Windows 10: Londec Attack

My files have been encrypted by the londrec ransomware attack. any idea on how to decrypt them


*Moved from Windows forums*

:)

 

About Ransomware attack

Here is Microsoft's Customer Guidance on the Ransomware Attack:

• In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the
  security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.

• For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt.
  As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.

• This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers
  should consider blocking legacy protocols on their networks).

For the full article,
Click HERE

 

Ransomware attack on Windows 10 PCs.... question

Here is Microsoft's Customer Guidance on the Ransomware Attack:

• In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the
  security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.

• For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt.
  As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.

• This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers
  should consider blocking legacy protocols on their networks).

For the full article, Click HERE

 

Simulate SYN attack

I apologize in advance if I don't truly understand the question.
When sending a SYN flood attack the point of it to attempt to create as many half open connections on the victim as possible. This leaves each of the half open connections in the SYN-RECVD state temporarily utilizing resources.

However, it appears that you are not sending your SYN flood properly by not spoofing the attackers source IP. When your attacking machine receives the SYN/ACK it will immediately send a reset packet shutting down that socket and negating any flood attempts. However I am not familiar wit the behavior of the Windows Firewall. If you spoof the source address to an unused IP the RST will not get sent and each SYN/ACK being sent by the victim will go into exponential back off dramatically upping the effectiveness of the attack. (please use an IP in private space so the SYN/ACKs aren't reflecting back at something on the internet)

Ok, next up is the fact that you are replaying the same packet with the same 4-tuple and the same initial sequence number. You need each SYN to be unique to be effective. I would strongly suggest you use any Linux distro and the application "hping3". You should be able to get the results you want. Also consider that ping uses ICMP and may not be a good test of server delay since it is considerably different process in how the server responds. May I suggest nmap or even hping3 again for testing the servers TCP response.