the host, the ransomware ends itself. The 22-year-old analyst found this out and bought the domain so that infected computers can connect to what the ransomware *thinks* is the command & control host, thus ending the hack. BUT, he warned that the malware is smart enough to re-manifest itself. It appears as if that's happening. I saw some news blurbs on it today but haven't had time to read them yet.

Two comments.. First: Alternative Operating systems less suspitable to hackers (If they don;t know what you are running.....) I had several back in the old days trying to hack into my computer... But their hacks simply did not work on my OS.

2: There are two kinds of "Ransomware" I am aware of.. ONE gets itself into your system and .. Well.. Makes you wish you'd backed it up yesterday. But the far more common one is the page that INSTALLS that type of ransomware.... Example

Warning... Your computer is infected with 5 Viruses. Click the link below (NOTE I am not poroviding a clickable link) to remove.

So you clik on Clean my computer . ha ha and ...

It installs 5 viruses on your computer

Now you need to call 800 You Sucker and give them your credit card or debit card.. Then they vacuum your bank account for you.


The problem is the Web page. which in and of itself is harmless, disables all the normaly "Exit this page" methods..

What works.. Well I'v e had rather good luck doing a hard power down of the computer and turn it back on... In the old days I'd have taken note of the URL of the ransom page and entered it in a special file on the c omnputer but Microsoft is afraid I might actually USE that file (I DID) so now I can't figure out how to edit it.

(Hosts You put the URL of the Ransom page followed by 127.0.0.1 (or preceedee by it, I forget) and when next you get sent there 404 Rip off artists not found).

The story on this seems to be evolving. When the media first started reporting this problem (around here) they showed images of PCs with W10. Now it seems that it's possible that some W10 PCs got infected but most were older PCs running XP.

delwhjr wrote:

Microsoft has also released a patch for XP; even though it is outside the support structure.

I miss XP. Even though at the time I thought it was bloated and slow.

MEXICOWANDERER wrote:
National

INsecurity

Agency (?)

This recent attack has a really fascinating array of issues associated with it - including whether state-sponsored organizations should be hoarding potentially dangerous cyber weapons. Like any other weapon, it can be very damaging in the wrong hands. Microsoft, among others, is speaking out rather strongly about it today.

National

INsecurity

Agency (?)

I read an article today that says a 22-year-old security analyst essentially mitigated the attack on Friday. He discovered that if the ransomware could not connect to its command and control host, that it would lock the PC. If it does connect, then the ransomware terminated itself. He also found that the domain for the command and control site was for sale. He bought it. Once the infected computers were able to connect to his newly-purchased domain the ransomware shut down.

Microsoft distributed the patch two months ago, which could have forestalled much of the attack. The security bulletin MS17-010 covers all of the patches for the various OS versions. If you have allowed critical updates since March you should be okay. Check your update history to confirm successful critical updates since then.
Quote from Microsoft:
"So all the computers running supported versions of Windows and kept up-to-date by Windows Update were safe even before the ransomware was released into the wild. The problem is those consumers and companies that are still running old versions of Windows, especially Windows XP as well as companies and users that stop Windows Update from keeping the systems secure."
Microsoft has also released a patch for XP; even though it is outside the support structure.
This is another reason not to continue to operate outdated software. I have a few of my old customers who chose not to upgrade that called me to start the upgrade NOW.

This is also why you should always have backups of the items which are important to you.

Here is the Microsoft page on the MS17-010 vulnerability.

Here is a page with information on all the out of support affected OS's, including Windows 8, Windows XP & Windows Server 2003.

For those that don't trust links:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Does anyone have the WIN10 PATCH ID number - I'd like to check my setup to see if i have this patch. Last week I got a bunch of WINDOW 10 updates...

Roy Ken