Meanwhile on Russian and Ukrainian petrol companies

>>61104551
New zero day?

>>61104551
:^)

>>61104788
>using the smiley with a carat nose

>>61104769
Nah it's just MS17-010 again.

>>61106099
>failing to spell caret properly

File: photo_2017-06-27_18-00-51.jpg (111KB, 1043x586px) Image search: [Google]

111KB, 1043x586px

>>61106138
this is not 100% yet, I have read reports that it is not is

Ukraine mostly hit harder, Ukrainian corporations, ministries and even fucking grocery stores are RIP (pic related)

Ruskies got hit only at petrol companies from what I know

>>61104551
>>61104769

>not patching SMB exploit
>patch was released back in fucking March
>not learning mistakes from last WanaCry outbreak
>not having backups ready to go

Our whole world is ran by people that don't know what they're doing. God help us all.

>>61106183
it is most probably not using SMB

>>61106197
except it is

https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/

It's using the same ETERNALBLUE exploit. Most people are just retarded and didn't patch the exploit from the last attacks.

>>61104551
Let me guess. Windows computers?

>>61106237
fake news. well, outdated, at least, some people confirm it is not petya.

File: SCREEEEEEE.jpg (33KB, 295x320px) Image search: [Google]

33KB, 295x320px

>>61104551
>it's not even written in Chinglish
I think that >>61106168 is right.

>>61104551
should've gone diskless or at least redeploy disk images

>>61106246
Yeah, you know. The same OS that like 90% of the world uses. That one.

If anyone besides neckbeards on /g/ actually used Linux, then maybe hackers would start developing malware for it.

>>61106357
>maybe hackers would start
We complete our work already.

File: 595270f3c361880a418b4679.jpg (110KB, 900x500px) Image search: [Google]

110KB, 900x500px

Fuck personal PC, what about my money.

>>61106197
Using Super Mario Bros to break into a computer

These nigga crayyy

>>61106357
>The same OS that like 90% of the world uses
You mean the same OS with a userbase dumber than Mac users? >>>61106348

Say thank you NSA

>>61107225
>winfags literally dumber than Mac users
LMAO

so is smbv1 the only problem child or does v2 and v3 need to be disabled as well?

>>61107225
HAHAHAHAHAHAHAHHAHAHAHAHA

no wonder you retards get so much malware

>>61106099
>Not using it
:^)

>>61106357
You shouldn't brag about having such a large userbase when the majority of that userbase is made up of tech illiterates. Also, it's the most insecure OS in existence. Full of holes.

File: 1249163682817.png (10KB, 429x410px) Image search: [Google]

10KB, 429x410px

Should I be worried?

>>61107252
>using the smiley with a carat nose

>>61107320
>Not using it
:^)

>>61107037
is this real <|:^o

>>61106099
>diamond what

>>61107237
Thank you NSA for the day off

>>61107225 (you)
>>61107238 (you)
>>61107248 (you)

Also, blah blah blah, preinstalled, work use, larger sample size, more expensive, yadda yadda yadda.

Real wizards use Arch.

>>61106172
>Still not spelling carrot right

>>61107657
>failure to spell Kakarot

This shit is worldwide:

http://www.hindustantimes.com/world-news/live-new-cyberattack-causes-mass-disruption-in-europe-hits-ukraine-russia-netherlands-and-several-major-companies/story-bW5HYW4ZG1YEHJbpno2I2J.html

I should done some heroes3 message box...
"Petya have been launched.
Number of Linux users increase."

>>61107305
About the attack? Probably not. Unless your computer is outdated or it's on a large company network

>>61106246
how could you be on /g/ and not be aware of what this is.

2017 Year of Linux Desktop confirmed

>>61107304
OSX exists

>>61104551
Huh. That's a new Petya variant.

Last time I saw this they fucked up and made a ChaCha20 (or was it Salsa20?) variant with only 16-bit registers instead of 32-bit, which is a catastrophic crypto fail that allows key recovery.

Anyone got a sample?

File: Ireland and Europe hit by 'Petya' ransomware in cyber-attack with chilling echoes of the 'WannaCry' assault which crippled the NHS 27-6-2017 11-15-43.png (1MB, 1273x3801px) Image search: [Google]

1MB, 1273x3801px

>>61104551

A lot people are making /g/ threads about this ransomware but are deleted in few minutes. Are Mods deleting because dont fit in the board culture of /general/ and headphones?

File: 1410059413386.jpg (32KB, 480x454px) Image search: [Google]

32KB, 480x454px

>>61107993
The mods are in on it

>>61106246

NSA EternalBlue work in mac and linux, but there are fixes since a lot of time ago.
The average Windows user dont like install fixes.

File: afca94e22419a9923b369eaa9ac22b9c.jpg (29KB, 500x328px) Image search: [Google]

29KB, 500x328px

>>61107993

because we dont need the entire front page filled with one single news story

>>61107378
>>61107468
>using the smiley with a carat nose

>>61107305
Are you Russian or Ukranian? if not you're safe, its mysteriously targeted only at those regions

https://m.slashdot.org/story/328035

>close TCP ports 1024-1035, 135 and 445
can anyone confirm this?

>>61108049
>The average Windows user dont like install fixes.
It doesn't help that half the updates are microsoft trying to install spyware / nagware.

>>61108184
that's cnn quality, where did you get that from?

File: 0627172:38:45.png (195KB, 372x368px) Image search: [Google]

195KB, 372x368px

>>61107690
>hindustantimes

>>61104769
ETERNALBLUE is FOREVER baby

>>61108136
>Not using the reversed version
(^:

>>61108282
>using the backward smiley with a carat nose

File: wanna-decrypt.gif (3MB, 1439x720px) Image search: [Google]

3MB, 1439x720px

>>61108187
Yes. https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

It's the same SMB exploit that the NSA wrote malware for. It's kind of amazing and pathetic that this can still be used against big corporations.

>>61108339
>caret

>>61108370
If we are talking about Eastern Europe they probably have updates disabled because pirated Windows.

>get ransomware
>get telemetry
choose one

>>61109063
It's only a potential chance of getting ransomware.

>>61109063
There is another option. Install gentoo
>get depressed and stop using the computer

>>61108710
pirated windows can update though

more like updates disabled because W10

File: chrome_2017-06-27_21-06-05.png (204KB, 645x961px) Image search: [Google]

204KB, 645x961px

>>61104551
It's not only MS17-010 being used. This is quite more than that, it uses WMIC, I'm still reading through some updates from some hobby sec guy for what exactly the infection factor is. It does use EternalBlue.

https://twitter.com/0x09AL/status/879702450038599681

It also does shit through PsExec it seems

>>61109710
Oh and also
>using hardcoded windows paths
I got to say, lazy but efficient with how the spread has been so far.

>>61109710
It also uses WMI as an additional spread vector, so disabling admin shares wouldn't hurt as well

https://notawfulsecurity.blogspot.ca/2017/06/petya-good-practices-final-exam.html
https://twitter.com/HackingDave/status/879735897205460992

>>61109710
>infection factor
HAHA
oh wow

>>61109789
I still haven't slept properly wew, can't be bothered to proof read my posts

File: mmc_2017-06-27_21-16-31.png (15KB, 405x466px) Image search: [Google]

15KB, 405x466px

>>61109761
I checked my services list on WMI, and if I could disable it without worries.

I paused the service earlier, scanned with MalwareBytes to see side-effects, when cancelling the scan, 'Windows popped me an error message about Server could not execute operation.' That's about it.

>>61109761
>reading through blogpost
Design thought: NotPetya's initial targets appear to be unpatched systems, and then it uses dumped credentials to pivot onto patched systems. Clever.

I can't not agree with this. It's very cleverly designed. Just lazy, since there are hardcoded paths.
>installing on any letter aside from C: might save you trouble too.

>disabling WMI
Retard here. If I disable it then Windows Security Center (Firewall, Antivirus?) will be shut down too.

>>61107037
>windows
>on an ATM
kek nobody is this stupid

>>61109946
Hmm, as far as I can tell and if you look at the screenshot >>61109849 here. I paused it and opened control panel and looked over Windows Firewall settings and made some changes, nothing to be alarmed about and nothing of the usual Windows messages came up that my Computer isn't protected shit. I will test some more and see how much my system gets unstable.

>>61109994
>he doesn't know

>>61109849
You can leave WMI enabled but disable admin shares used by the malware ($admin, $c etc). I did it on my PC and Defender and Firewall are still working

HKLM>System>CurrentControlSet>Services>lanmanserver>parameters

Create DWORD key AutoShareServer and set it to 0
Create DWORD key AutoShareWks to 0
Reboot

>>61109994
>kek nobody is this stupid
That's naive as fuck of you

>>61104551
Why only $300? Is there a transaction limit to bitcoin? Or are hackers

 this much [/cpde] stupid?

File: putin.jpg (104KB, 500x500px) Image search: [Google]

104KB, 500x500px

>>61104551
>Ukraine
wonder who could be behind this

they have a guilty conscience, what a bunch of pussies

>>61110130
https://gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759

Found this bit, quite interesting really and I despite the annoyance of this ransomware, props to the guys that made it,

>#Petya uses LSADump to get Admin password and infect all network. There is no need for #EternalBlue vulnerable PCs.

>>61110157
$300 has the purchasing power of $10000 in eastern Europe

if the hackers had asked for more, nobody could afford to get their shit back

good, make them pay the stupid tax

File: the new code.jpg (2MB, 3387x2350px) Image search: [Google]

2MB, 3387x2350px

>>61106177
it couldn't have been Russian hackers if Russia was also hacked

do they actually give you the key if you pay them? If so why don't these banks just pay and afterwards update their systems?

>>61110205

I get it, but didn't the "other" hackers last month who also infected computers with the same similar malware also asked for exactly $300?

So why only $300? I think these hackers are fucking retards and trying to get caught.

Anyone try out the local killswitch?

https://twitter.com/ptsecurity/status/879779327579086848

>>61104551
nice try loonix tard

i can see by your fonts that you'er a linux user

stop smearing microsoft for your linux ransomware

>>61110260
bulletproof logic there

>>61110387
>stop smearing microsoft
Microsoft is doing that themselves by tracking their users.

>>61104551
How is it spread and how come it's localized?

>>61109994
Like every single fucking one runs Posready2009 i shit you not.

Been listening to the 3rd program of the Polish Radio, they reported about Ukraine being hit.
Allegedly everything stopped from railways through banks to government administration because every single fucking thing there runs on an ancient pirated copy of windows.

Ukrainian correspondent already blamed the Russians.

If MS hadn't made updating an inconvenience and made people be more afraid of updating than infections we wouldn't in this mess.

>>61108498
>karrot

>>61110330
>why only $300?
are you actually this fucking dense? if the ransom is lower more people are likely to pay. sub-500 is probably strikes a decent balance between payout likelihood and per-payout margins.

File: Screenshot 18-28-12.png (313KB, 415x643px) Image search: [Google]

313KB, 415x643px

>>61106168
MYSTERIOUSLY DELETED
hmm, i wonder why...

>>61106246
>Leenuk ith tho thecure

>>61109994
Windows XP embedded is the main operating system for ATMs...

>>61114659
what was it?

>>61104551
Weren't the western world meant to have an oil shortage?
This could have been done to sure up supply. If you can't sell fuel it'll go elsewhere.

Australia has been hit as well, a chocolate factory has shutdown because of it

>>61114907
Use the archives when mods expose their faggotry
https://archive.rebeccablacktech.com/g/thread/61104551/#61106168

Does it use the same exploit as Wannacry? Why didn't people update their systems after the last wave of attacks?

>>61109710
So... could I shutdown the machine, run Linux and move the files I wanna save?

>russians are good with computers
It's a mistery that shithole of a nation is even considered a threat to the West.

File: installgentoo.png (27KB, 602x500px) Image search: [Google]

27KB, 602x500px

>>61104551

>>61115199
>Concrete paved roads, and Oscar winners = military success
American logic

File: 14984321769160.png (327KB, 548x728px) Image search: [Google]

327KB, 548x728px

>>61106138
They just didn't fucking update it?
How fucking retarded do people have to be?

>>61115108
It got caught fast and most places didn't care to update afterwards.

>>61109994
Oh anon...

Santa and Tooth Fairy aren't real either.

Install Gentoo.

>>61106183
>patch was released back in fucking March
hahaha fucking sysadmins thinking they know shit and sticking with whatever version of windows they fetishise instead of staying current

>>61106183
can i have patch link?

>>61115319
Targeted file extensions:

.3ds.7z.accdb.ai.asp.aspx.avhd.back.bak.c.cfg.conf.cpp.cs.ctl.dbf.disk.djvu.doc.docx.dwg.eml.fdb.gz.h.hdd.kdbx.mail.mdb.msg.nrg.ora.ost.ova.ovf.pdf.php.pmf.ppt.pptx.pst.pvi.py.pyc.rar.rtf.sln.sql.tar.vbox.vbs.vcb.vdi.vfd.vmc.vmdk.vmsd.vmx.vsdx.vsv.work.xls.xlsx.xvd.zip.

>>61110214
I would agree with you if it wasn't mainly the elderly and the innocently naive who fall for this shit

A friend of mine from uni fell for the "call from Microsoft" scam where they ask you to install teamviewer and a whole bunch of other shit. The thing is, she uses a fucking Mac and still fell for it.

I think you underestimate how out of their depth most people are with computers

Basic security principle, if you don't need it them do not install it or remove it completely. Linux makes this possible, Windows does not.

In Linux it is also possible to fine tune what is needed to a much higher degree up to compiling with custom flags allowing for properly hardened configurations.

Besides, if anything Linux should be a higher profile target since it is what is used in most servers.

File: file.png (2MB, 3153x3106px) Image search: [Google]

2MB, 3153x3106px

>>61117109
>if anything Linux should be a higher profile target since it is what is used in most servers.
Not true at all, you're underestimating just how many sites use shit like ASP.NET

File: Cyborg.jpg (8KB, 303x156px) Image search: [Google]

8KB, 303x156px

>>61114998
N-NANI????

>>61117151
Source?
Only concerning websites there is:
https://w3techs.com/technologies/overview/operating_system/all

And I meant servers in general, not just web servers.

There is a defense now.

perfc
perfcperfcperfcperfcperfcperfc
perfc

>>61117151
>>61117196

so they basically just crawl sites and based on the http headers they assume it's a certain OS? that's pretty fucking retarded. mod_security provides a config option to hide your os type and version in the header, or even change it to something else.

unreliable source imo

File: 1495020595053.jpg (52KB, 405x412px) Image search: [Google]

52KB, 405x412px

>>61117151
>that feel when 2% marketshare on both desktop AND mobile

mainstream sheep need not apply

>>61111271
yep. I've never seen any ATM that isn't running windows 7

unpatched & unupdated versions. btw

>>61115199
>russians
No such thing.

File: 1481527807144.jpg (69KB, 800x600px) Image search: [Google]

69KB, 800x600px

>>61106246

>>61104551
> Ukrainian petrol companies
kek

its a beautiful sunny day, got whole day off thanks to hackers. noice

>>61106183
> Our whole world is ran by people that don't know what they're doing
From what I know, Rosneft has the most adamant security team, not in a good meaning: their IT sec are former soldiers who only know how to follow rules and make others follow those rules. Two years ago they ran IE7 as their main browser.
As you may imagine, "untested" updates from MS are against the rules.

>>61119938
Now that's an exploitable image!

>>61107993
And keyboards, don't forget keyboards

File: 1496185000463.png (72KB, 449x498px) Image search: [Google]

72KB, 449x498px

Is there a way to patch w7 without the rollup telemetry update

>>61104551
Truly a wonderful age we live in. Soon the lazy cheap ass companies will be forced to actually spend money on getting their software & hardwareup to date.

>>61107037
>Fuck personal PC
Yeah, those automated ATM machines are affected too, damn.

>Keeping shit you actually need just sitting on your computers internal hardrive.

If you couldn't format your hardrive right without worrying about losing something important. You're doing it wrong. Seriously.

File: fag.jpg (173KB, 800x600px) Image search: [Google]

173KB, 800x600px

>>61120022

Serious question ma/g/g/ots. Howndo these computers get infected? What is the procces of the computers getting infected. People downloafing stupid shit? Remote port hacking or some shit? Im a retard ntw

>>61119938
wait this is shopped right?

>>61113791
If anything I would've gone with even a smaller amount. $300 is pretty huge for most people around the world, not many are actually able/willing to pay that IMO.

>>61120171
Yes, they target systems without router or firewall. Not sure if it spreads from there (worm)

>>61115199
> is even considered a threat to the West.
It's always funny how most of the western folk consider us subhuman and a threat to the western civilization at once. I mean, isn't that a paradox?

>>61120133
So where are you supposed to keep it, networked storage?
Sure hope those networked computers don't have SMB enabled.

This ransomware will hit any unpatched windows computer on the same network, no matter where it keeps its hard drives.

>>61120171
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144

>>61120213
kinda like the hun or the mongolians. even back during roman civilisation there were threats from barbarian hordes.

>>61120206
Meh, the initial attack vector for systems behind NAT might be different (like through email). From there it just uses eternalblue (and possibly admin shares) to spread.

>>61120247
Yet the Roman civilisation has killed itself. it's funny how things turned out, isn't it?

>>61120171
If it's on a local network it can infect anything else on that network automatically.
How it gets onto that network is the usual retarded user- infected USB drive, infected 'mp3' file, the usual ways.
But once it's on the network, any unpatched computers on that network are pwned automatically.

>>61110293
No. Why not just keep backups of your system and rollback when some dipshit secretary infects your business?