Windows 10: Ransomware attacks reported on Windows machines internationally

Page 6 of 11 FirstFirst ... 45678 ... LastLast

  1. Posts : 19,371
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       14 May 2017 #50

    A 'kill switch' is slowing the spread of WannaCry ransomware


    Friday’s unprecedented ransomware attack may have stopped spreading to new machines -- at least briefly -- thanks to a "kill switch" that a security researcher has activated.
    However, the ransomware also contains a kill switch that may have backfired on its developers, according to security researchers.

    Wana Decryptor infects systems through a malicious program that first tries to connect to an unregistered web domain. The kill switch appears to work like this: If the malicious program can’t connect to the domain, it’ll proceed with the infection. If the connection succeeds, the program will stop the attack.

    A security researcher who goes by the name MalwareTech found that he could activate the kill switch by registering the web domain and posting a page on it.
    A 'kill switch' is slowing the spread of WannaCry ransomware | PCWorld
      My ComputerSystem Spec


  2. Posts : 3,151
    10.5 Home 1803 x64
       14 May 2017 #51

    Comodo Firewall 10 vs WannaCry Ransomware - YouTube

    As we feared in yesterday’s alert, another ransomware variant, known as Uiwix, has begun to spread by exploiting the same vulnerability in Windows SMBv1 and SMBv2 as WannaCry used. Cyber criminals are quick to incorporate vulnerabilities, especially when they have the potential to infect a large number of targets like the EternalBlue exploit has.

    As expected, this strain does not include a killswitch domain, like WannaCry did.

    We reckon that this is the first of many variants to follow, which will aim to exploit this vulnerability and infect as many devices as possible until the necessary patch is applied. Uiwix also has self-replicating capabilities, as WannaCry did.
    Security Alert: WannaCry Leaves Exploited Computers Vulnerable to Round Two - Heimdal Security Blog

    Security Alert: Uiwix Ransomware Is Here and It Can Be Worse Than Wannacry - Heimdal Security Blog
      My ComputerSystem Spec

  3.    14 May 2017 #52

    But come Monday, things could escalate as a new variant has been detected apparently...
      My ComputerSystem Spec


  4. Posts : 1,437
    Windows 10 Pro (32-bit) 16299.15
       14 May 2017 #53

    swarfega said: View Post
    I'm disabling SMB1 on all our Windows computers.
    DavidY said: View Post
    Just been doing the same on this laptop, having read this and also this TechNet article (which was linked from the Register post).
    It turns out that this stopped me accessing my old NAS drive (at least the way I've been using it) so I've been going round turning SMB1 back on again.

    I should perhaps have thought of that and tested it before switching it off in multiple places.

    Oh, and it turns out that when you switch Features like this back on again, it uses Windows Update, so on a laptop where Windows Update is broken, it's not so straightforward to switch on again. Luckily Shawn's tutorial to Reset Windows Update worked, although even then I had a struggle to kill off the service to run the tutorial.
      My ComputerSystem Spec

  5.    15 May 2017 #54

    Looking here for info on how this exploit actually gets on a PC.
    Is it by email, or infected website?
    If email, does it deliver the payload on receipt of the email, on previewing, on opening the email, or by opening an attachment?
      My ComputerSystem Spec


  6. Posts : 1,925
    Windows 10 x86 14383 Insider Pro and Core 10240
       15 May 2017 #55

    TV2 said: View Post
    Looking here for info on how this exploit actually gets on a PC.
    Is it by email, or infected website?
    If email, does it deliver the payload on receipt of the email, on previewing, on opening the email, or by opening an attachment?
    Malwarebytes technical analysis here:

    The worm that spreads WanaCrypt0r - Malwarebytes Labs | Malwarebytes Labs
      My ComputersSystem Spec

  7.    15 May 2017 #56

    Thanks for the link. But the article dives right in to how the exploit works and skips right over the answer to my question, like so many other articles do.

    As close as they get is this:
    "but the initial component that gets dropped on systems appears to be a worm that contains and runs the ransomware".

    So, I'm still curious. How does the exploit get "dropped on a system"?
      My ComputerSystem Spec


  8. Posts : 2,395
    Windows 10 Pro x64 1803 - XP/Vista/Win7/Win8.1 in VM for testing
       15 May 2017 #57

    eMail and then spread over SMB network connections- via a recently discovered vulnerability in SMB stack, that has already been corrected in Supported Windows up to 8.1 - Microsoft has also released fixes for the vulnerability for unsupported OS's such at XP Vista and several server systems. Windows 10 has never had the vulnerability

    Basically the bottom line is if you are up-to date with your updates for Windows or have applied the patch for XP or Windows Vista you are safe - for now - expect the next worm and it's payload to be more advanced
      My ComputerSystem Spec


  • Posts : 1,925
    Windows 10 x86 14383 Insider Pro and Core 10240
       15 May 2017 #58

    I think that the gaps in information given are to stop the casually curious from making themselves victims.

    Apparently email is the vector.

    You can download the thing from certain websites, and get yourself infected.

    But I am not going to give out that information either!
      My ComputersSystem Spec

  •    15 May 2017 #59

    So, when people ask, do I tell them:
    Don't check you Email!
    Don't preview your Email! Right click and delete everything!
    Don't open ANY email!
    Or just the tired old mantra: "Don't open any attachments unless you know what they are".
      My ComputerSystem Spec


  •  
    Page 6 of 11 FirstFirst ... 45678 ... LastLast

    Related Threads
    Read more: Today's leading causes of DDoS attacks | ZDNet
    Source: Windows 10: protection, detection, and response against recent Depriz malware attacks Microsoft Malware Protection Center
    Multi-Vector DDoS Attacks Are Becoming the Norm 47% of all multi-vector DDoS attacks were launched in Q4 '15 72430 Read more: http://news.softpedia.com/news/multi-vector-ddos-attacks-are-becoming-the-norm-502416.shtml
    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    © Designer Media Ltd
    All times are GMT -5. The time now is 16:12.
    Find Us