Personal computing discussed

Moderators: Captain Ned, emkubed

 
ClickClick5
Gerbil Elite
Topic Author
Posts: 549
Joined: Fri Aug 15, 2008 8:28 pm
Location: Alaska
Contact:

That WannaCry ransomware

Fri May 12, 2017 8:21 pm

http://gizmodo.com/today-s-massive-rans ... 1795179984

I'm all patched. Anyone hit by this?
i7-5930k (4.1GHz), 32GB DDR4-2400, 980 4GB, GA-X99-UD3, Samsung 850 Pro 256GB (os/programs), Toshiba 5TB (games), WD VelociRaptor 500GB (games/scratch disk), Win 10 Pro x64
Check out my site for trance sets and other goodies! clickclick5.com!
 
JustAnEngineer
Gold subscriber
Gerbil God
Posts: 17572
Joined: Sat Jan 26, 2002 7:00 pm
Location: The Heart of Dixie

Re: That WannaCry ransomware

Fri May 12, 2017 8:25 pm

Microsoft provided the patch on March 14.
i7-6700K, NT06-Pro, GA-Z170N-Gaming5, 32 GiB, RX Vega56, SM951, 5TB HDD, Blu-ray, FTZ01, SX600-G, C32HG70, RK-9000BR, MX518
 
whm1974
Maximum Gerbil
Posts: 4806
Joined: Fri Dec 05, 2014 5:29 am

Re: That WannaCry ransomware

Fri May 12, 2017 8:34 pm

This is one of the reasons I always keep my system updated. Now this may be a Windows flaw that was exploited, I'm sure that the NSA also had hacking tools for Linux and the BSD that were leaked as well.
 
ClickClick5
Gerbil Elite
Topic Author
Posts: 549
Joined: Fri Aug 15, 2008 8:28 pm
Location: Alaska
Contact:

Re: That WannaCry ransomware

Fri May 12, 2017 8:49 pm

JustAnEngineer wrote:
Microsoft provided the patch on March 14.


I know they provided the patch then, but that certainly does not mean every user or server is patched up.
Last edited by ClickClick5 on Fri May 12, 2017 11:03 pm, edited 1 time in total.
i7-5930k (4.1GHz), 32GB DDR4-2400, 980 4GB, GA-X99-UD3, Samsung 850 Pro 256GB (os/programs), Toshiba 5TB (games), WD VelociRaptor 500GB (games/scratch disk), Win 10 Pro x64
Check out my site for trance sets and other goodies! clickclick5.com!
 
JustAnEngineer
Gold subscriber
Gerbil God
Posts: 17572
Joined: Sat Jan 26, 2002 7:00 pm
Location: The Heart of Dixie

Re: That WannaCry ransomware

Fri May 12, 2017 9:06 pm

If you're too lazy to patch your systems, I hope that you've got good backups and you don't mind the effort of wiping and restoring.
i7-6700K, NT06-Pro, GA-Z170N-Gaming5, 32 GiB, RX Vega56, SM951, 5TB HDD, Blu-ray, FTZ01, SX600-G, C32HG70, RK-9000BR, MX518
 
DragonDaddyBear
Gerbil Elite
Posts: 604
Joined: Fri Jan 30, 2009 8:01 am

Re: That WannaCry ransomware

Fri May 12, 2017 9:29 pm

That virus, or maybe worm, is vicious. It had multiple languages and everything.

I had to check our tools and report up all the ways we can stop it, even though we are mostly patched (stale systems FTL). It's no joke. What make me sad I'd all the stories of health care being hit. You would think with the skills these people have they could make a fine living as a white hat.
 
ClickClick5
Gerbil Elite
Topic Author
Posts: 549
Joined: Fri Aug 15, 2008 8:28 pm
Location: Alaska
Contact:

Re: That WannaCry ransomware

Fri May 12, 2017 11:04 pm

Losergamer04 wrote:
That virus, or maybe worm, is vicious. It had multiple languages and everything.

I had to check our tools and report up all the ways we can stop it, even though we are mostly patched (stale systems FTL). It's no joke. What make me sad I'd all the stories of health care being hit. You would think with the skills these people have they could make a fine living as a white hat.


Up until 2013, the local hospital was running XP with IE6.....only because their intranet needed IE6. So honestly.......not surprised one bit.
i7-5930k (4.1GHz), 32GB DDR4-2400, 980 4GB, GA-X99-UD3, Samsung 850 Pro 256GB (os/programs), Toshiba 5TB (games), WD VelociRaptor 500GB (games/scratch disk), Win 10 Pro x64
Check out my site for trance sets and other goodies! clickclick5.com!
 
trackerben
Gerbil Jedi
Posts: 1923
Joined: Mon Jun 15, 2009 12:28 am
Location: 'Tween oceans...

Re: That WannaCry ransomware

Fri May 12, 2017 11:14 pm

Losergamer04 wrote:
...You would think with the skills these people have they could make a fine living as a white hat.


I wonder in whose interests the leakers of the tools were working. The conduit appears to be the usual lawless and/or alienated types, but they could have been used for the purpose. I can't imagine an agency or other responsible org releasing stuff like this that came into their possession, knowing that it would be widely exploited by criminal and religious groups.
 
cheesyking
Minister of Gerbil Affairs
Posts: 2653
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)
Contact:

Re: That WannaCry ransomware

Sat May 13, 2017 5:47 am

Losergamer04 wrote:
You would think with the skills these people have they could make a fine living as a white hat.

Yeah but they'd have to get up in the morning and put on a tie.
Fernando!
Your mother ate my dog!
 
Chrispy_
Gold subscriber
Grand Gerbil Poohbah
Posts: 3982
Joined: Fri Apr 09, 2004 3:49 pm
Location: Europe, most frequently London.

Re: That WannaCry ransomware

Sat May 13, 2017 8:46 am

Another reminder why updates are more than just an annoyance.

I've also moved away from traditional heuristic-based enterprise antivirus since it never catches anything important anyway. Late last year I subscribed my main company to Sophos Intercept X because it's seemingly the main anti-ransomware product for enterprise; Any kind of encryption that happens triggers a copy of the unencrypted file by Sophos first, followed by allowing the encryption to take place. If it turns out that the encryption was malicious, the process is locked down and cleaned, alerts generated and the original files restored from memory/cache.

We had a couple of very minor ransomware infections last year (yes, Flash and Java from PC's that need it for horrible-yet-business-critical online tools) and only hourly snapshotting of our storage saved our bacon. I've always thought a lot of MalwareBytes, but I'm tempted to buy a corporate license to cover the couple dozen machines that still have to run Flash/Java. It terrifies me if a senior member of staff who has almost full access to the company network drives gets infected. Their one workstation could single-handedly ransomware-encrypt a quarter-petabyte of data in a night, thanks to crazy fast flash-based SANs!

:O

Hopefully this is the wake-up call for other antivirus vendors to start taking note of malware, sandboxing Java and Flash properly, and perhaps finally having something effective against ransomware.
Congratulations, you've noticed that this year's signature is based on outdated internet memes; CLICK HERE NOW to experience this unforgettable phenomenon. This sentence is just filler and as irrelevant as my signature.
 
DragonDaddyBear
Gerbil Elite
Posts: 604
Joined: Fri Jan 30, 2009 8:01 am

Re: That WannaCry ransomware

Sat May 13, 2017 9:13 am

I haven't seen that Sophos product but gear we have uses it and it's been not that great. Check out Cylance for those machines. It's by far the most effective av we use (long story on why e use 4 av products).
 
trackerben
Gerbil Jedi
Posts: 1923
Joined: Mon Jun 15, 2009 12:28 am
Location: 'Tween oceans...

Re: That WannaCry ransomware

Sat May 13, 2017 9:42 am

Anyone seeing Fireeye at work? They are considered to be leaders in intelligence and handling of persistent threats.
 
DragonDaddyBear
Gerbil Elite
Posts: 604
Joined: Fri Jan 30, 2009 8:01 am

Re: That WannaCry ransomware

Sat May 13, 2017 7:47 pm

Fireeye is good stuff. It's best at protecting zero days. It launches stuff in VMs on the appliances. In theory one it finds something it updates all other appliances with the signature. It also can block call outs, too, preventing the callouts from getting the encryption key or commands (assuming its in line and blocking). I would think that it would have been effective after seeing the attack. I'll have to check their site if I remember to later.
 
Aphasia
Grand Gerbil Poohbah
Posts: 3674
Joined: Tue Jan 01, 2002 7:00 pm
Location: Solna/Sweden
Contact:

Re: That WannaCry ransomware

Sat May 13, 2017 8:02 pm

Fireeye is good stuff, but as pretty much best of breed, they are very expensive. They have also started loosing out to others when it comes to cloud integrations when people are starting to move off-premises like office 365 and having external email, etc.
 
DragonDaddyBear
Gerbil Elite
Posts: 604
Joined: Fri Jan 30, 2009 8:01 am

Re: That WannaCry ransomware

Sat May 13, 2017 8:49 pm

Yes they are expensive. The ROI isn't very good unless you are big or your data is worth a lot. I saw a demo of their cloud email service and thought it looked really slick. The link swap it stuff looked like it works will against phishing.
 
trackerben
Gerbil Jedi
Posts: 1923
Joined: Mon Jun 15, 2009 12:28 am
Location: 'Tween oceans...

Re: That WannaCry ransomware

Sun May 14, 2017 12:04 am

What impressed me is that their platform is practically mandatory for many tier-3 financial firms. I was hoping that they have basic detection services for local networked content and cloud e-mail that's priced for consumers, even if the installs also serve as crowd source intelligence points. But all they offer is paid high-end premises stuff with consultation. Even their PC security agents appear to be continually managed by back ends and teams at various levels.
 
Aphasia
Grand Gerbil Poohbah
Posts: 3674
Joined: Tue Jan 01, 2002 7:00 pm
Location: Solna/Sweden
Contact:

Re: That WannaCry ransomware

Sun May 14, 2017 7:16 pm

Losergamer04 wrote:
Yes they are expensive. The ROI isn't very good unless you are big or your data is worth a lot. I saw a demo of their cloud email service and thought it looked really slick. The link swap it stuff looked like it works will against phishing.

The problems comes when you start implementation and actually look at specifics, for you to use their cloud based see that it breaks a few checks. Don't remember if it was SPF that it can handle, or something else, but I remember our mail guys have been muttering a fair bit since they answer from fireeye support was basically, oh, people use that, nah, we don't care about that, so you want to use our service, you cant rely on any of those checks for you or your customers.
 
Vhalidictes
Gold subscriber
Graphmaster Gerbil
Posts: 1463
Joined: Fri Jan 07, 2005 2:32 pm
Location: Paragon City, RI

Re: That WannaCry ransomware

Sun May 14, 2017 7:24 pm

JustAnEngineer wrote:
If you're too lazy to patch your systems, I hope that you've got good backups and you don't mind the effort of wiping and restoring.


I know someone that got hit. Fortunately, there's these things called Snapshots. People refusing to use network drives were sad, though most of those had their own backups.

Turned out to be more annoying than catastrophic. No idea why the machines weren't patched, but that's not my department (literally).
 
derFunkenstein
Gold subscriber
Gerbil God
Posts: 23569
Joined: Fri Feb 21, 2003 9:13 pm
Location: Comin' to you directly from the Mothership

Re: That WannaCry ransomware

Mon May 15, 2017 10:26 am

JustAnEngineer wrote:
If you're too lazy to patch your systems, I hope that you've got good backups and you don't mind the effort of wiping and restoring.

Or if you're dumb enough to run Windows 7 or 8.1 on a system that Microsoft no longer supports, like Ryzen or Baby Kale.
"And and if you start to bleed, stop wiping." -whm1974
 
Waco
Gold subscriber
Gerbil Jedi
Posts: 1968
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: That WannaCry ransomware

Mon May 15, 2017 6:45 pm

derFunkenstein wrote:
JustAnEngineer wrote:
If you're too lazy to patch your systems, I hope that you've got good backups and you don't mind the effort of wiping and restoring.

Or if you're dumb enough to run Windows 7 or 8.1 on a system that Microsoft no longer supports, like Ryzen or Baby Kale.

Still one of MS'es worst moves this year...
Z170A Gaming Pro Carbon | 6700K @ 4.5 | 16 GB | GTX Titan X | Seasonix Gold 850 | XSPC RX360 | Heatkiller R3 | D5 + RP-452X2 | Cosmos II | Samsung 4K 40" | 480 + 240 + LSI 9207-8i (128x8) SSDs
 
Krogoth
Silver subscriber
Gerbil Elder
Posts: 5328
Joined: Tue Apr 15, 2003 3:20 pm
Location: somewhere on Core Prime
Contact:

Re: That WannaCry ransomware

Tue May 16, 2017 5:42 am

Waco wrote:
derFunkenstein wrote:
JustAnEngineer wrote:
If you're too lazy to patch your systems, I hope that you've got good backups and you don't mind the effort of wiping and restoring.

Or if you're dumb enough to run Windows 7 or 8.1 on a system that Microsoft no longer supports, like Ryzen or Baby Kale.

Still one of MS'es worst moves this year...


Not really. You shouldn't be running Windows 7/8.1 as a real OS on such platforms. It is akin trying to run Windows 9x/NT4 with an Athlon 64 and Pentium 4 D back in the day.
Ivy Bridge i5-3570K@4.0Ghz, Gigabyte Z77X-UD3H, 2x4GiB of PC3-12800, Sapphire RX Vega 64, Corsair CX-600 and Fractal Refined R4 (W). Kentsfield Q6600@3Ghz, HD 4850 2x2GiB PC2-6400, Gigabyte EP45-DS4P, OCZ Modstream 700W, and PC-7B.
 
derFunkenstein
Gold subscriber
Gerbil God
Posts: 23569
Joined: Fri Feb 21, 2003 9:13 pm
Location: Comin' to you directly from the Mothership

Re: That WannaCry ransomware

Tue May 16, 2017 8:10 am

But the reason you shouldn't be running it is because MS discontinued updates. The idea that MS discontinued updates because you shouldn't be running it on modern platforms is the very definition of circular logic.
"And and if you start to bleed, stop wiping." -whm1974
 
Vhalidictes
Gold subscriber
Graphmaster Gerbil
Posts: 1463
Joined: Fri Jan 07, 2005 2:32 pm
Location: Paragon City, RI

Re: That WannaCry ransomware

Tue May 16, 2017 11:18 am

derFunkenstein wrote:
But the reason you shouldn't be running it is because MS discontinued updates. The idea that MS discontinued updates because you shouldn't be running it on modern platforms is the very definition of circular logic.


"It's a bad idea to do something the vendor discourages" might be annoying but it's not circular. You can blame MS all you want; And you'd be right to do so. But the facts are that Windows 7 is abandonware and it's generally considered bad to run abandonware as a serious OS, especially if it was formerly really popular.

On a side note, I've recently been running Windows 98SE on a VM as an Internet browsing host, and it's pretty cool - essentially no malware will run on it. That said, most browsers won't run on it either so I need to get myself a Windows RT machine before they go away completely.
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26220
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: That WannaCry ransomware

Tue May 16, 2017 12:14 pm

Vhalidictes wrote:
But the facts are that Windows 7 is abandonware and it's generally considered bad to run abandonware as a serious OS, especially if it was formerly really popular.

Yet another entry point in my long-running chronicles for Federal Agency X (and this time Y), and their IT follies.

Agency X requires its insured institutions to report quarterly using an on-line system driven by Silverlight. If you run FireFox, Chrome, or Edge, and let your browsers update themselves, you can't get into the app. You either need to back up to FF 51 or use IE11. Nothing on Agency X's page for this service even notices that this is an issue. Oh, and X still runs Win 7 for no reason I can see (damn thing has resisted all my attempts to remove its lockdowns).

Agency Y issues us software we use in the examination of our regulated institutions. They have certified it (as yet) only for Win 7, so that's what my (non-X) work lappy runs. I have tested it on Win 10 but, like any other intelligent user, I'm not moving until the author certifies.
If the Earth were flat, cats would have pushed everything off of it by now.
 
Waco
Gold subscriber
Gerbil Jedi
Posts: 1968
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: That WannaCry ransomware

Tue May 16, 2017 12:46 pm

Vhalidictes wrote:
derFunkenstein wrote:
But the reason you shouldn't be running it is because MS discontinued updates. The idea that MS discontinued updates because you shouldn't be running it on modern platforms is the very definition of circular logic.


"It's a bad idea to do something the vendor discourages" might be annoying but it's not circular. You can blame MS all you want; And you'd be right to do so. But the facts are that Windows 7 is abandonware and it's generally considered bad to run abandonware as a serious OS, especially if it was formerly really popular.

On a side note, I've recently been running Windows 98SE on a VM as an Internet browsing host, and it's pretty cool - essentially no malware will run on it. That said, most browsers won't run on it either so I need to get myself a Windows RT machine before they go away completely.

I don't disagree R.E. WIndows 7...but 8.1? It *shouldn't* be abandonware already. It actively cost MS money to block newer CPUs on 8.1 versus just marking them "unsupported".

I don't run either of them, but I still think it was a monumentally stupid decision.
Z170A Gaming Pro Carbon | 6700K @ 4.5 | 16 GB | GTX Titan X | Seasonix Gold 850 | XSPC RX360 | Heatkiller R3 | D5 + RP-452X2 | Cosmos II | Samsung 4K 40" | 480 + 240 + LSI 9207-8i (128x8) SSDs
 
whm1974
Maximum Gerbil
Posts: 4806
Joined: Fri Dec 05, 2014 5:29 am

Re: That WannaCry ransomware

Tue May 16, 2017 12:55 pm

Captain Ned wrote:
Vhalidictes wrote:
But the facts are that Windows 7 is abandonware and it's generally considered bad to run abandonware as a serious OS, especially if it was formerly really popular.

Yet another entry point in my long-running chronicles for Federal Agency X (and this time Y), and their IT follies.

Agency X requires its insured institutions to report quarterly using an on-line system driven by Silverlight. If you run FireFox, Chrome, or Edge, and let your browsers update themselves, you can't get into the app. You either need to back up to FF 51 or use IE11. Nothing on Agency X's page for this service even notices that this is an issue. Oh, and X still runs Win 7 for no reason I can see (damn thing has resisted all my attempts to remove its lockdowns).

Agency Y issues us software we use in the examination of our regulated institutions. They have certified it (as yet) only for Win 7, so that's what my (non-X) work lappy runs. I have tested it on Win 10 but, like any other intelligent user, I'm not moving until the author certifies.

I thought Silverlight was dead and MS had quit supporting it.
 
derFunkenstein
Gold subscriber
Gerbil God
Posts: 23569
Joined: Fri Feb 21, 2003 9:13 pm
Location: Comin' to you directly from the Mothership

Re: That WannaCry ransomware

Tue May 16, 2017 1:00 pm

Exactly Captain Ned's point.

I used to do 2nd-level helpdesk as a contractor for a Fortune 500 company about 10 years ago. I have similar stories about older software than Windows 7. In late 2006 they were just completing their migration to Windows XP and depending on which intranet Java app you wanted to use, you had to install one of two different outdate Java plugins to do it and block updates. The few sad users who had to use both Java apps actually and two different machines, one for each. That was cheaper than updating the software.
Last edited by derFunkenstein on Tue May 16, 2017 1:02 pm, edited 1 time in total.
"And and if you start to bleed, stop wiping." -whm1974
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26220
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: That WannaCry ransomware

Tue May 16, 2017 1:01 pm

whm1974 wrote:
I thought Silverlight was dead and MS had quit supporting it.

You would be correct, but the brain-dead "IT staff" at Federal Agency X hasn't cottoned to that fact, nor to the fact that all modern browsers block the plug-in. I checked this AM and X's web site still lists Silverlight as a requirement and provides a link for download. There's a train wreck coming and the agency that will cause it doesn't even appear to grok that it IS coming.

Welcome to gov't (especially Federal) IT. Dollars to doughnuts (Krispy Kremes are NOT doughnuts, only cake doughnuts qualify) there are myriad Federal PCs still running IE6 because "it'll break otherwise". It was publicized when it happened in 2014, but the IRS bought "full extended service" from MS for XP (for an unknown term) rather than upgrade.
If the Earth were flat, cats would have pushed everything off of it by now.
 
Hawkwing74
Silver subscriber
His Holy Gerbilness
Posts: 13679
Joined: Wed Aug 20, 2003 5:51 pm
Location: Streamwood, IL

Re: That WannaCry ransomware

Tue May 16, 2017 1:06 pm

This thread made me think. I may have a Win 8.1 PC at home. It shows "end of mainstream support for Windows 8.1" in Jan 2018. What is the difference between mainstream support and extended support?

And LOL at Captain Ned's example. My Fortune 20 company is as bad, mostly running Windows 7 on desktops.

I got *upgraded* to that last year from Win XP. Still on IE 8 which means many things do not work. Have to use Chrome except for a few internal apps.

Glacial pace.
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26220
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: That WannaCry ransomware

Tue May 16, 2017 1:13 pm

Hawkwing74 wrote:
What is the difference between mainstream support and extended support?

Mainstream: Service Packs and feature updates.
Extended: Security updates. Win 8.1 leaves Extended 10 JAN 2023.
If the Earth were flat, cats would have pushed everything off of it by now.

Who is online

Users browsing this forum: No registered users and 4 guests