Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.
posted by n1 on Monday May 15 2017, @12:43AM   Printer-friendly
from the mouse-and-cat dept.

[Update at 20170515_022452 UTC: Instructions for what to do on each affected version of Windows can be found at: https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-hit-by-wannacrywannacrypt/ -- I've had excellent luck in the past following his advice on when and how to update Windows. Clear, hands-on instructions are a big win in my book. --martyb]

Previously: "Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS.

tl;dr: If you have not already patched your Windows computer(s), you may be at risk from a new variant of the WannaCrypt ransomware worm which lacks a kill switch and was seen over the weekend. Sysadmins are preparing for a busy Monday when countless other users return to work and boot up their PC.

WannaCrypt (aka WCry), is a ransomware worm that wreaked havoc across the internet this past weekend. It disabled Windows computers at hospitals, telecoms, FedEx, and banks (among many others). Files on user's machines were encrypted and the worm demanded $300 or $600 worth of Bitcoin to decrypt (depending on how quickly you responded). Reports first surfaced Friday night and were stopped only because a researcher discovered a domain name in the code, which when registered, caused the malware to stop infecting new machines.

We're not out of the woods on this one. Not surprisingly, a variant has been seen in the wild over the weekend which has removed the domain check. Just because you may not have been hit in the initial wave of attacks does not necessarily mean you are immune.

Back in March, Microsoft released updates to Windows to patch vaguely-described vulnerabilities. Approximately one month later, a dump of purported NSA (National Security Agency) hacking tools were posted to the web. The WannaCrypt ransomware appears to be based on one of those tools. Surprisingly, the Microsoft patches blocked the vulnerability that was employed by WannaCrypt.

In a surprising move, Microsoft has just released emergency patches for out-of-mainstream-support versions of Windows (XP, 8, and Server 2003) to address this vulnerability.

Sources: Our previous coverage linked above as well as reports from the BBC Ransomware cyber-attack threat escalating - Europol, Motherboard Round Two: WannaCrypt Ransomware That Struck the Globe Is Back, and Ars Technica WCry is so mean Microsoft issues patch for 3 unsupported Windows versions.

What actions, if any, have you taken to protect your Windows machine(s) from this threat? How up-to-date are your backups? Have you tested them? If you are a sysadmin, how concerned are you about what you will be facing at work on Monday?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: -1, Troll) by Anonymous Coward on Monday May 15 2017, @02:12AM (12 children)

    by Anonymous Coward on Monday May 15 2017, @02:12AM (#509694)

    I also run Linux at home.

    "I run Linux!" Such a cliche. Keep beating that dead horse.

    Starting Score:    0  points
    Moderation   -1  
       Troll=1, Total=1
    Extra 'Troll' Modifier   0  

    Total Score:   -1  
  • (Score: 3, Funny) by aristarchus on Monday May 15 2017, @02:22AM (11 children)

    by aristarchus (2645) on Monday May 15 2017, @02:22AM (#509702) Journal

    I run Linux, too. And you know, since this attack is taking advantage of vulnerabilities in Windows, I am not all that worried! Do you have a problem with that, Micro-softie AC? You know you are destroying the internets for all the rest of us, by even existing? Come to the free software side! It is your destiny, AC! And, we have Freedom (and the ability to block cookies, and updates, and malware, and ransomware, and web-ads, and extortion, and much, much more;(!) Horse alive, and kicking, bro!

    • (Score: 2) by kaszz on Monday May 15 2017, @02:42AM

      by kaszz (4211) on Monday May 15 2017, @02:42AM (#509710) Journal

      Ohh, you evil non-conformist for not being ass-raped by ransomware, virus, broken patches, worms etc just like the rest of us zombies! :-)

    • (Score: 0) by Anonymous Coward on Monday May 15 2017, @02:43AM (5 children)

      by Anonymous Coward on Monday May 15 2017, @02:43AM (#509711)

      Unclosed parentheses POST IS VULNERABLE.

    • (Score: 2) by HiThere on Monday May 15 2017, @03:38PM

      by HiThere (866) Subscriber Badge on Monday May 15 2017, @03:38PM (#510062) Journal

      *THIS* attack is focused on MSWind. Even so it doesn't attack most home systems. There have been attacks focused on Linux. There have certainly been attacks focused on Android. There have even been attacks focused on BSD...though they weren't usually very successful.

      The problem with attacks focused on MSWind is that there are lots of embedded systems that will never be updated. The Linux equivalent is routers using Linux that will never be updated, but the MSWind embedded systems tend to be things like airport display terminals, but also include hospital XRay machines, etc. Some of them cannot legally be either updated or patched.

      MS is certainly guilty of careless software maintenance with little care for security, but this isn't the only thing that enables attacks. Heartbeat attacks penetrated a large number of Linux systems, and that it wasn't explicitly a Linux system vulnerability was little enough consolation.

      --
      Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    • (Score: 2) by edIII on Tuesday May 16 2017, @02:18AM (2 children)

      by edIII (791) on Tuesday May 16 2017, @02:18AM (#510353)

      You can interpret that differently. We really should stop beating that dead horse.

      Linux is not an instant cure. Most of the protection is just because the most popular attack surface is in M$ Land. You really think that will last?

      There have been some revelations lately that throw the whole peer reviewed code model out the window, and that was, that nobody was really reviewing the code. I still agree with the principles, but the actual performance of the code review that has happened thus far could be termed "piss poor". SystemD only makes this worse because we haven't actually established security or a good foundation, before laying out huge amounts of new work for review.

      We need good and open hardware without blobs and binaries first, and then we need to establish a base system for reference that specifically has passed peer review and a large amount of testing. Yeah, that ain't happening with SystemD's bloated ass laying on top of it.

      Otherwise, as Microsoft dies, watch Linux have all it's faults shown. Although, Linux will be able to react much better and faster to it. No telemetry in the updates means you can trust them, even after passing the appropriate hash and verification checks.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
      • (Score: 3, Insightful) by aristarchus on Tuesday May 16 2017, @02:39AM (1 child)

        by aristarchus (2645) on Tuesday May 16 2017, @02:39AM (#510358) Journal

        Linux is not an instant cure. Most of the protection is just because the most popular attack surface is in M$ Land. You really think that will last?

        Yes? Now, why do I think that? Should I stay on my high horse? Unix is a networked operating system, by design, from the beginning. That means security. Not perfect security, no one is saying that, but much better than a toy operating system that had networking capability cobbled onto it with disastrous results.

          As for the "attack surface" argument, I want to point out that I have a charm in my pocket that wards off tiger attacks. Works like a charm! Why? Because it is one! What would happen if I were to go out, and forgot to bring my anti-tiger attack charm with me? Well, obviously I would be attacked by a tiger! Of course, there are no tigers where I live, or even anywhere even remotely nearby, but it is the charm that does the trick!

          Do I need to make the analogy transparent, without going automotive? Going out without my charm is the equivalent of Linux becoming the dominant operating system, being attacked by a tiger is equivalent to something like WannaCry doing as much damage as it has done by means of Windows. So once again, the horse is not dead, because there is no tiger! (Well, there is one in the zoo, but usually he does not escape, and if he does, you just throw a Windows user in the tiger's path before he gets to you. But again, low odds. Linux is structurally superior to Windows.)

        • (Score: 2) by edIII on Tuesday May 16 2017, @02:57AM

          by edIII (791) on Tuesday May 16 2017, @02:57AM (#510368)

          Linux is structurally superior to Windows

          The Death Star was structurally superior to a Star Destroyer, and even the Millenium Falcon (it really was a hunk of junk), but those pesky Bothans still found a fatal flaw :)

          Don't be too proud of that technological terror you've constructed aristarchus :)

          --
          Technically, lunchtime is at any moment. It's just a wave function.