Ransomware Outbreak.

LittleJess · May 13, 2017

http://www.abc.net.au/news/2017-05-...ak-in-history-hits-nearly-100-nations/8523102

A piece of ransomware caused some major damage it has managed to hit hospitals, now I must say despite the damage it has caused, It's fucking impressive. but concerning obviously the people who managed to pull this off must be very smart xD.

That being said, supposedly it was done using an exploited NSA tool, personally windows itself is a insecure piece of garbage, but we are all forced to use it as it's "the main OS in used on desktop computers".

That being said, It is a dick move to attack hospitals and highly unethical.

Kenn · May 13, 2017

In addition to Norton virus protection I have Malware Bytes installed. The latter notified me today that I was protected, though the article that I read stated that if you had installed your March Windows updates, your were covered as well.

BoundCoder · May 13, 2017

I know it's harsh, but if a large scale organization can't simply wipe and restore from backup in this kind of situation and has to actually pay to get their files back.. they deserve what they get.

This is basic disaster recovery 101. Have backups, have procedures to mitigate interim impact when systems go down, and have a restoration procedure that you've tested and can quickly implement. It's understandable that a lot of individuals don't have backups and can be exploited in this way, but any company large enough to have an IT department aught to have their shit together.

tiny · May 13, 2017

Kenn said:
In addition to Norton virus protection I have Malware Bytes installed. The latter notified me today that I was protected, though the article that I read stated that if you had installed your March Windows updates, your were covered as well.

The ransomware itself was a new variant released yesterday. The main way it propagates is via a worm, which was patched last March. It also infects computers on a local network via SMB and RDP.

But the NHS still use Windows XP. Even if a patch was released to them as part of their £5.5 million a year support contract, it probably takes more than two months for it to be tested and rolled out.

Strangely, the ransomware contained a kill switch. It would check whether it could connect to http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/. If not, the infection would start, otherwise it would exit. A security researcher found that the domain hadn't been registered, so bought it, set up a simple website, and it appears to have stopped all new infections of the ransomware. Weird.

anned · May 13, 2017

I understand most if the infections were through opening spam.
Never open spam or strange email without sandboxing it

Near · May 13, 2017

Stock reminder: don't use unsuported software (if you need to sandbox it), keep stuff patched. This botnet uses vulnerabilities that where patched in March.

tiny said:
The ransomware itself was a new variant released yesterday. The main way it propagates is via a worm, which was patched last March. It also infects computers on a local network via SMB and RDP.

But the NHS still use Windows XP. Even if a patch was released to them as part of their £5.5 million a year support contract, it probably takes more than two months for it to be tested and rolled out.

Strangely, the ransomware contained a kill switch. It would check whether it could connect to http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/. If not, the infection would start, otherwise it would exit. A security researcher found that the domain hadn't been registered, so bought it, set up a simple website, and it appears to have stopped all new infections of the ransomware. Weird.

Frankly the NHS should have updated away from XP ages ago. It's just going to cost them more and more the longer they wait.

As for the killswitch, it's not necessarily that odd since this was potentially an NSA-developed malware that got leaked. You gotta believe the next version won't be so trivially turned off though.

dogboy · May 13, 2017

The ironic thing is they believe the attack originated from Russian gangs, and it is Russia that was hit the hardest. The other thing that delighted me is that India was hit hard. I still get phone calls from some idiot from India telling me I have viruses on my Windows. One time I told him I would take care of it by cleaning my windows with Windex.

tiny · May 14, 2017

Near said:
Frankly the NHS should have updated away from XP ages ago. It's just going to cost them more and more the longer they wait.

Apparently (I haven't heard any actual reference to a credible source yet), some of the software would cost millions to rewrite. Apparently things like MRI scanners have Windows XP drivers... or something.

Anyway, if the think the NHS using XP is bad... check out this:
http://www.popularmechanics.com/military/weapons/a19061/britains-doomsday-subs-run-windows-xp/

:eek!:

Cottontail · May 14, 2017

Binary said:
That being said, supposedly it was done using an exploited NSA tool, personally windows itself is a insecure piece of garbage, but we are all forced to use it as it's "the main OS in used on desktop computers".

It's quite reasonable to be pissed at Microsoft for security vulnerabilities, but if by "insecure piece of garbage" you mean to imply that the alternatives are innately more secure, you're fooling yourself. In practice, the alternatives appear more secure because "nobody" (= a small number of people, relatively speaking) uses them. The hackers will be where the users are, not where they aren't. If, over night, the world switched from Windows to Mac OS or some Linux distro, it wouldn't be long before the software engineers there were caught with their pants--and diapers, and possibly epidermises--down. It would be a catastrophe, I'm quite certain. As the owner of a Mac and several other devices running non-Microsoft OSes, I'd like to think that when the engineers at Microsoft's competitors hear people say that Windows is an "insecure piece of garbage," they do more than just grin and nod. Hopefully they look for and patch similar holes in their own products. Hopefully it reinforces for them that developing software with security in mind is super important. I'm pretty sure that's not always the case, though.

Microsoft has been getting beaten up in the press for security issues since the Blaster / Slammer / I love you / Anna Kournikova debacles of the early 2000's, and as a longtime developer of Windows software who's watched Microsoft's responses to these things, I don't doubt that a great deal of progress has been made toward changing the security mindset of the people working on the affected projects. But you're talking about software projects with literally billions of lines of code and "only" thousands of developers. Microsoft's Windows team could have written air-tight code for the last decade, and most of the code in the product would still predate it. Ad hoc code reviews and code analysis tools can help, but in the end it's still a bit like telling a city's police department that there's a general emergency and to secure the city. Mmmmm... yeah.

For better or worse, the world is run by code now, and code can reasonably be assumed to be buggy, no matter who it comes from. The code you run will always seem like the buggiest, and the code everybody runs will always seem like the least secure. Run away if you must, but you'd better hope that nobody follows you.

LittleJess · May 15, 2017

Cottontail said:
It's quite reasonable to be pissed at Microsoft for security vulnerabilities, but if by "insecure piece of garbage" you mean to imply that the alternatives are innately more secure, you're fooling yourself. In practice, the alternatives appear more secure because "nobody" (= a small number of people, relatively speaking) uses them. The hackers will be where the users are, not where they aren't. If, over night, the world switched from Windows to Mac OS or some Linux distro, it wouldn't be long before the software engineers there were caught with their pants--and diapers, and possibly epidermises--down. It would be a catastrophe, I'm quite certain. As the owner of a Mac and several other devices running non-Microsoft OSes, I'd like to think that when the engineers at Microsoft's competitors hear people say that Windows is an "insecure piece of garbage," they do more than just grin and nod. Hopefully they look for and patch similar holes in their own products. Hopefully it reinforces for them that developing software with security in mind is super important. I'm pretty sure that's not always the case, though.

Microsoft has been getting beaten up in the press for security issues since the Blaster / Slammer / I love you / Anna Kournikova debacles of the early 2000's, and as a longtime developer of Windows software who's watched Microsoft's responses to these things, I don't doubt that a great deal of progress has been made toward changing the security mindset of the people working on the affected projects. But you're talking about software projects with literally billions of lines of code and "only" thousands of developers. Microsoft's Windows team could have written air-tight code for the last decade, and most of the code in the product would still predate it. Ad hoc code reviews and code analysis tools can help, but in the end it's still a bit like telling a city's police department that there's a general emergency and to secure the city. Mmmmm... yeah.

For better or worse, the world is run by code now, and code can reasonably be assumed to be buggy, no matter who it comes from. The code you run will always seem like the buggiest, and the code everybody runs will always seem like the least secure. Run away if you must, but you'd better hope that nobody follows you.

Well inherently windows is insecure by design, but it can be made to be very secure, you can lock down the OS and it can be made quite secure, but out of the box it is garbage, for example no anti-virus, windows firewall is shit with my setup Windows is quite locked down, most of my programs are in VMWare and isolated from the machine because lets face it I don't trust every single program out there. You can make it "secure" but be default it isn't and that's what I'm criticizing.

That and it's closed model isn't the exact best when it comes to security, all you have to do is fire up IDA pro, find a hole, use that hole to spread malware,

That being said Windows Server is quite impressive, from memory It's locked down by default, internet access is disabled etc, there aren't too many known exploits for IIS and crap.

That and 90% of the user base for Windows is computer illiterate, so spreading malware is quite easy to do, you don't isolated your machine off a shared network, you could get a worm etc.

That being said modern windows is quite secure, anything pre-vista was a nightmare. I remember with XP just plugging in a flash drive would give me that stupid recycle.bin worm.

Rarely anyone bothers to write malware for Linux or OSX so it's more "secure" but yeah if Linux was the main OS in use I guess you would see a increase in Linux based malware / viruses unless you locked down the OS, ie UFW and SELinux (which fedora comes with SELinux out of the box)

Cottontail · May 15, 2017

Binary said:
That and it's closed model isn't the exact best when it comes to security

Here again, I think the implication doesn't quite hold water. When both the benevolent and malevolent forces have equal access to the code, you're only better off if the benevolent forces can easily win the race to act on what they find. This is where the open source OS concept really falls flat, at least if you go by today's examples. The evolution of Linux has not proceeded in a linear fashion like Mac OS and Windows have. Rather, it's evolved a bit like the Big Bang. Where the Apple and Microsoft engineers have only a handful of source code forks to maintain and a handful of well-established distribution channels for getting patches out to users (even if we frequently curse those distribution channels), the Linux community has a veritable cosmos of source code forks, many with no story at all for how patches are built or distributed. What happens when the Linux forks running your WiFi router, home automation system, video surveillance DVR, and other IoT devices need a patch? Trust me, you don't want to know! And the desktop Linux story isn't much better. You have a few well-established distros with vigilant maintainers and package systems for patches, but you also have plenty of niche distros that don't have those things. It's actually pretty scary.

It's tempting to argue about open- versus closed-source and similar things, but the practical proof is in the real-world evidence, and I don't think the real-world evidence exists to back up the argument in this case. Or, at least, there are higher-order bits that are being ignored when this argument is made. Really, the whole "open source is better because ______" thing always reminds of the CISC vs. RISC debate back in the late 1980's and 1990's. RISC seemed like a sure thing for a few years there, and then whoops! Pipelining and microarchitectures. Crap. Now "RISC" is mostly a meaningless label applied to CPU designs that have RISC concepts in their heritages.

That's not to say I don't find open-source software extremely compelling. I just find the arguments that it is better in some way to be highly dubious, most for obvious reasons. Even such simple-seeming arguments as "open-source software is cheaper" require a lot of context in order to be true.

Binary said:
That and 90% of the user base for Windows is computer illiterate

Well, 90% of computer users in general might be (slightly to severely) computer illiterate, yes. But attributing that to a particular OS doesn't really tell us anything.

Binary said:
That being said modern windows is quite secure, anything pre-vista was a nightmare. I remember with XP just plugging in a flash drive would give me that stupid recycle.bin worm.

Indeed. Well, in a few years, you'll probably be ok to run XP again. Eventually the virus and malware authors will have to break compatibility in order to target holes in the newer systems. Run NT4 right now and things would probably be pretty good.

ArchtopK · May 17, 2017

with older systems, you solve this with a SonicWall or similar router / anti malware system. It amazes me that any professional operation would not have that kind of protection. Cheap insurance.

Sapphyre · May 17, 2017

Cottontail said:
Here again, I think the implication doesn't quite hold water. When both the benevolent and malevolent forces have equal access to the code, you're only better off if the benevolent forces can easily win the race to act on what they find. This is where the open source OS concept really falls flat, at least if you go by today's examples. The evolution of Linux has not proceeded in a linear fashion like Mac OS and Windows have. Rather, it's evolved a bit like the Big Bang. Where the Apple and Microsoft engineers have only a handful of source code forks to maintain and a handful of well-established distribution channels for getting patches out to users (even if we frequently curse those distribution channels), the Linux community has a veritable cosmos of source code forks, many with no story at all for how patches are built or distributed. What happens when the Linux forks running your WiFi router, home automation system, video surveillance DVR, and other IoT devices need a patch? Trust me, you don't want to know! And the desktop Linux story isn't much better. You have a few well-established distros with vigilant maintainers and package systems for patches, but you also have plenty of niche distros that don't have those things. It's actually pretty scary.

It's tempting to argue about open- versus closed-source and similar things, but the practical proof is in the real-world evidence, and I don't think the real-world evidence exists to back up the argument in this case. Or, at least, there are higher-order bits that are being ignored when this argument is made. Really, the whole "open source is better because ______" thing always reminds of the CISC vs. RISC debate back in the late 1980's and 1990's. RISC seemed like a sure thing for a few years there, and then whoops! Pipelining and microarchitectures. Crap. Now "RISC" is mostly a meaningless label applied to CPU designs that have RISC concepts in their heritages.

That's not to say I don't find open-source software extremely compelling. I just find the arguments that it is better in some way to be highly dubious, most for obvious reasons. Even such simple-seeming arguments as "open-source software is cheaper" require a lot of context in order to be true.

I'm curious as to your thoughts on OpenBSD. Their whole focus is on security and they've done some impressive things (like randomizing memory allocation, marking memory as either writable or executable but never both, etc) including a relentless code audit process. I would expect it to be inherently more secure than Windows... but of course since its user base is so small there's no direct apples-to-apples proof of that. But from a computer science perspective, a lot of the work they've put into hardening their OS would make it VERY difficult to find an exploitable bug. There's a laundry list of their security approaches available here: https://www.openbsd.org/security.html

Cottontail · May 17, 2017

Sapphyre said:
I'm curious as to your thoughts on OpenBSD. Their whole focus is on security and they've done some impressive things (like randomizing memory allocation, marking memory as either writable or executable but never both, etc) including a relentless code audit process. I would expect it to be inherently more secure than Windows... but of course since its user base is so small there's no direct apples-to-apples proof of that. But from a computer science perspective, a lot of the work they've put into hardening their OS would make it VERY difficult to find an exploitable bug. There's a laundry list of their security approaches available here: https://www.openbsd.org/security.html

It's interesting to wonder about, yeah. It really boils down to scenarios, though. Are you better off in the inner city, or alone on a small tropical island? In the former, you're more likely to be a victim of gun violence. In the latter, though gun violence is very unlikely, you're almost certain to die from any kind of violence because there's no hospital. That's what I find so terrifying about many of these open source systems. They're "free," and there's a sort of presumption of security besides, and so they've quickly spread into all of these embedded applications and gone other places where, if something bad happens, there's practically zero hope of rescue.

Of course it's a great thing that this particular project has emphasized security like it has. But when that exploit is found, it'll be an epic catastrophe--the information technology equivalent of a subprime mortgage crisis. Nothing is truly free with this stuff, and yet the integrators are effectively borrowing without any hope of paying the bills that are sure to come.

Ransomware Outbreak.

LittleJess

Banned

Kenn

BoundCoder

nnember

tiny

anned

Near

Petit chien

dogboy

tiny

Cottontail

♫ Don't Worry, Be Hoppy! ♫

LittleJess

Banned

Cottontail

♫ Don't Worry, Be Hoppy! ♫

ArchtopK

Sapphyre

Cottontail

♫ Don't Worry, Be Hoppy! ♫