NSA ransomware.
3/4 targets were in Russia.
It may look that way, if you don't know that the Russian language is being widely spoken as a first and second language and taught in schools in countries like Belarus, Kazakhstan and Ukraine (and taught very well). The former two have Russian as their second official language. So it's not that simple.And it looks like Russians had a hand in its making . "...the ransomware was able to offer "how to pay" documents in dozens of languages, the only language whose writing was perfect was Russian, with the others showing distinct signs that a non-native speaker had written them" according to Kurt Baumgartner, a principal security researcher with Kaspersky Lab in Moscow. https://www.usatoday.com/story/news...attle-unprecedented-global-hacking/101633374/
MS released the patch to fix this worm's exploit of SMB (the way it spreads) back in March.I don't think it is overblown.
I work for a large tech-company. On Friday I heard that a 100 windows-boxes in our Canadian lab were affected. (We run windows-7 everywhere, on corporate-managed laptops, but also in other places (in labs, privately managed desktops, etc)). No idea if there were more in the company, but I wouldn't be surprised if lots more people in my company got hit. (On the other hand, most people have Win7-laptops, which are managed by IT. Which does do regular updates. So maybe all the corporate users were safe). Of course nobody is gonna release a statement to the outside world about this.
There are thousands of new malware attacks per week, yeah, most are spread via e-mail, and people opening them up (which is a serious issue itself, enough so that admins should be scrubbing all the e-mail.)People think it is over. It is not. The variant with the "kill-switch" has been stopped. But there are already variants that do not have a kill-switch.
I think it spreads through firewalls via the old fashioned way (fake emails, etc). But once it is inside a network, all un-patched windows machine are infected in no time. I think consumers at home have a smaller chance of being hit. But for companies it is much more dangerous. If it gets in, it can spread to loads and loads of machines easily.
Only thing I am interested in is (from all the companies infected), A) why weren't these machines patched, B) why the admin didn't block SMB ports, and C) why allow attachments that haven't been screened?People seem interested in which companies are targeted. I don't think anyone is targeted specifically. This is a worm. Worms spread around as far as possible, without looking at who they attack next. That makes them so dangerous on a world scale. If anyone is interested in the history of worms, start reading about the Morris worm. That was almost 40 years ago, but the mechanism is exactly the same as today's worms.
I would still keep an eye out for ransomware attempts on Linux users as the user base gets larger. New users to Linux will be vulnerable to these types of attack until they learn how to protect themselves.I run mostly a Linux environment and Linux is unaffected (even Samba). From sounds of it this enters via an email so I don't open crap like that so at no risk to me. As far as work goes, I work in telecom and not IT. In telecom we don't care what's on the network, we just care that the traffic is flowing.
But reality is, we kinda all are affected because the organizations that got hit more than likely have all our personal info. Ex: Medical records.
It's been about 17 years since computers are fairly mainstream. 2000 was kinda the golden age where lot of stuff started to go digital, the internet came out (as being a mainstream thing in many homes), etc. You'd think people would have learned by now to not open suspicious email attachments.
It's very simple. Not all machines are managed by IT. Every employee gets an IT-managed Win-7 laptop. But those laptops are not good enough for some people to get their job done.If you are saying your machines still got infected, then, smack your IT admin upside the head.
NSA ransomware.
3/4 targets were in Russia.
Other main targets were telephone companies and oil companies.
This could get nasty real quick.
I wish you wouldnt lie in the Hardware forum.
Its not NSA ransomware. They found the exploit. They did not pass around malware.
I would still keep an eye out for ransomware attempts on Linux users as the user base gets larger. New users to Linux will be vulnerable to these types of attack until they learn how to protect themselves.
What are you saying no about?No.
WCry copies a weapons-grade exploit codenamed EternalBlue that the NSA used for years to remotely commandeer computers running Microsoft Windows.
The key difference is that "EternalBlue" exploits machines while WannaCry exploits users. I'm no expert on malware but the two basic components you'll see in every briefing is the vehicle (exploit) and the payload (in this case ransomware). It seems to me that you are confusing the vehicle with the payload. The vehicle could be used for an infinite number of objectives.No.
WCry copies a weapons-grade exploit codenamed EternalBlue that the NSA used for years to remotely commandeer computers running Microsoft Windows.
https://arstechnica.co.uk/security/2017/05/what-is-wanna-decryptor-wcry-ransomware-nsa-eternalblue/
The key difference is that "EternalBlue" exploits machines while WannaCry exploits users. I'm no expert on malware but the two basic components you'll see in every briefing is the vehicle (exploit) and the payload (in this case ransomware). It seems to me that you are confusing the vehicle with the payload. The vehicle could be used for an infinite number of objectives.
It's very simple. Not all machines are managed by IT. Every employee gets an IT-managed Win-7 laptop. But those laptops are not good enough for some people to get their job done.
Some people run their own Windows boxes, installed those themselves and manage those themselves. I have a Centos-7 machine for Desktop purposes and I manage that myself. (I hardly ever use the laptop). Other colleagues have chosen to use Win-7 machines for Desktop. I didn't, and one reason was that I feel that managing your own Windows machine is more work than managing a Linux-box.
Seems to me that the "very simple" solution that most companies implement is that individual users are not allowed to bring their personal computing equipment (apart from phones/tablets) on site, and those mobile devices are not allowed to connect to the corporate network. The situation you described is just BEGGING for problems..
For mobile devices, sure. But for desktops/workstations? I wouldn't let people do that in a SMALL office in most cases, and I wouldn't even consider it in a large corporation. It's just not possible to guarantee that somebody's PC from home won't spread malware or otherwise interfere with the company network unless someone brings the hardware, company IT wipes the drive and reinstalls the OS and all security and management software, and then actively manages it at all times. But that's a headache as well trying to manage potentially thousands of different hardware configurations.BYOD is only growing in popularity. The simple solution to this problem is to disable SMBv1 and tell people not to click links within emails they dont know who it came from.