Global Ransomware Attack Used NSA Hacking Tools "At A Scale Never Seen Before"

Discussion in 'Serious Discussion' started by emk810, May 12, 2017.

  1. emk810

    emk810 MDL Member

    May 12, 2016
    144
    281
    10
    In a shocking revelation, The FT reports that hackers responsible for the wave of cyber attacks that struck organisations across the globe used tools stolen from the US National Security Agency.

    A hacking tool known as “eternal blue”, developed by US spies has been weaponised by the hackers to super-charge an existing form of ransomware known as WannaCry, three senior cyber security analysts said. Their reading of events was confirmed by western security officials who are still scrambling to contain the spread of the attack. The NSA’s eternal blue exploit allows the malware to spread through file-sharing protocols set up across organisations, many of which span the globe.

    As Sam Coates summed up...



    http://www.zerohedge.com/news/2017-05-12/massive-ransomware-attack-goes-global-huge
     
  2. Mobocratic Asylum

    Mobocratic Asylum MDL Member

    Mar 22, 2010
    105
    23
    10
    Way to go, NSA.
     
  3. John Sutherland

    John Sutherland MDL Senior Member

    Oct 15, 2014
    479
    630
    10
    I still remember the famous line from the Sunday comic strip Pogo: "We have met the enemy, and he is us."
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. lostpassword

    lostpassword MDL Member

    Nov 21, 2009
    190
    13
    10
    Has anyone here been caught by this? Touch wood I am OK, but I am not part of a Network. Windows 10 Pro 32 bit on all my PCs, and always keep Defender and system updated, with all updates. I do not use Anti Virus as well. Always have copies of important data on separate unconnected external drives. Am I correct in thinking that an infected machine can be formatted, and the system installed again to become clean?

    Would appreciate if any of the experts would give any advice, or whether they think Windows 10 up to date should be enough.
     
  5. Katzenfreund

    Katzenfreund MDL Expert

    Jul 15, 2016
    1,335
    770
    60
    Unscrupulous people they are! They have negated all that hard work by NSA and are forcing it to develop new methods...
     
  6. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,177
    1,163
    90
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. zen45

    zen45 MDL Senior Member

    Feb 25, 2010
    317
    297
    10
    hackers improve hacking , security engineers improve protection , they seem to need each other to stay in business ! one wonders if they are partners at times ?
     
  8. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,177
    1,163
    90
    LOL.... you'd think so!
    It's been a cat & mouse game ever since the first virus was created, this apply's to all operating systems, because security flaws are always exploited be it M$, Apple or *Nix. Some provide better patches more quickly than others
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Katzenfreund

    Katzenfreund MDL Expert

    Jul 15, 2016
    1,335
    770
    60
    According to my info, those that had applied the updates were protected. Something that should be well noted by those doing everything to avoid updating their systems.
     
  10. ucccafe

    ucccafe MDL Novice

    Feb 23, 2011
    23
    5
    0
    #10 ucccafe, May 13, 2017
    Last edited: May 14, 2017
    I spent more than 30 hours to decrypt the new wannacry with RSA4096,
    they crazy change the password every 10 minutes.
    It is not easy to get the password at 10 minutes.
    Ok, I found they used pre-paid sim card to control their PC.
    On their phone messages, they used
    中文, ру́сский язы́к,日本語, Español, български език, Nederlands...
    but no one used english.

    All I known wannacry file name and size until May 14 2017 10:00 GMT+8
    qeriuwjhrf. 3514368
    mssecsvc.exe 3723264
    cliconfg.exe 20480
    diskpart.exe 3514368
    lhdfrgui.exe 3723264
    b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25. 245760
    b9c5.bin 245760
    2584E1521065E45EC3C17767C065429038FC6291C091097EA8B22C8A502C41DD.dat 3514368
    waitfor.exe 20480
    8dd63adb68ef053e044a5a2f46e0d2cd.virus 237568
    Message. 237568
    ransomware07_no_detection.exe 3514368
    WCry_WannaCry_ransomware.exe 4497408
    taskhcst.exe 237568
    findstr. 323584
    dvdplay. 229376
    Cmd.Exe 241664
    taskhcst.exe1 237568

    infected files
    .der .pfx .key .crt .csr .p12 .pem .odt .ott .sxw .stw .uot .3ds .max .3dm .ods .ots .sxc .stc .dif .slk .wb2 .odp .otp .sxd .std .uop .odg .otg .sxm .mml .lay .lay6 .asc .sqlite3 .sqlitedb .sql .accdb .mdb .db .dbf .odb .frm .myd .myi .ibd .mdf .ldf .sln .suo .cs .c .cpp .pas .h .asm .js .cmd .bat .ps1 .vbs .vb .pl .dip .dch .sch .brd .jsp .php .asp .rb .java .jar .class .sh .mp3 .wav .swf .fla .wmv .mpg .vob .mpeg .asf .avi .mov .mp4 .3gp .mkv .3g2 .flv .wma .mid .m3u .m4u .djvu .svg .ai .psd .nef .tiff .tif .cgm .raw .gif .png .bmp .jpg .jpeg .vcd .iso .backup .zip .rar .7z .gz .tgz .tar .bak .tbk .bz2 .PAQ .ARC .aes .gpg .vmx .vmdk .vdi .sldm .sldx .sti .sxi .602 .hwp .snt .onetoc2 .dwg .pdf .wk1 .wks .123 .rtf .csv .txt .vsdx .vsd .edb .eml .msg .ost .pst .potm .potx .ppam .ppsx .ppsm .pps .pot .pptm .pptx .ppt .xltm .xltx .xlc .xlm .xlt .xlw .xlsb .xlsm .xlsx .xls .dotx .dotm .dot .docm .docb .docx .doc

    HKEY_LOCAL_MACHINE\Software\WanaCrypt0r
    wd=c:\users\(name)\AppData\Local\Temp

    Microsoft "maybe" fixed Windows SMB bug, NOT PERFECT!!
    https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
    [​IMG]
    [​IMG]
     
  11. Oz

    Oz MDL Expert

    Sep 1, 2009
    1,043
    701
    60
    Your info?

    I haven't patched and I have not been infected.

    Microsoft probably asked the NSA to leak it, so they could scaremonger users into updating to a Windows with even more malware and plenty of back doors for everyone.
    Now things have gotten a little out of control and Nutellas layers probably suggested they release the patch they have had sitting on the shelf for years but never released.

    Trick? People are in general idiots and will click on anything that is shiny and/ or promising them something for free.

    Yeah, just like I would organize a convicted thief to come and change my locks in my house.
     
  12. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    12,433
    13,512
    340
  13. taviruni

    taviruni MDL Member

    May 8, 2010
    163
    74
    10
    They are capable of everything to make people install 10 (wich by the way wasn't inmune to this untill new patchs).
     
  14. Katzenfreund

    Katzenfreund MDL Expert

    Jul 15, 2016
    1,335
    770
    60
    I suppose, this brilliant “logic” conclusively proves, to some, that the patch wouldn't have protected all those infected.

    I wouldn't have bothered to reply, except that there are beginners around looking for advice, who may be influenced by such gems coming from a supposed expert.
     
  15. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,177
    1,163
    90
    The March roll up had the patch for Windows 7 too.
    The industries that were affected by this were either using an older o.s. or did not install the updates. Not much in reports of individuals getting hit by this from what I'm reading on the webs, mostly governments, universities and industry with large networks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    3,437
    3,576
    120
    The general rule (and the 'Golden Rule') is to keep up on security updates and to make regular backups of your system.

    If you don't do this, you increase the likelihood of running into these kinds of problems.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. Jari

    Jari MDL Member

    Jan 18, 2013
    220
    50
    10
    Well, this might be just beginning of a such ransomware attacks :( ... it will not be a surprise, if they can find some unpatched vulnerability in a near future.

    A last statistics say that there is over 200.000 computers infected world wide in 24-48 hours, just by WannaCry. There is already firsts signs of WannaCry 2.0.

    http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html
     
  18. Katzenfreund

    Katzenfreund MDL Expert

    Jul 15, 2016
    1,335
    770
    60
    I think, or hope, that they've gone too far this time. They've attacked far too many computers and organizations for their own good. With so many countries and people now trying to find them, I wonder how long they can remain hidden.
     
  19. TairikuOkami

    TairikuOkami MDL Addicted

    Mar 15, 2014
    539
    342
    30
    I have decided to test it and it did not do anything. I ran it (not as admin) and I have only got a black wallpaper and an empty cry message.
    I guess, that everything, that MDL has taught me about tweaking, has finally paid off. Like disabling WSH and getting rid of powershell. :cool:
     

    Attached Files:

  20. ThomasMann

    ThomasMann MDL Addicted

    Dec 31, 2015
    760
    114
    30
    It is not that they would scruples doing that, but believing that would mean vastly overestimating the intelligence of the people involved. Lets look at the facts...

    A government organization in a Democracy has developed a tool to spy ILLEGALLY on its citizens.

    One or more less criminal employees of this organization have informed the public, that there is a massive security risk in all Windows systems.

    Windows has then produced an update and published it TWO MONTHS AGO.

    All the companies and government organizations have failed to update their computers within TWO MONTHS!

    All these companies have an army of well paid specialists, who failed to do what they are being paid for and now have the nerve to come up with excuses that tell us all we never wanted to know about these people.

    Unlike what once again the united media tells us, the truth seems to be that the hackers did the whole world a favor.