ransom ware worm

I read an article today that says a 22-year-old security analyst essentially mitigated the attack on Friday. He discovered that if the ransomware could not connect to its command and control host, that it would lock the PC. If it does connect, then the ransomware terminated itself. He also found that the domain for the command and control site was for sale. He bought it. Once the infected computers were able to connect to his newly-purchased domain the ransomware shut down.

National

INsecurity

Agency (?)

MEXICOWANDERER wrote:
National

INsecurity

Agency (?)

This recent attack has a really fascinating array of issues associated with it - including whether state-sponsored organizations should be hoarding potentially dangerous cyber weapons. Like any other weapon, it can be very damaging in the wrong hands. Microsoft, among others, is speaking out rather strongly about it today.

delwhjr wrote:

Microsoft has also released a patch for XP; even though it is outside the support structure.

I miss XP. Even though at the time I thought it was bloated and slow.

The story on this seems to be evolving. When the media first started reporting this problem (around here) they showed images of PCs with W10. Now it seems that it's possible that some W10 PCs got infected but most were older PCs running XP.

Two comments.. First: Alternative Operating systems less suspitable to hackers (If they don;t know what you are running.....) I had several back in the old days trying to hack into my computer... But their hacks simply did not work on my OS.

2: There are two kinds of "Ransomware" I am aware of.. ONE gets itself into your system and .. Well.. Makes you wish you'd backed it up yesterday. But the far more common one is the page that INSTALLS that type of ransomware.... Example

Warning... Your computer is infected with 5 Viruses. Click the link below (NOTE I am not poroviding a clickable link) to remove.

So you clik on Clean my computer . ha ha and ...

It installs 5 viruses on your computer

Now you need to call 800 You Sucker and give them your credit card or debit card.. Then they vacuum your bank account for you.


The problem is the Web page. which in and of itself is harmless, disables all the normaly "Exit this page" methods..

What works.. Well I'v e had rather good luck doing a hard power down of the computer and turn it back on... In the old days I'd have taken note of the URL of the ransom page and entered it in a special file on the c omnputer but Microsoft is afraid I might actually USE that file (I DID) so now I can't figure out how to edit it.

(Hosts You put the URL of the Ransom page followed by 127.0.0.1 (or preceedee by it, I forget) and when next you get sent there 404 Rip off artists not found).

This ransomware attack encrypts all of your important files with a method with which only the hacker has the key. In order to get infected you have to click on an e-mail that was sent to you by a friend who has also been hacked. You pay $300 bitcoin and they let you decrypt your files. You don't pay and you've pretty much lost everything and need to reformat your drive.

Like I said before, the way the ransomware works is that it looks to a command & control host for further instructions. If it can't find the host then it locks the machine (encrypts all of the files). If it does find the host, the ransomware ends itself. The 22-year-old analyst found this out and bought the domain so that infected computers can connect to what the ransomware *thinks* is the command & control host, thus ending the hack. BUT, he warned that the malware is smart enough to re-manifest itself. It appears as if that's happening. I saw some news blurbs on it today but haven't had time to read them yet.