You are viewing our Forum Archives. To view or take place in current topics click here.
Ransomware "WCry" targets Windows. Vista through 10 affected
Posted:

Ransomware "WCry" targets Windows. Vista through 10 affectedPosted:

Saki
  • Retired Staff
Status: Offline
Joined: Apr 09, 201113Year Member
Posts: 4,994
Reputation Power: 14230
Motto: Wow crazy USA hamburger yes
Motto: Wow crazy USA hamburger yes
Status: Offline
Joined: Apr 09, 201113Year Member
Posts: 4,994
Reputation Power: 14230
Motto: Wow crazy USA hamburger yes
TheAppleFreak wrote This ransomware looks like it's a nasty piece of work; large areas of Europe have been impacted by the issue. The malware exploits the same SMB bug that was used in the leaked NSA tool EternalBlue, which was patched in March 2017 as per [ Register or Signin to view external links. ] . Patching your machines for MS17-010 will do quite a lot to stop the spread of this malware.

For people using the following versions of Windows, make sure you have the following patches installed on your machine:

Windows Vista and Windows Server 2008 - [ Register or Signin to view external links. ]
Windows 7 and Windows Server 2008 R2 - [ Register or Signin to view external links. ] (standalone) OR [ Register or Signin to view external links. ] (update rollup)
Windows Server 2012 - [ Register or Signin to view external links. ] (standalone) OR [ Register or Signin to view external links. ] (update rollup)
Windows 8.1 and Windows Server 2012 R2 - [ Register or Signin to view external links. ] (standalone) OR [ Register or Signin to view external links. ] (update rollup)
Windows 10 (you can check your installed version and build by pressing Win-R and running winver)

  • Pre-version 1511 - [ Register or Signin to view external links. ]
  • Version 1511 - [ Register or Signin to view external links. ]
  • Version 1607 and Windows Server 2016 x64 - [ Register or Signin to view external links. ] (OS build 14393.953). NOTE: If you have any of the following patches installed, you're good: KB4015438 (14393.969), KB4016635 (14393.970), KB4015217 (14393.1083), and KB4019472 (14393.1198). All of these replace KB4013429.
  • [ Register or Signin to view external links. ]


To check if you have the update installed, check the hotfix ID for your OS, then in a command prompt run the command wmic qfe get hotfixid | find "$hotfixid", where $hotfixid is the ID of the update (also the quotes are important!). Make sure that the KB is capitalized, otherwise the search will fail. If it is installed, it will return the hotfix ID. If it isn't installed, it will not return anything.
If you download an update and it's a CAB file, you can install it by running the following command: start /w dism.exe /Online /Add-Package /PackagePath:C:\Path\To\Downloaded\Update.cab. Restart when prompted.
Stay safe, everyone.

[ Register or Signin to view external links. ]


What is Ransomware and why you should care:


What is it?

The ransomware locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them.

The ransomware, called "WannaCry," is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that haven't updated their systems are at risk. The exploit was leaked last month as part of a trove of NSA spy tools.

"Affected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."

[ Register or Signin to view external links. ]


As of today 5/12/2017 (May 12th, 2017) "WCry" has affected 99 countries including the United States, United Kingdom, Russia, China, Italy, Spain and Taiwan. A total of over 75,000 cases of this Ransomware have already been reported. It's highly recommended that you take the steps outlined above to ensure you're properly up to date and in turn, protected from this attack.


Last edited by Saki ; edited 1 time in total

The following 6 users thanked Saki for this useful post:

hoot (03-05-2018), Exadious (06-08-2017), Dusknoir (05-15-2017), Luke (05-13-2017), Loke (05-12-2017), Brigand (05-12-2017)
#2. Posted:
ZZ9_x_iHaXoRZz
  • Rated Awesome
Status: Offline
Joined: Mar 11, 201113Year Member
Posts: 4,436
Reputation Power: 8964
Status: Offline
Joined: Mar 11, 201113Year Member
Posts: 4,436
Reputation Power: 8964
On windows 10 I search for "winver" and when it pops up I press Okay and it just closes, is that normal ?.
#3. Posted:
Chat
  • Winter 2018
Status: Offline
Joined: Jan 10, 201212Year Member
Posts: 7,913
Reputation Power: 7437
Status: Offline
Joined: Jan 10, 201212Year Member
Posts: 7,913
Reputation Power: 7437
ZZ9_x_iHaXoRZz wrote On windows 10 I search for "winver" and when it pops up I press Okay and it just closes, is that normal ?.


It should pop up a box that has your system info, shouldn't close unless you close it.

now as for my issue: I search for the hotfix it says not found, if I check winver it's there, if I check my recent updates its there, normal?
#4. Posted:
Tinder
  • Winter 2017
Status: Offline
Joined: Nov 02, 201410Year Member
Posts: 907
Reputation Power: 6384
Status: Offline
Joined: Nov 02, 201410Year Member
Posts: 907
Reputation Power: 6384
ZZ9_x_iHaXoRZz wrote On windows 10 I search for "winver" and when it pops up I press Okay and it just closes, is that normal ?.


No sir, You have been breached, blow up your PC ASAP
#5. Posted:
Gary
  • Spooky Poster
Status: Offline
Joined: Mar 09, 201212Year Member
Posts: 5,781
Reputation Power: 5268
Motto: Consume Tacobell. Play RuneScape.
Motto: Consume Tacobell. Play RuneScape.
Status: Offline
Joined: Mar 09, 201212Year Member
Posts: 5,781
Reputation Power: 5268
Motto: Consume Tacobell. Play RuneScape.
Obligatory

Install Linux
#6. Posted:
HollyLumina
  • New Member
Status: Offline
Joined: May 13, 20177Year Member
Posts: 6
Reputation Power: 1
Status: Offline
Joined: May 13, 20177Year Member
Posts: 6
Reputation Power: 1
These kinds of malware are the reason large organisations need to start putting money into upgrading hardware and software. Windows XP isn't even supported by any major browser and running it in a non-virtualised environment is just asking for trouble.

I have Windows 10 fully-updated and macOS Sierra (and will dual-boot Linux Mint on the MacBook soon), so it's not going to affect me ^^
#7. Posted:
Hux
  • TTG Senior
Status: Offline
Joined: Jan 16, 201410Year Member
Posts: 1,629
Reputation Power: 90
Status: Offline
Joined: Jan 16, 201410Year Member
Posts: 1,629
Reputation Power: 90
ZZ9_x_iHaXoRZz wrote On windows 10 I search for "winver" and when it pops up I press Okay and it just closes, is that normal ?.
Your username is Haxorz I would have thought you'd know.
#8. Posted:
Gnarcotic
  • Christmas!
Status: Offline
Joined: Mar 11, 20159Year Member
Posts: 1,195
Reputation Power: 67
Status: Offline
Joined: Mar 11, 20159Year Member
Posts: 1,195
Reputation Power: 67
A local company down the road from my workplace got hit with ransomware and I had to go down and check it out.

Their whole system was compromised by some ransomware that was based on the Crysis virus. The worst part about it was that the machine affect was their main server.
#9. Posted:
Adam
  • Retired Staff
Status: Offline
Joined: Dec 10, 201113Year Member
Posts: 6,079
Reputation Power: 30932
Motto: :Salt:
Motto: :Salt:
Status: Offline
Joined: Dec 10, 201113Year Member
Posts: 6,079
Reputation Power: 30932
Motto: :Salt:
HollyLumina wrote These kinds of malware are the reason large organisations need to start putting money into upgrading hardware and software. Windows XP isn't even supported by any major browser and running it in a non-virtualised environment is just asking for trouble.

I have Windows 10 fully-updated and macOS Sierra (and will dual-boot Linux Mint on the MacBook soon), so it's not going to affect me ^^


Windows XP isn't even supported by Microsoft any more.

We had the pleasure of being hit by Ransomware a couple of years back. It's a nasty piece of work. Took us 4 days to clear up the mess that it made. Luckily, we had backups so only that initial days work was lost.

I do feel for the IT Staff around the globe at this time. Least it get's people to update their windows patches ;)
#10. Posted:
AD4M
  • Spooky Poster
Status: Offline
Joined: May 09, 201113Year Member
Posts: 2,136
Reputation Power: 146
Status: Offline
Joined: May 09, 201113Year Member
Posts: 2,136
Reputation Power: 146
When the media says the 'NHS has been hacked!!!'

No it hasn't, a network was compromised by an uneducated adult who clicks on malicious links.

Theres a difference
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.