Jump to content
Sal's RuneScape Forum

Cyberattacks hit Windows computers worldwide


Leo

Recommended Posts

http://www.bbc.com/news/technology-39901382

 

 

A massive cyber-attack using tools believed to have been developed by the US National Security Agency has struck organisations around the world.

Computers in thousands of locations have been locked by a programme that demands $300 (£230) in Bitcoin.

In April hackers known as The Shadow Brokers claimed to have stolen the tools and released them online.

Microsoft released a patch for the vulnerability in March, but many systems may not have been updated.

How big is the attack?

 

There have been reports of infections in 99 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan.

Cyber-security firm Avast said it had seen 75,000 cases of the ransomware - known as WannaCry and variants of that name - around the world.

"This is huge," said Jakub Kroustek at Avast.

 

 

TL;DR Windows users make sure that you've updated up to and including March updates. The specific patch Microsoft released for this when the NSA tools were leaked is MS17-010, released on March 14th.

Link to comment
Share on other sites

http://www.bbc.com/news/technology-39907049 And apparently some guy accidentally found a way to stop it spreading.

 

 

A security researcher has told the BBC how he "accidentally" halted the spread of ransomware affecting hundreds of organisations, including the UK's NHS.

 

The man, known online as MalwareTech, was analysing the code behind the malware on Friday night when he made his discovery.

 

He first noticed that the malware was trying to contact an unusual web address - iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - but this address was not connected to a website, because nobody had registered it.

 

So, every time the malware tried to contact the mysterious website, it failed - and then set about doing its damage.

 

MalwareTech decided to spend £8.50 and claim the web address. By owning the web address, he could also access analytical data and get an idea of how widespread the ransomware was.

 

But he later realised that registering the web address had also stopped the malware trying to spread itself.

 

"It was actually partly accidental," he told the BBC.

What happened?

 

Originally it was suggested that whoever created the malware had included a "kill switch" - a way of stopping it from spreading, perhaps if things got out of hand.

 

But MalwareTech now thinks the coder had included a mechanism to stop security researchers analysing the malware, which backfired.

 

Security researchers often analyse viruses on a virtual machine or "sandbox" - a secured, disposable computer environment with no important files that might be destroyed.

 

MalwareTech now thinks the software's attempt to contact the mysterious web address - iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - was a way of checking whether the malware was being analysed on a sandbox.

 

On a real computer, the website would fail to load. But a virtual machine might behave differently.

 

"The malware exits to prevent further analysis," MalwareTech wrote in a blog post.

 

"My registration... caused all infections globally to believe they were inside a sandbox and exit… thus we initially unintentionally prevented the spread and further ransoming of computers."

Does this mean the ransomware is defeated?

 

While the registration of the web address appears to have stopped one strain of the malware spreading, it does not mean the ransomware itself has been defeated.

 

Any files that were scrambled by the ransomware will still be held to ransom.

 

Security experts have also warned that new variants of the malware that ignore the "kill switch" will appear.

 

"This variant shouldn't be spreading any further, however there'll almost certainly be copycats," said security researcher Troy Hunt in a blog post.

Link to comment
Share on other sites

  • 4 years later...
On 5/15/2017 at 5:20 AM, Angel Hayley said:

Update your windows guys....or maybe it's a ploy from Microsoft to get everybody to update.

That kind of thing isn't too uncommon, although it is usually to extort money otherwise. Microsoft are o-so shady. Or at least, plenty of people who work(ed) for these companies may end up scripting viruses and etc. I have been studying cyber security recently, and I have been noticing how the creators of the course tiptoed around this idea.

I'm stating the obvious.

Edited by Sajoh
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Guidelines and Privacy Policy.