New global ransomware attack hits East Europe and spreading

Wynona · 29 Jun 2017

lx07 said:

I didn't mean that regarding people at all.

I was talking about the enterprises I quoted. The police in the UK for example were compromised because they either didn't get enough money to upgrade their 34000 PC (still on XP) or didn't employ someone to do it. When they offered a job (for a massive upgrade if you think about it) they offered a pitiful salary and so got presumably feeble applicants.

I was not talking about individuals being rubbish but if you want a project manager to upgrade 34000 PC you do not offer them a salary less than a supermarket clerk would earn. What will happen? The person (however good they are) will fail as the budget is insufficient. If they were good they would work elsewhere and even if they had some bizarre loving of law enforcement they would be stammered by the lack of money for hardware.

That is all. I'm not saying the people are stupid - I'm saying you get caught out because your don't have enough money. Or, if you do have enough money in an enterprise environment (for example banks where I work) and get caught out then you are stupid.

Can you elaborate where you mentioned enterprises in this thread? I'm at a total loss, since the post I quoted is the following and makes no mention of Enterprises, but does state that anyone impacted deserves it as they are idiots. I find none of your posts that mentions enterprises; however, the following post seems to bear out that you're speaking to individuals, not enterprises.

lx07 said:

I've read all these now. It seems to me to get this you need to do all of these:

1. Don't install an upgrade for an accounting software popular in the Ukraine (yeah right)
2. Try to upgrade your Windows through Windows Update (although the SMB error fixed since March)
3. Don't run as an administrator account even though everyone since 2000BC knew this was idiotic. (You have to run as admin for this to work)
4. Look again. If you are still running as local Admin then you deserve it.

If I'm right though then anyone impacted deserves it as they are idiots.

Upgrade your system and don't run as Admin. That is all.

And this is the post that set me off!

Hydrate · 29 Jun 2017

Wynona said:

Can you elaborate where you mentioned enterprises in this thread? I'm at a total loss, since the post I quoted is the following and makes no mention of Enterprises, but does state that anyone impacted deserves it as they are idiots. I find none of your posts that mentions enterprises; however, the following post seems to bear out that you're speaking to individuals, not enterprises.

And this is the post that set me off!

FWIW

When it comes to ransomware, or what we now know as a wiper (which has the same capabilities although differing payloads), we all should educate each other and not think of people being right or wrong, dumb or smart.

It's about protecting each and everyone's personal belongings and battling against the threat actors. We need to collaborate and share methods of protection.

Tony K · 29 Jun 2017

lx07 said:

My work PC is a VM that I connect via Cisco VPN. At the moment I have access through port 23 (only) to one specific server and that is it. I can't see their network let alone the internet.

I asked to ftp a txt file program I'd written over once and they almost laughed at me before saying "Er, no, we don't allow that". Conversely I have QSECOFR authority so could shut it down.

It is a funny thing security - based on human trust and hope more than sense really.

f14tomcat said:

The Big Blue World! AS/400?

I'm thinking I could've done this IT thing. Just learn to talk in acronyms and reference what needs to be performed via some lines of code. On the other hand, I can't get the IBM Technical Support mobile app on my Windows phone.

Did you work on those IBMs, TC?

Thanks for your security info, lx07.

f14tomcat · 29 Jun 2017

HippsieGypsie said:

I'm thinking I could've done this IT thing. Just learn to talk in acronyms and reference what needs to be performed via some lines of code. On the other hand, I can't get the IBM Technical Support mobile app on my Windows phone.

Did you work on those IBMs, TC?

Thanks for your security info, lx07.

Yes, last 10 years before retiring in 2002. AS/400 shop. Was the IT Director for a huge wholesaler. Had 150+ stores all over the country. Think they have over 500+ now.

Tony K · 29 Jun 2017

f14tomcat said:

Yes, last 10 years before retiring in 2002. AS/400 shop. Was the IT Director for a huge wholesaler. Had 150+ stores all over the country. Think they have over 500+ now.

Must've been a fulfilling career. I missed the boat on tech. Kind of regret at times I didn't pursue the field. Circumstances in 1969 got me into construction. At least I got the chance to use PCs in that business. On the other hand, I probably would've made a half fast tech like I am now.

I meant to link this page in my last post in referring to acronyms.

SECADM Special Authority Is Required to Change QSECOFR Profile

IBM *SECADM Special Authority Is Required to Change QSECOFR Profile - United States

Wynona · 29 Jun 2017

Hydrate said:

FWIW

When it comes to ransomware, or what we now know as a wiper (which has the same capabilities although differing payloads), we all should educate each other and not think of people being right or wrong, dumb or smart.

It's about protecting each and everyone's personal belongings and battling against the threat actors. We need to collaborate and share methods of protection.

You're absolutely correct, Hydrate, which is why I objected to anyone saying that the ones who are impacted deserve it.

Tony K · 29 Jun 2017

Busy day. Finally getting to this.

essenbe said:

Tony, I guess you should add me to your 'Fanboyz' list. Your insinuation about Malwarebytes, is nothing more than speculation. I am not sure why you would suspect a company that is well thought of on this forum and in the industry without any evidence, other than they found it first. For them to use it as a selling point is nothing new. I am sure if Norton or Kaspersky had found it first they would have used it as well. That's what businesses do, isn't it? Give you a reason to buy your product rather than a competitor's product. I can't sit here and tell you Malwarebytes was not involved in some way, because there is no evidence. Just as there is no evidence at all that they were.

After reviewing my post, I realized I did come on too strong in parts. I cleaned it up some.

Yes, it is speculation, but my whole point of the post was on pursuing motive, so it includes any one person, group, or company. It could be anyone with the knowledge and Internet access for all we know.

Use what you like. Call me a Defender/MS fanboy if you’d like too, but I’ve had my rounds with AVs in the past. Defender, which runs in conjunction with the OS and at kernel level, has suited me just fine since its inception in Security Essentials. All these years I haven’t had but a few viruses or the like since, of which Defender caught. Also, who would know source code in Windows better than MS? IMO, it’s even better in 10.

This thread is about an attack, most likely by some foreign actor, for some reason we don't know for sure. Maybe just flexing their muscles, or maybe targeted at some specific business/country and done in a way to hide who the target actually was. I'm sure it doesn't surprise anyone that it started in Russia.

Again, it could be anyone. In scouring articles, I haven’t been able to find any sources as to the Russians being implicated. If you have, please link. What you claim seems like speculation at this point. I’m sure you know well our principle here is that all are innocent until proven guilty. Russians included.

essenbe · 29 Jun 2017

No, I have no evidence or have heard none that the Russians did it, but they are big state sponsors of cyberattacks. Most of the sources state it did start with an Accounting Software Company in Russia though. That puts it a lot closer to Russia than anyone else. But yes, still speculation.

bro67 · 30 Jun 2017

essenbe said:

No, I have no evidence or have heard none that the Russians did it, but they are big state sponsors of cyberattacks. Most of the sources state it did start with an Accounting Software Company in Russia though. That puts it a lot closer to Russia than anyone else. But yes, still speculation.

It is multiple strikes against the same company. Makes you wonder who is really pulling the strings in Russia, if it was targeting Ukraine. Also the other question is, is why the systems at Chernobyl are not running better protection, or even running a OS based off of the Linux Kernel to monitor the systems and control the equipment for the new shell.

AndreTen · 30 Jun 2017

Microsoft posted very interesting article about Petya outbreak, including how Windows telemetry helped understand malware spreading.