Slashdot Mirror
Wana Decryptor Ransomware Using NSA Exploit Leaked By Shadow Brokers To Spread Ransomware Worldwide (threatpost.com)
msm1267 quotes a report from Threatpost: A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent Shadow Brokers dump. Researchers said the attackers behind today's outbreak of WannaCry ransomware are using EternalBlue, an exploit made public by the mysterious group in possession of offensive hacking tools allegedly developed by the NSA. Most of the attacks are concentrated in Russia, but machines in 74 countries have been infected; researchers at Kaspersky Lab said they've recorded more than 45,000 infections so far on their sensors, and expect that number to climb. Sixteen National Health Service (NHS) organizations in the U.K., several large telecommunications companies and utilities in Spain, and other business throughout Europe have been infected. Critical services are being interrupted at hospitals across England, and in other locations, businesses are shutting down IT systems.
An anonymous Slashdot reader adds: Ransomware scum are using an SMB exploit leaked by the Shadow Brokers last month to fuel a massive ransomware outbreak that exploded online today, making victims all over the world in huge numbers. The ransomware's name is Wana Decrypt0r, but is also referenced online under various names, such as WannaCry, WannaCrypt0r, WannaCrypt, or WCry. The ransomware is using the ETERNALBLUE exploit, which uses a vulnerability in the SMBv1 protocol to infect vulnerable computers left exposed online. Microsoft issued a patch for this vulnerability last March, but there are already 36,000 Wana Decrypt0r victims all over the globe, due to the fact they failed to install it. Until now, the ransomware has laid waste to many Spanish companies, healthcare organizations in the UK, Chinese universities, and Russian government agencies. According to security researchers, the scale of this ransomware outbreak is massive and never-before-seen.
UPDATE: The Guardian reports that "An 'accidental hero' has halted the global spread of the WannaCry ransomware" by discovering a kill switch involving "a very long nonsensical domain name that the malware makes a request to." By registering that domain, the spread of the ransomware was effectively halted.
UPDATE: The Guardian reports that "An 'accidental hero' has halted the global spread of the WannaCry ransomware" by discovering a kill switch involving "a very long nonsensical domain name that the malware makes a request to." By registering that domain, the spread of the ransomware was effectively halted.
who chose to weaponize security holes rather than having them fixed for some actual security.
...to all you shitheads who said the Shadow Brokers were full of it.
Successful NSA exploits used: maybe a handful
Number of affected worldwide when it leaks: Tens of thousands to potentially millions
I've said it before but it bears repeating.
When you create an exploit, you create a weapon but when you submit a fix, you make that weapon ineffective. So now instead of having the world's best armor, we have an absurd cache of weapons and those weapons have been stolen. The moral isn't to protect your weapons better, it's that you should be making better armor.
Anons need not reply. Questions end with a question mark.
I'm a doctor in the NHS. It hit my hospital hard. The bosses triggered the MAJAX protocols meaning everyone off work was called to come in and help. Computers are used for everything, so blood tests, admissions, scan requests, referrals, all had to be done by hand. The public were asked to keep away from A+E because hundreds of people were waiting. It was terrifying how little failsafe infrastructure there was. The hospital just stopped working.
45K....peanuts.
Like any weapon, this one is dangerous (deadly!) in the wrong hands. It was not the NSA, who placed it into the wrong hands, however.
In Soviet Washington the swamp drains you.
The ThreatPost article is just a masked advertisement for Kasperksy. The second article, included below, is much more accurate.
Is that there are still 45k Windows machine that are directly connected to the Internet.
Any Windows machine I manage (mostly very specific medical software and medical machines) are either VM (and thus behind a firewall and any service proxied to a BSD or Linux host) or airgapped.
Custom electronics and digital signage for your business: www.evcircuits.com
... the NSA.
Lots of demonstrable dollar loss.
Microsoft plugged this hole back in March.
It little behooves the best of us to comment on the rest of us.
Not dealing with script kiddies here
EVERY Person, and EVERY Business, that this will do damage to. Its their tool, POORLY secured, that caused this ENTIRE MESS! If they had been sitting there catching terrorists, like we paid them to do, rather than designing malware to perform black ops with, we wouldn't be having this little "Chat" LoL!
The NSA (and other ABC agencies that are undoubtedly running the same game plan) are doing what they are tasked with, finding ways to protect America and America's interests. Using hacking as a tool to this end is (relatively) new in the old game pf spycraft, so there are going to be a few epic disasters like this before the black ops people start to figure out all the types of blow back they can experience. The US was really big on foreign covert action in the 50's, and it took the bay of pigs to make people realize that there were ways that things could go horribly wrong. That didn't stop covert action from being used, but I think it was employed more carefully afterwards. Having all their shiny hacking toys stolen and having this happen is the hacking version of the 'Bay of Pigs'.
Also, while the NSA seems to have compiled a formidable array of exploits and tools to compromise enemy systems, that doesn't mean that everyone else isn't playing the exact same game. The only difference between the NSA and EVERY other state intelligence agency on the planet is that they seem to be able to properly secure their black ops toys. Being one of the largest agencies of this sort, there are going to be a lot of people in the know. And the more people involved, the harder it is to keep a secret.
Mind you, that doesn't make this any less tragic or regrettable. I sort of hope the CIA decides that it is in the US interest to find and vanish anyone connected with this ransomware to make an example of them. Alas, that sort of thing only happens in implausible Hollywood scripts.
HA! I just wasted some of your bandwidth with a frivolous sig!
But it IS for SMB v1 protocol, which IS old.
So it;s not like even if it were a year old patch that this hole was quickly fixed, was it. Moreover, most IT systems are still trying to find out which patches can be applied and which ones cannot because of their spyware implications or incompatibility with other software or hardware.
HomePCs can patch as soon as the patch comes out, but IT networks of large comanpies can't afford their IT to be out of order because of a patch for 6 months, and have to properly test it on a small subnet or sacrificial systems for months first.
And homePC owners can't afford to install the patches as they come out because doing so means that MS will fuck about with your preferences if they don't help MS's bottom line and will also be unable to roll back properly when drivers stop working because of a "fix" in the patch.
And if they're supposed to read comprehend and validly agree to the new license, it can take several months to get the money to pay a lawyer to read the EULA and explain it to you so you can actually validly in a legal sense say you agree.
This time, Microsoft, there is no need for you to consider yourself middle-fingered - you are.
Hey, where's the headline about this being patched back in March?
Oh, but it takes time to verify that these patches won't...
Yeah, and how long is it going to take you to recover from getting slammed, and at what cost? For something that was patched TWO MONTHS AGO.
Not a zero day, a YESTER-DAY!
And if you're still relying on XP...
SMB is always a LAN protocol, you need to be a true imbecile to ever use it over the Internet, unless protected by a VPN due to privacy concerns.
So, exactly why this shit is not firewalled at the internet border (organizations such as hospitals, etc) and CPEs (ISPs delivering *internet* to costumers, as opposed to other services such as private channels, e-lan or lan-to-lan connections).
before they had an "Internet Connection".
I don't understand why any critical infrastructure (which, like a hospital, should function even in cases of catastrophy or war) connects any vital computer to a public network.
before they had an "Internet Connection".
I don't understand why any critical infrastructure (which, like a hospital, should function even in cases of catastrophy or war) connects any vital computer to a public network.
Millennials
Pain is what makes the lesson sink in. The world's pain will motivate it to demand that our Intelligence agencies disclose vulnerabilities rather than sit on them, and further will demand enough transparency that they can prove they are doing this.
It won't happen immediately. But as hospital deaths roll in, and the seriousness of this failure starts to sink in, claims that this is all the fault of those who leaked the exploit will fall on some very deaf ears.
If you set your Windows Update preferences to critical only, and excluded the "recommended" updates, you never once saw so much of a whisper about Windows 10. And you got every single security fix.
Everyone should do this. Everyone who uses a computer should be smart enough to do this without being told. And by "should" I mean "morally obligated." This level of intelligence is a necessary prerequisite of responsible computer use.
When will people get it that, with a mission-critical computer system, it should have no more ability or authority to do _anything_ than it needs. If you computer is only there to do your financial stuff, the it doesn't need to be able to run Minecraft, so it should not be able to run Minecraft at all. Having a single all-things-to-all-people OS that, once booted, can do anything and everything, and is so complex that even its manufacturer can't track all the bugs and holes, and nobody else can even tell if it works, just so MS and other vendors have hid-e-holes to put their copy protection stuff in, and you can run Word, Minecraft and watch your Kitten videos on the same machine... that is just plain fing asking for it. (Linux isn't really much better _except_ that you can, and people do, produce tailored versions with extraneous stuff removed, and if you want to see the code for every last bit of software running, you can.)
Principle of least privilege (or least authority). For mission-critical stuff this is a must, and that precludes a general purpose OS like Windows or a typical Linux distro.
John_Chalisque
Communications, you know, all those new-fangled electronic documents. They even took my filing cabinets away.
There's an old saying in Tennessee - I know it's in Texas - probably in Tennessee that says fool me once, shame on - shame on you. If you fool me we can't get fooled again
Fool me one time shame on you
Fool me twice, can't put the blame on you
Fool me three times, fuck the peace signs
Load the chopper, let it rain on you
Windows worms: they just work, not like Linux worms
Don't believe all you hear and only half of what....There is always a puppet Master behind the puppets...There is a much larger agenda at hand here than at first glance .... question is what when where and how.....
they stopped helping 50% of windows users
ergo windows 7
get ready cause to be infected "the im not migrating to crap spyware that the nsa has more holes in then swiss cheese is now swiss cheese too"
thank microsoft too whom helps them
btw waving from
so explain how i had the feature off in windows 7 and just happen to be laying around and it started to try the update
no really they backdoored all windows 7 so they could force updates and spy
they got caught too...and thanks to that trust in windows and usa govt is zero
i applaud this hacker move
FTW
isnt that around the time when they started that force windows ten crap that made everyone turn off updates?
lol
i bet a court about now is drooling at some lawsuits that are coming over this practice of microsofts
IT admins: Let's patch this box
IT management: NO. You can't do that! We need a stable operating environment. Sorry you don't have a maintenance window until 6 months from now.
IT admins: But we'll get hacked!
IT management: Then we'll blame the hackers! It won't be our fault that the system has downtime. We'll keep our jobs!
IT admins: Oh I get it. If we bring servers down for maintenance, that will be our fault and we'll get fired.... but if we get hacked - it's not our fault.
IT management: YES! and then we can blame Microsoft and point the finger at all our vendors.
READY.
PRINT ""+-0
right below - WINDOWS TeN SPYWARe FORCeD ON USeRS.....
common sense tends to get driven out by a business MBA who is an expert in efficiency.
proprietary software created by a vendor that is 4 guys in an office somewhere on the other side of the planet, who just got bought out by megacorp which then spun off as dildicorp and fired all the original creators... does not have a flying clue about why your Blobnatz75 driver doesn't work on Windows 10, nor are they going to get an answer anytime soon.
then what? the NSA has a long history of controlling US manufacturers and putting backdoors in their systems.
That's not how it it gets on a network, even a large one like that. Somebody gets tricked into installing the malware from an email attachment or link via a vunerablity in IE or MS Office (Outlook not so good) and then it spreads across a local network via a weakness in an SMB implementation. Multiple levels of "fail" but not at the firewall, and not a lot that Microsoft's customers can do about it especially in a tight budget situation with IT as a very low priority.
Your suggestion (while a good one that would have already been done since it's so obvious) would not have helped.
Pain is what makes the lesson sink in. The world's pain will motivate it to demand that our Intelligence agencies disclose vulnerabilities rather than sit on them, and further will demand enough transparency that they can prove they are doing this.
It won't happen immediately. But as hospital deaths roll in, and the seriousness of this failure starts to sink in, claims that this is all the fault of those who leaked the exploit will fall on some very deaf ears.
That's not what will happen at all. Nobody in government (that matters) will be held accountable for these attacks using their own leaked tools. They will not change, they will change the rules as in no more general purpose computers.
Governments will simply push for the elimination of general-purpose computers owned by the general public at large. One will have to show cause to own a GP computer and it will be licensed and registered with government, as will any device allowed to connect to the internet.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Micro$oft domain name is whitelisted in all Windows machines. Do you realize that the hosts file of APK won't stop microsoft dot com and bing dot com from being accessed even if it is listed on your hosts file? It is because all M$ sites are whitelisted by the OS, you can view your dnsapi.dll on your favorite hex editor and see all Microsoft domain names being whitelisted on that DLL. One of the solution is to modify that dnsapi.dll using your hex editor and replace all whitelisted domains with a NULL (or hex 0x00).
You're welcome.
Don't these institutions have IT security? Don't people understand how to design networks that are isolated from the internet, minimizing the attack surface of unpatched or intentionally held back machines?
Not trying to blame the victims here, well, ok I am, this is totally avoidable with some proper network design and isolation of critical and potentially vulnerable 'held back' systems.
Nothing inherently wrong with saying, "I don't want this machine's OS changed, cuz it works perfectly now." Where the problem lies is when you say, "Let's expose this known-vulnerable machine to the INTERNET." That is just stupid. I don't even expose my Windows 10 machine to the internet, directly. I don't even expose my Linux machines, except for a dedicated firewall.
Hospitals still operate with the same amount of people than the 90s but the population has nearly doubled. There is also a ton more diagnostics being done by the little beeping machines. There is still no reason to run Windows though.
Custom electronics and digital signage for your business: www.evcircuits.com
Remember how Munich switched to Linux? Yup, not affected.
1, Microsoft has always had a disclosure that their OS is not suitable for life-critical applications
2. NSA has a dual mission -- the second (neglected) mission is to ensure the security of domestic computer networks
I still cannot believe that even today, there are still systems left unpatched out there. I have almost 500k windows boxes and manage to get them tested and patched within my +14 day SLA. Having a business out there that has unpatched systems is taking security and throwing it out the window. Patching windows is the easiest thing in the world now, with SCCM and WSUS leading the way. End users who don't patch are just asking for trouble, since patching windows 10 is pretty much automatic. Hell, it even have a maintenance window thats customization for users to set for when they want their systems rebooted. From what it sounds like, there are a lot of fools out there that just want to bitch and complain about everything.
Holy crap, I posted and didn't see my post. Here's a list of trackers:
1. stackcommerce.com
2. cprsspxl.com
3. google-analytics.com
4. rpxnow.com
5. ml314.com
6.& 7. randomized cloudfront.net
8. truste.com
9. taboola.com
10. janrain.com
11. stacksocial.com
12. pro-market.net
Anyone who works for these sleazebags should be ashamed of themselves.
Gee, Trump computer (the one that he uses daily to tweet) didn't get infected ?? :(
Blame the software vendors, most of the software the doctors use only exists on Windows. The nations with nationalized healthcare should get together and start an open source project to replace all of this software.
I tell you what will happen: NOTHING
Tomorrow, any of the Kardashian girls will be on TV showing their huge asses and people will forget about everything.
Humans have short memory. Noone will remember this in two days.
No responsibility for a crappy design and insecure coding for decades?
This, with Microsoft not providing XHCI on Kaby Lake and on wards, I had to buy a USB3 extension card just to keep using windows 7.
Intel also stopped providing gfx drivers for win7 for new cpus,so you have to manually edit the .inf files for new drivers to make them work in win 7.
Fuck Wintel.
He is a doctor not an IT consultant, this is failure of IT management failure.
NHS Digital is provided by outside private sector IT Consultancies and has been beset with failure for years.
AAHAHAHAHAHAHAAHAHHAHAAHA!
WTF are you smoking? I'd like to have some.
Governments couldn't advocate for the "elimination of general purpose computers". The split second they did so, you'd have every industry on earth screaming bloody murder, along with various groups like the EFF, FSF, ACLU, etc. They'd scream that it was a government attempt to control computers as double agents and that it gave far too much power to the government over the everyday lives of it's citizens. If you think that the fear-mongering is bad now, wait until that legislation starts moving. I'll grab the popcorn.
Never-mind the needs of academia, such control would be viewed as requiring government approval for processing research data, or requiring government approval to even conduct research at all, and fiercely opposed.
Health advocates would have a field day, about those computer controlled implants that do everything from monitoring your heart rate to managing your insulin levels. Government control over these would make anyone using them a little jumpy.
Banks and lawyers would oppose as well. (What? You think they would willingly let the government into their records without a fight? Please.)
Never mind that virtually everyone would place the damn blame where it rightfully belongs: On the governments that chose to use the IT industry's blunder as a weapon, damn the consequences. Government's trying to cover that up would need to be viewed for what they are: Enemies of the public, and dealt with as such. They can't justify the deaths of innocent people all over the world just because they want to play wargames.
The rules will change, but not the way you think. The rules will become any government that finds a security vulnerability that then uses it as a weapon, will be treated as committing an act of war against all countries. More civilized governments will pass laws to prohibit such use and require info to be given to the software vendor so that patches can be made, in addition to patches being made, a requirement of the vender when bugs are found. (As a cost of doing business. No more of the waving all liability crap.)
BTW, you owe me a new keyboard.
waking up this morning realising that email link they clicked on maybe wasn't such an A1 cunning plan after all!
It didn't, and you're lying. All updates required user intervention, to go to 10. All of them.
Hell, I am a diehard Linux fan, and I know this. The closest they came, was making the dialog box confusing. Even then, you had to click. Stop the lies. I say this as someone who really dislikes Microsoft. Don't lie.
No. I am not in the habit of praising Microsoft, but: https://blogs.technet.microsof... & https://technet.microsoft.com/...
BETTER: NSA exploit spreads ransomware worldwide
Details at 11, or in the lead paragraph, or in TFS
Newbie found on /.
I think you're either lying or incompetent. Possibly because you don't use MS Windows. I know that I don't, but this same effect has been reported by enough different people that to deny it is unreasonable. I'm *not* certain that it was true for all editions of MS Windows, as there have been simultaneous reports where some people said it was happening despite being turned off and others denied that they were seeing the effect. One possible explanation is that different editions of MS Windows acted differently.
I think we've pushed this "anyone can grow up to be president" thing too far.
Moral of the whole story. Don't use Microsoft products, secure your iot devices. Better yet, if you don't understand the technology, don't use it.
Governments couldn't advocate for the "elimination of general purpose computers". The split second they did so, you'd have every industry on earth screaming bloody murder, along with various groups like the EFF, FSF, ACLU, etc.
It's already illegal to root your iPhone. It's called the DMCA. EFF, FSF, and ACLU did indeed scream bloody murder. No one cared. You don't even know what it meant. There are 2.1 billion pocket computers in use today, and for the vast majority of them, it is illegal for their owner to assume full control of the software of the device.
Think about that for a while.
Looks like MS have deployed their Reputation Management Shills here.
Spot on. The transition away from general-purpose PCs is already well underway. As more and more people begin using their cellphones, tablets, etc almost exclusively and use their home desktops and even laptops less and less, it soon will be hard to find PCs for sale new as demand shrinks, so do the available suppliers, and the cost goes up.
Government at this point doesn't need to do much except make certain they have backdoors and controls in place and wait for demand for PCs to disappear and smartphones coupled with "cashless" currency to be rolled out. They'll have data on pretty much everything about everybody and abilities to monitor, track, control, and analyze individuals on a mass scale, depth, and detail unrivaled...hell, *undreamed of*...in all of human history.
Welcome to the real Matrix where people happily step into the tanks and plug themselves in.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Did Microsoft managers, or some Microsoft employee, sell the vulnerability to some secret agency?