Thread replies: 330
Thread images: 48
Thread images: 48
Anonymous
WANNACRY/WCRYPT/RANSOMWARE GENERAL 2017-05-14 03:13:18 Post No. 60388807
[Report] Image search: [Google]
WANNACRY/WCRYPT/RANSOMWARE GENERAL 2017-05-14 03:13:18 Post No. 60388807
[Report] Image search: [Google]
File: 14947719275000.jpg (46KB, 1004x616px) Image search:
[Google]
46KB, 1004x616px
Waiting for Monday shitstorm edition.
>>
This teaches companies 2 important stuff.
Update your systems
And fucking backup your critical stuff.
I wonder how many companies failed at these 2 points.
>>
File: totalprofit.png (13KB, 564x406px) Image search:
[Google]
13KB, 564x406px
>>60388807
https://pastebin.com/vz0YH8L6
Updating WannaCry Addresses.
Report it if you catch new address
>>
File: Screenshot_20170514_172335.png (205KB, 600x595px) Image search:
[Google]
205KB, 600x595px
Updated virus with no killswitch was caught by Kaspersky researchers. God help us all.
>>
>>60388835
>And fucking backup your critical stuff.
Not enough.
I'll bet you so many of them backup stuff onto an NAS that is accessible to the main VLAN.
Any ransomware attack would just encrypt the whole backup chain.
>>
>>60388852
Originally weren't it only 3 addresses?
>>
File: reaction_smugSmile.png (3KB, 274x242px) Image search:
[Google]
3KB, 274x242px
Who else /naughty/ here?
1. Get hold of a variant WannaCryptor, preferably one without the killswitch
2. Rename it as Windows-KB(whatever-number)-patch.exe (or .msi or whatever)
3. Send it out via the usual means (newly register pseudo-official-sounding email address, post onto technical support forum, spam it and ask for people to forward/re-post it, Reddit, Facebook, baby-boomer Whatsapp groups, etc.)
3a. Bonus step: craft the message so that it sounds like a sincere guide on "How to protect yourself from Wanna Cry virus with this latest fix from Microsoft!"
4. Have fun.
>>
>>60388876
The point of a backup is to keep it safe from such situations. If your backup is accessible via the main VLAN for "convenience", you deserve to get your backup encrypted.
>>
>>60388874
>God help us all.
It was already prophesied that Linux would bring salvation to computers. Those of us who listened have limited worries.
>>
>>60388835
Can't update XP when it is end of life and you stopped paying for custom support in 2015
>>
>>60388894
Aka how to get the FBI to buttfuck you
>>
I thought it was over already?
>>
>>60388910
Well lets hope they have their shit backed up on updated servers.
>>
>>60388910
"Update your systems" then implies not running XP.
>>
>>60388923
>I thought it was over already?
It's only just beginning.
>>
File: 1485621140026.jpg (102KB, 712x719px) Image search:
[Google]
102KB, 712x719px
>>60388894
DEVILISH
>>
>>60388923
Oh no, not at all. Wait until tomorrow and you'll see.
>>
>>60388909
amen bro
>>
File: gay-bed-double-exposure-40s-480-vintage.jpg (55KB, 480x328px) Image search:
[Google]
55KB, 480x328px
>>60388913
>buttfuck
Good thing the male anal canal is designed to derived pleasure from prostate stimulation then.
>>
>>60388880
I dunno.
Just saw pic on /g/.
>>
how can it encrypt admin files if I'm not using the admin user?
>>
>>60388923
It hasn't even begun, anon.
>>
>>60388835
How do you make backups anyway? Do I have to set up a Linux powered machine copying files every night at 3.00 am to a special HDD? What if the HDD runs out of space?
>>
>>60388971
It gives itself admin
>>
Question: Is it the same amount of ransom regardless of country?
>>
>>60388971
It doesn't encrypt admin files though does it
It encrypts user file, aka data that you actually want to be available
>>
>>60388971
The SMB bug probably allows them to escalate privileges as well.
>>
>>60388942
>>60388949
>>60388993
so it's over, cool
>>
>>60388999
Get more HDD or replace old backups.
>>
File: magritte_cecinestpasunepipe.jpg (58KB, 670x514px) Image search:
[Google]
58KB, 670x514px
>>60389006
A Taiwanese dude actually contacted the ransomware writer saying that his monthly salary is only $400.
He was given a decryption key afterwards. (The ransom was $300)
>>
File: Screenshot_20170514_182654.png (114KB, 884x393px) Image search:
[Google]
114KB, 884x393px
Another confirmation for killswitchless variant.
>>
File: faggot-11.jpg (180KB, 1406x2099px) Image search:
[Google]
180KB, 1406x2099px
>>60388959
Spotted the faggot.
>>
File: 1494625423524.jpg (97KB, 750x1002px) Image search:
[Google]
97KB, 750x1002px
I'm safe from all of this if my OS is currently up to date right?
R-Right?
>>
>>60389034
That seems stupid. Why would you be replying your victims. All that does is give the authorities a chance a learn more about you.
>>
File: ms17-010_xp_patch.png (2KB, 612x17px) Image search:
[Google]
2KB, 612x17px
>>60388910
But the patch is nothing else but from custom support.
>tfw 666 KB, of all fucking sizes it could have
>>
>>60389034
Damn, the guy's a cuck. I was hoping he could cripple India's entire infrastructure when no one in the country can afford ransom.
>>
>>60389060
You are.
>>
>>60388835
Most importantly
>don't trust closed source software
>>
>>60388963
What does this mean? Did the largest recorded ransomware attack only fetch 100 actual victims?
Ransomware confirmed for ded.
>>
>>60388971
It only encrypts your own files, aka the data you actually care about. Why would it care to encrypt system and program files that you can just reinstall anyway?
>>
>>60388807
https://www.youtube.com/watch?v=BhtyEdhepIc
>>
If I find out my medical files were compromised could I sue the NHS? They did mention how very secure their system was when they wanted to put them into their computer system.
>>
>>60389060
The most important thing to avoid falling to the SMB exploit is make sure that no Windows machine is connecting directly to the internet without a hardware firewall (home router / residential gateway should do if it does not forward TCP/UDP 445 to any host on the network). Don't use any hotspots with you Windows laptop, disconnect your Windows computer from the internet if you currently have no means to get it behind a hardware firewall.
>>
>>60389035
I'm waiting for a variant that doesn't use SMBv1 and instead use SMBv2 or SMBv3.
IIRC the NSA leak has those as well.
It'll be much more interesting as disabling SMBv2 or v3 would actually cause current supported versions of Windows to have parts of their core functionality not working (e.g. symbolic links and 10gb ethernet)
>>
>>60389084
Its the weekend
It has only been 48 hours
The deadline isn't anywhere near yet.
>>
>>60389111
>without a hardware firewall
Pretty sure you're safe with Windows' built-in software firewall too. The reason it works is that Windows' firewall doesn't block SMB connections on home/corporate networks, only from the Internet.
>>
>>60389115
Pretty sure all the leaked exploits has been fixed. All this does is affect people who didn't patch and just disabled SMBv1
>>
>>60388807
Is it worth installing the windows updates with telemetry to protect against this?
>>
>>60388835
But if I update windows it installs telemetry!
>>
File: windows-xp-tan.jpg (64KB, 1024x768px) Image search:
[Google]
64KB, 1024x768px
>>60388910
>>60388933
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
>Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download
>>
>>60388835
>microsoft starts forcing updates down peoples throats since vista, annoying everyone in the process
>even so, most people manage to run non-updated version of windows vulnarable to a two-month-old exploit
Microsoft just fails with whatever they're doing, don't they?
>>
>>60389155
yes, as you will also receive future security patches
>>
>>60389160
You can choose not to update windows, then have a proper firewall in place and don't let random devices onto your local network.
>>
>>60389163
Well yes, after the fact.
>>
File: C9gGfvLU0AAUwFs.jpg (129KB, 1199x412px) Image search:
[Google]
129KB, 1199x412px
>>60389115
>IIRC the NSA leak has those as well.
Unfortunately, yes.
>>
>>60389084
No, it means normies are sitting on their couches checking Facebook on their phones. Alot of victims probably aren't even aware yet.
>>
>>60389172
how is it microsoft's fault that their users are a bunch of retarded tinfoil hat wearing autistic menchildren?
>>
>>60389172
>implying Stallman would use a propertiary car instead of compiling his own
>>
>>60389184
>ECHOWRECKER
>SAMBA
>LINUX
Is this patched?
>>
So let's discuss the timing of this virus. Doesn't it seem a little odd to anyone else? I definitely think it MAY have had some connection to ETH which was skyrocketing in value last week but now stocks are plummeting, also we've got the elections going on in the UK. Making it even more suspicious, this was not just a random accident upload but I believe carefully planned and intricate.
>>
>>60389181
The patches were made in February, and that includes the XP/2k3/8.0 ones. Modification date of modules inside patch package and digital signatures confirm that. They simply didn't make them public, as they are given only to custom support subscribers for big bucks.
>>
File: 1494755824453.jpg (64KB, 800x800px) Image search:
[Google]
64KB, 800x800px
>>60389208
>>
>>60389223
I'm also surprised North Korea haven't been hit considering they've got worse systems than Windows XP which should've meant they could've been pretty vulnerable.
>>
>>60389243
Don't they mostly use Linux?
>>
Any war epic war stories out there? Like sysadmins recovering stuff from backups and saving lives?
During hurricane sandy there were sysadmins saving servers from flood, migrating to high ground.
>>
>>60388874
>block 445 at router level
>block 445 at firewall level
>turn off client for microsoft and printer sharing at internet properties
>turn off SMB in registry
>update latest Windows security bundle for this month
Pretty sure I'm good from any future ones.
>>
>>60389208
Yea right, and shit was supposed to hit the fan on May 13th (i.e. yesterday) anyway. All adds up.
>>
>>60389243
Because the entire NK internet what little of it is protected by firewalls. And they are probably using their own OS and not windows
>>
>>60389243
>>60389251
https://en.wikipedia.org/wiki/Red_Star_OS
>>
File: windows-update.png (223KB, 1719x932px) Image search:
[Google]
223KB, 1719x932px
>>60389172
The updates just fail to install on many machines, it seems that when windows update breaks once that's the end, no more updates ever correctly install. I had updates disabled as it was using 100% of the cpu, only for a few months and this is what happens when turned back on. Installing updates one at a time did nothing, had to manually download and install the patch after about 6 hours of boot loops.
There's no information less technical users can figure out in the warnings either. You would think they might include a link to the patch installer on the MS website.
>>
>>60389256
All your ports should be blocked/stealth from the get go.
>>
>>60389198
Do you really think that the people who've failed to keep upgraded are /g/-tards afraid of the botnet?
>>
>>60388913
The FBI buys NSA malware too, didn't you read about playpen? You are in good company if you help propagate it, an act of patriotism.
>>
>>60389281
>fucking around with Windows Update
Just get the patch directly from the MS update catalog.
>>
>>60389243
>Redstar OS > Windows XP
>>
>>60388999
Noice trips. There's plenty of backup info on da web. Study it. If you really need backup a Linux server is a nice thing to have.
>>
>>60389295
Fucking around with NSA playthings is a one way ticket to pound town friend.
>>
>>60389184
People need to remember that even if they don't have any signs of ransomware, it does not mean they weren't hit by this exploit in othe ways. A week after the SMB exploit was released, over 40,000 infected machines were detected and the number was growing exponentially each day. This means someone could be in your shit and you wouldn't even know it. It also means if you only recently updated and are hacked, it's probably not going to stop shit because somebody already owns your machine(s) and can open everything up again.
>>
>>60389259
They don't even have internet or just a dumbed one. They use windows though.
>>
>>60389243
Red Star OS master race.
>>
>>60388835
I work with those shits, it took me a month of nagging to convince a lawyer to at least copy his documents on a separate usb disk.
It boggles my mind, when you walk in you're greeted by mahogany desks and custom made oak shelves and yet a simple NAS is just "too expensive".
>>
>>60389281
Windows Update might just be the worst piece of shit software ever to come out of Redmond. When I've been playing with Windows on spare computers lately, I've been shocked to see how much CPU and disk bandwidth it uses just to download upgrades, not to even say anything about actually installing them. It can easily take like a minute of active CPU time just to check for updates, and downloading them thrashes the disk like crazy. Actually installing updates makes the whole system unusable due to resource usage while it's going on, and even the simplest little updates take like a minute each to install, and a service pack can take several hours.
And then there's the whole thing about needing to reboot after every little update, the bugs where it stalls in an indefinite CPU loop calculating update dependencies or whatever, and now this.
When you compare to APT, it's literally night and day.
>>
>>60388902
It can be convenient and safe at the same time.
Every PC has ti have its own share, which is ocassionally synchronised with the NAS (the NAS reads files from the share, then deletes it on the share).
The NAS has a share as well, which is R/O, and also, it has rollback so you can revert changes and revoke the permissions of synchronising from an infected PC, if it starts encrypting files from a stupid fuck's computer.
>200017
>all companies do this when?
>>
>>60389403
>When you compare to APT, it's literally night and day.
Yeah, and APT might even be the shittiest package manager around. Speaks volumes about the direction Wangdows has taken.
>>
File: 1494567494035.gif (415KB, 480x238px) Image search:
[Google]
415KB, 480x238px
>>60389034
>let me tell you bout this thing that didnt happen
>>
>>60389466
It's been years since I checked out any distro not based on Debian. I'm curious what alternative you find to be better.
>>
>>60389107
Its not as if its a botched operation and youd be joining a very long queue in the event of that anyway.
>>
>>60388932
>>60388999
Good secure backup solutions are a point where almost everyone fails. The reason is that you want some kind of automated backup solution which usually means online servers. Manual backups require some labor so both corporations and regular people fail.
5 external backup harddrives for backup that cycle at regular intervals, weekly or monthly depending on how frequently your data is updated. This way you get 5 revisions of your files and the backups are not constantly connected so they don't get wiped out by malware. This requires you to actually do something regularly and this is why it's unpopular.
>>
File: 1494090158556.jpg (27KB, 682x1023px) Image search:
[Google]
27KB, 682x1023px
>>60388963
>Sudo
>~/Desktop
>python aliased to python2
>no shebang line
>Camel case python script
>>
>>60389571
>what is a class-action lawsuit?
>>
>>60389578
>python aliased to python2
That's the standard setup.
>>
>>60389575
>This requires you to actually do something regularly
Isn't that why most people hire IT and sys admins? I mean if you automate it, how long is it going to take? 5 minutes a week at most to ensure that the backup was successful.
>>
Assuming this end good somehow, what is going to be the aftermath? Tfw:
1) everyone must get on Windows 10
2) everyone must keep their data in TheCloud(tm) only where it won't be ransomware'd
3) encryption banned except for military/government
>>
>>60388876
If your disk to disk backup is not snapshot based, then you deserve to get encrypted.
>>
>>60389601
Lol, on what distro? Debian? Fucking idiots. That shit is gonna EoL in 3 years, fucking everything has already been ported
>>
>>60389555
Most of them, desu. Even FreeBSD has a better manager, imho. I do use Apt on my Ubuntu server, and it works out ok because it doesn't see a lot of excercise with the sparse number of packages it watches over.
>>
File: Screenshot from 2017-02-22 20-14-04.png (92KB, 677x309px) Image search:
[Google]
92KB, 677x309px
>>60388852
What font is that, anon? It looks cute
>>
File: Richard-Stallman-Says-He-Created-GNU-Which-Is-Called-Often-Linux-482416-2.jpg (47KB, 610x400px) Image search:
[Google]
47KB, 610x400px
>>60389610
>tfw it rather makes everyone switch to GNU/Linux and computers are free forever.
>>
>tfw can't update windows because it breaks my PC
>>
>>60389649
The problem is that all Python 2 scripts have shebang lines that point to python with no suffix. It's going to be a long time before python3 can be renamed just python.
>>
>>60389663
Has the linux exploit leaked in the NSA dump been patched yet?
>>
>>60389177
Then some 60 yo tech illitirate opens some shit from a email and you're fucked anyway.
>>
>>60389093
You can store files inside the admin user's folders
>>
>>60389649
What? So python2 is a dead end? Why has all good shit or even tolerable shit to be replaced by much worse shit?
>>
>>60389601
His script probably has 3rd party dependencies for talking to Bitcoin. So he also should have put those packages in a python3 venv. When inside that venv 'python' would be Python 3.x and all his packages would be available
>>
>>60389650
In what way, though? I can't say I've ever had any trouble with apt, and the preferences system is pretty nice pinning or otherwise controlling package sources.
>>
>>60389677
Which one is that?
>>
>>60389649
>on what distro?
Last I checked, it was the case on both Fedora and Mint, I'd assume Red Hat, CentOS and Ubuntu are no different
>>
>>60389689
You can, but you'd be the exception and not something that the wcry authors need to bother about.
>>
>>60389692
Here's your (You)
>>60389671
It's literally a 1 line code change. And yes, it will happen. Only Grandpa Debian is the one that does that
>>
>>60389698
>using venvs for daily use
If this is your actual recommendation, how about you end yourself?
>>
>>60389592
>hurr durr whats x for 200 dollars
You'll find those generally drag on for fucking years especially where a state body is the defendant.
>>
>>60389723
>linux exploit
>acully an exploit in samba
>samba 3.0, even
Samba 4.0 was released in 2012.
>>
>>60389733
>Installing packages with root
>Actually unironically running someone else's python code as root (and all their dependencies), just to install a package
Oh no... It's retarded :(
>>
>>60389732
I'm sure it'll happen, I'm just saying that you may not want to hold your breath for it.
>>
>>60389769
It's already happened. Use a modern distro
>>
March, 2017 Security Only Quality Update for Windows 7 for x64-based Systems (KB4012212)
https://www.sendspace.com/file/jbj4hd
Size: 33.2 MB
SHA-1: 2decefaa02e2058dcd965702509a992d8c4e92b3
Proofz that hash is legit:
https://duckduckgo.com/html/?q=2decefaa02e2058dcd965702509a992d8c4e92b3
Source (unstable server):
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212
Ganbatte anons.
>>
>>60389763
Last I looked, /usr/local was writable by the staff group, so you don't need to be root for that.
>>
>>60388999
I have a linux server that connects to a switch that connects to my Windows box. The switch only gets turned on for syncing files after all other network connections are turned off on the Windows machine. Sounds tinfoil, I know, but that's how little I trust Windows. In fact, I even download my Windows software on one of my Linux machines, push it to my server, and then push it from there to Windows.
>>
>>60389701
Apt is famous for poor dependency resolution, i.e. removing shit it's not supposed to.It's typically a noob problem, but Debian/Ubuntu/Mint are where noobs are always directed when starting Linux. I have seen tech-literate folks get fucked over by Apt in some very angry forum posts too.
>>
>>60389328
this needs more (you)s
>>
>>60389872
I've honestly never once noticed in 10 years of usage.
>>
>>60389872
Yup, I've had it nuke my whole system. That's actually when I unironically switched to Gentoo. Portage is amazing
>>
>>60389328
How do you tell if you've been hit or not if there's no signs?
>>
>>60389790
legit? Pls i am not from /g/ i just want to graduate on time
>>
>>60389649
> fucking everything has already been ported
https://portingdb-encukou.rhcloud.com/
Why you lie, anon?
>>
>>60389895
Congrats. I'm not really saying Apt is horrible, it just needs some updating. Apt on it's worst day will continue to work, which is more than can be said about Windows Updates, which can be evidenced from this thread.
>>
>>60389933
it's for win7 x64 only, you can check the source link for other versions:
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212
good luck downloading from microsoft though, the servers are overloaded today.
>>
>>60388807
I haven't updated my shit in over a year, why haven't I gotten it?
>>
>>60389929
You gather the checksums of caught specimens and compare them with all the files in your computer.
I.e. a "malware scan". Unfortunately those are never exhaustive enough since the vendors would only know of a malware signature after the outbreak starts.
>>
>>60389929
You need to at least monitor and log network connections like a hawk. If this is too much to handle, back up and reinstall.
>>
>>60389998
is heuristic protection any good now a days?
>>
File: hurghhllgh_hrughl.png (182KB, 481x511px) Image search:
[Google]
182KB, 481x511px
>>60389649
>t. Arch maintainer
>>
>>60389919
I really liked portage although I wish environment variables were explained comprehensively somewhere. Also compile times were a bitch.
I think I'm going to give gentoo another go though.
>>60389975
Anon is right, this isn't a package manger bickering thread. Any new updates on the worm? Why has none of this hit mainstream media?
>>
>>60389985
>.msu
what i read told me not to open any .exe, this exclude .msu right?
>>
>>60390077
>Why has none of this hit mainstream media?
They're busy coordinating how they're going to spin this against Russia.
>>
>>60390090
thats the windows catalog stupid ass
>>
>>60390117
i am stupid ass but please have mercy and dont trick me
>>
>>60390137
those .msu files are only run by WUSA.exe which is the updater program in windows operating systems
You just download the .msu you need, double click and its automatically installed by WUSA
>>
File: really makes you think.png (1MB, 3840x1200px) Image search:
[Google]
1MB, 3840x1200px
>>60389649
>>
>>60389403
Everyone shits on windows update but single GNU/Linux distribution I tried literally broke the system after updates, with the only exception of Ubuntu (so far), at least windows keeps working after a failed update which is miles better than Linux
>>
File: 1493817354195.jpg (23KB, 552x535px) Image search:
[Google]
23KB, 552x535px
>>60389958
>Fedora packages
>>
>>60389198
>tinfoil hat
>win10 telemetry is a fact
>microsoft involvement in NSA PRISM program is a fact
No subterranean lizardmen or flat Earth UFOs here. There is nothing tinfoil hat-ish about mistrusting Microsoft.
>>
>>60389281
Use wsusoffline check security updates only, go andere ur done...
>>
>>60388923
The fire rises.
>>
>>60390090
that's the extension used by windows updates (similar to msi).
>>
>>60390171
>Debian based distro
Are you retarded?
>>
>>60390137
Don't believe them, they've been tricking newfags all day. It installs a remote root on your computer, botnetting you. Apart from the built-in killswitch no real patches have been released yet, so don't buy any of it.
>>
>>60389685
Whitelist executables. Windows allows it I believe. And if some 60 year old asks you angrily why the computer won't let him open dailyreports.pdf.exe you tell him to sod off.
>>
>>60389958
http://py3readiness.org
>>
>>60390190
What wrong? It's the same packages in every distro.
>>
>>60389198
>not wanting an American megacorp to harvest and sell your personal data is """autistic"""
Sure thing poojeet
>>
>>60390227
Fuck me, which side should i trust
>>
If I have to disasble SMB, what can I use to replace it? I use it all the time to access my NAS and deploy code to webservers, and move around database backups. I need a direct way to interact with my servers.
>>
>>60390186
Are you using /g/tard distros or enterprise distros?
Remember this is a teenager edgelord forum. If you go here for actual advice instead of shitposting and traps you have no one but yourself to blame. Debian Stable is stable and you don't need bleeding edge shit on anything but a toy.
>>
>>60388835
It costs money and things don't go wrong usually until they do. A lot of the time it's more financially efficient to just eat shit. I love capitalism but that's capitalism and saying, "man, everyone is so dumb, but not me!" isn't gonna fix the underlying issue.
See: car manufacturers, plus many others with the same problem.
Either you regulate it out if you want to go that route or logic wins almost every time. And you probably don't want to regulate mandatory upgrades to new software versions for obvious reasons.
>>
>>
>>60390265
Seriously dude, don't download anything from here. The kill switch was already activated, it's not worth the risk of botnetting yourself just to download a fix you don't need.
>>
>>60390267
just update your OS you mongoloid
>>
What GNU/Linux disto should I use?
>>
>>60390317
If new, Xubuntu works well for getting shit done.
If want babby's fresh rice distro install that in a VM.
You should go to real Linux forums for advice. Not here.
>>
>>60390315
>kill switch
https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack
This? I am so stupid but these news need a timeline
>>
>>60390317
Any distro with python3 by default, so pretty much Gentoo and Arch.
>>
>>60390315
>The kill switch was already activated
Anon...
>>
>>60390345
> Xubuntu
> python2 by default
In the trash it goes.
>>
>>60390365
Look, the bottom line is that you can open back up the ports on your router now, you don't need to download any suspicious software from /g/.
>>
>>60390237
>dailyreports.pdf.exe
That's not how it works, though.
>>
>>60390425
You speak sense but nonetheless thanks for others' helping
>>60390370
explain kindly
>>
>>60389061
>>60389503
You people seem to be forgetting that these ransomware authors are actually fairly reasonable.
They'd rather get less than nothing, and I wouldn't be surprised if they just let some poor fuckers off the hook. Remember that they offered a six month extension for extremely poor people.
Hearts and minds, people.
>>
>>60390481
Versions without the kill switch have already been sighted
>>
>>60390448
This. It's more like
asspounding.net => (You)
>>
Literally just don't own important files. Easy as that
>>
>>60388807
Is this 'WannaCry' shit open-source? Seems like the creator is making some good money. I'd be game to send out some copies and get a few thousand in Bitcoin.
I use Linux, doesn't matter to me.
>>
How long until someone creates a botnet to protect us from evil botnets like Mirai and Microsoft and things like this ransomware?
>>
Are normies in panic mode or will they not care until tomorrow?
>>
>>60390600
Pffft. That's just """Common Sense"""!
>>
>>60390685
What's happening tomorrow? I haven't been keeping up with the news.
>>
I haven't updated my Windows 7 work computer because of svchost problems. Monday will be fun.
>>
>>60390610
I'd just like to interject for a moment. What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.
>>
>>60388963
>sudo python3
Nigger what are you doing.
>>
>>60389575
what complicates this further is that, specifically in healthcare you have to deal with privacy regulation, HIPAA, etc that implies that you should encrypt any off-site back-up. Setting up routine, encrypted backups is a bit more of a pain.
I set up a nightly script for my old office that seems to still be working well as long as they're rotating the drives...
>>
>>60388894
I hope you will cry in prison
>>
>>60388852
since they use only 3 (or apparently 5 now) hard-coded addresses, I don't think the creators expected this to blow up so big. or, they never planned to give the encryption keys in the first place. (which I think all other ransomware does)
>>
File: bunkerscreen.jpg (71KB, 856x480px) Image search:
[Google]
71KB, 856x480px
Someone alert Tarkin.
>>
I'm still running Windows XP and nothing is happening...
>>
>>60389732
>Here's your (You)
oh (You)
>>
>>60390685
I'm willing to bet the number of concerned normies is less than the number of anons in this thread. People just don't understand it. Try explaining to people that weapons grade exploits were dumped on the public and watch their eyes glaze over. You wouldn't even get to explain the implications before they get angry and dismiss you as paranoid. "B-but, no government would do that! Are you some kind of commie? When did you join Hezbolah?"
>>
Does this spread by phishing? Or by worm-style infections that even if you're doing fine, your officemate who clicked that link can fuck the entire business?
>>
>>60388959
I hate faggots, always being retarded for no reason.
>>
>>60390743
tomorrow's monday, people will get back to work and their job pcs
>>
>>60390805
Did you open the email I sent you last night?
>>
>>60388874
Your save if
(1) you don't klick on links in emails or open attachments
(2) you're behind a router
>>
>>60390743
People go back to work, you know, adults with jobs.
>>
>>60390816
The latter.
>>
>>60390743
See >>60390826 mixed with >>60390814 a lot of clueless uninformed normies are going back to work where their systems are most likely going to be targeted. It's going to be mass panicked because they are uneducated heavily on the subject.
>>
How long until /g/entoomen say this is a false flag by windows to make users update to windows 10 botnet
>>
>>60390871
There's roughly 5 threads about it all the time
>>
>>60390871
Yesterday.
>>
>>60390871
Good morning
It's already done.
>>
guys what if this is a false flag by windows to make users update to windows 10 botnet?
>>
>>60390694
Yes, except without the quotation marks.
>>
>>60390202
This. I do this with all windows machines I encounter that appear to have broken windows update.
>>
>>60390826
>>60390836
>>60390865
No, I mean I know monday is work but I mean what's going to happen? The deadline is monday? So all their shit is going to be erased? I haven't been keeping up with the news at all. If their system is patched, they wouldn't have any problems right?
>>
>>60390830
What e-mai- oh god. OH GOD
>>
File: BillGatesonPhone2.jpg (19KB, 140x140px) Image search:
[Google]
19KB, 140x140px
>>60390871
>Shuddit doughn, thair ondue us!
>>
File: 4626364848.jpg (71KB, 747x754px) Image search:
[Google]
71KB, 747x754px
>this is what Wincucks have to deal with from time to time
>>
>>60390913
Those aren't quotation marks, that's the AURA OF PURITY.
>>
>>60391014
Last I had a mlaware issue was in the last decade on Win XP
You have to be a retard to get infected with wannacry
>>
>>60390955
If a work PC got infected over the weekend, they aren't going to know until tomorrow. That is why the shit hits the fan tomorow- It already has likely hit the fan.
That, and there are probably a lot of new "wantsumfuk.pdf.exe" docs sitting in their inboxes waiting to be opened by some office idiot which will in-turn infect the whole office.
>>
File: kvn1494782730.jpg (228KB, 428x602px) Image search:
[Google]
228KB, 428x602px
They're doing quite nice for a weekend.
I wonder what they'll bring up tomorrow.
>>
>>60391040
So, literally, 95% of the population? This is gonna be exciting.
>>
>>60391067
What headlines will no doubt happen?
>WANNACRY CRASHED THE STOCK MARKET LIKE BREXIT VOTE DID #STOPRACISTHACKERS
>>
>>60391093
Not expecting anything like that to be honest.
I can only say I am glad that this has happened.
*Maybe* people will think about security a bit more after all this shit.
Probably not tho, humans suck.
>>
>>60390871
1) get everyone on Windows 10 which is "safe"
2) get everyone to move all their data to TheCloud(tm) which is "safe from ransomware"
3) get a case in point to push for legislation banning encryption for civilian use "to thwart creation of ransomware"
>>
>tfw Windows won't update
I hate my life.
>>
>>60391150
Use WSUS
>>
>>60391067
Are people reporting if paying works?
I mean for this version, I know it works generally.
>>
>>60391093
>Trumpkin's Blumpkin Turns WallStreet Into A Pumpkin
Story at 11:00.
>>
>>60391158
WSUS Offline
>>
>>60391167
Haven't heard about people actually getting their files back. I actually hope they don't.
>>
File: 1494403525327.jpg (75KB, 355x458px) Image search:
[Google]
75KB, 355x458px
>>60391150
OH FUCK THAT REMINDS ME MY VN PLAYING CHINK TABLET WON'T UPDATE ALSO
>>
So what do you guys think is going to happen tomorrow? Are these cunts gonna try to shut down power grids?
>>
>>60391237
No.
>>
>>60391237
So that C4 documentary about the grid going offline will be real?
>>
www.grc.com test your ports dipshits
>>
>>60391262
No.
>>
>>60391262
That was fookin good fun.
I'm ready to hit someone over the head for some dog food in a branch of Quick Save.
>>
>>60391141
screencapping this to repost in 2027
>>
>>60391328
>That guy who was a wannabe Ray Mears and made his family drink his heated radiator piss
top kek
>>
When I try to update, it just stays like this and then says that Windows is unable to update. What do?
>>
>>60391273
Day late, dollar short. If you're using a Windows machine and you didn't know things like this at the age of 10, you should seriously, just disconnect from the internet until this blows over. You're putting yourself at risk.
>>
>>60391363
>The 2 /naughty/ chaps that stole a car and accidentally blew up a petrol tanker
brit/10
>>
>>60389575
What is needed is a NAS that auto rotates hard disks so that there is an offline backup available should an incident occur. No user intervention required. The NAS just rotates another hard disk each day and puts the previous hard disk physically offline (A well designed SAS connector with good wear and tear resistance that clips in and out on each rotation). It would not be hard to make one and cost would be minimal. It probably already even exists. It would take the human element out of the equation altogether. Also having a built in defense mechanism that detects if any attempts are bing made to modify the backup files outside it's own backup software and immediately blocks that attempt and the PC which is trying to do so sending a message to admins so that PC can be dealt with. This is not rocket science people!
>>
Soooo macOS is safe?
Or am I gucc'd?
>>
File: heartbleed.png (7KB, 341x413px) Image search:
[Google]
7KB, 341x413px
a-am i still relevant guys?
>>
File: caucasian-man-smug-portrait-raising-his-eyebrows-31200451[1].jpg (361KB, 953x1300px) Image search:
[Google]
![caucasian-man-smug-portrait-raising-his-eyebrows-31200451[1].jpg](https://i.imgur.com/oV12ASm.jpg "caucasian-man-smug-portrait-raising-his-eyebrows-31200451[1]")
361KB, 953x1300px
>mfw I'm a leaf
>>
>>60391367
Do you have a c:\windows\softwaredistribution folder on windows 10? I had a similar problem on 7 and stopping the update service and deleting everything in this folder, then restarting the service solved the problem.
>>
>>60391363
https://youtu.be/NczTcpSJQCs?t=2m3s
>>
Everyone bail to macOS, Linux or a cardboard box
don't get fucc'd my dudes
>>
>>60389184
>EARLYSHOVEL
>REDHAT 7.0/7.1
>SENDMAIL
J-jokes on them, I use 7.3, hehe......
>>
>all these windows cucks freaking out over "MUH UPDATES"
>meanwhile I am free and safe on my GNU/Linux system and updates are one command away
Wincucks, when will they learn?
>>
>>60389252
>During hurricane sandy there were sysadmins saving servers from flood, migrating to high ground.
Post them?
>>
>>60389155
You can get the security only versions of the updates from the online update catalog. They're not cumulative, so you have to grab each month's one.
>>
>>60389802
>The switch only gets turned on for syncing files after all other network connections are turned off on the Windows machine. Sounds tinfoil
It's not tinfoil if it's actually a good security measure.
>>
>>60391355
>dubs confirm
uh-oh
>>
>>60391426
>mechanically connecting/disconnecting hard disks on a schedule automatically
If it works it's not crazy.
>>
>>60391898
>"migrating servers" meant something painfully different for once
>>
>>60392136
I understand that they physically moved them, I just wanted to read the epic war stories.
>>
File: unknown.png (56KB, 885x378px) Image search:
[Google]
56KB, 885x378px
Updating's for pussies anyway.
>>
>>60391546
>I use 7.3
literally LAST GOOD VERSION
>>
>>60391893
It's mostly enterprise shit that's affected. Sometimes there's old infrastructure that would be a pain in the ass to upgrade, so it sits there until it gets exploited.
I'm more curious how the fuck people are getting infected with this thing. I mean, I know it exploits SMBv1, but if you don't have any public file shares (and you shouldn't) then how does it get on their network in the first place? Is it just an email phishing campaign or something?
>>
>>60388894
good luck "sending" it out to all those people you are friends.
>>
>>60391893
This. The winkek damage control is off the charts.
>>
>>60391893
>download linux
>get infected from the distro itself
>gain inflated self esteem and invulnerability to viruses
>gloat to myths and nerd's tales while posting loli desktop pics to /g/, /vg/, /wg/
>cry self to sleep at night because no (you)s
>take estrodiol and spiro to soothe the pain
https://en.m.wikipedia.org/wiki/Linux_malware
https://news.drweb.com/show/?i=9686&lng=en
https://www.google.com/amp/s/nakedsecurity.sophos.com/2016/02/22/worlds-biggest-linux-distro-infected-with-malware/amp/
>>
>>60388835
>This teaches companies 2 important stuff.
This teaches companies 1 important thing:
Stop using Windows.
>>
>>60388894
What you've described is basically the business plan used by anti-virus companies.
Congratulations on re-inventing the wheel.
>>
>>60391363
https://youtu.be/NczTcpSJQCs?t=38m44s
>>
>>60391426
Rotating hard drives would be a pain in the ass. There are enterprise solutions for all of this, but they're pretty expensive so I understand why most companies don't use them. Especially smaller ones, since they might not have a sysadmin that can manage something like that.
Anyway, for someone that's on a budget their best bet would be to have an offsite server loaded with disks and ZFS. VPN the server to your network and have a cron job on the server to back up files from other hosts on a schedule. Firewall the server so that it doesn't allow incoming connections, only specific outgoing and established connections. That way the server itself is resilient, and even if another host gets crypto-lockered you'll still have all your backups, since nothing can actually write to the server. ZFS's deduplication will keep storage requirements down, and the whole thing only costs whatever the physical hardware and your time costs.
>>
>>60388909
I agree, the Linux life sure is a comfy life.
>>
>>60392290
>Migrate everything to linux
>Update nothing still
>Get hit with this exact same shit years later
Also good luck convincing anybody to move away from active directory and exchange management for an office over 10 people.
>>
>>60392284
All those articles don't prove anything
Stay buttmad wincuck
>>
File: 1457650395722.png (659KB, 628x720px) Image search:
[Google]
659KB, 628x720px
>>60392284
>posts since been patched malware
>"linux" malware on bottom link was just a website hack and not a direct malware attack on linux itself
Wincucks, WHEN WILL THEY LEARN?
>>
>>60392375
At a certain level you just can't protect people form themselves. Last week there was a Google Apps worm. A user received a phishing email, and it looked like a normal Google Drive shared file notification. They click on the link, and it opens a prompt saying the file needs full access to your email (read, send, delete) and contacts list. So what do they do? Of course they click allow. Then the worm would immediately attempt to spread to everyone on their contacts list.
People are fucking stupid
>>
>>60389243
Doesn't NK have their own internet?
>>
File: manjuice linux.png (16KB, 672x288px) Image search:
[Google]
16KB, 672x288px
>>60392284
>biggest-linux-distro-infected
>Mint
Almost as pathetic as Manjuice Linux
>>
File: 친애하는컴퓨터지도자.jpg (46KB, 750x496px) Image search:
[Google]
46KB, 750x496px
>>60392477
Yes. North Korea has many PC. Very fast connection and modern infrastructure. World best.
>>
>>60389138
>Windows' firewall doesn't block SMB connections on home/corporate networks, only from the Internet
But if I manually changed the rules to block incoming SMB connections from everywhere I'm safe, right?
>>
File: 1494511397208.jpg (40KB, 657x527px) Image search:
[Google]
40KB, 657x527px
>do the test on https://www.grc.com/shieldsup
>everything seems to be safe according to the site
>OS is updated and licensed Win7
However
>my router is connected to a hub which is connected to both my pc and mom's shitty laptop which has a pirated Win7
Can this shit somehow jump through the network and infect my PC as well if she somehow manages to infect her laptop?
>>
>>60392545
I always wondered what the fuck his generals are writing down when he does something.
>>
>>60392552
>Can this shit somehow jump through the network and infect my PC as well if she somehow manages to infect her laptop?
That's the point of a worm.
>>
File: 3D_my_room_1.jpg (69KB, 790x363px) Image search:
[Google]
69KB, 790x363px
>>
File: 1491624720875.jpg (46KB, 596x628px) Image search:
[Google]
46KB, 596x628px
>>60388807
Looks like 'Anonymous' got pwnd by this shit too.
>>
>>60389111
Almost nobody has a PC directly connected to the internet. Your router functions as a hardware firewall. Unless you're forwarding port 445 (you'd know if you were) then it can't spread directly to your PC from the internet. Anyone that is getting infected at home is an idiot that opened some malware or was infected through some other vector. Or someone else on their network did that and they don't have a patched version of Windows. Or someone was infected elsewhere and brought their laptop onto their network.
>>
Anyone make an official looking website that has wcry.exe on it yet?
What would happen if a government worker installed it on their network. All their computers share a z drive
>>
>>60390777
Probably the most timely interjection of this copypasta of all time. And you were rewarded with trips as a result.
>>
>>60389986
No other infected machines on your network.
>>
>>60388909
Amen brother!!
>>
>>60391040
>You have to be a retard to get infected with wannacry
Or have a retard on your local network.
>>
Do you think some companies backup solution is real time file synchronization?
So that the corrupt file is now their only backup?
No one is that incompetent right?
>>
>>60392815
Some companies don't have backups at all, so yes.
>>
>>60392548
Probably. I don't use Windows myself though, so I can't really say for sure.
>>
I heard that the virus also encrypts your google drive. Is that true?
>>
I think Russia is all about fucking up the world as much as they can.
>>
>>60388894
this sounds like something satania would do
>>
Can someone tell me what's going on? I"ve been working all week
>>
>>60391426
>What is needed is a NAS that auto rotates hard disks
Why not simply cut the power supply to a hard disk with a physical switch? Seems much easier.
>>
File: C_ymfHrVoAAOp13.jpg-orig.jpg (167KB, 960x1706px) Image search:
[Google]
167KB, 960x1706px
>meanwhile in ladyboyland
>>
>>60392923
There's no clue as to who it is. I'm honestly banking on it being the chinese.
>>
>>60392923
>Russia
*United States
>>
>>60392600
Tell me something I wouldn't know. The recent DOUBLEPULSAR situation already showed that, despite reservations such as those voiced by yourself, there's still quite a few Windows systems out there that expose an SMB service on the default port to the internet.
https://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
>>
Does it actually decrypt your stuff and go away when you pay? I suppose it just does nothing but I didn't find anything official about it.
>>
>>60392923
>>60392971
You're all idiots, ever played Deus Ex? The NSA deliberately created this ransomware to get people, especially freedumb tards, to update their systems with a backdoor into every Windows PC. It's no coincidence they also released the "patch" for XP. If you updated you fell right into their trap and are fucked.
>>
>>60392962
Is that real? I'm weak.
>>
>>60392962
>kek
>>
>>60393000
>Does it actually decrypt your stuff and go away when you pay?
Most ransomwares do decrypt, don't know about this one though.
>>
>>60393000
Usually ransomware will actually decrypt your stuff after you pay. If word got out that it didn't do that, then nobody would pay. So it's better for them to actually make good on it.
>>
>>60388807
%triforce
>>
>>60392998
Those are most likely either businesses or people with really shitty NAS devices.
>>
File: 1444242006753.jpg (33KB, 351x363px) Image search:
[Google]
33KB, 351x363px
>>60392962
>>
>came back to /g/ because INTEL-SA-00075
>stuck for a while
>was about to leave
>then this shit happens
>"don't forget you're here forever"
>>
>>60393013
>the "patch" for XP.
Which is 666 KB in size (I kid you not, see >>60389062).
>>
>>60390511
>actually fairly reasonable.
>Publishing ransomware
Yeah, nah. If they were "fairly reasonable" they wouldn't be doing this.
>>
>>60389243
>>60389259
in the face of our Great Leader defilers
North Korea best Korea
>>
>>60392605
please make it a thing
>>60392810
You have to not update your computer's security, see >>60391040
>>
I just apt-get update && apt-get dist-upgrade
what else can I do?
>>
>>60388807
>I'm sorry m'am, but the unfortunately the foetus got encrypted. You have to pay up or else the baby will be born in encrypted form."
>>
>>60389062
>666KB
Is this a joke?
>>
>>60393172
No it's not, that's the size of the XP patch.
>>
>>60393122
>666 KB
(((They're))) not even trying to hide it anymore.
>>
>>60391433
you never was really
>>
>>60393210
Damn
>>
>>60388894
Better yet:
1.5 Repackage it with your own BTC address so you get paid instead of the original hacker.
>>
>>60392284
dumb phone poster
>>
>>60393207
Windows explorer (at least some older versions like in XP itself) always rounds kilobytes up. The patch is actually 665.234375 KiB, but explorer shows it as "666 KB".
>>
>>60392923
>t. msm shill
>>
>>60392923
>$50 Imperial Dollars have been deposited into your World Bank account
>>
>>60389610
4) FORCED UPDATES FOR EVERYONE FOREVER (NO EXCEPTIONS, NO EXCUSES)
>>
>>60388894
5. Wait patiently for the Feds/Interpol to break down your door
>>
>>60393311
If I was Microsoft and were testing this XP patch on XP and noticed that explorer show the patch to be 666 KB in size, I'd rather say "gee, that looks a bit too odd, let's pad the patch package a bit so it has a more inocuous size rather than 666 KB of all things", but no, either nobody noticed, or they left it that way on purpose. Go figure.
>>
Someone make a new thread.
>>
>>60393558
Why don't you
>>
What's the next step of their master plan?
>>
If you're using a server and not running Linux you should be fired.
>>
tech noob here,
what's c2?
>>60393720
>>
>>60393865
https://en.wikipedia.org/wiki/Command_and_control
>>
>>60393935
ops wrong link
https://en.wikipedia.org/wiki/Command_and_control_(malware)
It's basically the way communication between ransonware/people behind it is done through tor.
>>
File: wf0qxdi4qhmx.jpg (135KB, 396x482px) Image search:
[Google]
135KB, 396x482px
>>60388894
>>
>>60391014
Terrorist attacks are just a normal part of living in a big city.
>>
>>60392355
> ZFS's deduplication will keep storage requirements down,
If you have a billion dallahz for RAM, sure.
Thread posts: 330
Thread images: 48
Thread images: 48