Toggle sidebar

News Article: That big ransomware attack yesterday

AUDub

AUDub

Suspended
Dec 4, 2013
18,481
7,796
187
Give me ambiguity or give me something else.
Don't know if y'all have been keeping up with this, but a huge cyberattack caught everyone off guard over the last few days.

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

Luckily, we didn't get hit and are hoping to keep it that way. We're shoring up our defenses and emergency patching everything. In spite of the fact that I was in Tuscaloosa yesterday for a soccer invitational (won one, lost one, but Sadiebug scored in both games yay!), I spent practically the whole day in conference calls with our VP of ops, head of IT, various rank and file folks and various vendors like GE, AirStrip and ExcelMedical.

A 22 year old white hat accidently discovered a kill switch to stop its spread, which bought everyone some breathing room.

https://www.ncsc.gov.uk/blog-post/finding-kill-switch-stop-spread-ransomware-0

Microsoft took the highly unusual step of releasing an emergency patch for XP.

http://www.zdnet.com/article/wannac...s-patch-for-windows-xp-and-other-old-systems/

Everyone, be on the lookout. Don't click on any email attachments from unfamiliar sources. PATCH PATCH PATCH! Patch everything!
 
scary stuff going on, especially in Europe were this hit a bunch of hospitals. Can you imagine not having access to any hospital systems due to ransomware when prepping for surgery?
 
AUDub said:
Yep. It terrifies us. Luckily we have a good IT department and other operational divisions (I'm biomedical engineering) and this dropping was like kicking a beehive.
Click to expand...

I haven't heard of this hitting in the US but the stories flying around reddit from the UK Yesterday were a bit terrifying. This is why the NSA shouldn't be building these weapons they get into the wrong hands
 
Jon said:
I haven't heard of this hitting in the US but the stories flying around reddit from the UK Yesterday were a bit terrifying.
Click to expand...

Fedex and a few others got it, but it luckily didn't spread much here. The aforementioned white hat bought us that time. If I ever find out who he is, I might send him the 10 dollars he dropped to register that domain and incidentally activate the kill switch. A temporary reprieve, but an invaluable one to buy us time to patch.

Jon said:
This is why the NSA shouldn't be building these weapons they get into the wrong hands
Click to expand...

This. And I really wish it would bite them, even though I know it won't.
 
From what I understand the program was designed to attack only Microsoft operating systems. Not, for example Apple.

Anyone know how true this is?

And if so, why wouldn't a hospital (for example) get away from MS and go to an OS that is less vulnerable?
 
Bazza said:
From what I understand the program was designed to attack only Microsoft operating systems. Not, for example Apple.

Anyone know how true this is?

And if so, why wouldn't a hospital (for example) get away from MS and go to an OS that is less vulnerable?
Click to expand...

Exploits a vulnerability specific to Microsoft Windows, particularly, older versions. Not to say you shouldn't patch up if you're running Win 10, but you're less vulnerable on 10 than say 8,or XP. If you're not on any version of Microsoft Windows, you should be good to go with respect to this particular ransomware.
 
Bazza said:
From what I understand the program was designed to attack only Microsoft operating systems. Not, for example Apple.

Anyone know how true this is?
Click to expand...

This is an exploit that takes advantage of a known vulnerability in Windows. Everyone runs Windows, so nobody puts much effort into exploiting UNIX like OSs like OSX. If they did, the situations would be similar. Windows rules the roost, so it gets targeted.

Bazza said:
And if so, why wouldn't a hospital (for example) get away from MS and go to an OS that is less vulnerable?
Click to expand...

All OSs can be exploited. The problem is that this really stings the no longer supported legacy OSs like Windows XP, Server 03 etc. Ones MS no longer patches.

A lot of places run legacy hardware. Making a huge technology change such as an operating system at a hospital isn't easy. Cost, compatibility, people who are "tech challenged" and the amount of time and money that it would take to train the employees to make such a change is usually not financially worth it. Unfortunately, it results in situations like this.
 
Bazza said:
I thought it was a young man from Indiana...they mentioned him by name on last night's World News Tonight (ABC).
Click to expand...

The link I posted to the real-time map is actually run by the guy who registered the domain. He's anonymous, British, and goes only by "MalwareTech". He and a guy in Michigan named Darien Huss together identified the kill-switch. But the Brit is who registered the domain name.

That's how he's tracking the real-time propagation - pings to his domain. The ransomware has a line of code that pings that domain name. If the domain is registered and active, the ransomware is turned off. Hense, the kill-switch. Before he registered the domain name, the ping wasn't answered, and the ransomware remained active.
 
PacadermaTideUs said:
Exploits a vulnerability specific to Microsoft Windows, particularly, older versions. Not to say you shouldn't patch up if you're running Win 10, but you're less vulnerable on 10 than say 8,or XP. If you're not on any version of Microsoft Windows, you should be good to go with respect to this particular ransomware.
Click to expand...

Wow...you mean to tell me there are people out there still running XP? :eek:

They should at least move up to Vista...like me! :)

Thanks, Pac...I have a new PC with W10 but haven't set it up yet. Getting good mileage from this Vista! :)
 
Seems like this could be related to an NSA 0-day exploit they were holding onto that got leaked into the hands of the bad guys.


Guess that just about wraps up the argument for letting the NSA have backdoors into commo systems and hardware.
 
Bazza said:
Wow...you mean to tell me there are people out there still running XP? :eek:

They should at least move up to Vista...like me! :)

Thanks, Pac...I have a new PC with W10 but haven't set it up yet. Getting good mileage from this Vista! :)
Click to expand...

Yep. A lot of places. We're still on the tail end of our upgrade to 7. Probably 50ish machines in the hospital that run XP, and several servers run server 03. Vast majority of PCs are 7, and RHEL on the server side now.
 
PacadermaTideUs said:
The link I posted to the real-time map is actually run by the guy who registered the domain. He's anonymous, British, and goes only by "MalwareTech". He and a guy in Michigan named Darien Huss together identified the kill-switch. But the Brit is who registered the domain name.---snip---
Click to expand...

Somehow I got mixed up with what i thought was on the news. Thanks for the clarification, Pac! I agree...someone buy that man a black and tan...at least!
 
Bazza said:
Wow...you mean to tell me there are people out there still running XP? :eek:

They should at least move up to Vista...like me! :)

Thanks, Pac...I have a new PC with W10 but haven't set it up yet. Getting good mileage from this Vista! :)
Click to expand...

Upgraded from 8 to 10 about a year ago. Took some getting used to, but I love it now.
 
You must log in or register to reply here.

New Posts

Advertisement

Trending content

Advertisement

Latest threads

Top Bottom
Back