Windows 10: New global ransomware attack hits East Europe and spreading

I was checking out the Norse tracking map and Microsoft was sending out a lot of attacks to servers in Washington DC. It looks like DC is the main target right now. Norse Attack Map

 

Beware of using the batch file in that link. It creates some other files including perfc.dat which Kaspersky Total Security promptly deleted.

 

Thanks for warning Steve. One can usually trust the guys at Bleeping Computers. Will check it out. Kaspersky could react to changes in Windows dir...

Edit: can't imagine what would trigger Kaspersky, except that it just reacts to creating files in C:\Windows..

There are just 3 files, filled with some text (don't delete this.. is a vaccine ...) named perfc, perfc.dll and perfc.somtething else

 

I'm curious, how are these hackers able to get hold of NSA exploits?
@bro67 Can you tell me what Norse tracking map is?

 

but only if you don't use it to connect to you NAS or whatever of course...

It was patched in march so if you run Windows update you should be OK.

https://www.us-cert.gov/ncas/current...-Vulnerability

 

Not really..

System is patched for original Eternalblue (WannyCry), but not for other exploits.

All major AV and Antimalware companies updated their software, so users are on the safe side by now. Industrial solutions are other story...

 

Ah interesting, I missed that bit. These only work if you are running Admin account (or with Admin rights) though correct?

 

Correct.

 

This was not ransomware....more than likely industrial espionage....why would the perpetrator leave an easily traceable calling address?
This has already been shut down.....so financial gain was not the motive.

 

Does anyone know why that batch file inserts 3 perfc files whereas the manual fix just creates the file perfc (read only)? I've used a manual fix since Kaspersky Antivirus deletes perfc.dat created by the batch file.

I just ran Notepad as Admin, saved the empty file as c:\windows\perfc, then made two further copies of perfc and renamed them perfc.dll and perfc.dat. Finally I set them to be read only. Kaspersky antivirus doesn't object when you do it this way.

 

I have no idea... It was mentioned somewhere, that this vaccine isn't futureproof. Malware makers could easily change its behavior. Perhaps it's something in that direction...

Once more: all major AV and antimalware suites are updated and are blocking it (including Windows defender)

 

Muscle flexing and diversion.....what's the real target?

 

If you look at the link in the batchfile twitter.com/0xAmit/status/879778335286452224 various people are arguing about whether perfc (no extension), perfc.dat or perfc.dll are required. I guess the writer of the file stuck them all in to be on the safe side.

 

Either some curious kid in a back room seeing how clever he is.....or more worryingly a nation seeking superiority by paralysing vital industries, bringing countries to a standstill......most modern warfare is conducted using computerised technology, ie- aeroplanes, ships, missiles, orbiting space satellites etc.....all could be rendered completely ineffective......frightening isn't it.

 

Thanks - I just created the 3 files manually as Post 23.