Windows 10: Hacking tools were stolen from NSA - Almost all Windows affected

And so the fun begins......

An NSA-derived ransomware worm is shutting down computers worldwide | Ars Technica

https://www.nytimes.com/2017/05/12/w...tack.html?_r=1

WanaCrypt0r ransomware hits it big just before the weekend - Malwarebytes Labs | Malwarebytes Labs

Hospitals across the UK hit by ransomware cyber attack, systems knocked offline | ZDNet

Ransomware infections reported worldwide - BBC News

Dozens of countries hit by huge cyberextortion attack

 

Thanks for update @simrick. Was just preparing to do it myself, but news are popping out like mad...

 

np Andre. As we suspected, this is big - hitting telecommunications, hospitals.....next will be power grids and water supplies.

 

Guys, what are the precautionary steps to prevent this from happening? Is there any kind of solution available if someone gets infected. Just asking out curiosity.

 

Precautions are...
- backup your system and data. this is quick, cheap and automated (Macrium reflect is free for home use)
- save your backups off line
- update your system (vulnerability is patched by April updates),
- if you are behind router, direct attack is less probable - it is local network attack...
- don't click on any attachments in mail
- disable remote access on your computer

There is a lot of security guides out there

For now there are no solutions yet (if your files get encrypted and you don't have backup)

 

Thanks a ton! Will definitely spread the word.

 

Firing up now to do another backup. Hope this is a short lived event, but doubt it.

 

I don't think its short lived with the range it has spread to. A normal user in Pakistan atleast is not safe because they rarely make backups over here.

 

MS have issued patches for these vulnerabilities (well, most of them, not all of them), and the first step is make sure your system has all available Windows Updates installed.

Microsoft says users are protected from alleged NSA malware

The next thing is to make proper backups, as Andre suggests. A lot of us here use Macrium Reflect Free to make images (or snapshots) of the hard drive. That way, if you do become infected, you can re-image the drive using one of the previous Macrium images before the infection and be back up and running quickly and painlessly.

 

I doubt it as well. And the fact that many hospitals/government agencies/utility companies/financial institutions are NOT patched, will make things difficult for a lot of us.

 

The thing is I am just going to set up my new laptop at home, a dell machine. It is not updated probably. So I am not sure what to follow. I bought it from Canada and just received it today in Pakistan. So, I am worried related to it.

 

You'll have it behind a router, yes? So that will help.
Just take it online and run the Windows Update until it's completely updated. Don't go surfing the web until that's finished. Decide on your anti-virus and anti-malware, and get that next. Then, install a safe browser, (like Firefox), and add HTTPS Everywhere, No-Script Lite, and (another extension that will remain unnamed due to forum policy) extensions. Don't install Flash or Java. Then, make your images using Macrium Reflect Free (or another similar program). Keep the external drive with the images disconnected from the system until you need to make a backup - you don't want your images being encrypted if you get hit with ransomware. *Wink

 

Sure. Will do that. Any recommendations fot anti malware? I use Avast free as antivirus.

 

"Kill switch slowly stops the spread of deadly ransomware Michael Kan (ARN) 13 May, 2017 13:58"




A security researcher who goes by the name MalwareTech found that he could activate the kill switch by registering the web domain and posting a page on it.

MalwareTech's original intention was to track the ransomware's spread through the domain it was contacting. “It came to light that a side effect of us registering the domain stopped the spread of the infection,” he said in an email.

Security firm Malwarebytes and Cisco’s Talos security group reported the same findings and said new ransomware infections appear to have slowed since the kill switch was activated.

However, Malwarebytes researcher Jerome Segura said it’s too early to tell whether the kill switch will stop the Wana Decryptor attack for good.


Kill switch slowly stops the spread of deadly ransomware - ARN

 

I just got this is a newsletter:

A massive ransomware attack spread across the globe today, locking up thousands of hospital, telecommunications, and utilities systems in nearly 100 countries. The attack used data stolen from the NSA to exploit vulnerabilities in Microsoft Windows and deliver the WanaCrypt0r ransomware. The demand was for $300 per PC.
While the ransomware was first detected wreaking havoc in emergency rooms and doctors' offices in the UK, the infection quickly spread worldwide, including to the US.
We're alerting you to reassure you that if you're currently using the premium version (or the premium trial) of Malwarebytes with real-time protection turned on, you are protected from this threat. Our premium technology blocks the WanaCrypt0r ransomware before it can encrypt your files. (The free version of Malwarebytes, however, does not protect you against WanaCrypt0r. To see which version you have, open up your Malwarebytes software and look for the version name at the top of the window.) Learn more about Malwarebytes