Would you pay the ransom?

>>60368254
nigger it doesn't matter if you pay it or not, you're fucked

>boot safe mode
>remove virus
????
PROFIT.

>>60368275
>nigger it doesn't matter if you pay it or not, you're fucked
Nope. If you pay, you'll get your files back. It's documented that these virus scumbags honor the deal.

So, do you have anything on your computer that's valuable?

why are there so many threads about this?

Is it really that out of control? haven't been on /g/ for a while

>>60368298
>Full disk encryption
>Boot safe mode
Pick one

>>60368298
you forgot the part where you decrypted your files

File: 1480348875930.jpg (40KB, 590x550px) Image search: [Google]

40KB, 590x550px

>>60368298
in which step do you crack the encryption and recover the files, baka?

>>60368275
almost all of them give your files back. It's no trouble to them to do so, and if they didn't that just decreases the likelihood of others paying.

>>60368320
nice try

>>60368346
>>60368330
>>60368329
Fuck I thought it was just a lie.
How does it actually encrypt your files?

I always found it cute that randsomware always tries to play it off as if they're a professional company or the FBI that found your CP.

It's just so bold and cheeky.

No, I'd just restore it from my backup :^)

>>60368254
I'm a winshit user, and I'd just install Linux, all my important files are backed up

File: noneofthismatters.jpg (56KB, 467x315px) Image search: [Google]

56KB, 467x315px

No, I've been needing a good reason to format my drive and do a clean install. All my registry files are fucked anyways because a warped GPU (physically warped... it was a heavy twin frozr GTX 480) meant that my computer would randomly crash while installing or updating shit. Even today, I can't update any graphic utility other than the driver and every time I start my computer all my USB drivers are "not working" and I have to manually restart them through the hardware panel. It's fucking stupid.

Bring it on, fucker. Give me an excuse to wipe my shit.

File: C_qS7xvVoAEi0Pa.jpg (285KB, 2048x1012px) Image search: [Google]

285KB, 2048x1012px

>>60368324
I'd say it's pretty fucked m8

>>60368419
At least you know now why having a registry is retarded

>>60368369
It runs in the background.
Reminder that ransomware, like all viruses, mainly targets 40ish year old office ladies and grandpas. They won't notice their computer sitting at 100% CPU for an hour.

>>60368369
>How does it actually encrypt your files?
RSA public-key cryptography, with the private key stored only on the malware's control servers.
basically, even the NSA would have trouble cracking that shit.

>>60368490
It's really retarded. I tried wiping my GPU drives like 10 times with a laundry list of programs and methods and I still cannot reinstall a GPU driver correctly. My computer is just generally slow too. Searching windows for a file through their util is fucking slow and sometimes I notice windows opening at alarmingly slow rates. Fucked installation, fucked life. I'm ready to blow it all up.

I have a SSD now, I'll just reinstall my OS on that now.

>>60368421

We need to escape to Namibia

>>60368506

it takes an hr to encrypt a HDD?

>>60368570
I was speaking hypothetically, the actual speed is highly dependent on the program and type of encryption, as well as the speed of the CPU and the hard drive

>>60368254
I only have games on my winshit pc so I can just redownload them after I format the HDD
All important data are on my second pc running linux

How retarded a person has to be to not have 3rd party antivirus on win?

>>60368549
I am going to ask pretty retarded question so please bear with me.
Can't you decrypt it with public key ?
Can't use use the public key to guess the private key ?
Can't you find the key with some brute force method ?
Can't you find the key by observing the encryption pattern ?

>>60368254
if i was a retarded winshit user, probably.

or cry to the news, dad, banks, politicians and demand they fix it for me after neglecting my tech.

>>60368740
u can't
but mr. roboto can
with raspbi linux

>>60368771
>sudo apt-get update && ./p0r75n1ff3r.sh

File: IMG_3426.jpg (56KB, 676x426px) Image search: [Google]

56KB, 676x426px

>wincucks

They never learn, do they?

>>60368740
no, no, yes*, and no
*anything protected by a string of digits can be brute forced but brute forcing modern encryption with any currently existing computer would in all likelihood take longer than the remainder of your lifespan, and you getting lucky and getting the key would probably be one of the most statistically unlikely events in the history of the universe.

>>60368740
>being cryptographically illiterate

Kek. It's not a padlock that you can pick with a hairpin.

File: 1494518030744.png (188KB, 1139x1437px) Image search: [Google]

188KB, 1139x1437px

>>60368805
they're gluttons for punishment

>>60368254
No. I got offsite backups of everything

>>60368254

>be me
>save the sensible files on MEGA
>WANACRY.exe
>wipe disk
>reinstall the OS
>???
>profit

> tfw hackintosh

Feels good running on a better developed OS. If Apple released MacOS as a standalone OS people would be leaving Winshit in DROVES

>>60368617
Is there a program for Windows that can warn you if your CPU is over 90% for 5+ minutes?

>>60368254
i am and i definately would this ismost beautiful piece for malware created :3 i would also add some bonuses for such wonderful work.
cant wait to get infected with that <3

>>60368254
Are you retarded
Nuke the computer and restore from backups
Paying will only encourage these weebs to hit more targets

>>60368320
What, you think you can honor a deal with some random Russian basement dweller and count on his word?

>>60368889
yeah go download not being a retard 20XX
if your fans are whining and everything is chugging for no apparent reason, something might be wrong.

>>60368858

THIS

>>60368897
They honor it because it's absolutely no trouble for them to do so, they can easily automate the system and it wouldn't hurt them at all to do that, and if it was known that they wouldn't give your shit back nobody would pay them.

>>60368889
Yeah, there are these things called ears most people just get for free
If your cpu is louder than usual check task manager

So why did it take this long for blackhats to use nsa's leaked haxor suite?

>>60368897
>What, you think you can honor a deal with some random Russian basement dweller and count on his word?
not honoring it would be bad for business you retard. they always honor it because it makes them more money. you're a baka. post less.

>>60368951
>>60368918
Not him, but can they configure it so that encryption takes longer and they utilize fewer system resources to avoid detection?

I have nightly backups of my data HD going back two weeks. I'd save the malware sample to toy around with it and reverse it in a VM, then install a fresh image and restore everything with a single command. While I wait for the process to finish I read for a bit.

>>60368987
Yeah but there's a greater risk of the computer being turned off, I'm sure they have thought of that, there's also the fact that people generally don't think that they're being hacked because their cpu got louder

>>60368987
They could but that won't help them much to get past computer literate people and their targets are old grandmas who don't want to lose their kids' photos and companies staffed by 40 year old women anyway. Tech savvy people generally won't pay.

>>60368254
>be Winblows user
>disable upgrades to be able to remove OS spyware
>get infected because of running old and vulnerable software
FeelsBadMan

>>60368987
Sure. Just use nanosleep every X iterations and it'll keep the CPU footprint low. Of course it will take longer to finish the encryption, but who cares.

>>60369048
>greater risk of the computer being turned off
So the process needs to run uninterrupted? Can it not continue from where the computer shut down the next time it boots up?

If the malware spread in an office and 20 people there noticed their systems starting to get laggy, they're more likely to call the IT guy than if it takes 3-4 times longer but theres no indication of anything happening that the average dude can detect.

>>60368254
no, my useful shit is on a usb

>>60368254
No, I backup all my important data.

>>60369058
>>60369083
I suppose their potential market is so big that they don't care if 5 out of every 10 infected is tech savvy enough to save himself and 4 don't pay when they can make $300 out of just 1 of 10 guys.

How do I get into it? Seems like easy money.

File: connection.png (34KB, 377x474px) Image search: [Google]

34KB, 377x474px

my theory is as follows:

>microsoft rolled an important patch weeks ago? because NSA no longer monopolize the exploit in light of 'leaked secrets'
>someone perhaps saw the importance of this patch (being administered into XP and other discontinued editions?)
>exploit is reverse engineered by another hacker to actualize
>too bad(good) everyone wasn't able to install updates timely or regularly plus fact that few editions have broken windows update esp. Windows Jupiter/Midori (8.0)
>exploit uses the SMB protocol (port 445) which is active by default if bad INFOSEC
>Samba is used for printing or file sharing via WLAN-LAN or even over WAN
>modern linux routers have open source implementation of SMB which is called Samba (works on both linux and windows) and the problem is modern routers activate the feature by default. Either way, SMBv1-3 are affected by ETERNALBLUE so anyone can get infected unless they blocked RDP and SMB protocol on their local computer (doubt this works because backdoor still works regardless of configuration)
>Samba is harmful IMO
>Luckily those who still use fax machines for printing and had done proper OPSEC aren't gonna be infected

Everyone who have the following will be infected without user intervention (as seen on kiosk screens):
>Operating System with outdated security (updating doesn't mean you're protected. there's a history of patches containing even more of the NSAdoor)
>router that is connected to WAN with the critical ports active

This is how NSA backdoors work and a good lesson to all of you NSA deniers who aren't NSA shills.
Pic related. You might want to uncheck everything except TCP/IPv4.
After that disable RDP (remote desktop) and SMB (at services.msc?).
That's just the tip of the iceberg. If you wan't to dive deeper into the rabbit hole try looking at task scheduler and drwatson/event viewer until you hit a brickwall: metadata everywhere

? = yet to confirm or iirc

>>60369142
You gots to become an haxor with no morality or empathy

>>60369157
Why no ipv6?

>>60369006
That's cute

>>60369170
I'm no haxor, but this shit is probably easier than other types of hacking methods, right?

If I were a top hacker, what would be the most profitable and least risky way for me to make money? And if I were not a hacker, which would require the least skill?

>>60369252
No, worms that take full control of the os are some of the hardest viruses to make. This particular worm didn't even require social engineering.

No haxor- then you're a script kiddie. Good luck finding a script that hasn't already been used a million times

>>60369210
Some ISPs don't support ipv6, and it's not as secure (from what I've heard, not sure though).

>>60368254
How likely is it that this is all just created to desperately shill linux ?

>>60369210
at your own risk

>>60369157
>wasn't able to install updates timely
Two. Fucking. Months.

>>60368254
>he doesn't deepfreeze his C drive.

>>60369357
Ah, make sense. Shit that uses less social engineering is more dependent on programming, hence more difficult.

>>60368549

rsa was cracked a bit ago faggot

>>60368254

>not backing up files

anyone "hit" by this deserves it for using shitty windows

>>60369551
The ransom uses 2048 bits RSA

>>60369252
Being a hacker means you always think that anything can be possible. Even you getting caught should be carefully planned out in advance. Be mindful, make no mistake.
It's like the combination of pessimism and optimism. Yin Yang.

The hacker who executed the happening carefully thought the outcome and succeeded it in a timely manner. It's not as easy or simple as you think it is. Still not sure if he can get away with the whole world hunting him down. Hackers can't be faint-heart.

>If I were a top hacker, what would be the most profitable and least risky way for me to make money?
Hacking a server remotely and grabbing the whole database. You can sell the database or use the credz. It's as simple as stealing secrets and selling secrets. On the bright side you can be a legitimate white hat hacker and use your hunting skillz for bug bounty.

>>60369697
>executed the happening
Do you mean the fappening? You mean if I managed to get the data, I'd also have to work out how to safely distribute/sell it without it linking back to me?

>stealing secrets and selling secrets
But a company with secrets worth selling is likely to have paid someone thousands if not millions to keep them safe. A single hacker can still find a way in?

Reminder that the only ones who got this "le ebin virus xD" are autists who disabled updates.

>>60369157
Wait, this thing uses port 445? I remember disabling those a while ago. Phew.

>>60370135
>disabling
enjoy not being able to connect to anything

>>60368421
>madagascar and greenland still uninfected
some things never change

>>60368918
>>60368951
Thanks for replying but I just stress tested my CPU at 100% and notice zero noise difference. It's fan cooled but noise does not increase.

And before you say that I Fd up my build, It's been purring since 2011 and no cpu issues whatsoever.

>i5 2500k, zalman cpu cooler

>>60368850
where?

>>60368254
>be me
>take out hard drive
>either toss it or clear it externally (better get a big ass magnet)
>ensure it's cleared
>remake all like 5 of my personal files on windows

Alternatively:
>be me
>have ssd backup at all times
>take out hard drive, put in fresh one
>boot from ssd
>set it up again from there

I'd rather invest maybe a day of work than $300 (ish), i couldn't give less of a shit about my pc's files being kept in one piece.

No. Because I am not a retard and actually backup my stuff.

>>60368984
> bad for business
Fucking top kek. Cyber criminals is a business now? Where the fuck do I hand my cv in Lad?

>>60368254
If the virus got my media drives, which don't have [current] offline backups since I'm a lazy sod, I'd probably pay the ransom. (It'd take a week straight of maxing out my connection to redownload all my shit. I'm sure many of these torrents are defunct by now.)

If it only touched my boot drive? I'd just nuke it from orbit.

>>60370489
if they don't nobody will pay to have they files backs since they wont have them back anyways

>>60368740
no, in any practical sense

>>60370082
>A single hacker can still find a way in?
Yes.
There is no such thing as perfectly secured system.
If you are hacker you are trying to find exploit. If you do find it you might be closer to your treasure or even you might be able to jump over the whole system.
But that's not all. the defender might have realized there was someone inside, or that THERE IS someone inside.
Your timing and execution have to be perfect.
It is possible for 1 person to do this.

>>60368740
>Can't you decrypt it with public key ?
no
>Can't use use the public key to guess the private key ?
no
>Can't you find the key with some brute force method ?
not really, no
>Can't you find the key by observing the encryption pattern ?
no

It's encryption, it's designed to resist all this shit

>>60370166
But 445 isn't really used for anything other than SMB. If it were 443, then he wouldn't be able to do anything.

>>60370773
So they lose nothing if no one pays anyway, heck if you pay you just encourage them to increase the ransom.

>Would you pay?

Never.

I'd nuke my drive from orbit and restore from backups. Might be a month old, but it's nothing hugely important anyway, just some furry porn and some hour sheets.

File: idiots.png (38KB, 860x281px) Image search: [Google]

38KB, 860x281px

>Total Received $ 5,923.59

>>60371268
So a skilled hacker basically finds the flaw in millions of lines of code that he can exploit.

What are some (in)famous hackers that have done precisely this? Any documentaries?

>>60371677
So bascially like a robber that only steals the money from one till and even forgets to look under it for the 100$ bills. Nice.

Chances are these people that paid are wealthy enough that $300-600 was pocket change and was worth it just to see if it would actually unlock their shit.

>>60368254
>paying for 1's and 0's

I would just pirate everything again.

File: 1466085810977.png (100KB, 583x720px) Image search: [Google]

100KB, 583x720px

>>60371677
>>Total Received $ 5,923.59
there are 3 BTC addresses associated witht this attack. about $30k was paid so far.

100k+ infected computers, whole world is scared, whole world is hunting you... and all that for $30k.

that's some stupid shit right there.

>>60371814
I wonder if he/they already in the woods.

I always keep my important files backed up on Google Drive (which doesn't sync automatically because I disabled its autostart). What's left is a bunch of memes and torrents, not even remotely worth 300 bucks (especially in an Eastern European country, ie poorfag). So no, I wouldn't pay.

>>60371992
if it was me, I'd be hammering my HDDs hours ago.

that guy will look behind his back for the rest of his life. this is some serious shit. everyone will want you dead or in jail.

>>60368324
It only affects Windows. Linux shills are out in force.

In reality the infection window (hue) was only 3 hours, but it took down a bunch of massive networks in that time. People died in the UK because their socialist hospitals got fucked. Turns out the NSA has good toys.

>>60368254
No. There's nothing in my PC I cannot replace at the moment

>>60372129
retarded gaymer detceted

I'm literally going to lose my job over this hack

Boss found out that there was a windows update that would have prevented this and asked me why the fuck we didn't update.

>>60372129
Good luck replacing your time, moron.

>>60368254
Nah, my porn collection isn't worth that much.

>>60368254
If I had data worth more than 300$ I would pay, but at the same time you would have to be retard not to have backup.

>>60369412
Medical and Hosptials can't update since you don't want to break or slowdown a piece of medical equipment with a useless patch. Think like a WinXP-based blood pressure monitor that's networked on the LAN to send its data into the patients heath chart, or an anesthesia machine running Windows 2000. One bad update and it could, let's say, hang during an operation.

Also, depending on certification, that *exact* config and only that exact config is certified for FDA or whatever the local equivalent's approval.

>>60368254
no cause i have a backup

oh wait you said retarded so i'd just buy another computer instead

I actually got hit by this AMA.

>>60368254
how do you even get this crap?
i thought you only get it if you download some shady .exe file but can this just randomly happen to you?

>>60372294
>I actually got hit by this AMA.
lol'd. how? is your shit encrypted now?

>>60372278
This is why hospitals should be using GNU Health, or other FOSS software.

>>60368254
No. I'll be losing a lot of data but two things
A. I'd deserve it for being dumb
B. Don't negotiate with terrorists.

>>60372074
the fact that he hacked hospital basically makes him not only a criminal or a leet hacker, but a MONSTER. if he gets caught he will never get out of prison again or death row. public will demand so

>>60372314
https://en.wikipedia.org/wiki/EternalBlue

>>60368866
Dubs wins

>>60372314
Dude, viruses can get to your machine just by you opening an email or going to a website.

>>60372314
if your unpatched windows machine is directly connected to the internet (i.e. has an external IP) the worm can spread to your machine via the NSA SMB exploit.

>>60372314
Backdoor / drive by, hence why it's so prolific.

All it takes is being on the same LAN as an infected machine, having SMB on (which it is by default), and being unpatched.

Has nothing to do with downloading or clicking a phishing link.

>>60372316
Yeah, it encrypted most media extensions except .webm for some reason. I have no idea how I got it. I only use my Windows machine to play stuff on Steam.

>>60372200
Better than my money, faggot
I need to reformat anyway

>>60372386
someone on your LAN got it or your firewall failed.

what now? will you pay or dban everything?

>>60368740
if any method you said was possible we would be literally fucked.

File: 6a00d8341bffd953ef0134800ed5ab970c-pi[1].jpg (34KB, 372x340px) Image search: [Google]

34KB, 372x340px

>>60372364
p.s. does anyone not undage remember w32.blaster?

>>60372351
You call them Worms if they do that. Viruses you have to actually execute to be infected by

my family pics and important files are backed up 2x on external, I might lose a little I havent backed up yet but I would write down the infor and wipe it. Then I'd contact pretending I was a tech illeterate boomer that wanted to pay but didn't know how. Hopefully they'd bite and I could get some lulz frustrating the shit out of them.

>>60372445
I remember sasser. I remember getting my computer fucked, reinstalling windows, connecting to the internet and instantly getting fucked again.

>>60372364

Shouldn't that only be possible if youre directly connecting to a modem without a router ?

>>60372197
Why didn't you use Windows Update?

>been checking for updates for hours now
>already downloaded the ''bug fix'' ages ago when i first installed this win7 PC Last year

fun, how do I go about turning off this SMB shit and can it remain off or does it hinder me in some form

So news says that it's over already? Is that it now?

>>60368390
Like 7 years ago I had one of those.

Scared the piss out of me because there was just a / CP flood a few days before on /tv/.

I didn't fall for it though because the FBI probably doesn't accept payment in itunes gift cards.

>>60372471
generally, yes, but the router can theoretically be forwarding SMB ports to your machine so you'd be fucked too.

>>60372197
Well why the fuck didn't you update?

>>60371562
Russian cybercriminals always honor the deal.

CP, Vicodin, ransomware, like you get your shit.

How does this virus infect your pc?

>>60368254
The people that this targets aren't going to have a clue about what bitcoin even is though

>>60372696
That's why they added guides.

>>60372445
OH MY GOD.

Hold the FUCK up.

THIS LIL NIGGA. We go way back. You ruined so many Starcraft games. And like I reinstalled everything and updated everything but SURPRISE he's back... He always came back...

>SON IF YOU WERENT INSTALLING SO MANY VIDEO GAMES YOU LEGALLY PURCHASED ON DISC FROM BEST BUY THIS WOULDN'T HAPPEN TRUST ME I ASKED RACHEL AT WORK SHE KNOWS COMPUTERS

Man this is fucking bizzare I must have locked this memory away.

>>60368897
>What, you think you can honor a deal with some random Russian basement dweller and count on his word?
Yes because they do.
If ransomware never gave your files back no-one would pay, since the first google result would be 'don't bother paying, they don't give you your files back'

File: 1449081394368.jpg (70KB, 488x492px) Image search: [Google]

70KB, 488x492px

>>60372710
I doubt even guides would help them understand what they were supposed to do desu

What would happen if the computer was shut off before everything was encrypted? Is there any way to stop it then?

>>60372832
Not to mention that there are limits to how much Bitcoin you can buy and how fast on the major markets.

So basically this ransomware virus only affects people that haven't updated their shit in forever (baby boomer filled businesses/schools and stupid gamers).

Serves them right for keeping that old outdated pirated copy of Windows 7

>>60372696
>>60372710
>>60372832
>>60372878
You can check the addresses though. people are paying in the 300$ every other hour or so, Multiply that by how many different addresses they use.
>there are limits to how much Bitcoin you can buy and how fast
Those are no way near petty sums like 300$

File: tmp_17273-1476450584805263377210.jpg (310KB, 1920x1080px) Image search: [Google]

310KB, 1920x1080px

Nope. I can always re-download my porn and anime as I feel like it, got my polish images I shouldn't have in a drive somewhere else and most of the games I care about are either free or on Steam ( I guess that would finally turn out to be useful ). This would also help me complete the switch to OpenSuse or something else.

>>60372445
This motherfucker right here. I remember spending an entire day without sleep tracking this fucker down.

>type ".exe" or something similar anywhere in windows
>I can't let you do that mr. anon
>pc shutting down in 59 seconds

>>60370477
>>60368858
>be me
Why would anyone want to be you?

>Wana = 罠 = trap

Which one of you weebs made that?

RIP FedEx
>>60373058
why would you post a picture of a blank brick walkway

idgi

>>60368549
Incorrect.
File encryption is done with a symmetric cipher (AES-128 in CBC mode in WannaCry). The symmetric key is then encrypted using the public component of an RSA keypair (the malware writer holds the private component of course).

RSA (and assymetric encryption algorithms in general) aren't cryptographically impervious if used to encrypted "huge" data blocks - such as the entire fucking disk.

If properly implemented, no one can crack this scheme after the fact - you're right on that.

>>60372197
You should lose your job, because you are fucking terrible at it

>>60368740
There is still a chance of a worm author being a retard and screwing up his cryptosystem design, making it possible to recover encrypted files. It all depends on how well it is implemented.

File: tmp_17273-1491223781538291903033.png (453KB, 484x618px) Image search: [Google]

453KB, 484x618px

>>60371814
Maybe he's not even planning to collect it. Maybe it was just some freetard pranking wangblows users. Too bad people died because of it.

>>60373141
Dlet that, Akarin~ is cute.

>>60373058
>Nope. I can always re-download my porn and anime as I feel like it,
>anime
What about that whole thing with Nyaa?

File: 1478518085171.jpg (63KB, 495x600px) Image search: [Google]

63KB, 495x600px

>>60369551
>rsa was cracked a bit ago faggot
You have absolutely no idea what you're talking about.
I'll give you 5 bitcoins for a trustworthy whitepater / technical article that backs up your claim.

Oops. All you're important reaction faces have been encrypted.

>>60372445
Lifetime mac user before I switched to loonix. Never had a worm or virus. Although Mac OS 8 and 9 felt like viruses by themselves.

>>60373274
If you don't have terabytes of buffer on multiple private trackers you're doing it wrong.

>>60373274
What about it? Don't tell me you don't know about any other trackers.

>>60368949
Actually its kinda interesting but less technical criminals are getting in on the ransomware craze now and are just straight up not decrypting files after people pay for them. The bigger ransomware distributors are apparently pretty fucking pissed off because people are starting not to pay anymore because they don't know if they'll actually get their files back anymore.

>>60368740
If you can do any of those things, give the CIA a call. I'm pretty sure they'd provide you with a lots of cash, a nice house, and so much coke and hookers that you wouldn't know where to start.

>>60368254
>would you pay the ransom?

No -- I'd just restore from backup. I'm smart enough to backup, and I'm smart enough to not have my backup directories continually mounted.

To do the backup, I use rsync over ssh, which doesn't require a mount point for the backup directory. I don't like it when the backup directory has a mount point. If it has a mount point, then a quick "rm -rf /" is all that's required to delete all my files AND all their backups; and that makes me nervous.

Also, I have two separate full backups in case one of the backup HDs fails.

Really, viruses are the least of my worries. It's much more likely that I will suddenly become mentally retarded and delete my own files out of pure stupidity.

Every time I write a script that uses the "rm" command, somehow the first time I run the script it fucking deletes all my files because of some stupid little bug in the "rm" command line. Like for example "rm -rf $temp/*", but temp is undefined.

tl;dr -- I make backups precisely because I AM mentally retarded.

Repost the KASPERSKY fix!

>>60372696
Doesn't matter. they'll hire a temporary consultant to perform the transaction with their funds.
It's a simple question of economics, and many places would lose less money by paying the ransom than by suffering major data loss.

A smart ransomware writer will go over the financial reports of his target and make an educated guess about how ransom to ask for.

>>60373304
Pretty much this
>muh files
Oh no, not my rare pepe collection.
Not those photos of your kids birthday you never look at.

If something like this happened to me I would immediately format and continue working on my laptop, because anything important enough that I'd regret losing it would be backed up.

>>60368320
At this point it's unlikely that paying will help. They probably abandoned ship once it spread to the NHS.

>>60368254
>found out about megadownloader recently
>want to download shittons of stuff
>have to wait until this virus craze dies down
:(

I'd just format

>>60373233
This is correct

I wonder how the encryption is implemented because the user may use the system while it's being encrypted, the encryption operation should be transparent until finished
Also the key is in memory while encrypting, anyone could get that
I believe it's easy to detect the encryption process and getting the key but of course all antiviruses are dumb and just check against know virus binaries, not actually monitoring the way a binary operates

If I have a truecrypt file container (not CP just embarassing things I don't my roommate to see), would I be able to recover it? It only encrypts commom media files so I could just backup the truecrypt file and use it after formating, correct?

I've only got about $120 in my bank account. I couldn't even if I wanted.

File: 11751495_p0.jpg (160KB, 500x500px) Image search: [Google]

160KB, 500x500px

>>60368254
>USB boot linux or the reinstall disk or the pirated windows copy
>Ignore ransom ware, thank them for reminding you to reformat your files are in externals anyways

>>60373430
> my underground grindcore that I can't find on the internet anymore
> Books and papers I downloaded and found during uni.
128GB should be enough unless you're a music autist

>>60373533
afaik the system folder usually doesn't get encrypted at all or very late into the process if at all. That way the user doesn't notice anything until it's too late. Also, usually file by file gets encrypted, then the cryptoware creates a readme and/or picture in the folder and goes on to the next.

>>60373565
>not CP
Nice try, the party van is already on its way.

>>60369157
It seems that SMB has to be disabled from registry as I'm not finding it from services.msc.

>>60373565
>roommate
dude i have a roommate too. i just lock my door whenever i'm away. he's from china so i dont trust him. no need for encryption

>>60373533
>I wonder how the encryption is implemented because the user may use the system while it's being encrypted, the encryption operation should be transparent until finished
I assume they encrypt every file that's not being used first, and then either
A) just wait until the file(s) become available for writing
B) kill processes as needed
A is somewhat stealthy, but can obviously take a while (or have less than 100^ coverage). B is brutal, but effective if done at, say, 4AM local machine time.

>Also the key is in memory while encrypting, anyone could get that
Usually true, but there's white-box cryptography (google it, it's really interesting). I've reverse engineering some white-box implementations of AES that were *extremely* hard to extract the key out of. I'm talking weeks of full-time reversing per instance. Other types of obfuscation / anti-debugging can be used as well, of course, but they're far less effective (from a malware analyst's viewpoint).
Aside from that, you'll need to detect the ransomware while it's running, given that you haven't detected it prior to being launched (and then you wouldn't have a problem in the first place). That's a pretty quirky scenario.

>I believe it's easy to detect the encryption process and getting the key but of course all antiviruses are dumb and just check against know virus binaries, not actually monitoring the way a binary operates
Theoretically speaking - It's not an easy problem at all, far from it. However you could trivially programs that overwrite filesystem contents en masse & ask for confirmation / issue an alert / etc.
You'd probably still lose some files until you hit detection (since you don't want to rape performance by being too harsh with your probes) - but it's a good solution.

>>60368254
I use windows and I don't have it.

Common Sense Pro 2013+4 works for me.

>>60368254
>format drives
>restore yesterday's backup from NAS

no

File: encrypt.png (522KB, 1681x926px) Image search: [Google]

522KB, 1681x926px

I'm backing all my files up now.
Sucks to be you fags.
Feels good to use W7.


P.S: Any of you people know how to remove the supposed 'telemetry' in the new Windows 7 updates or something?

>>60373832
>Being this ignorant

Sucks to be you fag

>>60368949
I live with my folks, their home phone often gets calls trying to scam someone into installing malware. One time I struck up a conversation with one, asking him about motives and such, and during the talk he admitted that he doesn't decrypt after receiving payment. "If they don't pay, they're screwed, if they do pay, they're stupid" is how he summed it up.

>>60373657
It encrypts files on any storage device attached to it.

File: 08.png (1MB, 1920x1080px) Image search: [Google]

1MB, 1920x1080px

>tfw to smart too not run wannacry in wine

File: 592599728.jpg (314KB, 687x2160px) Image search: [Google]

314KB, 687x2160px

>>60368320
my memes

>>60368858
>>save the sensible files on MEGA
>FBI comes and shuts down MEGA
>FBI takes their HDD
>your sensitive files are now owned by the FBI

>>60370207
lmao

>>60372118
>It only affects Windows
It only affects people too retarded to download an update that is 2 months old.

File: 1409697014196[1].jpg (147KB, 1126x844px) Image search: [Google]

147KB, 1126x844px

might be a stupid question but If I'm dualbooting can the linux partition get fucked if my windows partition gets this virus?

File: 1494552905765.jpg (220KB, 448x455px) Image search: [Google]

220KB, 448x455px

>>60370166
>enjoy not being able to connect to anything
Hi NSA nigger.

>>60368421
PNG is still okay.

welp, i guess it's because they don't even have computers over there

Does it also affect the files that are stored on a secondary hdd?

>>60374728
yes, it affects all computers on the LAN if they also have the eternal blue exploit

>>60374119
Those are indian tech support scammers. Most of them just lock the computer with syskey.

would manually installing the patch whilst my shitty hanging windows update is ''checking for updates...'' cause any issues

>>60369122
To anyone really. What's a good backup program?

>>60374972
Good thing i have a back up externally

>>60375169
Wannacry.exe

Would going back to a restore point get rid of the virus if I got it?

File: 1492877922859.jpg (73KB, 960x824px) Image search: [Google]

73KB, 960x824px

>>60369157
Isn't the only reason why SAMBA exists is because windows is so buttdevistated small dick that they just didn't want to play nice with other OS's on the network?

>>60368254
I'm already a dumbass Windows user, and fuck no. I make regular backups of my files and keep them on an offline hard drive. I'd just wipe the infected drive using DBAN, reinstall Windows, then continue on with my day.

File: Screenshot_20170513-133237.png (734KB, 1440x2560px) Image search: [Google]

734KB, 1440x2560px

>>60368324
This. I thought /g/ was consumer general.

>>60368421
to be honest senpai, a few thousand machines out of hundreds of millions isn't that big of a deal.

Remember this was patched back in March too

>>60375474
It's now at 200k.

>>60369433
>not using shadow defender

>>60368254
I wouldn't get it in the first place because I'm not a retard who clicks fucky email attachments or dodges updates when they're available.

>>60369210
It's newer, and actually more secure than ipv4, the thing is not everyone has upgraded to being ipv6 capable yet

>>60376320
>>60369376

No. My important info is stored in external drives and all I could lose is my reaction image hoard and Gardevoir porn folder I can download again.

Russians can suck my dick, I have nothing to lose.

Besides I use Linux more than Windows.

>>60368421
>entire african continent has basically none

If those niggers ever stop the corruption then the rest of the world is in trouble.

>>60368254
No

Best case scenario: you get your shit back
Worst case scenario: you lose your money, lose your data, and you make the ransomware successful, allowing the people who create the ransomware to become more effective in the future.

I have my shit backed up on an external drive anyway but even if I didn't I'd have to just leave my data behind.

>>60368254
Contact them through their customer support and tell them that they should never mess with another anon's memes. They then realize the error of their ways and give me the key for free. Or contact them and just act like a complete idiot who doesn't know how to computer until they get fed up and take off the malware because they think I'm too stupid to give them money.

>>60373130
Trap=陷阱

>>60368254
>not using deepfreeze on your storage drives

>>60375443
>that screenshot
top kek! mac users are laughing at Wintoddlers too.

Hasn't this shit stopped spreading anyway? the domain that the malware sends traffic to was sinkholed.

>>60368254
>wipe drive
>restore last month's backup
oh no, the mild inconvenience.

>>60368254
I would probably restart my computer and hold f12 or some shit (id google it) to open up windows restore point. if that didnt work id just format and reinstall

>>60375169
copy and paste

>>60372118
>Linux shills are out in force.
You can't shill something that doesn't cost money. It's enthusiasm and a bit of just deserts from the constant fud and baiting threads against linux. Linux on the desktop is not status quo (read:wouldn't support service industy etc.) but there are advantages to using it on your own machine where your time and resources are your own. If you have a small business it can be extrememly effect and very low cost.

>socialist hospitals
There is no ideology that is going to guarantee your survival. It's actually the opposite. Borrow and use from what exists to find a path of prosperity for yourself.

>>60372544
shows how much you know

no because my data is not essential

>>60368421
Fuckers didn't get Suriname yet

>>60377267

>tfw checking updates for 10 hours now

fuck w7

File: 1481544555934.gif (669KB, 480x480px) Image search: [Google]

669KB, 480x480px

>>60377449
>check for updates
>works fine
>download stuck at 0%
>stop download
>check for updates
>now taking forever
WHY

>>60377470

i last checked 5 months back, took 24+hrs when i first did the build.

this is retarded. i could probably have just used the manual download from the catalog and bypassed this shit.

>if i was on auto update it'd probably hang like fuck and cause more grief than good anyway

>>60375266
The virus deletes restore points and disables shadowcopy.

>>60374509
No, it uses windows filesystem functions to determine what to encrypt, so it will only access things that windows can mount. Even then, it has a whitelist of file types that it will encrypt.

>>60372741

sheeeeeeeiiiitttttt

>>60377449
http://www.askvg.com/fix-windows-7-keeps-checking-for-updates-for-hours/

>>60372741
I got the penis.exe variant while my father in law was watching my media center PC.

>>60371814
It was a NSA false flag.

>>60376023
But you are a retard who can't fucking read. This worm doesn't require you to do anything - if you're not updated and have SMB on then you're fucked.

>>60378222
It's just typical MS shills, they have a script and everything.

File: 1449145197001-b.jpg (240KB, 720x714px) Image search: [Google]

240KB, 720x714px

ATM dead! Sign sais unavailable from 12th til 15th. Wat nu?

To disable SMBv1

https://support.microsoft.com/en-gb/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

In Win10

https://www.saotn.org/disable-smbv1-windows-10-windows-server/

>>60378222

You'd also have to go to a network which has an infected device, so NEETs are probably safe too.

>>60368421
SHUT
DOWN
EVERYTHING

File: 1452136500681.jpg (127KB, 834x556px) Image search: [Google]

127KB, 834x556px

>>60373058
wtf are polish images?

>>60371814
To be fair if he's in a fuckhole country then 30k can get get you the finest hoe in the shop.

>>60372544

Well the US govt is controlled by Jews

I imagine iTunes Gift Cards are reasonable currrency, goy.

>>60373384
I'd watch that movie

The Apple Macbook Pro with Retina Display doesn't have this problem.

It's only a matter of time until someone hacks a big site like 4chan with a browser zero-day and you're all fucked.

>>60379277

But it'll be funny.

>>60379277
Reddit would be a bigger target

>windows update hanging on ''checking for updates''

should I restart and turn off this SMB1 shit and THEN try force a manual update of the patch?

pls respond i need to sleep

>>60379443
Install gentoo.

Is this the biggest tech HAPPENING of all time? I can't remember anything this devastating before.

Once this all blows over it's going to change the way a lot of people think about cyber security. The fact that you can be infected with zero user input is the biggest holy shit factor, especially to normies who think they're invincible with their McAfee Anti Virus.

The saddest part for me is that I don't think the majority of people will understand that this is a direct result of the US Government attempting to spy on the people. At this point it's like cyber terrorism from our own government by extension.

Wait til somebody dies because their life support software got encrypted. This is just the tip of the iceberg in this worldwide shitstorm.

File: varg9.jpg (50KB, 960x606px) Image search: [Google]

50KB, 960x606px

>>60379054
I knew it

File: 1490224268957.png (1MB, 1366x1506px) Image search: [Google]

1MB, 1366x1506px

>>60379516
Feel like this would a be a lot better as an OP in another thread

>>60379516
>The saddest part for me is that I don't think the majority of people will understand that this is a direct result of the US Government attempting to spy on the people.

Yep, only retards on a anonymous buddhist worshiping image board care about that sort of thing.

>>60372197
Spout some technobabble that he doesn't understand (concerns about compatibility issues, waiting on a patch for a relatively minor problem bla bla) and use the phrase "the right decision based on the information I had".

Unless your supervisor can actually do your job then you can usually sweet talk your way out.

>>60372197
Talk about the telemetry.

>wipe disk
>reinstall

>>60368254
Every file is backed up on two other external locations. If they encrypt my shit, i couldn't care less. All file as soon as they are created are saved on both the hard drive and a usb, when the usb is full it is backed on two external hard drive. Worst case I lose a file I've been working on for the last hour or so.

Besides, my porn folder aint worth 300$. I'll just be pissed because id have to waste 30 minute to reformat windblows NSA, i mean 10. Main OS is linux anyways, so any real important file don't get affected.

>>60370207
kek

>>60368254
Nah, I admit I would miss my meme/reaction folder since i've started collecting shit around 2009
but, that stuff isn't worth 300 bucks to me. I know I'm a good goy for storing my important stuff on a cloud but at least some cunt can't cryptolock me and ruin my week.

>>60368254
No don't. It will only cause them to make more destructive versions of this ransomeware and other programmers will follow suit. Just reinstall windows or install another OS and remember to keep backups for the future.

Wasn't this shit fixed and done 2 months ago? Why is itjust blowing up now?

>>60380083
Some hospitals run older software and cannot afford to really switch to a better alternative.

Because of this, they are left vulnerable to this "virus".

What does ransomware primarily use? Memory or Disk? Or does it use a combination of both?

>>60380193
What the fuck do you even mean?

>>60380212

It uses system resources to run its own program, right? So would it be utilizing RAM or would it require excessive disk usage? Incase I wanted to overlook the progress using a resource monitor.

>these fuckers implemented localization
even all my previous companies wouldn't bother with it

As someone who knows literally nothing about computers, am I safe if I'm connected directly to my modem and am not on any networks whatsoever?

>>60380334
Yes

File: Joker burning money.jpg (440KB, 1600x1200px) Image search: [Google]

440KB, 1600x1200px

>>60371814
It's not about the money, it's about sending a message.

File: IMG_20170507_230044_810.jpg (240KB, 1450x877px) Image search: [Google]

240KB, 1450x877px

>>60373304
This. All I'd lose is my Ayn Rand reaction folder cause I haven't backed it up

>>60380279
I want some of whatever you are smoking.

>>60371814
These hackers think doing this shit is somehow a good way to get rich. Pretty much 100% of malicious hackers who pulled shit like this have gotten caught. The Interpol, Europol, and various national police agencies are after them, not to mention Russia's own government (the hackers are probably Russian/Ukrainian). They're so deeply fucked it's pretty much suicidal.

>>60374714
nothing on south island of NZ too

File: 1438115029266.jpg (39KB, 470x414px) Image search: [Google]

39KB, 470x414px

>>60368421
Looks like not even Mother Base can escape

Every time you run non-free software you are effectively ransoming your data to corporations. Stop compromising your freedom with proprietary shitwsre.

File: 1489202741622-a.png (1MB, 1920x1080px) Image search: [Google]

1MB, 1920x1080px

>mfw I recently bought a 1700X CPU and ultra quiet 120mm fan for the heatsink I put on it
>mfw I leave my PC on for literal days on end lately locked to 100% load because I'm encoding my 3TB-ish library of Blu-rays and DVDs in Super HQ 1080p
>mfw I wouldn't even notice if I picked up a ransomware some how because I'm used to hearing my PC chugging along for the last 2 weeks now

I wonder, can an encrypted container be encrypted again by an outside source? I have a 1GB container that has all my personal files like a plaintext file of all my usernames and passwords, accident reports, tax returns, etc in it. Would ransomware be able to touch that?

>>60381750

Yes.

>>60368421
>that poor bastard in Siberia

File: 1493919341773.jpg (48KB, 537x472px) Image search: [Google]

48KB, 537x472px

No, because you would have to be retarded to not have offline backups of
stuff that you would be tempted to pay ransom money to not lose.

If it was that important in the first place you should be keeping (good) backups

File: 1389058469467.gif (2MB, 400x209px) Image search: [Google]

2MB, 400x209px

>>60368254
Why did they say $300 in bitcoin, and not .2 or whatever the amount is? Are the people implementing the virus that retarded? Did they not think that bitcoin prices would rise w/ them holding t he world ransom like this? It really could have been the longer you wait, the more expensive. That, and you could have put your personal assets in bitcoin to make even more money off the rise of it.

>>60368254
Fuck that, I paid 75$ for my computer few years back so I see no point.

So aside from installing the security update what is required to immunize your system against this? Just turning off SMB or making like Madagascar and closing the ports?

File: 1494524770046-g.jpg (31KB, 356x374px) Image search: [Google]

31KB, 356x374px

>>60382002
Maybe they are actually already sitting on a pile of bitcoins and they just wanted the price to go up so they make more profit selling them off.

That is what I would do if I was in their shoes.

In these days you don't have to be a Jew to know how market manipulation works.

>>60379516
Nobody cares.

Everybody uses their real name, nothing to hide nothing to fear, oh it sucks those same Russians killed grandpa clearly we need tighter controls.

>>60372445
Another one I remember, Conficker. That was an annoying SOB

Nope. Ive got my pictures folder copied somewhere else

File: 1479885942505.jpg (24KB, 400x400px) Image search: [Google]

24KB, 400x400px

>>60372197
tell him the validation for exposure to net viruses and eworms wasnt completed yet.

>>60368949
Wouldn't it just be better for them not to give an infected person's files back? It's just more evidence they could use against the attacker.

>>60368897
well if you think about it for a second, if the virus doesn't give you your files back or undo whatever it did in some manner, only a few would pay and then everybody would know it's a waste of money.

>>60368254
How do you get hit by it though?

>>60368822
like a bogo sort

What is that? The Darkloids are attacking us?

It only happens on Windows 10?

my work files are synced with MEGA, so no, but i'd be pissed that i'd lose all the music and have to re-download and reinstall all the programs and vidya

>having important files on the same disk as your OS

Wipe and reinstall

>>60368506
I've only seen the aftermath but I'm pretty sure its minutes.
They pull every small file tag and away they go.
Basically if you see a weird power bill, Tax return, anything that you have to download from an email basically.
Sometimes come in torrents and shit but not often.
Don't open it or if you must open it on a cloud service.
Anything is safe to download, its opening/executing that will butcher you.

>>60368320
>only three associated buttcoin wallets
>they can't even tell who paid and who didn't
>they will somehow "honor the deal"

>>60368330
Obviously it was the "????" part.

>>60369006
>tfw it get out of hand by a slip of a finger and all your shit on all your drives gets encrypted for good

>>60369006
>I have nightly backups of my data HD going back two weeks

Not everyone in need of one disk can afford to buy fifteen instead so that the one actually used disk can be backed up daily for two weeks without overwriting anything.

>>60384468
Why would you need 15 drives?

>>60371543
Bullshit. If you don't host any services on your machine, no port at all needs to be open (at least no well known one, as all the client connections have ephemeral ports open client-side).

>>60371779
>"paying for 1's and 0's"
>implying money isn't mostly just 1s and 0s nowadays

>>60368254
All my documents and stuff are with Google and Dropbox so no. Not paying to decrypt program files.

>>60370207
Best post in the thread.

Can someone explain if I should be concerned by this? I'm pretty /g/ illiterate. If I'm not downloading things am I still at risk?

>>60372349
Nobody checks dubs anymore these days. Heck, they don't even check trips, quads or quints.

File: untitled545345.png (31KB, 927x487px) Image search: [Google]

31KB, 927x487px

>>60372445
>>60372469

Blaster and Sasser were the main reason SP2 for XP was as much of a change as it was (it basically was XP born again, with its life cycle reset, that's why it was supported until 2014 and not just 2011) and, indirectly by virtue of the above, why Longhorn got so hugely delayed. Maybe if Longhorn got finished before all the poos got on board at MS HQ, it wouldn't have become the hideous Vista that it ended up being. Oh well.

>>60372469
>connecting to the internet and instantly getting fucked again

Those were the times when 99% of homes had just one computer which was directly plugged into the public internet and thus Windows was exposing all of the open ports to anybody.

>>60372832
>Windows 95 soda
hey that's just way cool

>>60372986
Come on, baby boomers are sixtish by now and are either retired or semi-retired.

>>60379690
>Oops your money got encrypted, send us money to decrypt it, oh wait

>>60381888
>those poor bastards in Alaska and Kamchatka

>>60384523
To back up that one drive everyday so that you won't have to overwrite any backups for two weeks. Basically 1 drive to use + 14 drives for rotational backups.

>>60384781
you fucking what. why would I need 15 drives. I use incremental backups and a single 4TB drive is enough to backup my 4TB drive. And this is not even that secure, if I had important stuff I'd rsync my 4TB backup drive to a remote location far away from my country to prevent failure in case my house burns or something.
If you have anything at all worth keeping, it's better to have 2 2TB drives than a single 4TB drive if you can't afford 2 4TB drives or more anyway

>>60379121
Bad, illegal things that some polish guy used to post on /int/ all the time. I don't like them but I have to save them since those get instantly wiped from archives now.

I hope INTERPOL fucks their asses.

>>60368254
Install win7 cause finally a reason to leave w10

But I didn't get the ransomware

>implying I don't keep backups of all important files

Stat mad, wincucks

>>60368711
>How retarded a person has to be to have 3rd party antivirus on win?

>>60385185
Yeah I'm sure all those patients that just got fucked by this deserved to have their treatment plans fucked up and lost because the hospital uses windows.

File: alfred-explains-to-bruce-that-some-people-just-want-to-watch-the-world-burn.jpg (17KB, 300x263px) Image search: [Google]

17KB, 300x263px

>>60380512

If you pay, chances are you can get your files back. Here is one guy paying after getting Cryptolocker 2.0 on his winshit.

https://youtu.be/_rQRJHwMqi8

I got an Email through from my Dads email with the link. Before even clicking it, Bitfender detected it and quarantined it

>>60376966
>he accomplishes virtually nothing in a month
either that or you trust Google/Microsoft/the guberment to backup your files for you
Wew lad

>>60386331
Good to know Bitdefender reads everything you see

File: 2017-05-14 23.32.23-1.png (657KB, 1080x1670px) Image search: [Google]

657KB, 1080x1670px

>ransom is paid in bitcoin
>"If you pay the ransom the attackers will have your bank account details"
>glad to see the """"""experts"""""" are knowledgeable about how bitcoin works