The Steampunk Forum at Brass Goggles
November 24, 2017, 12:14:17 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Support BrassGoggles! Donate once or $3/mo.
 See details here.
 
   Home   Blog Help Rules Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: FYI Latest Virus: WannaCry ransomware  (Read 489 times)
Prof Marvel
Zeppelin Captain
*****
United States United States


learn from history, or be doomed to repeat it


« on: May 14, 2017, 07:50:08 am »

WannaCry ransomware running wild.

Microsnot even cut a patch for Win XP !

Here is the U.S. CERT link https://www.us-cert.gov/ncas/alerts/TA17-132A

be careful out there

yhs
prof marvel
Logged

Your Humble Servant
~~~~~Professor Algernon Horatio Ubiquitous Marvel The First~~~~~~
President, CEO, Chairman,  and Chief Bottle Washer of
Professor Marvel's Traveling Apothecary and Fortune Telling Emporium

Acclaimed By The Crowned Heads of Europe
Purveyor of Patent Remedies, Snake Oil, Cleaning Supplies, Dry Goods, and Picture Postcards
Offering Unwanted Advice for All Occasions and Providing Useless Items to the Gentry
Since 1822
J. Wilhelm
╬ Admiral und Luftschiffengel ╬
Board Moderator
Immortal
**
United States United States


Sentisne fortunatum punkus? Veni. Diem meum comple


WWW
« Reply #1 on: May 14, 2017, 10:09:22 pm »

WannaCry ransomware running wild.

Microsnot even cut a patch for Win XP !

Here is the U.S. CERT link https://www.us-cert.gov/ncas/alerts/TA17-132A

be careful out there

yhs
prof marvel

I need to tell my boss. Our office could get wiped out in an instant, thus resulting in my potential unemployment. Where/How do you get the patch for Windows XP, exactly?

PS

I found this link to Microsoft "Customer Guidance for WannaCrypt attacks" courtesy of the BBC
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/?utm_source=t.co&utm_medium=referral
« Last Edit: May 14, 2017, 10:28:08 pm by J. Wilhelm » Logged

Banfili
Zeppelin Captain
*****
Australia Australia



« Reply #2 on: May 15, 2017, 12:39:56 am »

Thank you, gentlemen.

Running XP on my travelling netbook, and my GIS software machine. I have downloaded the XP Patch, and will install asap.
Logged
Prof Marvel
Zeppelin Captain
*****
United States United States


learn from history, or be doomed to repeat it


« Reply #3 on: May 16, 2017, 03:00:20 am »

Greets

Here is  the link to Microsoft Security Bulletin MS17-010 - Critical
Security Update for Microsoft Windows SMB Server (4013389)
includes win 7 & 8 & 10 & Server & etc
      https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

here is the link for XP, Vista, Win 8 , Win Server
      http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

please review the entire page links, disclaimers, etc.

ALSO please bear in mind that any of the above **WILL** make more changes than advertized,
they  may introduce features that you do not want, and may break functionality that you actually need.

before patching always make and test complete backups.
You should already HAVE complete backups no older than 1 week old.
to reiterate
make multiple backups before doing anything.
back up your REGISTRY
back up your O/S
back up your apps
back up your userdata
test your backups - by that I mean change stuff, restore from backup, and confirm that the restore actually worked!

You *should* be doing backups at least monthly, preferrably weekly.
if it's your business, then do it daily on removable media and take it offsite. with 64G and 128G thumbdrives thre is no reason not to.


IF YOU RUN LINUX or UNIX - make absolutely sure your O/S vendor supports the METHOD and MEDIA of your choice,
and TEST IT!!!

Whilst working for the now long gone sun micro, I had to inform any number of unfortunate cheap frugal  EU customers that the backups
they had been taking for over a year of their UNIX server onto an ancient Sun Workstation onto a USB thumbdrive were not readable because
a) only one brand and style of thumbdrive was supported at the time of manufacture ( ~2002 )
b) that brand and style "went under" ~ 2005
c) the thumbrives he was using were not even recommended for UNIX by the maker
d) they only found out the  backups weren't readable cuz they needed to restore them NOW
e) they never did a "restore test" or a "longevity test" of the thumbdrives
f) the fact that he could read and write "small files" as a test was literally irrelevant - it was "unsupported" and therefore he was boned.

Even further back I had to tell a bunch of cheapskates ( again EU, I don't understand it) that the UNIX dump utility WAS NOT a suitable backup method. They insisted that "their Sales Rep set it up, and it worked fine".  When asked why they were calling in "for support" they replied
well, the restore isn't working right..... had to tell them the state of the memory and disk was dynamic and therferore could not be guarenteed
a) it was "unadvised"
b) it was "unsupported"
c) their only recourse was to go to the guy who set it up 
but I would be happy get a manager and we could make a call to their VP of IT and explain how and why they were going down the tubes...



also - Update -

FYI this virus is one of the RANSOMEWARE dealies. It encrypts everything on your hard drive and then demands $300 or more in
untraceable internet money aka BITCOINS.

This is mainly spread thru email that looks like it's from someone you know or have already corresponded with.
that's one of the cute tricks in this delivery: the Bad Guys apparently bought the user data that was hacked from Yahoo Mail about 2+ years ago. they used the address books to "spoof" the ID of the sender to look like, say , my yahoo email address, then used the adress book to send the virus  to people "I" would know and have sent email to.   

Fortunately I efducated Mrs Marvel and my friends  - they looked at the raw email, saw the link was obfuscated , and THEN noticed it was my old, now dead and abandonned yahoo email adress that had been previously stolen!
 
Oh yeah, the Bad Guys also tried sending me several emails that look almost exactly like an official email from amazon or paypal.
But I could tell, and forwarded them to the appropriate authorities at both amazon and paypal. No replies from them, but I have learnt not to
expect any.

That's one reason why I stopped using server-based adress books . If you use a local PC email reader and local address books & etc, lilke Mozilla Thunderbird, it keeps MORE of your stuff off the "cloud" ... which we can see is so easily compromised.

The patches are all well and good, but they only come out AFTER a virus or worm attack.
Closing the door after the horses ran off. And the barn burned down.

If you run your browser and email INSIDE a service like SANDBOXIE anything a virus can do inside sandboxie is stuck inside that "sandboxed area" The virus, if executed,  can collect passwords you used in the sandbox or use your email from inside the sandbox, but it can't
affect your harddrive.

hope this helps.
yhs
prof marvel
Logged
Banfili
Zeppelin Captain
*****
Australia Australia



« Reply #4 on: May 16, 2017, 01:53:40 pm »

Don't do Gmail, don't do Yahoo mail, and DEFINITELY don't do anything Cloud!
Logged
J. Wilhelm
╬ Admiral und Luftschiffengel ╬
Board Moderator
Immortal
**
United States United States


Sentisne fortunatum punkus? Veni. Diem meum comple


WWW
« Reply #5 on: May 17, 2017, 08:05:05 am »

Don't do Gmail, don't do Yahoo mail, and DEFINITELY don't do anything Cloud!

For some reason I've never had any problem with Yahoo. I never use their web-page mail app. I just used the POP server. Everynow and then I catch one of those suspicious emails, but I never open an email from a source I don't recognize and espcially any emais claiming to be from a bank or FedEx. Since I don't do business with either (I use Credit Unions, which while similar are not real banks), I have no reason to get any messages from them. It's really all about being aware about messages people send you. As far as messages from people you know ... well very few people email me  Cheesy
Logged
Prof Marvel
Zeppelin Captain
*****
United States United States


learn from history, or be doomed to repeat it


« Reply #6 on: May 17, 2017, 09:34:04 am »

As far as messages from people you know ... well very few people email me  Cheesy

Awwwww geeee J.
I'll email ya   Wink
I can subscribe you to my free "rant-a-day" email service :-)

yhs
prof ranty
Logged
Banfili
Zeppelin Captain
*****
Australia Australia



« Reply #7 on: May 17, 2017, 01:10:55 pm »

I don't open emails very often - read them in preview then delete or not as necessary. A friend has had trouble with Yahoo - her address book ended up spread all over the 'net, and I still occasionally get spam from the hack.
Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.214 seconds with 16 queries.