App Review WannaCry in an Updated Win7 system

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Warm- You are correct in that the ransomware is the same as others, but the worm-like mechanism of spread is the actual issue. None of the major corporate vendors have ever given a flying (add curse word here) about this, in spite of many, many breaches and warnings from those that have a (add curse word here)ing clue.

They would much prefer to "sweep things under the rug" with jive-time statements like the BD one or the horse(add curse word here) that Symantec puts out. The sad thing, and the problem going forward, is that many in the IT word just lap this crap up instead of actually thinking for themselves. This is very, very bad as a concerted effort by an accomplished Blackhat gang with a political agenda can really bring things down.

We should really thank God that the only things these guys want is BitCoins...
 

Orion

Level 2
Verified
Apr 8, 2016
83
Correction: The MS Patch was to fix eternalblue MS17-010 which will stop this ransomware from spreading on the network from a already infected computer to other possibly vulnerable machine.

This malware is essentially out on a infected computer (probably from opening attachment in spam mail) scanning for vulnerable targets so it can auto infect other computer on port 445 if its open.

Thanks,
TI
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
I wasn't clear at all in the text boxes in the video- The actual point was this: All of the news reports that I saw/read kept telling everyone that a Patch was available WITHOUT EVER MENTIONING THAT IT WOULD ONLY HELP STOPPING NETWORK SPREAD. But the typical home user could (and has) reasonably inferred that the patch will stop the ransomware encryption process, which is not the case at all.

I think the issue is the common one- someone put out a statement about the patch without elaborating on this, and everyone else either copies or re-words the initial press release so the network only protection issue gets lost.

For instance: Does Windows 7 Premium have the patch to protect it from the Wanna Cry cyber attack?

And this is on the Microsoft website (sigh)...

You are right. Sad thing is that someone grabs a quote without understanding it. I recently had a discussion with a tech in a FB forum that claims like gospel that blocking ports 445 and 4444 would block the ransomware. And he doesn't even have a RW sample to prove that.

There's even those to boast that their favorite (crappy) AV can detect it. Yeah it can because it's only sig based but can't stop the encrypting process if WannaCry is already running.
 
  • Like
Reactions: Av Gurus and lab34

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top