App Review WannaCry in an Updated Win7 system

[cruelsister]

Warm- You are correct in that the ransomware is the same as others, but the worm-like mechanism of spread is the actual issue. None of the major corporate vendors have ever given a flying (add curse word here) about this, in spite of many, many breaches and warnings from those that have a (add curse word here)ing clue.

They would much prefer to "sweep things under the rug" with jive-time statements like the BD one or the horse(add curse word here) that Symantec puts out. The sad thing, and the problem going forward, is that many in the IT word just lap this crap up instead of actually thinking for themselves. This is very, very bad as a concerted effort by an accomplished Blackhat gang with a political agenda can really bring things down.

We should really thank God that the only things these guys want is BitCoins...

 

[Daniel Keller]

Thank you very much for sharing this information. I really appreciate reading the forums. There are so many newspaper which just provide halve of the truth or even claim wrong things...

 

[Orion]

Correction: The MS Patch was to fix eternalblue MS17-010 which will stop this ransomware from spreading on the network from a already infected computer to other possibly vulnerable machine.

This malware is essentially out on a infected computer (probably from opening attachment in spam mail) scanning for vulnerable targets so it can auto infect other computer on port 445 if its open.

Thanks,
TI

 

[simmerskool]

Warm- but the worm-like mechanism of spread is the actual issue. ...

I recall someone was testing worm_stoppage a few weeks ago at MT... ...

 

[WinXPert]

I wasn't clear at all in the text boxes in the video- The actual point was this: All of the news reports that I saw/read kept telling everyone that a Patch was available WITHOUT EVER MENTIONING THAT IT WOULD ONLY HELP STOPPING NETWORK SPREAD. But the typical home user could (and has) reasonably inferred that the patch will stop the ransomware encryption process, which is not the case at all.

I think the issue is the common one- someone put out a statement about the patch without elaborating on this, and everyone else either copies or re-words the initial press release so the network only protection issue gets lost.

For instance: Does Windows 7 Premium have the patch to protect it from the Wanna Cry cyber attack?

And this is on the Microsoft website (sigh)...

You are right. Sad thing is that someone grabs a quote without understanding it. I recently had a discussion with a tech in a FB forum that claims like gospel that blocking ports 445 and 4444 would block the ransomware. And he doesn't even have a RW sample to prove that.

There's even those to boast that their favorite (crappy) AV can detect it. Yeah it can because it's only sig based but can't stop the encrypting process if WannaCry is already running.