Security News Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage

[frogboy]

Ransomware scum are using an SMB exploit leaked by the Shadow Brokers last month to fuel a massive ransomware outbreak that exploded online today, making victims all over the world in huge numbers.
The ransomware's name is WCry, but is also referenced online under various names, such as WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r. As everybody keeps calling it "Wana Decrypt0r," this is the name we'll use in this article, but all are the same thing, which is version 2.0 of the lowly and unimpressive WCry ransomware that first appeared in March.
Activity from this ransomware family was almost inexistent prior to today's sudden explosion when the number of victims skyrocketed in a few hours.
Wana Decrypt0r uses NSA's ETERNALBLUE exploit

What was clear about this ransomware was that Wana Decrypt0r was extremely virulent. The one who unraveled the mystery was French security researcher Kafeine, who was the first to spot that Wana Decrypt0r triggered security alerts for ETERNALBLUE, an alleged NSA exploit leaked online last month by a nefarious group known as The Shadow Brokers.

Full Article. Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage

 

[ElectricSheep]

I'm sure most of us MT guys are up to date with our security updates and all that, but this is the particular update (rolled out mid March) that deals with this nasty ransomware

https://support.microsoft.com/en-us/help/4013389/title

Further Info: Wana Decryptor / WanaCrypt0r Technical Nose Dive

EDIT: I know all this info can be found via the link that @frogboy posted above but it saves the digging

 

[Windows Defender Shill]

Thank you Wikileaks

It was very nobel of you to release the NSA/CIAs exploits to every hacker on planet.

And thank you NSA/CIA for not safe guarding these exploits.

 

[Arequire]

Thank you Wikileaks

It was very nobel of you to release the NSA/CIAs exploits to every hacker on planet.

And thank you NSA/CIA for not safe guarding these exploits.

The exploit leveraged was released by the Shadow Brokers, not by WikiLeaks.

 

[Winter Soldier]

This means that anyone who is infected didn't have the systems updated. This is the reason why hospitals and public institutions have been particularly infected, often for reasons of budget and stability, they are slow to update their systems.

 

[Deleted member 178]

The exploit leveraged was released by the Shadow Brokers, not by WikiLeaks.

He mant because of Wikileaks , all hackers and Skiddies in the world have access to them. Wikileaks should be down, and Dessange arrested and jailed for hsi criminal behavior.

 

[Arequire]

He mant because of Wikileaks , all hackers and Skiddies in the world have access to them. Wikileaks should be down, and Dessange arrested and jailed for hsi criminal behavior.

Yep. Wikileaks lost its credibility when Assange took over full control of the operation. I'm all for exposing corruption and wrongdoing by governments, intelligence agencies, the military, etc. but when you put the wider population at risk and then refuse to mitigate that risk under anything but your own stringent terms then you're no better than the people exploiting those vulnerabilities.
The NSA obviously deserve blame in this too, both for hoarding vulnerabilities that affect billions of people instead of reporting them to the respective vendors and for leaving their toys lying around.

 

[frogboy]

So far us Aussies not affected. Minister pledges vigilance after global cyber attacks

 

[Deleted member 178]

Yep. Wikileaks lost its credibility when Assange took over full control of the operation. I'm all for exposing corruption and wrongdoing by governments, intelligence agencies, the military, etc. but when you put the wider population at risk and then refuse to mitigate that risk under anything but your own stringent terms then you're no better than the people exploiting those vulnerabilities.
The NSA obviously deserve blame in this too, both for hoarding vulnerabilities that affect billions of people instead of reporting them to the respective vendors and for leaving their toys lying around.

NSA is intel agency so of course they won't tell the vendors... if you want break in a user system , you won't reveal the flaw...

 

[Ink]

Read more at Windows 10 Users Protected Against WannaCry Ransomware Attacks

Microsoft says that Windows users (regardless of their Windows version as long as they’re still supported – so Windows 7, 8.1, or 10) with the most recent updates installed (May 2017) and with the latest Windows Defender virus definitions are not vulnerable to attacks launched with this new form of ransomware.

Windows XP and Vista users completely vulnerable

 

[frogboy]

More news here. Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"

 

[Winter Soldier]

WannaCry global spread:

Wcrypt Tracker

 

[frogboy]

More news.
Microsoft Releases Patch for Older Windows Versions to Protect Against Wana Decrypt0r
CryptoPrevent vs WannaCry (WannaCryptor/WCry/.WCRY) Ransomware

 

[Arequire]

NSA is intel agency so of course they won't tell the vendors... if you want break in a user system , you won't reveal the flaw...

A quote from Graham Cluley sums up my thoughts on the matter:

Sometimes you protect your country best not by spying on others, but by ensuring that everyone in the world (including the people you may want to snoop on) is better defended.

 

[Deleted member 178]

Sometimes you protect your country best not by spying on others, but by ensuring that everyone in the world (including the people you may want to snoop on) is better defended.

"Knowledge is power", it was and will always be; what you do with this obtained knowledge will define your ability to protect your country or people you love because more you know , more you can prevent; and trusting an enemy words is just foolish.
With the modern threats , like terrorism, respect, fairness and diplomacy doesn't apply; those enemies just hate you; they don't care of geopolitics or technology superiority, they just want destroy your society model; so in return , you use all means available to prevent them before they do.

you want safety for your people, gains intel on others, secure your borders , and most of all , don't mess with others business; then maybe they won't mess with you.

We start going off-topic lol.

 

[inuyasha]

"Knowledge is power", it was and will always be; what you do with this obtained knowledge will define your ability to protect your country or people you love because more you know , more you can prevent; and trusting an enemy words is just foolish.
With the modern threats , like terrorism, respect, fairness and diplomacy doesn't apply; those enemies just hate you; they don't care of geopolitics or technology superiority, they just want destroy your society model; so in return , you use all means available to prevent them before they do.

you want safety for your people, gains intel on others, secure your borders , and most of all , don't mess with others business; then maybe they won't mess with you.

We start going off-topic lol.

Allow me to bring it back on topic

How did Windows Defender do against WannaCry?

 

[Handsome Recluse]

NSA is intel agency so of course they won't tell the vendors... if you want break in a user system , you won't reveal the flaw...

Wikileaks' job is also to see what's up.

 

[Deleted member 178]

Allow me to bring it back on topic

How did Windows Defender do against WannaCry?

they added a signature for the ransomware part.

 

[509322]

Allow me to bring it back on topic

How did Windows Defender do against WannaCry?

Windows Defender only detects the ransomware because Microsoft put a HOT RUSH on creating a signature for it. No signature for it in Windows Defender = encrypted files.

 

[509322]