flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Heap > WannaCrypt

Goto page 1, 2, 3  Next
Author
Thread Post new topic Reply to topic
TmX



Joined: 02 Mar 2006
Posts: 781
Location: Jakarta, Indonesia
WannaCrypt
Post 14 May 2017, 11:09
View user's profile Send private message Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 361
You just need to disable/remove SMBv1, no need to patch/update anything.

I'm always amazed how so much pointless obscure shit you don't need comes by default instead of asking you the first time you want to use whether you should enable it or not. It's not just Windows, even some Linux distros come bundled with so much crap you have to disable, ffs.

Remember, bloat is bad, not just for RAM use, but also for security. The more shit you have enabled, the more potential attack vectors. Keep your OS lightweight for security!

(inb4 someone comes and says "unused cycles/RAM is wasted cycles/RAM", but that's bullshit, since it wastes extra energy to load/store that extra data in RAM, pure definition of waste)
Post 14 May 2017, 12:05
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14797
Location: Lost in translation
I've been disabling those default IPC$ and <drive>$ shares ever since day one. It baffles me as to why some people think it is a good idea to make everything shared "just in case".
Post 14 May 2017, 12:22
View user's profile Send private message Visit poster's website Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7272
Location: 22° 15' N | 114° 10' E
Re: WannaCrypt

TmX wrote:
A big hospital in Jakarta, Indonesia was one of the victims.
https://inet.detik.com/security/d-3499926/sistem-antrean-rs-dharmais-diserang-ransomware-wannacrypt.
On this case, the hospital's queue management system became disfunctional.

Just curious to ask: Has the hospital paid any ransom yet? Or is the hospital trying to fix its system with backups?

Wink
Post 14 May 2017, 12:29
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6523
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
Post 14 May 2017, 13:21
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6523
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
not sure if this is current trend, create your own ransomware with nsa hacked tools, disable the killswitch, create a new bitcoin address, put the ransomeware in your organizations, and start earning, Embarassed

well, you probably don't have to do so much stuff, like compile or etc,

just make a wallpaper and change the desktop to ransomeware notice, maybe just modify the program use automate veracrypt, create file container, copy those docs imgs into this container, Embarassed Laughing
Post 14 May 2017, 13:25
View user's profile Send private message Reply with quote
TmX



Joined: 02 Mar 2006
Posts: 781
Location: Jakarta, Indonesia
Re: WannaCrypt

YONG wrote:
Has the hospital paid any ransom yet? Or is the hospital trying to fix its system with backups?

Wink



Not sure about that. Probably their IT team already had the system running again via backup.
After all, there's no guarantee you'll get the decryption key after paying the ransom. Confused
Post 14 May 2017, 13:49
View user's profile Send private message Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7272
Location: 22° 15' N | 114° 10' E
Re: WannaCrypt

TmX wrote:
there's no guarantee you'll get the decryption key after paying the ransom. Confused

Then, how come some stupid victims actually paid the ransom? Rolling Eyes

Wink
Post 15 May 2017, 01:49
View user's profile Send private message Visit poster's website Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7272
Location: 22° 15' N | 114° 10' E

sleepsleep wrote:
just make a wallpaper and change the desktop to ransomeware notice, maybe just modify the program use automate veracrypt, create file container, copy those docs imgs into this container, Embarassed Laughing

Thank you for teaching us how to spread the ransomware!

Wink
Post 15 May 2017, 01:53
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14797
Location: Lost in translation
I think it would be in the interest of the perps to actually allow decryption upon payment. Once words spreads that paying works then more people will pay to get their files back. Basic business logic, treat the "customers" well and get more business.
Post 15 May 2017, 01:57
View user's profile Send private message Visit poster's website Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7272
Location: 22° 15' N | 114° 10' E

revolution wrote:
I think it would be in the interest of the perps to actually allow decryption upon payment.

Money is a bonus. The perps probably just wanted to tease NSA and M$:

Microsoft Just Took A Swipe At NSA Over The WannaCry Ransomware Nightmare
https://www.forbes.com/sites/thomasbrewster/2017/05/14/microsoft-just-took-a-swipe-at-nsa-over-wannacry-ransomware-nightmare/#7abd9d6b3585

Wink
Post 15 May 2017, 02:12
View user's profile Send private message Visit poster's website Reply with quote
TmX



Joined: 02 Mar 2006
Posts: 781
Location: Jakarta, Indonesia
Re: WannaCrypt

YONG wrote:
Then, how come some stupid victims actually paid the ransom? Rolling Eyes

Wink



Let's say if the encrypted files are very important, and you need to use it for work (and unfortunately no backups), well... Wink
Post 15 May 2017, 02:49
View user's profile Send private message Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7272
Location: 22° 15' N | 114° 10' E
Re: WannaCrypt

TmX wrote:
Let's say if the encrypted files are very important, and you need to use it for work (and unfortunately no backups), well... Wink

No backups? How could that be possible? The World Backup Day was like six weeks ago!

Refer to:
https://board.flatassembler.net/topic.php?t=19833

Wink
Post 15 May 2017, 09:02
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14797
Location: Lost in translation
Re: WannaCrypt

YONG wrote:
No backups? How could that be possible? The World Backup Day was like six weeks ago!

That still leaves six weeks of new data that needs to be recovered. Razz
Post 15 May 2017, 09:21
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6523
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
2nd wave, no kill switch, enjoy!!!

https://www.superstation95.com/index.php/world/3870

Quote:

- Santander Bank in Spain confirms their computers are infected
- Bank of China can no longer dispense cash because the attack seized their financial network.
- Radio stations in Germany are reporting that their largest bank, international mega-bank "Deutsch Bank" is infected with the virus. not saying which variant.
- My husband works for Citi Bank. He said 58% of all their ATMs east of the Mississippi are down, and West of the Mississippi 17% of their ATMs are down.

Post 15 May 2017, 11:43
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6523
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699

YONG wrote:

sleepsleep wrote:
just make a wallpaper and change the desktop to ransomeware notice, maybe just modify the program use automate veracrypt, create file container, copy those docs imgs into this container, Embarassed Laughing

Thank you for teaching us how to spread the ransomware!

Wink


i think there are still abundant of nsa zero day exploits that hackers haven't integrate into ransomware, Embarassed Embarassed Embarassed

the third wave will come with more zero day, and target smartphone iphone & android users, Embarassed

please backup your smartphone too!!
Post 15 May 2017, 11:46
View user's profile Send private message Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7272
Location: 22° 15' N | 114° 10' E

sleepsleep wrote:
the third wave will come with more zero day, and target smartphone iphone & android users, Embarassed

No worries. I still have my old Windows phone.

Wink
Post 15 May 2017, 12:08
View user's profile Send private message Visit poster's website Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7272
Location: 22° 15' N | 114° 10' E
Re: WannaCrypt

revolution wrote:

YONG wrote:
No backups? How could that be possible? The World Backup Day was like six weeks ago!

That still leaves six weeks of new data that needs to be recovered. Razz

We need to have World Backup Day every month. After the WannaCry attack, the UN may actually consider my proposal!

Wink
Post 15 May 2017, 12:12
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 361

sleepsleep wrote:
please backup your smartphone too!!

Better yet, don't store anything important on your smartphone. Full stop.

Hacks/backdoors are not even the biggest of your worries. It can be stolen, it can crash, catch fire, disintegrate, I just don't trust those little shits at all.

If you have important phone numbers just write them on your PC in a text file (which you backup like everything else ofc) or old-school way on paper.
Post 15 May 2017, 17:37
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14797
Location: Lost in translation
Re: WannaCrypt

YONG wrote:
We need to have World Backup Day every month.

That still leaves up to one month of new data that needs to be recovered.

One day is probably about the sweet spot between the time "wasted" backing-up and time spent recreating information in the event of loss.
Post 16 May 2017, 01:53
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2, 3  Next

< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.