Interesting that MS is also patching old versions like XP. This may be hitting closer to home than we think. On Thursday morning, I received a message from Earthlink that an email from "Gwendolyn" with a PDF subject and attachment had been quarantined. Said it was a virus: Ramsomware/Locky As always, if something seems suspicious, it probably is.
Interesting update on this recent ransomware attack: The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted. But the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software. The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who lives with his parents and works for Kryptos logic, an LA-based threat intelligence company. https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack
I'm surprised at how fast it propagated around the world. What do all these computers (or users) have in 80 countries have in common? Maybe it was just silent until now?
I'm certainly not crazy about them, but would disagree. I'd say - anyone (business, government entity, or person) who has ANYTHING that relies on the internet, is attached to the internet, or operates on any publicly available operating system, should be smacked about the head with a large fish and told that they are blithering idiots unless they can demonstrate that their system is impervious to any form of attack or other catastrophe.
Everyone else's job is easy when you don't know how to do it. Zero day exploits guarantee that no "system is impervious to any form of attack." Tornadoes and wildfires disprove your "other catastrophes." Every business is essentially "connected to the internet", and nobody's going to build their own custom OS. All OS systems have flaws -- the most popular OS systems get the most attention from hackers. Most businesses put a lot of effort into cybersecurity defence and disaster mitigation. Yes, there were patches available. However, it is not uncommon for patches from Microsoft to break critical business applications. Many companies will lag a bit on patcing to see how bad the fallout is from the patch. In this case it was a bad idea, but there's been enough cases of bad or revised patches that it is not ab unreasonable approach.
Monday should bring more fun http://www.yahoo.com/tech/businesses-brace-monday-ransomware-threat-lingers-081052025--finance.html In the beginning, it was, a game. Elk Cloner was just a funny joke that did not interfere with anything. Today, computer systems are attached to lives and when those lives are altered, there are real damages. When hackers attach ransoms to unlock computers, they are now playing deadly games. Fry the little <explicative>. Fry them up good.
Elk Cloner: The program with a personality It will get on all your disks It will infiltrate your chips Yes, it's Cloner! It will stick to you like glue It will modify RAM too Send in the Cloner!
WannaCry ransomware loses its kill switch, so watch out - CNET https://apple.news/AA1X5hmh-QG-8q3Vj3_MIhA Am I the only person in the world disgusted with the media for telling the hackers exactly how to fix the problem with their virus? Idiots.
I'd theorize that the commonality was illegal copies of Windows XP (and therefore not able to be updated on a regular basis). The other one would be blindly (and stupidly) clicking on garbage and/or blind links in their inbox.
I think this is most likely the main cause. My company has had two ransomware zero day attacks happen to it. Both times we simply rolled back to a back up of a few hours prior which caused minimal impact to our operation. In both situations, they were caused by users opening up bogus links: 1.) User received a fake "past due" notice in her email. In asking her about it she told me she was "insulted that she would receive such a thing as she ALWAYS pays her bills". She opened the document and boom, ransomware. 2.) Unbeknownst to us, a user had posted a legitimate job ad on Craigslist with her work email plainly visible. This resulted in her receiving both legitimate and illegitimate emails with resumes attached. Soon enough, the numbers came up and one of the resumes contained malicious VBscript in a Word Document. You can have the most sophisticated security system in the world and someone will always find a way in.
That's just like saying you don't have an impervious burglar alarm so you deserved to be burglarized. Sorry but that is a logic I have a real problem with. In my world I shouldn't need one at all and the transgressors should be called "Criminals". Fry each and every single one.
+1 I live in the sticks so with a very poor internet connection, and I work from home...it's managable though. Last week Windows10 update crippled internet all day as it takes priority. Then 2 days later it was updated again. Today more security updates. Been 4 hours now, and I'm at 22%. Deeply frustrating.
It was all those Democrats opening emails, then opening attachments. (Russians didn't hack the Democrats, the stupid Democrats hacked themselves) XP went off support years ago - it's no longer supported by Microsoft, just as it's predecessor OS are no longer supported. Whether illegal or legal, Microsoft stopped issuing patches and security updates for XP several years back. If you want a supported OS that gets regular security patches (and you do), then you shouldn't be running XP, anywhere, period. Microsoft is not obligated to support every OS they've ever released forever. Apple doesn't support older iOS operating systems, etc etc. It's not a Microsoft problem.
Ironic, huh? All this noise. All these Bright Shiny Objects, and the real cause was bored workers clicking on attachments.
yes, there is much of that, but the Russians and North Koreans are pretty darn smart on how to get people to click. in my case 2 years ago I got ransomware after clicking a message I thought was from Adobe to update Flash. I'm not stupid or ignorant about technology, but still got taken. Could I have been more careful or done things different, yes, but it wasn't an obvious mistake.
True, but that was two years ago. Anybody working today get hammered day after day not to click on links, but they still do it.
10 years ago too. I knew not to open attachments or links from emails I didn't know. email wasn't even open, this was browsing and an official Adobe looking pop-up that I needed to update software. That is still common today, so how many people would get taken by that? Even if not everyone they still make money if 1 in 1,000 do.
Personally, this is why I use gmail. It is really good about catching the crap. I have an old domain email I don't use anymore. It probably gets about a half a dozen phishing emails a day. Sometimes, one right after the other.
I believe one step to reduce potential temptation for employees to click on links and suspicious emails is to prevent employees using work emails for personal business. I recently read where one infection occurred when an employee received an email saying that one of her accounts was delinquent. The woman was so incensed (she had perfect credit) that she opened the email and BINGO!, malware entry accomplished. If employers would crack down on the personal business on company machines issue, it might narrow the opportunity for infection thru that avenue.
