[Update at 20170515_022452 UTC: Instructions for what to do on each affected version of Windows can be found at: https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-hit-by-wannacrywannacrypt/ -- I've had excellent luck in the past following his advice on when and how to update Windows. Clear, hands-on instructions are a big win in my book. --martyb]
Previously: "Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS.
tl;dr: If you have not already patched your Windows computer(s), you may be at risk from a new variant of the WannaCrypt ransomware worm which lacks a kill switch and was seen over the weekend. Sysadmins are preparing for a busy Monday when countless other users return to work and boot up their PC.
WannaCrypt (aka WCry), is a ransomware worm that wreaked havoc across the internet this past weekend. It disabled Windows computers at hospitals, telecoms, FedEx, and banks (among many others). Files on user's machines were encrypted and the worm demanded $300 or $600 worth of Bitcoin to decrypt (depending on how quickly you responded). Reports first surfaced Friday night and were stopped only because a researcher discovered a domain name in the code, which when registered, caused the malware to stop infecting new machines.
We're not out of the woods on this one. Not surprisingly, a variant has been seen in the wild over the weekend which has removed the domain check. Just because you may not have been hit in the initial wave of attacks does not necessarily mean you are immune.
Back in March, Microsoft released updates to Windows to patch vaguely-described vulnerabilities. Approximately one month later, a dump of purported NSA (National Security Agency) hacking tools were posted to the web. The WannaCrypt ransomware appears to be based on one of those tools. Surprisingly, the Microsoft patches blocked the vulnerability that was employed by WannaCrypt.
In a surprising move, Microsoft has just released emergency patches for out-of-mainstream-support versions of Windows (XP, 8, and Server 2003) to address this vulnerability.
Sources: Our previous coverage linked above as well as reports from the BBC Ransomware cyber-attack threat escalating - Europol, Motherboard Round Two: WannaCrypt Ransomware That Struck the Globe Is Back, and Ars Technica WCry is so mean Microsoft issues patch for 3 unsupported Windows versions.
What actions, if any, have you taken to protect your Windows machine(s) from this threat? How up-to-date are your backups? Have you tested them? If you are a sysadmin, how concerned are you about what you will be facing at work on Monday?
(Score: 2) by MichaelDavidCrawford on Monday May 15 2017, @12:55AM (11 children)
this is a common problem: when I tell windows update to do its thing, it says "Checking for Updates" then never finishes checking.
I've tried several of the reported workarounds.
I figure I'll have to reinstall windows anyway, so I'll just wait until some manner of ransomware 0wnz0r5 me.
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Informative) by butthurt on Monday May 15 2017, @01:18AM (5 children)
Back in the days of Windows XP, it used to be possible to run Microsoft Baseline Security Analyzer, get from that a list of missing patches, then download and install them (most came in the form of self-installing executables) without running Windows Update.
In November 2013 MBSA 2.3 was released. This release adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 2000 will no longer be supported [...]
-- https://en.wikipedia.org/wiki/Microsoft_Baseline_Security_Analyzer [wikipedia.org]
Did you try WSUS Offline Update?
Using WSUS Offline Update, you can update any computer running Microsoft Windows safely, quickly and without an Internet connection.
-- http://www.wsusoffline.net/ [wsusoffline.net]
(Score: 2) by acharax on Monday May 15 2017, @04:44AM (4 children)
I second WSUS Offline. It might be a bit clunky but it works.
(Score: 1) by butthurt on Monday May 15 2017, @06:15AM
Thanks for weighing in. I don't have any actual experience with that myself.
(Score: 2) by TheB on Monday May 15 2017, @11:50AM (2 children)
After a failed update corrupted parts of my win 7 install, it was WSUS Offline that finally saved it.
If anyone is having troubles with Windows Update they should definitely give WSUS Offline a try.
Windows Update works again after WSUS fixed the system.
(Score: 2) by kaszz on Monday May 15 2017, @10:12PM (1 child)
How did you get the files and bootmedia for WSUS if the system was corrupted?
(Score: 2) by TheB on Tuesday May 16 2017, @08:23PM
The OS still ran.
Windows Update had crashed the system during an update, leaving corrupted files in the WU cash, missing files in "C:\Windows\Servicing\", garbled DISM log, and left bugs in the registry.
The system was otherwise stable.
(Score: 0) by Anonymous Coward on Monday May 15 2017, @01:36AM
It's probably because there are so many updates that have been installed. I had the same problem for the first one of these stupid monthly security updates. I had to use WSUS offline update to install enough of the patches that the official installer would work.
(Score: 2) by physicsmajor on Monday May 15 2017, @02:08AM
There are standalone installers for this patch. You only need the Windows Update service running, and only while the patch is being installed - you can disable it afterward, before restarting.
(Score: 1) by toddestan on Monday May 15 2017, @03:13AM (1 child)
If you've got Windows 7, reinstalling won't help you. You'll be OK to SP1, and then it'll be an endless update check after that.
It's not actually endless though, it will generally finish after a day or two if you just let it sit and keep running.
(Score: 2) by tynin on Monday May 15 2017, @03:58PM
I've found the process to be very RAM intensive as it catalogs and checks what version of everything you are running so it can give you the correct patch list. The more RAM you have, the faster it'll finish, otherwise the list it creates has to keep spilling to disk, then read back in later, etc etc. After nearly a week, I was able to get an older computer with 2GB of RAM to finish patching, but I'll never go through that again. The computer was my Grandma's and I've successfully got her running on a Raspi 3b running Raspian with MATE, with a nice 27" monitor running in 720p so the fonts are nice and big for her. She has been using it for nearly a year and is quite happy with it.
(Score: 0) by Anonymous Coward on Monday May 15 2017, @03:48AM
http://download.wsusoffline.net/ [wsusoffline.net]
Waiting for Windows Update to function is a waste of time.