It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
originally posted by: ZIPMATT
a reply to: ArMaP
So the nsa got microsoft to build in a hole which allows remote access and control , which was put in all chips for all computers made from 2010 in secret , and now the nsa has been hacked and stolen from , allowing remote access through the hole they put there together , to presumably anyone with hacking knowledge because the tools were available (dumped) on line , in a an apparent protest about trump by a group called the shadow brokers .
lol out loud ! its a proper story already , its nothing to do with me , except my good old dad is hospital right now , that's no so amusable
And..... where's the Americans ? Isn't this thread veeery quiet ?
originally posted by: Noncents
Boatloads of questions.
Getting bitcoins means somebody or something is getting funded. One person or a group? The banner of Anon, IS or other? Some lucky skiddy?
A test, a threat, a punishment or a repercussion?
Aintree university hospitals
Barnsley hospital
Birmingham community
Burton hospitals
Central Manchester university hospitals
Cumbria partnership foundation
East Cheshire
Hampshire hospitals
Ipswich hospital
Liverpool community health
London North West
North Staffordshire
Northumbria healthcare
Sherwood Forest hospitals
Royal Liverpool and Broadgreen hospitals
West Hertfordshire hospitals
Hull and East Yorkshire hospitals
East Lancashire hospitals
North Lincolnshire and Goole NHS
Lancashire teaching hospitals
Derbyshire community health services
Burton hospitals NHS
United Lincolnshire hospitals
Colchester general hospital
Basildon and Thurrock university hospitals
George Eliot hospital
Mid Essex hospital services
University hospitals of North Midlands
Liverpool women’s
North Cumbria university hospitals
Wrightington, Wigan and Leigh
Cheshire and Wirral partnership
Nottinghamshire healthcare
Plymouth hospitals
The ransomware, called "WannaCry," is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that haven't updated their systems are at risk. The exploit was leaked last month as part of a trove of NSA spy tools.
Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames.
Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.
Unfortunately, it appears that many organizations have not yet installed the patch.
What has happened?
On May 12, 2017 a new strain of the Ransom.CryptXXX (WannaCry) strain of ransomware began spreading widely impacting a large number of organizations, particularly in Europe.
WannaCry encrypts files with the following extensions, appending .WCRY to the end of the file name:
.lay6
.sqlite3
.sqlitedb
.accdb
.java
.class
.mpeg
.djvu
.tiff
.backup
.vmdk
.sldm
.sldx
.potm
.potx
.ppam
.ppsx
.ppsm
.pptm
.xltm
.xltx
.xlsb
.xlsm
.dotx
.dotm
.docm
.docb
.jpeg
.onetoc2
.vsdx
.pptx
.xlsx
.docx
What are best practices for protecting against ransomware?
New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.
The worm is spreading via leaked NSA cyber-weapons (ETERNALBLUE and maybe DOUBLEPULSAR) that were leaked by the Shadow Brokers. The vulnerability was patched by Microsoft in a critical patch update in March 2017. The NSA software was not originally a worm, but was modified.
There appears to be more than one variant of the worm (so far, appears to be four five eight). The biggest ransomware on the scene is called Wcry / WannaCry / WannaCryptor, which was rarely seen until today.
(UPDATE 4:08) - The ransomware aspect will still work, even if you aren't susceptible to the worm, so, as usual, be careful what you click on and execute. That hasn't changed. What's new here is the ability to spread to un-patched Windows computers without requiring user interaction.
All unpatched Windows versions up through Windows 10 are affected. If you have automatic Windows Update turned on, you're probably safe from being automatically infected. Windows XP and other outdated systems were not patched and will remain vulnerable forever.
Odds are that if you're infected by this malware, you will not be able to recover your files without paying. You should always have an offline backup for this reason.
originally posted by: subfab
a reply to: mirageman
i heard about this this morning.
i'm sure it will be a short matter of time before a resolution to the mess is developed.
question to anyone savvy with computers; if a personal computer gets attacked like this, will installing a fresh operating system clear it up?
wipe the hard drive clean and start over?
originally posted by: DontTreadOnMe
Isn't there software protections against ransomware, like AVs?
Is there anything one can do to protect themselves?
Don't companies have firewalls, etc to prevent such disruptions?
originally posted by: vinifalou
Wilileaks just tweeted:
NOTE: The current hospital 'ransom ware' directly relates to computer viruses produced by the NSA. Not to WikiLeaks' CIA #Vault7 series.
originally posted by: worldstarcountry
$300 in bitcoin? Thats like 1/6 of a bitcoin, how does that get paid out?
originally posted by: mirageman
So much for a 'strong and stable' IT infrastructure!
I have a low opinion of IT and IT workers, but stepping back from that for a moment... they do have a difficult job.
The grunts are just doing their jobs so I don't fault them, but the leaders in the field had a choice to create a security nightmare or not, and they chose to create a security nightmare.
originally posted by: fleabit
I have a low opinion of IT and IT workers, but stepping back from that for a moment... they do have a difficult job.
Curious why you have a low opinion of IT workers.. : )
This is a disaster but it was completely predictable based on the dumb decisions made by IT leaders to make remote code execution on the web rampant, all because they think people were too lazy to click another button on their browser when they wanted more content delivered, so they created scripts to deliver it without clicking the button, and guess what, sometimes what's delivered is malicious, far too often according to that report, and antivirus can't keep up so it's pretty worthless.
Thirty percent of malware can be classified as new or zero-day because it cannot be caught by legacy antivirus solutions, according to research published today in WatchGuard’s first Quarterly Internet Security Report, which explores the latest computer and network security threats affecting SMBs and distributed enterprises. The results from Q4 2016, confirm that cyber criminals’ capability to automatically repack or morph their malware has outpaced the AV industry’s ability to keep up with new signatures. This means that without advanced threat prevention, companies could be missing up to a third of malware.
The WatchGuard report also shows that old threats are reappearing and macro-based malware is still prevalent. Spear-phishing attempts still rely on malicious macros hidden in files including Microsoft’s new document format, while attackers also still use malicious web shells to hijack web servers. It appears that PHP shells are alive and well, as nation-state attackers have been evolving this old attack technique with new obfuscation methods.
Other findings in the WatchGuard Q4 2016 report include:
-JavaScript is a popular malware delivery and obfuscation mechanism with a rise in malicious JavaScript, both in email and over the web.
-Most network attacks were aimed at web services and browsers, with 73 percent of the top attacks targeting web browsers in drive-by download attacks.