A new ransomware wannacry from blog The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
A new ransomware wannacry
Hello folks,
I don’t know how I can turn this in to a longer article, so I’ll post it to my blog and leave it at that. I joined the Sans group with a webbinar in regards to this new threat called Wanna Cry. This article from Krebs on security entitled U.K. Hospitals Hit in Widespread Ransomware Attack was posted on the 12th of May. As Brian covered, he mentioned what this was, and the fact that not only were the hospitals hit with this, but so was a telephone company. Sans’s webbinar last night said there were at least 56,000 different infections at one point, just by doing scans, nothing more. They made it clear that they never accessed any machines, just did scans.
Sans indicates that while this was bad, its only going to get worse. USCERT has a writeup entitled Indicators Associated With WannaCry Ransomware which was posted yesterday as well. The SMB system I’m not too familiar with, but this can hit even with patched systems. We’ll keep our eyes and ears open for more.
Informazioni sull'articolo
A new ransomware wannacry was released on May 13, 2017 at 10:53 am by tech in article commentary.
Last modified: May 13, 2017.
Comments (4)
-
Comment by tech date 14 May 2017 alle 09:06 (),
I go back to that I posted via Vocal a few days ago. You have to start at the human level. What I don’t know especially on the google aspect, was this. Was that particular E-mail which braught up the o-auth dialogue something that was sent by E-mail? Granted, I think that particular one was in a specific country and spread, but this, I’m not clear even through the webbinar on how this spread. I think the major aspect of this is the human aspect. I think the article should be given a read. Your thoughts are interesting, and it is definitely worth talking about. Thanks for your thoughts! Anyone else?
-
Comment by crashmaster date 13 May 2017 alle 21:57 (),
What interests me is the ransomware itself.
To be honest its not that much of a big deal in the big picture.
In theory everyone should be autoupdating their systems unless there is a spaciffic reason not to do so at the times that are usually set for updates.
I am unsure about big companies but at home on wednesday and sometimes satturday I reserve a few hours from 6 till 9 in the morning where I make sure everything gets updated, wednesday is tuesday in the us and even when there are not patches for ms out people seem to flock to updates on or round that day other commen days are thursday, friday, satturday and sunday.
I always update my workstation and I have backups.
The security floor while big still is not the issue, fishing emails are the issue.
Social enginiering attacks still exist and its our brains that are hacked before our computers we can’t install security software to our minds just yet so we need to educate ourselves not to open that message or not to click.
This thing was not a problem it was solved in march.
But unpatched systems with clickers on here and there caused the issue.
Now where the fuck are we going wrong, there are enough resources, we push it down the throats of people.
The ransomware is not a problem, the unpatched systems are not a problem, the spam and fishing emails are not a problem.
But people falling and clicking the links are again the problem.
Education can’t be it, I do think we are actually doing quite a lot, there can be only so many sites and blogs stating the same thing from time to time.
We have the resources, so where are we fucking up?
Maybe we need to start banning usb drive access for gullible people getting this stuff at home and bringing it in, blocking usb drives is hte last thing I’d want to do ofcause, portable apps, blind friendly software, a lot of stuff uses them, but now do we have to not trust usb drives on company networks and school networks since everything is on the cloud it should be relitively safe I mean you can’t take down the entire cloud network or at least you hope you can’t.
Even with that approach things could still get in.
Maybe we need to extend it further, work emails should never go home except when needed, but home networks and emails and other things shouldn’t be allowed, twitter, facebook and everything bar stuff you need from work be blocked.
Maybe we need to block the net entirely to everyone at work that doesn’t need it ofcause you can’t block phones as such but who knows.
Blocking all wireless and blouetooth access would help I guess or at least bluetooth but what about hte other stuff.
Do we need to block remote access or the net entirely except for what is needed.
Then there are home pcs as well not allow home pcs to connect to the network for companies at all, but if a file in the cloud ever got something and it can then we are back to square 1.
Whats the answer.
We could restrict the hell out of it and still not get the right answer.
I have seen some of this at workplaces, in some countries it is alegal to do any work from work at home and it costs more if someone needs to do so including answering emails, etc.
Ofcause it rarely works that way.
I do know that on a lot of networks here at work places the net is blocked until lunch time etc.
I also know from my cousin that was at school and now uni, that all access well there wasn’t any general network access, but it was all handled by cloud drives.
Ofcause there may still be a few missing all the info, but even with this in this ransomware attack shouldn’t have been anything more than another fishing issue.
Again I say there is no defence against a social attack with fishing or other things, none bar knowing that it is.
So where are we going wrong?
Its no good reacting like this, securing the current issue will not fix it, in fact even if people updated everything and still fell well.
We have the resources, the muscle, the infrastructure. -
Comment by tech date 13 May 2017 alle 11:54 (),
Enter your comment here…Hi Shaun,
I believe I remember hearing something about a kill switch in a piece of malware too recently, don’t remember if this was it, but I found that interesting. Don’t remember if i read it from your link, or maybe through Security now or another source. Its definitely getting interesting out there. -
Comment by crashmaster date 13 May 2017 alle 11:50 (),
The only thing I need to say to this well things.
1. This is only an issue if you don’t update windows aparently from microsoft.
This does show thoughthat a lot of systems do not autoupdate, I do know windows updates can screw things from time to time but why you wouldn’t run updaters from time to time is beyond me.
I did notice that floor in march but ms is as cryptic as the ransomware they are quite secretive about what they update.
the second is a reply back at your face
http://www.standard.co.uk/news/health/nhs-cyber-attack-uk-researcher-accidentally-stops-global-spread-of-ransomware-by-activating-kill-a3538236.html
Read that and go away.
Leave a comment
You must be logged in to post a comment.
navigation menu
- Archives
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
- The tech blog’s pages
- Blogroll