Announcement

Collapse
No announcement yet.

WannaCry Worm

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    WannaCry Worm

    This ransom-ware is widely reported to be based on a tool developed by the NSA to hack into computers. The NSA tool was used by a hacker group called the Shadow Brokers. The $300 ransom you are asked to pay (through bit coin) because ransom-ware has encrypted your data.

    Well this will not effect most of us here assuming you are not using Windows. However it really cheesed me off to be accused by the hospital as being a possible "security risk". I got an email to the effect; Monday they plan to send over a risk management team to assess us. As most of you know, my clinic runs 100% Linux and I am thinking there is someone over at the hospital IT department who is dead set to force us to use Windows.

    Unless I am wrong, the ONLY way to get this worm is from Windows and no other method.

    #2
    "When engaged in promiscuous computing, always use a Linux OS."
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    Comment


      #3
      On Git Hub they describe a "kill switch" that some researcher found. IF the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the malware will abort and not infect the target computer. That domain was not up and wasn't even for sale, so the security researcher created it. A while later the bad guys supposedly released a copy of the malware without the kill switch.

      The attack vector is ETERNALBLUE, an exploit against all versions of Windows before Windows 10 (how convenient for MS):
      • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.

      Apparenly MAC is immune as well. Point your hospital "experts" to the Get Hub site so they can get informed.

      Windows runs some Open Source apps like LibreOffice, so you will see file extensions related to some Open Source apps in the following list of extensions that the malware is looking to infect:
      The filetypes it looks for to encrypt are
      .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pst, .ost, .msg, .eml, .vsd, .vsdx, .txt, .csv, .rtf, .123, .wks, .wk1, .pdf, .dwg, .onetoc2, .snt, .jpeg, .jpg, .docb, .docm, .dot, .dotm, .dotx, .xlsm, .xlsb, .xlw, .xlt, .xlm, .xlc, .xltx, .xltm, .pptm, .pot, .pps, .ppsm, .ppsx, .ppam, .potx, .potm, .edb, .hwp, .602, .sxi, .sti, .sldx, .sldm, .sldm, .vdi, .vmdk, .vmx, .gpg, .aes, .ARC, .PAQ, .bz2, .tbk, .bak, .tar, .tgz, .gz, .7z, .rar, .zip, .backup, .iso, .vcd, .bmp, .png, .gif, .raw, .cgm, .tif, .tiff, .nef, .psd, .ai, .svg, .djvu, .m4u, .m3u, .mid, .wma, .flv, .3g2, .mkv, .3gp, .mp4, .mov, .avi, .asf, .mpeg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .sh, .class, .jar, .java, .rb, .asp, .php, .jsp, .brd, .sch, .dch, .dip, .pl, .vb, .vbs, .ps1, .bat, .cmd, .js, .asm, .h, .pas, .cpp, .c, .cs, .suo, .sln, .ldf, .mdf, .ibd, .myi, .myd, .frm, .odb, .dbf, .db, .mdb, .accdb, .sql, .sqlitedb, .sqlite3, .asc, .lay6, .lay, .mml, .sxm, .otg, .odg, .uop, .std, .sxd, .otp, .odp, .wb2, .slk, .dif, .stc, .sxc, .ots, .ods, .3dm, .max, .3ds, .uot, .stw, .sxw, .ott, .odt, .pem, .p12, .csr, .crt, .key, .pfx, .der


      Microsoft's Security Announcement for the EternalBlue exploit is
      https://technet.microsoft.com/en-us/library/security/ms17-010.aspx]here. It was released on March 14, 2017. One has to wonder how long Microsoft held the patch before releasing it.

      The problem with most Windows users is that they are too heavily invested (time, money and data) in Windows based applications to consider switching to Linux or Mac. Consider also that there is no guarantee that these bad guys, after getting the ransom, won't turn it into a monthly payment extortion scheme. For many corporations it will be just another business expense passed on to their consumers, in your case the patients. But, what if more than one gang of bad guys turns loose that malware, or something similar, and then the ransom payments multiply. What if 10 different groups demanded payments of $600 @. That's $6K/mo. But, greed knows no limits. The $600 will be come $1000, then $1,500, and so on.

      Maybe if a few governments placed Extreme Sanctions on these guys and hunted them down, just like they did the Somalia pirates. Exterminate a few and they might learn the lesson.
      Last edited by GreyGeek; May 13, 2017, 10:19 PM.
      "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
      – John F. Kennedy, February 26, 1962.

      Comment


        #4
        Originally posted by GreyGeek View Post
        On [URL="https://gist.github.com/slider23/bd617d0d376047c05d18980fde306840"]The problem with most Windows users is that they are too heavily invested (time, money and data) in Windows based applications to consider switching to Linux or Mac. Consider also that there is no guarantee that these bad guys, after getting the ransom, won't turn it into a monthly payment extortion scheme. For many corporations it will be just another business expense passed on to their consumers, in your case the patients. But, what if more than one gang of bad guys turns loose that malware, or something similar, and then the ransom payments multiply. What if 10 different groups demanded payments of $600 @. That's $6K/mo. But, greed knows no limits. The $600 will be come $1000, then $1,500, and so on.
        That seems a bit extreme. Microsoft would be forced to fix the exploits in its operating systems before any thing like this occurred. If they didnt fix it, Im sure Apple would be more than happy to relieve them of several million customers. Greed knows no limit, but business owners will only tolerate something like this for so long before they look for other alternatives.

        Comment


          #5
          From all the videos and information I am gathering. this won't disrupt Android phones either. I found this YouTube video explains it best. He talks a bit loud but tells you the worm seeks any computer out across the internet with the Windows OS. I need to get as much data on this for Frank so he can present it to the assessment people on Monday showing we are not a risk factor. Here Frank and I are trying to keep cost down at the clinic and these stuffed suits want to ruin it because they are afraid of something different.

          Hey enjoy your weekend guys, tomorrow Frank and I have to spend most of the day at the clinic scrubbing the computers. We don't need them to find so much as a game, movie, or music on them.

          Comment


            #6
            WTF, I've seen lots of people eat the expense of running Windows because it would be more costly, or impossible, to convert their business (or what ever) to Linux or Mac. My former employer, for example. I was well along on the path to converting their servers to Linux. They even sent an antagonistic IT staff person to RH's A+ training, and he came back enthusiastic for Linux. What killed the move was the election of a new governor who appointed a tax commissioner whose assistant was put in charge of managing the states computer systems. She only knew how to run Windows and Excel, so 10K of 13K state workers had to dump their Lotus Notes licenses, for example, and install Windows Doc, Excel and Sharepoint licenses. The governor who ran for office on being "more frugal" than the previous governor replaced one tax commission with two, and spent millions dumping a superior groupware with a Hodge Podge of Windows products that didn't work well together. Productivity was cut in half and network speeds by an equal amount because of how slow Explorer & Windows Directory was. It was a disaster.

            When time came to replace FoxPro's dbf (after 15 yrs of use) with a more powerful database I proposed PostgreSQL. The suits, who know nothing about computers, databases, programming or IT administration, chose Oracle because PostgreSQL didn't have "paid" support. Oracles license costs exploded during subsequent years. It's cost taxpayers tens of millions of dollars or more. Meanwhile, Oracle's support is so bad the admins go to the open source support sites to get answers to problems, which shows how worthless Oracle's paid support is. They can't really switch to PostgreSQL (or any other dbms) because they have too much data tied up in Oracle's system and proprietary functions. They couldn't afford the manpower, time and cost necessary to move to PostgreSQL even though it is 95% compatible with Oracle. Adding to conversion costs for moving to Linux would make the move impossible due to time, manpower and funding restraints. MS & Oracle have the state by the short hairs and they know it. They are squeezing the tax payers for every dime they can via update treadmills.

            Even with timely backups this ransom malware would bring the collection of taxes (the most important function) to a halt, along with every sort of record keeping and license fees generation. In fact, the state is so short on man power that the loss of one or two critical people would bring the enter process to its knees. Malware or employee loss, at that point even the state suing Microsoft would be fruitless, regardless of the EULA, because they would need to get the software running again, ASAP. The only computer systems running would be the 50 year old mainframes and their P4 terminals that are still being used for much of the data collection and entry, but the state doesn't have enough COBOL programmers to create all of the front facing and internal applications necessary to do the states business, even if RPG4 (or what ever version it is now) could do that, which it can't.

            There are many private businesses that are in the same boat. Only the startups can afford to go the Linux or Mac route, and under today's business climate there are not that many new startups.

            Back when NAFTA first began to be deployed it hit the business sector like a ton of bricks. It caused massive layoffs as jobs and plants were shipped first to Mexico and then eventually ending up in China. As corporations closed down American factories they gave some employees generous severance payoffs. It as during 1980 that I started my computer consulting business. Between 1978 and 1980 I sold Apple computers to small businesses and was well known in the area. When I switched to IBM PCs and began writing software my primary customer was the laid off employee who took their saving and/or retirement money and thought they would become self-employed and earn the same income, or more, that they had been making before their jobs went south. They hired me to write their business software. Between 1980 and 1983 I can think of only three startups that survived. Most that failed were selling nick-nacks using store names like "Phones'n Things". Cute and catchy, but they had no idea of their demographic or market density. Now, the business climate is worse due to government regs and taxes, killing small business startups, which did supply a majority of the new jobs. 100 million Americans have given up looking for jobs and have become wards of the state. They are killing those who are still trying to work for a living. This malware won't help. As history as proven over and over, Microsoft uses customer misfortunes as profit centers. They are doing the same thing this time to push Win10.
            Last edited by GreyGeek; May 13, 2017, 11:01 PM.
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #7
              I understand your point, but I dont think many businesses would simply give up and use a system with known security exploits and regularly pay hackers to keep their insecure system. As a customer, I would not use a company whose system was known to be hacked and I know few people who would. If the nightmare situation you describe turns into reality, companies will have to choose between converting their systems or being extorted/loosing business. I doubt Microsoft will let it get that far though.

              Comment


                #8
                WannaCry Worm

                The "nightmare" situation I described wasn't imaginary. I watched it unfold personally and all the bad stuff I told them would happen did. Now their hooked and can't afford to get off the treadmill. Just because Balmer retired doesn't mean MS grew a conscience. MS knows they how trapped in Windows big corporations and state governments are. They can't afford the costs of a massive move. It took Munich 15 years to pull itself out of the Windows swamp and they still aren't 100% free.


                Sent from my iPhone using Tapatalk
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.

                Comment


                  #9
                  Frank and I spent the morning removing any "personal content" from our machines in the office. Frank took home the two public terminals we use for our clients amusement in the waiting room. We are clean as a whistle for the moron inspection crew. I plan to brief the staff in the morning and then we will all be on the same page. Frank and I set up a presentation "for dummies", just in case the inspection team is confused. Finally, if push comes to shove, we decided on one last option. Frank and I agreed we will sever all ties to the local hospital and start outsourcing immediately with Toronto. We already work a lot with Toronto, but it means we physical samples will be sent overnight to Toronto instead of same day service here in Windsor. Toronto has never accused us of giving their server issues. There will be no excuses, Frank and I are drawing the line in the sand.

                  I will let you know how it goes.

                  Comment


                    #10
                    While our Linux systems are not subject to the attack itself, phishing e-mails can be passed through Linux and Mac systems just as easily as through Windows systems. So ...

                    Comment


                      #11
                      Originally posted by dibl View Post
                      While our Linux systems are not subject to the attack itself, phishing e-mails can be passed through Linux and Mac systems just as easily as through Windows systems. So ...
                      For sure.
                      For a long time I used to strip emails of felonious attachments before I passed them on to my friends who use Windows but I had been telling them for years how vulnerable Windows is and I finally got tired of being their AV product and now I just forward them on to let their own AV handle them. Their security is their problem.


                      Sent from my iPhone using Tapatalk
                      "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                      – John F. Kennedy, February 26, 1962.

                      Comment


                        #12
                        Originally posted by GreyGeek View Post
                        ... I had been telling them for years how vulnerable Windows is and I finally got tired of being their AV product ...
                        The longer I use Linux, the lower my remaining respect for Microsoft. Today I discovered this goofy situation on the only Windows computer in my house (Win 7): Microsoft Security Essentials is fully up to date, has done a full system scan today, and finds no issues. Windows update shows 48 "Important" and 2 optional updates. Running updates, it will sit there claiming "Downloading Updates" for an hour with zero actual files downloaded. Grabbed their "Update Repair Tool" or whatever it is called, ran it as administrator, and watched it sit there claiming "Recovering Files" or some such lie, with nothing actually happening. What a pile of crap!

                        Comment


                          #13
                          They arrived at 10 AM, a team of 3 young men who promptly admitted to Frank they knew nothing about Linux or Debian... at first they thought he was talking about two separate systems. They went as far as asking to see our "Windows Server". Frank it kept cool and calm, then started his presentation. I had to hear the rest second hand being with a patient.

                          About 11:30 AM they finished up and left. At lunch Frank informed me they seemed impressed by his 45 minute lecture on Linux compared to Windows and the security of our system. So we thought that it was a done deal and that was that.

                          After lunch we got a call and we both took it on speaker in my office. One of the hospital admins asked us how much we need in funding to "upgrade" our system to Windows. Frank was first to laugh then replied "No offence Robert but Windows is not an upgrade." I told him it is not about funding. I also expressed my concern that some person or persons in the IT department was manipulating them into a poorly uninformed decision.

                          Robert said he would "look into it" and let us know "their decision". That is when we both fired the shot across his bow.
                          "What decision is there to be made Robert?" we asked. Our clinic is not the property of the hospital, we are not working for you, you are working for us. Our clinic, is your client, are you saying you don't want our business? We can send labs to Toronto just as simple, it won't take that long to file patients records with them.

                          There was about a five second silence and Frank thought Robert might have dropped the phone. "I meant I will talk it over with the IT department and get back to you on their issues.", then we ended the call politely.

                          No one else called the remainder of the day. In the end, if they continue to give us grief, the patients will need to do some paper work (give us permission) to forward medical records to another hospital. They can still get local treatment from the hospital but Toronto would need copies to do work properly. All the rest of the local work can be done by phone and fax... unless they don't like the phone company! LOL

                          Comment


                            #14
                            So sad when ignorance is institutionalize. WannaCry isn't the first ransomware to hit Windows and it won't be the last. One has to wonder how much they'll pay through the nose before they'll wise up? I'm afraid that as long as they can pass their costs on to the patient they won't.


                            Sent from my iPhone using Tapatalk
                            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                            – John F. Kennedy, February 26, 1962.

                            Comment


                              #15
                              I applaud your decision to stand firm, Simon.
                              Lenovo T460s

                              Comment

                              Working...
                              X