Slashdot Mirror
Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch (vice.com)
Remember that "kill switch" which shut down the WannCry ransomware? An anonymous reader quotes Motherboard:
Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. "I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday... Another researcher confirmed they have seen samples of the malware without the killswitch.
The person who found the previous "kill switch" believes that it was actually an anti-sandboxing feature, not a kill switch.
I've tried everything to get this to run on my Linux Mint box (including installing WINE) and it just won't do anything.
Just cruising through this digital world at 33 1/3 rpm...
Even though my main machine is mac, and my bootcamp and windows secondary machine are on Win10 and Fully patched, and my synology NAS has SMB v1 disabled, I may as well disable SMBv1 across the whole fleet.
God have mercy on all morons who are still running unpatched machines...
*** Suerte a todos y Feliz dia!
I've seen security-aware people being widely ignored by technically illiterate managers and decision makers for decades. Sometimes they aren't given the tools they ask for, or their advice is ignored, or sometimes they are both ignored and still blamed when things go wrong. That's not even getting into all the ordinary folks buying low-security or pre-backdoored IoT devices, and the intrusion of the internet into everyday things like cars and televisions.
Sometimes I think something really nasty has to happen before people will wake up. But then when I think about it some more, I don't believe that would help either. The wrong message would be taken. Instead of adopting good security practices, it would instead be a series of laws that managed to be both misguided, harmful, and utterly useless for solving the real problem. It would be "magical thinking" instead of really paying attention to digital security.
Then I go have a couple beers, because fuck it.
It's not like most IT departments don't know these vulnerabilities exist, and there are many common reasons, some common ones being:
A) Code written under a very tight schedule, where getting working code operational is the number one target, and the team expects to tighten up the security later but never does.
B) Legacy code written before this type of security was much of a concern.
The main problem with preventing this kind of thing is the Bean Counters. Generally, they will do a calculus of the possibility that they specifically will be hack, and what it will cost to tighten up the code to prevent the hack. In other words, they gamble that they will not be hacked, thus saving them the money it will cost to have their inside team or a contractor fix things. It's all about their bonus.
Of course the Bean Counters will not admit this, but it's important to understand that the people who sign off on allocating the funds to accomplish tightening up security simply have no understanding about the actual threat verses cost, nor do they really care because it's all about ROI.
If you want news from today, you have to come back tomorrow.
You need to make sure you have the *correct* version of gettext, libiconv, openssl, gnu-crypto, and gnucash (not the one your distro ships with of course) and you need the correct version of GCC (4.9.4 it will refuse to compile if you use 4.9.3 or 4.9.5). Also if you are on Mint you will need to patch the ransomware.h header file but not Debian. If using CentOS you need to make sure you load the x86 compatibility libraries or it won't work. Make sure to pass the correct flags to ./configure
This is all obvious to everyone who read the manual so stop wasting our time.
What does it say about the NSA, if lone security researcher finds and activates a kill switch before they do?
So they can snoop on and store an entire nation's web traffic and email, but they can't analyse a small piece of malware, notice it queries some domain name, and then discover (in a test environment) that the existence of the domain stops the malware from propagating? And then activate the domain to give the world a few hours respite?
Sure, now there's a new version without a kill switch, but the brief respite will have given millions of people the opportunity to secure their machines. It seems a pretty pathetic state of affairs when the NSA pours vast sums of money into nefarious snooping, yet can't keep pace with a single security researcher when it comes to *actually* helping keeping the nation secure.
Same goes for other countries' intelligence agencies, e.g. GCHQ.
perl -e 'fork||print for split//,"hahahaha"'
The kill switch is in the malware, not in the underlying Windows code. It's probably not exploitable for intelligence activity. Why would the NSA/CIA/FBI/whatever care about it as long as it doesn't infect their computers? (Which they probably back up regularly and, one suspects, probably don't run on Windows)
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey