Windows 10: Ransomware attacks reported on Windows machines internationally

Annoyingly, Windows Update has stopped working on this laptop. (Although it's still on Windows 10 so I think OK against this particular exploit but perhaps not other SMB attacks.)
I have been manually downloading the main cumulative updates and applying, but it relies on me doing something manually which is never great (and may miss some other issues outside the cumulative updates).

But the upshot is that the 'fully patched' aspect is hit-and-miss at the moment.

I really need to clean install it, but it's one of 2 machines I have with a Broadcom 440x network device, so at present is incompatible with the 1703 Creators Update... I'm waiting/hoping for a fix from Microsoft.

 

yea I think this patch is one to go the extra mile for and manually download it.

 

Hi Guys

Can't blame Wikileaks --that's their PURPOSE although "Law of Unintended Consequencies" applies here -- surely it's the fault of the NSA for their own Security --How did it get to wikileaks.

Pehaps should they rename the agency to NIA - National INsecurity Agency.

Surely somebody in that agency (although my experience is that usually State employees don't usually have the greatest amount of "Forward thinking power") could have realized the results of what would happen if that type of research got out into the wild which it inevitably would sooner or later - and if it did how to contain it.

Even in those places where people are still doing that evil research on biological weapons they ensure there's an antidote before continuing -- I'm not sure though how those people sleep at night working in that type of "Business".

Anyway I only ever run an email client (Outlook) from a Windows VM hosted on a Linux machine - this VM has zero access from Windows to data drives on the Linux box so even if the VM were to get trashed I would just wipe it and start another one.

But again one should always apply SECURITY FIXES whatever else you do and of course be VERY CAREFUL with Emails - I'm still amazed how casual people are with emails - some of them just open ANYTHING.

Cheers
jimbo

 

Right, "Don't shoot messenger" applies here. Or even worse, don't blame somebody for getting raped !!
The initiator of this whole mess (in this case NSA) should be only one to blame.

 

Actually, NSA stands for No Security Allowed; that is, from their perspective they don't want anyone to be secure from their meddling and looking about in other's business. One of these days it may be best to simply go "Brill."

These days I certainly wouldn't want to run an old Windows OS, even if Windows 7 was prettier.

 

With possible unending future Ransomware attacks and the resultant increasing search for patches, surely the time has come to go for the head of the snake.

The strength of Ransomware attacks is based around the Bitcoin, an extremely difficult thing to locate, but Bitcoin without the ability to exchange for legitimate currency is worthless, so cut OFF that ability.

If then the attackers demand legitimate currency, they can be more easily tracked down, especially now that the whole World has woken up to the extreme dangers posed to society by these miscreants.

 

The problem that the NSA and other TLA's have is that the vast majority of Atrocities committed against the American people, in a long number of years, have been perpetrated by American citizens, so they have to concentrate their attention on the threat source

You have to remember what it says in your own oath taken by new citizens and the armed services "... defense of the Constitution against enemies "foreign and domestic" ..."

 

A 'kill switch' is slowing the spread of WannaCry ransomware | PCWorld

 

Comodo Firewall 10 vs WannaCry Ransomware - YouTube

Security Alert: WannaCry Leaves Exploited Computers Vulnerable to Round Two - Heimdal Security Blog

Security Alert: Uiwix Ransomware Is Here and It Can Be Worse Than Wannacry - Heimdal Security Blog

 

But come Monday, things could escalate as a new variant has been detected apparently...

 

It turns out that this stopped me accessing my old NAS drive (at least the way I've been using it) so I've been going round turning SMB1 back on again.

I should perhaps have thought of that and tested it before switching it off in multiple places. *Redface

Oh, and it turns out that when you switch Features like this back on again, it uses Windows Update, so on a laptop where Windows Update is broken, it's not so straightforward to switch on again. Luckily Shawn's tutorial to Reset Windows Update worked, although even then I had a struggle to kill off the service to run the tutorial.

 

Looking here for info on how this exploit actually gets on a PC.
Is it by email, or infected website?
If email, does it deliver the payload on receipt of the email, on previewing, on opening the email, or by opening an attachment?

 

Malwarebytes technical analysis here:

The worm that spreads WanaCrypt0r - Malwarebytes Labs | Malwarebytes Labs

 

Thanks for the link. But the article dives right in to how the exploit works and skips right over the answer to my question, like so many other articles do.

As close as they get is this:
"but the initial component that gets dropped on systems appears to be a worm that contains and runs the ransomware".

So, I'm still curious. How does the exploit get "dropped on a system"?

 

eMail and then spread over SMB network connections- via a recently discovered vulnerability in SMB stack, that has already been corrected in Supported Windows up to 8.1 - Microsoft has also released fixes for the vulnerability for unsupported OS's such at XP Vista and several server systems. Windows 10 has never had the vulnerability

Basically the bottom line is if you are up-to date with your updates for Windows or have applied the patch for XP or Windows Vista you are safe - for now - expect the next worm and it's payload to be more advanced