Thread replies: 104
Thread images: 11
Thread images: 11
File: wana-cry-encrypted.jpg.cca5e38cfa674d315db5f1ca7ad901dc.jpg (73KB, 640x372px) Image search:
[Google]
73KB, 640x372px
I work at the IT department of a large shipping company in the US and as of today we are getting a new wave of wanaCry infected computers. These are computers that DO NOT have the SMB exploit. It is even hitting computers that are in sleep mode that nobody has touched that we keep charged to hand out as temporary work stations while we are working on someone's computer.
So far only 2 computers of the dozens infected have shown the signature red pop-up demanding bitcoins, the rest have been bricked mid-encryption when critical system files begin disappearing. We have no idea how it is spreading or how it is able to hit computers that are asleep.
I am absolutely not supposed to be posting this here but we're fucked. This is not supposed to be possible. May God help us.
>>
>>60552474
Go cry to the NSA.
>>
>>60552474
Get a Mac.™
>>
>>60552474
Based hackers!
>>
>>60552474
There were other tools leaked by the Shadow Brokers. Microsoft patched all of them except for some reason DoublePulsar, which is at the heart of all of this. Keep your shit up to date anon.
>>
>>60552474
Stupid roleplayer.
>>
Join us now and share the software;
You'll be free, hackers, you'll be free.
Join us now and share the software;
You'll be free, hackers, you'll be free.
Hoarders can get piles of money,
That is true, hackers, that is true.
But they cannot help their neighbors;
That's not good, hackers, that's not good.
When we have enough free software
At our call, hackers, at our call,
We'll kick out those dirty licenses
Ever more, hackers, ever more.
Join us now and share the software;
You'll be free, hackers, you'll be free.
Join us now and share the software;
You'll be free, hackers, you'll be free.
>>
>>60552548
strangely relevant to this thread
>>
File: 1484640781310.png (205KB, 388x476px) Image search:
[Google]
205KB, 388x476px
>>60552474
Oh great. Another wanacry thread. Its been almost 5 minutes, I was getting worried.
>>
File: 1492963933870.jpg (99KB, 932x1024px) Image search:
[Google]
99KB, 932x1024px
>>60552548
>rms will die in your lifetime
>>
>>60552474
Like I said, It's not the SMB but the NetBIOS
Fuckers. Disable the NetBIOS services, Server service and set your network adapter settings > connection properties to ipv4 ipv6 only! (uncheck the netbios and other crap that is for the NSA)
>>
>>60552573
rms and alex are buddies
>>
>>60552474
Zeroday confirmed? Make it happen.
>>
>>60552474
>overpaid button presser
go flip burgers or something.
>>
>>60552632
That's why he's crying
;_;
>>
>>60552474
>hitting computers in sleep mode
and that is when its confirmed you are terrible at making shit up
go back to the drawing board kiddo
>>
>I am absolutely not supposed to be posting this here but we're fucked. This is not supposed to be possible. May God help us.
trying too hard
>>
>>60552474
4/10, nice bait
>>
>>60552474
Get Macbooks. Install macOS on PCs.
thank me later.
>>
>>60552474
Well it's your own fault for using MS "os".
>>60552532
This doesn't surprise me.
>>60552678
Exactly.
>>
>>60552678
>>60552760
>what is intel AMT / intel ME
https://libreboot.org/faq.html#intel
there was a new article pretty recently stating that Intel ME & AMT security was a joke (accepting blank password)
>>
https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/
>>
>>60552474
proof?
>>
>>60552532
To run doublepulsar you have to run any of the Eternal* or one of the exploits listed under "use" in fuzz bunch.
You can't just point doublepulsar and expect it to bring a shell up, it's just another program to upload a payload. It's like saying that one can patch metasploit or any framework.
>>
>>60553081
Right, but once you have a way to use DoublePulsar you have immediate admin access. There's no reason not to patch it.
>>
>>60552474
pics?
>>
>>60552474
Any new BTC addresses that are related to the malware?
>>
>>60552474
>how it is able to hit computers that are asleep.
ME/AMT exploit? Do you have AMT configured by any chance? Or did you ever touch it (on many systems it seems to be active even if unconfigured)?
>>
>>60552474
Don't worry, anon. We won't tell the police. *wink* *wink* *nudge*
>>
what os were they running on?
>>
>>60552474
Bumping for interest.
>>
File: howcanhegetawaywithit.jpg (245KB, 600x819px) Image search:
[Google]
245KB, 600x819px
NOTORIOUS HACKER AND CREATER OF RANSOMWARE WANACRY HAS BEEN IDENTIFIED.
HOW CAN HE KEEP GETTING AWAY WITH IT?
>>
Is it really hard to keep fucking updates on?
>>
>>60552474
I actually work at FedEx in Technical Logistics. You're full of shit. This isn't a thing.
>>
File: stallman.jpg (7KB, 288x175px) Image search:
[Google]
7KB, 288x175px
>>60552474
Please Jesus, let this be real
>>
Leave them on so you can get the decryption key from memory.
>>
File: torvald's attourney.gif (1004KB, 350x249px) Image search:
[Google]
1004KB, 350x249px
>>60558205
>>
>>60552556
You MS pajeets hate them don't you?
>>
>>60552556
How was Trump dark-haired, and then somehow became blonde-reddish-haired later?
>>
>>60558241
Fuck Fedex, can't even get a god damn SIM card sent to me from ATT... FedEx lost the damn package in Memphis....
Oh and then there was that time the delivery guy lied about coming to my house and saying. I wasn't home. I convinced someone in mills river NC to get me over to his manger and the manager was PISSED. Dude was wrote hoch and disciplined.
Sorry excuse for a shipping company.
FedEx, you had ONE job.
>>
How will fizzbuzz help me avoid infection?
>>
>>60552474
Imagine having a BYOD Policy in your company because the CEO is butthurt shitlord.
>Raid backup
>I NEED ADMIN RIGHTS ON MY LOCAL PC AND NEED TO HAVE UAC COMPLETELY DISABLED!!!
>>
wtf am I save on loonix?
>>
>>60552474
Imagine having a BYOD Policy because your CEO is a butthurt retard that doesn't wanna pay money for Up-to-date Hardware.
>RAID 'Backup'
>I NEED ADMIN RIGHTS ON MY LOCAL MACHINE OTHERWISE I CANT INSTALL USELESS PROGRAMMS AND NEED HELP WHEN I FUCK UP SOMETHING AND THEN BLAME IT BECAUSE THEY CAN'T FIX IT IN 5MINS!!
>I NEED UAC COMPLETELY DISABLED OTHERWISE MY PRODUCTIVITY GOES DOWN THE DRAIN.
have to leave asap
>>
>>60558842
no
https://forums.gentoo.org/viewtopic-t-1060828.html
>>
>>60558870
>"Yeah, I'm guilty of running FireFox as root. Shame on me - I should have known better."
no cure for stupidity
>>
>>60558853
BYOD is fine for many use cases, and hardware's barely gone anywhere in years.
>>
File: 1495370025270.jpg (65KB, 604x592px) Image search:
[Google]
65KB, 604x592px
>MS slowly increases lethality
>release win 7 specific version
>fuck shit up
>release win 8.x specific version
>fuck more shit up
>go back and fuck more shit up on 7
>everyone runs scared into telemetry 10s teet
you watch
>>
>>60552474
sause or did not happened
>>
>>60552474
Hey FedEx guy.
Is my package still arriving on time?
>>
>>60552548
I can hear it in my head and it's making me uncomfortable
>>
>>60552474
M-MASAKA! I WAS IN CONTROL HERE?!
>>
>>60552632
Source? Wouldn't expect Alex to be friends with a filthy communist
>>
>>60559044
Please enlighten us. BYOD is a fucking nightmare, even more on family owned business. I had a gig on one of those and one of the owners was extremely obtuse.
mfw you have to deal with some owner's smartass nephew's laptop just because he's from the family and tries to access the windows domain but doesnt want his $1500 unsecure device to be touched by the IT's filthy monkeys hands
>>
File: Not Again!.png (23KB, 500x275px) Image search:
[Google]
23KB, 500x275px
>>60552474
Fuck off and try to know what you're talking about next time.
>>
I wanna cry
>>
>>60558205
Sam Hyde again?
>>
>>60559824
>windows IT problems
never said BYOD + Windows was any good anon
>>
>>60558599
by fuzzing the bizz before you get buzzed by the fizz.
>>
>>60552474
>wanaCuck
>>
>>60552474
its all these damn games you're installing to the desktop!!!! youre grounded
>>
Simple. They were infected before you fixed the SMB bug and were waiting for the right moment to get activated.
>>
>>60559872
Well, until you live on a mac/linux millenial perfect world, you have to deal with microsoft, which kinda defeats your argument, but lets bite: BYOD is a nice idea IF and ONLY IF your users are willing to cooperate with IT and not a bunch of entitled stupid assholes that thinks they know more about computer security than you
BYOD= your device + company's rules. simple huh? if you think it is, you have not dealt with enough users
>>
>>60559872
>>60560053
>BYOD
>Employer: "Anon, given that you brought your own device, I won't provide any work computer to you, just work on your own (nice savings for me, thanks btw). However, as you brought it to my premises, I hereby claim authority over your device and reserve the right to snoop through what you have on there and to install hidden surveillance software on it (thanks for all the data you share btw).
If they didn't have profits, they would never even have allowed (let alone have promoted) BYOD to become a thing.
>>
>>60558486
he sold his soul to the jews
>>
>>60560049
This.
Maybe the domain registration they did, only delayed the execution or something.
>>60560024
*gives computer to sister*
>>
>>60552474
This is what you get for using microshit
>>
>>60558578
>not using USPS, the true american way to lose your packages
>>
>>60561496
No, genuine question. It's not uncommon for toddlers to have blonde hair which becomes darker later, but not the other way around. You don't have dark-haired middle-aged people's hair become fiery on its own. So it it fake?
>>
>>60552474
>le Linux shill tactics
please stop, you're not even being paid like the Microsoft Pajeets.
>>
>>60552548
Who wrote this?
>>
>>60562293
FSF
>>
>>60553146
DoublePulsar is basically kernel malware. Without secure boot and the malware compromising the boot process + having kernel level access, it's difficult to remove or patch out.
>>60558578
>>60561848
USPS is way worse
>send $100,000 check via priority mail
>they lose it
>no apology, just an "it happens"
>they wouldn't even refund the fucking postage
>have to get prior check cancelled/new one cut (fee for each)
>ship it via UPS instead because they're more competent
>>
Is this /quest/ now?
>>
>>60552474
Te lo meriti, sporco terrone
>>
>>60558578
>lost the package in Memphis
TN anon here
It was probably stolen
don't blame FedEx
>>
>>60563465
https://www.youtube.com/watch?v=v-Q7Tmw85Xs
When FedEx ships packages through Memphis, unless they originate or are destined for Memphis, they never leave the secure airport/FedEx world hub. Theft from there is basically non-existent.
>>
>>60562105
>fake hair
>>
>I work at IT department of large shipping company in the US
>Image provided is displaying the instructions on Italian
>Wannacry uses system locale to display instructions on the OS language
Either bullshit or OP works for the mafia
>>
>>60562293
Richard Stallman and Brian Eno
>>
>>60558241
>Company getting hit hard right where it hurts
>Lets preemptively disclose a major issue before the quarter reports are required
>Lets tell all our competition that we're getting fucked
You work at FedEx so I know you're fucking stupid, but holy shit this is next level
>>
>>60560049
This This This
This
This
This
The malware doesn't announce itself immediately. It waits until its basically encrypted all your files FIRST, if it announced itself when its just encrypted 0.01% of your files you'd just pull your drive and save your data. That shit was probably lingering for a week or more, depending on how many files you keep on your machines.
>>
>>60552474
http://thehackernews.com/2017/05/wannacry-ransomware-decryption-tool.html
apparently.
>>
>It's wannacry
>But it doesn't spread like wannacry
>And it doesn't encrypt like wannacry
>And it doesn't pop up like wannacry
So every ransomware is wannacry now?
>>
Does Malwarebytes ransomware thing work against this?
>>
Block Port 445
>>
Should i install this? There is no any telemetry?
>>
>>60558486
the same way redheads become blondes when they get old
>>
>>60560024
>>60561609
TRIGGERED
>>
>>60562848
>didn't get insurance on the check
your own fault famalamadingdong
>>
CIA & NSA WAS A MISTAKE
>>
>>60565239
The check is not worth $100,000 and UPS insurance rates are ridiculous relative to value. The check wasn't made out to cash so for $50 ($25 stop payment + $25 to issue a new cashier's check) was the actual cost.
I'm more pissed that they didn't refund the postage for an item they lost.
>>
>>60565264
>UPS insurance rates
USPS Insurance rates*
>>
File: 1492334267519s.jpg (2KB, 100x100px) Image search:
[Google]
2KB, 100x100px
>https://intel.malwaretech.com/pewpew.html
is this site legit or bullshit ?
>>
>>60565307
yes
>>
File: 1470325372385.jpg (44KB, 500x500px) Image search:
[Google]
44KB, 500x500px
>>60565354
>yes
>>
>>60565074
>no any
Why do Russians always keep making this comical grammatical slip?
>>
Is OP's post even serious, or just a troll?
>>
>>60565074
I'd not care at this point. You'd better disable some services and tasks afterwards.
>>
>>60561345
So are you using money as a excuse for lack of basic security guidelines?
sensible chuckle.gif
Good luck safeguarding your business and R&D data, let alone preventing infections and miscellaneous security fuck ups. You are using a computer for work, in a workplace there are security rules to be enforced to prevent you getting harm or you harming others.
Too much of a hassle? dont work there
>>
>>60552474
>We have no idea how it is spreading or how it is able to hit computers that are asleep.
Let me guess, you didn't patch your IME firmware?
>>
>>60570312
>tfw wannacry has been modified to not only use the recent SMB exploit, but also the recent AMT exploit
>>
Upload samples you fucking cunt so someone can analyze it.
>>
>>60562848
>USPS is way worse
>UPS is more confident
Funny, I worked for UPS. No one at UPS used UPS. No one. We all used USPS.
Thread posts: 104
Thread images: 11
Thread images: 11