It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Ransomware infections reported worldwide

page: 8
44
<< 5  6  7    9 >>

log in

join
share:

posted on May, 14 2017 @ 01:55 PM
link   
a reply to: ArMaP

Port 80 is protected fairly well on most OS and the major email networks EG AOL, Gmail, Hotmail all have filters so I'm not sure what is going on.

That kill switch explanation sounded kind of strange as well?



posted on May, 14 2017 @ 02:13 PM
link   


That kill switch explanation sounded kind of strange as well?


It's a simple way to have control over copies in the wild. Having identity connection to the domain would be a liability though when the search for the instigator starts. It may have been included but with little chance of actually being used.

One of those ideas that gets coded, abandoned and left behind.

Or it could have been in the code that was procured and the person modifying it for this purpose just typed some random characters to change the original name in the code. Might not have wanted to take time to investigate it completely.



posted on May, 14 2017 @ 02:15 PM
link   
a reply to: roadgravel

Phill Zimmerman left a session key file in the early PGP programs.
Could be something like that?



posted on May, 14 2017 @ 02:19 PM
link   

originally posted by: Cauliflower
a reply to: roadgravel

Phill Zimmerman left a session key file in the early PGP programs.
Could be something like that?



Could be. I'm wondering it was the "it was there with a different domain" and the modifier just changed the name and moved on. The original code would answer that question.



posted on May, 14 2017 @ 03:19 PM
link   
Kill switch code removed and back in action.


The respite was thanks to a sloppy bit of programming from the worm's creator, who'd left a killswitch in the code: newly infected systems checked to see if a certain domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) existed before attempting to spread the infection; by registering this domain, security researchers were able to freeze the worm.

But a day later, it's back, and this time, without the killswitch. Security researchers running honeypots have seen new infections by versions of the worm that can spread even when the iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com domain is live.

boingboing.net...



posted on May, 14 2017 @ 03:57 PM
link   

originally posted by: ANNED

originally posted by: subfab
a reply to: mirageman

i heard about this this morning.
i'm sure it will be a short matter of time before a resolution to the mess is developed.
question to anyone savvy with computers; if a personal computer gets attacked like this, will installing a fresh operating system clear it up?
wipe the hard drive clean and start over?


your best bet is have a clone hard drive and renew it once a month.
bombich.com...

I have a cloned SSD drive and if i was hit by Ransomware that corrupted my computer i can have it back up in less then 15 mins.
Then i can format the infected drive and turn it into a back up drive.
I also have a flash drive backup to cover 95% of the 30 days between cloning.


that's pretty cool.
i'm not tech savvy, but with a little practice i think the clone drive is doable.



posted on May, 14 2017 @ 04:06 PM
link   
Best software for cloning Windows based computers is probably Clonezilla - it's free. : )



posted on May, 15 2017 @ 03:31 AM
link   
Jaffis no longer the most popular one right now, but wannacryptor!!!

Have you guys read the news?
www.welivesecurity.com...

Be careful! Anyone who have not updated system, just do it now!

blogs.technet.microsoft.com...



posted on May, 15 2017 @ 05:47 AM
link   
a reply to: mirageman

Nevermind I'll wait and see if I'm correct, I removed this post to wait for further intel but I have an idea of country of origin.

Excuses for War be prepared members.


edit on 15-5-2017 by DreamerOracle because: (no reason given)



posted on May, 15 2017 @ 07:15 AM
link   
You should take a look at the massive amounts of legislation and proposed regulations that have been mothballed............. until now.




You never let a serious crisis go to waste.

Rahm Emanuel



Buck

P.S. If you wanted to unify a large number of the governments of the world to standardize regulations for things such as "Bitcoins" how would you go about it?
edit on 15-5-2017 by flatbush71 because: (no reason given)



posted on May, 15 2017 @ 08:18 AM
link   

originally posted by: Cauliflower
Was the "Don't allow connections to this computer" toggled in the remote settings?

"Don't allow connections to this computer" was off in all computers, both the infected and non infected, except in one that was infected, in which was "allow only from trusted connections" or something like that.



posted on May, 15 2017 @ 01:21 PM
link   
The main reason I have not been doing the updates for my Win 7 pc is because I read that they would lock your hardware to that pc and stop you using other non-approved hardware etc. (I am not a very good geek so the big tech stuff is a bit baffling to me).
What do you all think? Could part of this be a way for Microsoft to push updates on users who didn't want their pc to have hardware (or maybe even software) lock ups (especially since you can't choose which ones you want, if you get the latest one it seems they backdate and you get all the previous ones too).

Microso ft plan to force PCs with newer processors to Windows 10 backfires

Microsoft Locks System Updates for Windows 7, 8.1 on Ryzen, Kaby Lake Systems

Microsoft is going to roll up all your Windows 7 and 8.1 updates Windows 10-style

New CPU lock in Windows is now live and more restrictive



posted on May, 15 2017 @ 02:04 PM
link   
a reply to: CthulhuMythos
I was wondering about this bitcoin account all the ransom payments are supposed to be sent to. I know it's hard to track individual bitcoin transactions, but if huge amounts are swelling one particular account, wouldn't it be possible to determine if there's one account that started swelling unusually fast recently?

If so and it happened to be one of Microsoft's accounts, that would be bad for them but I'm sure that isn't the case. I doubt Microsoft is involved at all but if I put on my conspiracy hat they'd get some third party to do the dirty work for them.

However Microsoft does apparently have ties with the FBI, CIA, NSA etc (some secret business relationships) and apparently this exploit originated at the NSA, so....what can be inferred from that? Maybe nothing but whether Microsoft played any role or not, they are probably happy about their crappy updates getting forced on people who are now probably afraid to not update, like this crappy update:

Updategate: Microsoft is burying adware in its Patch Tuesday updates



posted on May, 15 2017 @ 04:43 PM
link   
According to this report, it is believed that a North Korean hacking group is behind this attack:


A hacking group linked to North Korea is thought to be behind the cyber attack that wreaked havoc across the globe, according to security experts. Analysts from security firms Symantec and Kaspersky revealed that they are looking into technical clues suggesting the Lazarus Group created the virus.

The ransomware - which encrypts victims' files then demands a fee to unlock them - left Britain's health service crippled as computer systems and phone lines across the country shut down on Friday. The NHS is still struggling to get back on its feet following the attack, which means patients could have to wait a month or more to see a doctor after countless operations and appointments were cancelled.

Symantec and Kaspersky said code in an earlier version of the WannaCry ransomware had also appeared in other malicious software created by those hackers.


Source

Imho Lil' Kim most likely ordered this attack, which means it's an act of war.

Something's got to be done. How far will the Kim regime go? I don't want to find out.



posted on May, 15 2017 @ 05:25 PM
link   

originally posted by: dianajune

Symantec and Kaspersky said code in an earlier version of the WannaCry ransomware had also appeared in other malicious software created by those hackers.

Considering that there are several versions, do they know if they were all created by the same people? If they do not know, having part of the old code means only that they have access to the source code, nothing more.

It's the same as saying that it was the NSA, as it also has code from the NSA.



posted on May, 15 2017 @ 06:15 PM
link   
a reply to: Arbitrageur
I read this on Jim stone freelance. Maybe it is a black ops thing to extort money and at the same time get rid of Bitcoin.




Second of all, as I said before, it is extremely probable the NSA ran the entire attack to discredit and get rid of bitcoin. Where did this attack originate? BRITAIN, where the Rothchilds are working on their own crypto currency. No doubt they hate Bitcoin. No doubt their influence runs deep in the NSA, which has bases all over the world, including Europe.


jim stone freelance



posted on May, 15 2017 @ 06:24 PM
link   

originally posted by: CthulhuMythos
a reply to: Arbitrageur
I read this on Jim stone freelance. Maybe it is a black ops thing to extort money and at the same time get rid of Bitcoin.

Most people never heard of bitcoin, I think they would need something much bigger than this.



posted on May, 15 2017 @ 10:40 PM
link   
Ransomeware sucks and should be stopped by every single Anti-Virus including ESET, McAfee, Avast, and Symantec Norton.



posted on May, 16 2017 @ 08:34 AM
link   
a reply to: heineken

I agree...

and your avatar is making me thirsty...

youtu.be...
edit on Tue May 16 2017 by DontTreadOnMe because: attempt to embed vid



posted on May, 16 2017 @ 10:02 AM
link   
WannaCry part of the BlueFlame working tools set is now showing a decline in activity.

A modified version of EsteemAudit (from a different tool set) is now on the rise.

The more I see of this, the more it smells.

Buck




top topics



 
44
<< 5  6  7    9 >>

log in

join