Alright /g/ so I'm an idiot. I heard about wanna cry yesterday

kys

b8

>>60407375
what does this mean? will this fix it?

Pay the ransom

If updates were completly off, too bad. Winblows can take days to install all updates when you're months late.

>>60407355
>Screenshot from 2017-05-1(...).png
>not Capture.PNG
0/10

Guys how can I recover the data?

>>60407421
Revert to backup or pay the ransom and hope it works.

>>60407409
I'm posting from Linux because my boss says the windows computers are "too insecure" to use.

He says he's upgrading to all macs and Linux but wants to try to get the data.

>>60407425
will paying the ransom really work?

>>60407355
Why do I get the feeling this is a false flag to get the mainstream to support the banning of encryption? Seems a bit weird that this hack/virus/whatever uses the term "encryption" so heavily. You would think they would simply say 'your files are being held ransom' or something similar, considering 90% of the oldheads who will get this problem have no idea what encryption is. Now they will see 'encryption' in the news or whatever and think 'encryption = bad because of that one virus i got'

>>60407452
It might. There's no known solution for Wannacry at this point that I'm aware of, but you can try here:
https://www.nomoreransom.org/

Some people are skeptical that paying the ransom will work in this case:
http://www.bbc.com/news/technology-39920269

That being said, if no backups and the nomoreransom site does not have free decryption method, you either pay no money and kiss your files goodbye and pay, might get a decryption key, might get burned.

>>60407392
And whose fault is that?

>>60407481
Here's the truth (source: I'm a time traveler)

>The NSA and Microsoft work in collusion (always have, lookup PRISM)
>The NSA and MS coordinated together to release these exploits
>Windows 10 collects more data than the NSA ever did/could
>by forcing everyone to update to windows 10 the NSA doesn't need to use exploits, just get the data from MS
>By making people fear encryption and cyber terrorism they will be able to crack down on it
>darkweb, torrents, etc will all be watched
>raids on hackers will become more and more common

it's all over /g/.

We need to annex a part of canada and create a new utopia.

>>60407355
https://www.yandex.com/images/search?rpt=imageview&img_url=http%3A%2F%2Fi.4cdn.org%2Fg%2F1494858542953.png

At least pick an image that hasn't been posted in every forum and news article on the fucking internet.

>>60407452
Sounds like your boss is a smart guy. Finally treating the disease instead of the symptoms.

>>60407355
1) Restart the computers.
2) Before the windows starts press F8
3) Choose Safe Mode with networking
4) Find the ransomware files and registries and delete them
5) Install your favorite antivirus, scan the computer and delete the viruses
6) ???
7) If that doesn't work, [spoiler]cut your dick[/spoiler]

>>60407561
This does not seem too far off, sadly.

File: 1492644234003.png (231KB, 410x410px) Image search: [Google]

231KB, 410x410px

>>60407452
>macs
>paying extra for a picture of a half eaten apple and the inability to work on your own machines

>>60407695
>he thinks he will be able to run his computer and access ransomware files when all files get encrypted

>>60407786
He should have done it immediately and quickly or just reinstall the OS.

how can i prevent this (windows 7)?

does this encrypt files on all drives, or just main drive?

and would reformatting fix it?

>>60407355
>WTF do I do now?

Enjoy your new utopia of an all-OSX userbase. It's fuckin lit compared to the shitshow that is Windows AD

>>60407829
install linux

>>60407829
>update to latest
>yes all files connected on the same network
>format fixes everything

>>60407818
The popup doesn't happen until the files are already encrypted, ya dingus.

I swear, /g/ sure likes giving out advice about shit they don't know anything about

File: man-laughing-with-hand-on-his-face.jpg (64KB, 854x800px) Image search: [Google]

64KB, 854x800px

>>60407355
>for my company

Goddamn, this whole thing makes me glad I am in charge of the patching procedure of our Windows machines at our company. I patch those bitches every month. Pretty sure the desktop monkeys also patch my laptop every month too. It amazes me how many professional organizations run an outdated version of Windows.

>>60407772
Even a Mac is cheaper than Windows when accounting for shit like this that seems to plague Windows constantly. Though I would stick with the same machines and just install Linux, desu

R u boss retarded? Isn't easier teach them how to use Linux? Something close to Windows like kubuntu or mint?

>>60407772
I never understood the price argument when it comes to buying Apple products. It's usually a difference of <$1000 and you're only going to be buying a new computer every few years, at least. Even if you bought a brand new computer every 3 years, the price difference between buying a Mac and some Windows PC is a matter of like a dollar per day.
Don't you guys have jobs?

>>60408901
>in house techs can't do shit with them
>thinking finance people aren't going to be asking questions about extra cost for the same power of equipment
to say nothing of all the extra costs for mac only software

>>60408901
Look at me, I'm a mental who pays a thousand extra for a 200 bucks hardware

Every Windows PC which has NOT booted then infected over the LAN may be safely booted using a live Linux USB, CD, or DVD to rescue the data.

Wintards should know Linooks. Lintards should know Winshit.

Windows can be protected using Faronics Deep Freeze on workstations for where you need Windows apps.

OP could use boxes he'd have to format anyway as test machines.

Everyone even slightly into computers should know these basic concepts.

>>60408961
You're acting like paying an extra $1000 for a product you will have for at least several years is at all significant? That's like buying shitty generic 1-ply toilet paper because it's $1 cheaper than 3-ply Charmin Ultra-Soft

>>60407786

I dealt with ransomware like this when I was working at a repair shop. Encrypted my ass, boot from usb and delete whatever was at startup. Done.

Just use CCleaner to clean up the infection.

>>60409116
ITT: literal fucking morons

If the files weren't encrypted then why would this even make the fucking news.

>>60409116
"like" is not "identical"

You don't know anything about this particular ransomware. Go prove your assertion or FOBTR.

>>60407355
>WTF do I do now?
something-something-gentoo

>>60409050
You can't be serious. What pc r u using that u have to change every time? I have the same fucking pc since 2013 and it works great for everything I need, even gameplay. And I paid 400 USD on that

>>60409146

Are you expecting actual tech knowledge from news of all things? It made the news because it was a large scale infection. Also.

>If A is true then why does B happen?

You know that's the most used argument when people don't know what they're defending, right?

>>60409238
Proof that wannacry doesn't actually encrypt the files or gtfo

Apple Macbook doesn't have this problem

>>60409490
way to fuck it up.

>>60409116
RIght. No possibility this is different than your repair shop days...

>>60407355
As far as ive heard nobody that has payed the ransom has gotten their files. But for the love of god disconnect ur computer from the internet dont let this shit spread.

Instead of tracking down the perpetrator and bringing him to justice, the media is telling the people that they are the problem and must be cleansed of their sins

>>60407561
>browsing darkweb
>using windows
you might as well ask around for drugs in the NSA HQ, not much difference

>>60409827

To be fair, you fucks spreading about the "turn off auto update to avoid the windows botnet" meme caused a lot of Normies to turn off auto update...

...so, they missed the security update.

Good going, /g/.

File: Specialist-Crime-Directorate-Police-Central-e-crime-Unit-Virus.jpg (97KB, 599x446px) Image search: [Google]

97KB, 599x446px

>>60409743
>As far as ive heard nobody that has payed the ransom has gotten their files

How's this any different to pic related? From what I can tell it's the exact same virus it's just more widespread because goys are moronic.

>>60409146
>Being THIS naive as to how the news works

Am I on reddit?

>>60410147
you still have provided NO proof that wannacry doesn't encrypt the files bucko

>>60410129
Does this malware use the same exploit? Wannacry can spread on a local network without any user action.

>>60410071
update happened after it got out in the wild

>>60410214
Internet as well, depending on how retarded they were with opening ports.
>>60410236
Windows update was in March, before the shadowbrokers leak.

>>60407495
Yours, of course. Should've updated to Windows 10 Good Goy Edition right away. Microsoft did nothing wrong.

>>60410236

Shadowbroker approached Microsoft. The patch came out in March. Shadowbroker released EternalBlue in April. WannaCry hits in May. Microsoft realises they forgot to release patches for XP, 2k3, and Vista and does so.

Try again.

https://en.wikipedia.org/wiki/EternalBlue

>>60410280

Oh shut up, install windows 10, and swap drives or dual boot with some Unix-like like the rest of us for your non-gaming needs.

>>60410298
Vista, 2k3, and XP were all out of support completely and ordinarily do not get security patches at all. The problem is that some companies (and individuals) still run machines with important duties that run these out of maintenance OSes, thus Wannacry was able to infect them automatically

>>60409230
What are you talking about? That's exactly my point lol. You only buy a computer once every several years, so an extra $1000 (max) is hardly significant.

>>60410368
Running those OS's is not inherently bad though. It's only bad when they're connected to the internet in some form.

>>60410390
The problem is that even if they're not directly internet connected, if one person runs wannacrypt or another malware that has self propagation across the network and the exploit for SMB, then those machines that are not directly internet connected can be infected.

If they're airgapped from the internet it can still be okay but you have other infection vectors.

>$CURRENT_YEAR
>not using EMET

>>60410416
I meant airgapped. Sure there are other methods of infection, but they're irrelevant for this specific case, and would require other unsafe actions like plugging in external hardware or something.

>>60410368

Well aware. I used to be a sysadmin response for the management of a ton of servers responsible for backups. A major regional energy company and an IRS subcontractor are still on 2k and 2k3.

We kept trying to get them to migrate. No luck.

>>60410420
EMET is being discontinued with EOL mid-2018

>>60410444
Boy, an IRS subcontractor? They do like playing with fire eh?

>>60410460

You have nothing to fear if you weren't directly audited. However, if you were, I'm pretty certain your financial info has been stolen at some point or another.

Fucking USB in parking lot attacks, man.

>>60410129
Either bait or you are fucking tech illiterate. Just because it looks similar, it doesn't mean it is the same thing.

>>60410499
My father's was for many years and I was as a dependent. IRS said it was laptop theft and they couldn't even say if it was encrypted or not. We got a year of credit monitoring and that was it.

>>60409490
tru tru

>>60410517

Sounds about right.

We kept telling them to stop sticking strange USB sticks into their work computers.

Did not listen.

So glad I do not work there anymore.

>>60407355

>company

I know this is bait and all but any competent admin would have backups ready to roll in for the sitaution like this.

Really, ransomware shit happens rather frequently for companies, the bigger the more often targeted, which is why IT have everything on backups.

File: 1447224044109.jpg (60KB, 626x551px) Image search: [Google]

60KB, 626x551px

>>60409120

>>60409146
>he thinks "the fucking news" are tech literate
Oh boy. Look a DDOS attack on the rampage too. The end nigh

>>60409116
It wouldn't surprise me if this actually works

>not paying the fine
It's like you don't want to be a speedy speed boy.

>>60407355

>tfw decide to pay ransom so I can get all my documents back
>tfw I transpose the "l" and "I" (that's lower-case 'ell' and upper-case "eye") in the bitcoin address

back to coinbase :-(

File: tmp_32362-1493945511091-526222647.jpg (15KB, 259x215px) Image search: [Google]

15KB, 259x215px

>>60411536
>not using the copy button

>>60411591
>clicking on a virus

How much computing power is necessary to break the encryption?

>>60411626
Probably around the same as to break into one of the btc wallets.

>>60411665
is it sha256?

>>60411626
More than we have available here on Earth. It's 128-bit AES.

>>60411685
>SHA-256
>encryption

>>60411626
Even with all the computers in the world clustered together it would still take until well past the heat death of the universe to decrypt a single file. They are encrypted with a 2048-bit public key. So, around 6 quadrillion years.

>>60411723
>It's 128-bit AES.

Say what? It's not AES, is it? Pretty sure all the Cryptolocker variants use 2048-bit RSA pairs. Unless they are just using RSA for the key exchange and are generating symmetric AES keys?

>>60411723
>>60411760
>128-bit
>2048-bit

which one?

>>60407388
kiss your sister, you'll feel better afterward

>>60411723
>>60411760
>>60411781
>>60411782
"The Trojan generates a random symmetric key for each file it encrypts, and encrypts the file’s content with the AES algorithm, using that key. Then, it encrypts the random key using an asymmetric public-private key encryption algorithm (RSA) and keys of over 1024 bits (we’ve seen samples that used 2048-bit keys), and adds it to the encrypted file. This way, the Trojan makes sure that only the owner of the private RSA key can obtain the random key used to encrypt the file. Also, as the computer files are overwritten, it is impossible to retrieve them using forensic methods."

So, it uses RSA 2048 bit for encryption of the AES key. The AES key has been reported as 128 or 256, depending on which loltechjournalist is writing about it. AES128 will still take a billion billion years to brute force, though.

>>60411782
>>60411781

Here:
https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168

>Each infection generates a new RSA-2048 keypair.
>The public key is exported as blob and saved to 00000000.pky
>The private key is encrypted with the ransomware public key and saved as 00000000.eky
>Each file is encrypted using AES-128-CBC, with a unique AES key per file.
>Each AES key is generated CryptGenRandom.
>The AES key is encrypted using the infection specific RSA keypair.

There. It's not rocket science.

>>60407561

I was considering this idea last night (except fuck Canada). There are a whole lot of machines on mostly private networks that just got a whole mess of new code dumped onto them.

You just can't trust these fucks. If the NSA or (((them))) wanted access to something, they are getting the globe to DL a bunch of shit for free. Meanwhile MS will sell some updated licenses, while they screech about getting fucked by big brother.

>>60407452
>wants to try to get the data
is your company doing regular backups? Because you'll need to restore the data from backups.

>>60407561
Yes, because obviously the answer of "someone used a well-known $2900 commercial malware variant and some Shadow Broker EXEs he found on github and hit a jackpot" is just totally unbelievable compared to "This is a false flag by intelligence agencies worldwide to get people to switch off of Windows 7 onto Windows 10"

>>60412086

It's not the switch to w10, it's the downloading of new code via the update system, into normally dark networks. It's also not a worldwide conspiracy, just a single agency is needed to do it.

I think you protest too much.

>>60412153
>dark networks
>running a proprietary OS

>>60412166

It happens all the time. Industrial plants running PLC's (Iranian centrifuges anyone) would need windows machines to run the programming software. Networks of workstations for intelligence analysts. The office machines for government employees. Most of this stuff would have to run Windows.

How to get new code into these dark networks? A global scare, with some pajeet mole dropping malicious code into an update.

>>60410389
Except what we're telling you is that they're the same thing.

Your shitroll analogy fails because it assumes you're buying 1-ply to save money, when in reality they're both 2-ply and they're both equally comfy.

What you're not paying for is print on paper you're just going to put in your asshole that says "you're super cool and super smart for buying this."

>>60411864
Its just a patch to the software installed by the Patriots claiming to fix Y2K.

Do people use WSUS Offline for Windows 7?

>>60411626
>>60411723
>>60411760
>>60411781
>>60411782
>>60411845
>>60411861
Doesn't really matter what kind of encryption it uses and what algorithm it uses. You can't brute force it even if you had access to the fastest supercomputer in the world. In 2012, it would've taken the fastest supercomputer in the world 1 billion billion years to exhaust the key space of AES 128bit. That's enough time for the universe to die and be born again multiple times over.

>>60412480
It depends.

It really doesn't save a lot of time. On a halfway decent connection, the bulk of the time it takes to update is going to be extracting and installing.

The clue to this is that WSUS is the actual name of MS's update service. It's invoking the same the program the Windows Update GUI does to apply patches.

I only use it when patching a system up from an original retail version, and that's only because most of the time (but not all the time) it automates the entire update process with no gaps in time. It just keeps going until it's done without pause, even after reboots.

>Chrome OS wins again.