WHO Poll
Q:



claret on my shirt 6:52 Tue Jun 27
Huge new Ransomware attack is hitting
I wonder if the attackers have taken the kill switch out this time! If so it's going to be messy

Replies - Newest Posts First (Show In Chronological Order)

Brucies_Star_Prize 3:12 Fri Jun 30
Re: Huge new Ransomware attack is hitting

Alan 12:59 Fri Jun 30
Re: Huge new Ransomware attack is hitting

This.

Mart O 3:04 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Thanks Alan, really appreciate it.

Alan 2:58 Fri Jun 30
Re: Huge new Ransomware attack is hitting
All read-only.

Mart O 2:43 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Alan 2:28 Fri Jun 30

Cheers mate. I've already done it manually.

And now for stupid question: the instructions on the link don't say if the perfc.dat and perfc.dll should also be read only, as the perfc file is ?

Alan 2:28 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Mart O 2:04 Fri Jun 30

"What's odd to me is that you can block this thing using the manual instructions in Alan's link (I'm not keen on the download option), "

Mart O, the batch file is tested as safe and will just create the read-only file in the Windows folder for you. You just download it and run it - done.

Gavros 2:06 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Russia is sending another signal with this.

I can't recall them ever being so aggressive, even during the Cold War (I wasn't around during the Cuban missile crisis). I guess they're relying on their moles in the White House to keep a lid on any protest from there.

Interesting story that Rex Tillerson went nuts the other day after Jared Kushner tried to slap down one of his ambassadors nominations. The adults in the Administration and the rest of the GOP are getting irritate with the dumb wanker and his cronies.

Mart O 2:04 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Alan 12:59 Fri Jun 30

Thanks for that, which answers the exact question I'd been asking myself.

What's odd to me is that you can block this thing using the manual instructions in Alan's link (I'm not keen on the download option), by merely creating a read only file in your Windows folder. I'm not disputing Alan's wisdom here and a little research shows this seems to be true but how come it's so simple ?

More to the point, my next question is: for your PC/laptop at home using broadband/wifi with no network, what are the optimal security arrangements ?

I've got half a dozen different pieces of software - Avast; Windows Defender doing periodic scans; Mcafee (I think that might have expired); Ccleaner for tidying all the shit up; Malwarebytes, which I recently downloaded but do not fucking know what it's doing and which keeps telling me about PUPs or somesuch bollocks...?

Is that enough, too much, does it require additional periodic knob wiping, etc ?

Alan 1:55 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Swiss. 1:20 Fri Jun 30

"Mate in the know says there's a file you can put in your windows directory that can prevent this "

Swiss, my link at Alan 12:59 Fri Jun 30 does exactly that.
It shows you how to do it manually or where to download a batchfile that does it for you.

Gavros 1:52 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Dicksie3 will be sweating even more than usual.

Kaiser Zoso 1:51 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Is this making you front line support jockeys work overtime, Swiis?

Swiss. 1:24 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Herts

A mate of mine real IT bod says it bollocks about running your PC not as Admin. Says its worse.

Maybe I misunderstood you.

Swiss. 1:20 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Mate in the know says there's a file you can put in your windows directory that can prevent this

threesixty 1:15 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Get a mac.
Run your windows pc on a virtual machine (parrallels or vmware)
Both mac and the vm have restore points that will allow you to get round whatever crap the virus/malware attack has done.

Never have to worry about this type of shit again.

Alan 12:59 Fri Jun 30
Re: Huge new Ransomware attack is hitting
Protect yourself against it:-

Vaccination instructions

spacer

Hammer and Pickle 12:09 Fri Jun 30
Re: Huge new Ransomware attack is hitting
A lot of strange things happened in Ukraine on the same day, Herts. Head of their special forces was rubbed out in a car bomb etc.

Herts Hammer 12:00 Fri Jun 30
Re: Huge new Ransomware attack is hitting
I work at an IT security company, and have been all over this since it hit.

Here's a few things not mentioned so far in the thread.

1. It's real purpose isn't ransomware. It's a devastating tool who's purpose is to disrupt an organisations ability to do business. The ransomware bit was added to disguise it's true purpose. The creators had no intention of using it to raise money. Even if you had paid, the thing is written in such a way as to prevent your data from ever being recovered.

2. The main target was Ukraine. It escaped across international borders and inside internal company links. It may have been seeded through a MeDoc update, but once active on a corporate network, it spread from PC to PC on it's own.

3. Given it's true purpose, and the main target, it's fair to assume it's actually a Russian cyberweapon.

4. Patching alone wouldn't have protected you against this.

5. Patching, and not running as local admin, however, would have stopped it.

6. Best advice I have for protection against this, and future threats. Patch everything, all the time. Don't run anything as an admin except when absolutely necessary and for the shortest time possible, even the IT "superusers" - No one should run as admin for day to day tasks. Upgrade your security software to your vendor's latest release - we incorporate new technologies in each release that improve our abilities to catch zero day malware. Apply all signature updates from the security vendors as soon as possible. Enable cloud based detection capabilities. Educate users to recognise phishing attempts.

tunwhu 1:26 Fri Jun 30
Re: Huge new Ransomware attack is hitting
By the looks of it, the crux of this virus is to attack the Ukranian accounting systems. That is to say anyone who trades from or to the Ukraine using MeDoc.

Forget trying to 'restore to a previous checkpoint' and all that shite. If you're infected it spends anywhere from 10-60 mins attempting to run remote commands across the network on other PCs using the account details on your machine. Once it's done it reboots and encrypts the file tables. The link to the site which could give you an encryption key was taken down within 90 mins of hitting which suggests this was meant to be destructive and not a get-rich-quick job. There is no-one to retrieve the key from if you're infected and your hard drive is encrypted, by the looks of it.

lowlife 11:31 Thu Jun 29
Re: Huge new Ransomware attack is hitting
If you want to see how the NSA really started fucking shit up with computers, watch the Zero Days documentary. The virus that documentary focusses on, Stuxnet, wasn't even the worst one they were working on at the time.

The whole world is doomed. We'll be back in a pre computer age at some point!

Moore4Less 11:10 Thu Jun 29
Re: Huge new Ransomware attack is hitting
Never, ever pay up if your PC is infected with malware or ransomware. All that will happen if you do is that some things will work but others won't and you'll keep getting other demands for more money which will only ever give you some of your functionality back.

What you should first do is to try and do a system recovery to a time when you know your pc was working OK. If you're not confident about doing this yourself, try and find a mate who is. Or if you can't find anybody, take it to a PC repair shop. Obviously there will be a charge to fix your PC but they'll do it properly and they won't keep coming back for more money!

yngwies Cat 8:27 Wed Jun 28
Re: Huge new Ransomware attack is hitting
Very savy these people. Wonder if we could one of them to fix the Who clock?

Coffee 7:51 Wed Jun 28
Re: Huge new Ransomware attack is hitting
Chigwell, would you like me to WHOmail you the address?

Page 1 - Next




Copyright 2006 WHO.NET | Powered by: