Windows 10: Ransomware attacks reported on Windows machines internationally

I think that the gaps in information given are to stop the casually curious from making themselves victims.

Apparently email is the vector.

You can download the thing from certain websites, and get yourself infected.

But I am not going to give out that information either!

 

So, when people ask, do I tell them:
Don't check you Email!
Don't preview your Email! Right click and delete everything!
Don't open ANY email!
Or just the tired old mantra: "Don't open any attachments unless you know what they are".

 

Don't tell them, point them here:

Microsoft Update Catalog)





then get them to download and run the relevant patch for their system before any emails are looked at.

If you are patched for this SMB exploit, then expect that any copycat SMB-based exploits are likely to fail until a new vulnerability is exploited - the patch itself may have vulnerabilities!

 

I would tell them to make sure they have patched their system and not use it until they do. but then again I was a system administrator for many years *Wink

 

Well, appreciated gentleman.
I understand that we can not talk about how to build a nuclear bomb in this public forum.
I'll find it.

 

I think Vista was still in support at the time the fix was released (in March), so Vista users should have been able to get the patch already and would already have it if Windows Update was switched on and working. I don't think Microsoft issued an additional patch for Vista at the weekend.

I'm confused by the status of Windows 10, as my reading of the Technet article on MS17-010 was that Windows 10 was affected. But I also read something saying Windows 10 was immune.

I did wonder if this particular WannaCrypt code didn't work on Windows 10, but another malware variety could use the same vulnerability to attack unpatched Windows 10 systems? Can anyone clarify this?

 

David, I see what you mean, confusing it is, only thing I notice is that it only goes up to 1607 so that may mean that the patch was baked into the CU on release which was where the confusion could have started *Confused

 

All these suppositions suggesting new variants are about to be released is pure conjecture.

You can bet your bottom dollar that with virtually every law enforcement agency in the World on the hunt for the ransomware attackers, they will be keeping a very low profile, in all probability wearing brown trousers.

 

It's good thing so much publicity is given to this but there were other scares in the past.

 

@DavidY

Hi there
On the SAMBA config on your NAS box set it to SMB2 or 3 - then that should allow you to remove SMB1 from Windows.

Do it in the GLOBAL section --file is called smb.conf and usually exists in folder /etc/samba
..........................
[global]
max protocol = SMB3
# can set it to SMB2 if you want experimental SMB2 support.
#
workgroup = WORKGROUP
server string = Samba Server Version %v

; max protocol = SMB2

log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
name resolve order = bcast host lmhosts wins


.....................................................

You need to restart the smb and nmb (or depending on your system - might be called smbd and nmbd) services - or probably better re-boot the NAS server.

Check with (as root or sudo user) that the config file is OK with TESTPARM.

Another idea is to password protect the access -- use (again as root) smbpasswd -a user (user = username you wish to use).
you'll get prompted for a password on the console --just enter it.

You might on a remote TV / Firestick if you need to access files on the server have to enter a password to re-connect again. I'm though using KODI on an amazon firestick for accessing multi-media -- it also required a 1 time password entry after I'd made the changes.

Test on 1 Windows client box (or a laptop) first before changing a whole slew of computers -- It's AGES since I was messing around with this so you might need to incorporate some other windows changes too.

Here's info on enabling / disabling SMB2/3 for W2012 server -- works also for W10 but check also for updates

https://support.microsoft.com/en-us/...ws-server-2012

Cheers
jimbo

 

Surely this stuff was deliberately planted by one of the failing A/V companies to boost sales of their products !!!!
I'm sure you can think of a few likely culprits !!!

Nice to see Putin got irked off -- after all he's always maintained that Mathematics, Engineering and Computing were Russia's greatest strengths - especially Computers - and they've probably suffered the most -- wonder if it was because of the number of "Pirate" windows systems that might exist over there. I'd hate to be at a Russian security agency meeting when Putin's complaining the NSA has better scientists than he has --even if the USA's security is about as good as using a sieve as a boat.

I see the UK is beginning to play the Blame game too --perhaps Mrs May will set up a "National Blame Agency" with the CEO being paid around 300,000 EUR / USD a year !!!! --- reports are saying NHS in the UK had the fix in MARCH but a lot of the Hospital trusts didn't apply it --- now surely that's NOT MONEY -- the people at the top should have insisted that these fixes were applied - still bet nobody at the top loses their job.

Cheers
Jimbo

 

That's already politics and yet another reason to be mistrusted. Who knows what else is cooking behind the curtains, this is just one that run away.

 

Here is the answer to my question, in case anyone is interested:
WannaCrypt ransomware worm targets out-of-date systems Windows Security

 

Hi there

all the security in the world is NO GOOD if people can't be bothered to patch their machines !!!

Cheers
jimbo

 

All the security in the world is no good if people won't stop opening unknown attached files! Too.