Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Monday May 15 2017, @12:43AM   Printer-friendly
from the mouse-and-cat dept.

[Update at 20170515_022452 UTC: Instructions for what to do on each affected version of Windows can be found at: https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-hit-by-wannacrywannacrypt/ -- I've had excellent luck in the past following his advice on when and how to update Windows. Clear, hands-on instructions are a big win in my book. --martyb]

Previously: "Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS.

tl;dr: If you have not already patched your Windows computer(s), you may be at risk from a new variant of the WannaCrypt ransomware worm which lacks a kill switch and was seen over the weekend. Sysadmins are preparing for a busy Monday when countless other users return to work and boot up their PC.

WannaCrypt (aka WCry), is a ransomware worm that wreaked havoc across the internet this past weekend. It disabled Windows computers at hospitals, telecoms, FedEx, and banks (among many others). Files on user's machines were encrypted and the worm demanded $300 or $600 worth of Bitcoin to decrypt (depending on how quickly you responded). Reports first surfaced Friday night and were stopped only because a researcher discovered a domain name in the code, which when registered, caused the malware to stop infecting new machines.

We're not out of the woods on this one. Not surprisingly, a variant has been seen in the wild over the weekend which has removed the domain check. Just because you may not have been hit in the initial wave of attacks does not necessarily mean you are immune.

Back in March, Microsoft released updates to Windows to patch vaguely-described vulnerabilities. Approximately one month later, a dump of purported NSA (National Security Agency) hacking tools were posted to the web. The WannaCrypt ransomware appears to be based on one of those tools. Surprisingly, the Microsoft patches blocked the vulnerability that was employed by WannaCrypt.

In a surprising move, Microsoft has just released emergency patches for out-of-mainstream-support versions of Windows (XP, 8, and Server 2003) to address this vulnerability.

Sources: Our previous coverage linked above as well as reports from the BBC Ransomware cyber-attack threat escalating - Europol, Motherboard Round Two: WannaCrypt Ransomware That Struck the Globe Is Back, and Ars Technica WCry is so mean Microsoft issues patch for 3 unsupported Windows versions.

What actions, if any, have you taken to protect your Windows machine(s) from this threat? How up-to-date are your backups? Have you tested them? If you are a sysadmin, how concerned are you about what you will be facing at work on Monday?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Appalbarry on Monday May 15 2017, @01:51AM (3 children)

    by Appalbarry (66) on Monday May 15 2017, @01:51AM (#509678) Journal

    I tend to assume that, even with updates auto-installing, the one Windows 10 machine in the house is vulnerable. I opt for regular backups, with yesterday being the most recent.

    Expect the worst, and act accordingly.

    (I blithely, and no doubt eventually foolishly, continue to assume that my Linux boxes will not have problems like this.)
    (And assume that my Android phone is total loss security-wise)

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by HiThere on Monday May 15 2017, @03:29PM (2 children)

    by HiThere (866) Subscriber Badge on Monday May 15 2017, @03:29PM (#510058) Journal

    How long do you keep your backups? You won't necessarily notice files being encrypted until you try to use them.

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    • (Score: 2) by Appalbarry on Tuesday May 16 2017, @01:12AM

      by Appalbarry (66) on Tuesday May 16 2017, @01:12AM (#510321) Journal

      That had actually occurred to me. I did check the backup and they are still readable.

    • (Score: 3, Interesting) by edIII on Tuesday May 16 2017, @02:25AM

      by edIII (791) on Tuesday May 16 2017, @02:25AM (#510354)

      Good catch. Best way to defeat this is having weekly copies made.

      Some zero knowledge backup companies out there offer version control and can give you a different copy for each day going back as much as you want to pay for. I would imagine something like this wouldn't stay hidden for more than 3 weeks.

      --
      Technically, lunchtime is at any moment. It's just a wave function.