Jump to content


Photo

Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage


  • You cannot start a new topic
  • Please log in to reply
5 replies to this topic

#1 manunkind

manunkind

    Valued Member

  • Gold Star Member
  • Pip
  • 894 posts

Posted 12 May 2017 - 09:46 PM

Ransomware scum are using an SMB exploit leaked by the Shadow Brokers last month to fuel a massive ransomware outbreak that exploded online today, making victims all over the world in huge numbers.

 

The ransomware’s name is WCry, but is also referenced online under various names, such as WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r. As everybody keeps calling it “Wana Decrypt0r,” this is the name we’ll use in this article, but all are the same thing, which is version 2.0 of the lowly and unimpressive WCry ransomware that first appeared in March.

 

Activity from this ransomware family was almost inexistent prior to today’s sudden explosion when the number of victims skyrocketed in a few hours.

 

Source:
https://www.bleeping...s-on-a-rampage/



#2 manunkind

manunkind

    Valued Member

  • Gold Star Member
  • Pip
  • 894 posts

Posted 13 May 2017 - 01:12 AM

Make sure you have MS17-010 deployed and patched.  Disabling SMBv1 would be a good workaround if the patch isn't an option.


PC Sympathy

s++=ENDIKSA;++y(;-p)}d ms++n;suajsmn+ky(n-qi}?print:??;

#3 manunkind

manunkind

    Valued Member

  • Gold Star Member
  • Pip
  • 894 posts

Posted 13 May 2017 - 02:05 AM

In my lab:

 

May 12  2017 At 0843PM
 
May 12  2017 At 0846PM

 


PC Sympathy

s++=ENDIKSA;++y(;-p)}d ms++n;suajsmn+ky(n-qi}?print:??;

#4 manunkind

manunkind

    Valued Member

  • Gold Star Member
  • Pip
  • 894 posts

Posted 13 May 2017 - 12:07 PM

Microsoft is taking care of the older versions of Windows as well:

 

https://blogs.techne...acrypt-attacks/


PC Sympathy

s++=ENDIKSA;++y(;-p)}d ms++n;suajsmn+ky(n-qi}?print:??;

#5 Angoid

Angoid

    Administeriosis Extremus

  • Administrators
  • 1,477 posts
  • LocationEast Midlands, UK

Posted 13 May 2017 - 12:56 PM

What I find interesting is that Microsoft is taking care of XP, but not Vista (which has only recently been de-supported).

If you don't know what eschatology is then don't worry; it's not the end of the world.
Please do not send uninvited PMs requesting support; post into the appropriate forum instead and we'll all learn. See our Private messaging policy.


#6 manunkind

manunkind

    Valued Member

  • Gold Star Member
  • Pip
  • 894 posts

Posted 13 May 2017 - 01:09 PM

It looks like it was patched as well.

http://www.catalog.u...spx?q=KB4012598
PC Sympathy

s++=ENDIKSA;++y(;-p)}d ms++n;suajsmn+ky(n-qi}?print:??;