- May 7, 2002
- 10,376
- 762
- 126
It seems that a ton of systems have been compromised by using the SMB exploit that MS patched back in March. (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx)
Every single one of those computers hasn't seen an update of any type in months (years?).
Seriously, what kind of IT Admin allows that to happen?
Since there are so many people that don't install updates, this only seems to prove that MS is correct in wanting to force push updates no matter what.
Though, I wish they would split out the security updates from the other stuff.
And, about this specific malware,
So, it seems even if you pay, you are screwed.
Every single one of those computers hasn't seen an update of any type in months (years?).
Seriously, what kind of IT Admin allows that to happen?
Since there are so many people that don't install updates, this only seems to prove that MS is correct in wanting to force push updates no matter what.
Though, I wish they would split out the security updates from the other stuff.
And, about this specific malware,
https://www.bleepingcomputer.com/news/security/wana-decryptor-wanacrypt0r-technical-nose-dive/There are three hard coded bitcoin addresses in the WanaCrypt0r ransomware. These bitcoin addresses are 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94']13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94, 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw']12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw, and 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn']115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn. Maybe I am missing something, but what I do not understand is if so many people are utilizing the same bitcoin address, how will the ransomware developers be able to differentiate the victims that have paid from those who have not?
For example, people have paid ransom to my assigned bitcoin address, yet the program still states I did not pay.
So, it seems even if you pay, you are screwed.