Massive Ransomware goes global

[mapuc]

Beware where you go in cyberspace

http://newzsentinel.com/massive-rans...-this-is-huge/

Quote:

It is not yet clear whether the attacks are all connected. One cyber-security researcher tweeted that he had detected 36,000 instances of the ransomware, called WannaCry and variants of that name

Markus

[mapuc]

Looking at news right now, they spend most of the time on this hacker attack, which is the television station's breaking news story. While I was watching, I came to think of the programs I've seen over the years around our modern society have become vulnerable, because almost everything is connected to the internet or other computer-controlled devices.

Now it becomes a bit conspiratory-Come to think of an article in which a man claimed that the world would end on May 13th.

Will this person be right in his claims ?

The world can also be translated into society-The world in which we live can also be written to the society in which we live.

Nothing but some thoughts about the situation about this Ransomware attack and our vulnerability.

Markus

[Rockin Robbins]

I sit here on my Linux computer and don't have to worry about all that silliness.

Back up your Windows computers with disk image software Free Veeam Endpoint Backup is your friend.. Disconnect the drives with the backups from your system. No ransomware can touch you then. You can laugh right with me on my superior Linux machine.

[STEED]

It seems its attacking the older Win XP version according to the news here.

[Rockin Robbins]

Darn! I took my Windows XP guinea pig laptop down awhile ago when I replaced it with an HP All in One I acquired from a disgruntled owner, and now it won't be tested. Installed Ubuntu on the new machine and have been running XP in a VirtualBox lately when I need it. Would have been fun to see if it attracted the ransomeware.

[STEED]

Quote:

Microsoft patches Windows XP to fight the WannaCrypt ransomware attacks

https://betanews.com/2017/05/13/micr...mware-attacks/

http://www.zdnet.com/article/wannacr...r-old-systems/

[Skybird]

Go digital, its all safe! Nothing to watch here! Governmental databases or private networks, password protected areas, biometric data pools, patients' health files, your private money savings - it all must go digital, its all protected, its all safe! Di-gi-tal! Di-gi-tal!

I really hope for some really serious and painfully hurting hacker strike that destroys some national pension fonds and exposes one or two nation's nation-wide patient file databses and have the ordinary Peter or Paul really suffering form the blow - it seems pain, losses and suffering are the only way to make people stop following like Lemmings the constant and notorious privacy breaching policies of Google and Microsoft and to start yelling down politicians wanting as much digital databases and cashless payment as possible. Only when the sting from the tghreats get felt and make people yell, they will start to maybe question their Lemming habits.

The fully digital world may look shiny and tempting - but before anything else it is a dangerously fragile, risk-exposed and depending world. None of that shoud be voluntarily wanted. Its no fun - its dangerous.

[Skybird]

"Lock in" - the term for a huge and dangerous problem illustrating the dependency of nations and governmental offices on the monopolist Microsoft, and the ruthlessness by which the Americans defend with all fangs and claws their powerpolitical priviliges that comes with such a monopoly in IT access. China, but also American key companies like Google and Amazon and Facebook know it better and run their IT infrastructure with open source solutions. Putin has made it a state policy to get Windows out of the Russian state'S IT infrastructure. But European states and their adminstrations and offices allow to get lobbied into the ground, to allow Microsoft the yearly cashing of 60 billions in licensing fees and accepting according threats and risks, since this always also includes American access to foreign IT systems and official services. At the same time Microsoft distributes its toxic software for free at schools and amongst juveniles, like drug dealers fish for new victims by distributing free pills first - and create lifelong addicts that then pay and pay on. The author of the following insightful article about "lock in" thereful correctly calls Microsoft'S business model that of a drug dealer indeed.

Unfortunately, this very good piece of information about the enormous and dangerous problem is in GERMAN.

http://www.tagesspiegel.de/weltspieg...28246-all.html

On a sidenote, a nice anecdote told in that article, and I have read about this in more detail some months ago already: the French police in Paris has switched to Linux years ago, all by itself and by private effort. Since Microsoft started to massively lobby against that like it always does when somebody dares to reject Microsoft, it ended with the French higher ranks to order the police to return to Windows, although the Paris police demonstrated beyond doubt their Linux and open source software for its IT works better, more reliable and is more safe, than Windows. You have to give it to those Paris flics: they refuse until today the minister' order and refuse to switch back their IT infrastructure that they moved to Linux all by themselves, by own initiave and by investing private time.

And they refuse it since years. The ministers and the mayors came and left, some fuming. But the police in Paris just does not do it. LOL

In Munich, they want to switch back from Linux to Microsoft, too, and cannot give any explanation for that, for the city saves several millions per year in licensing fees, and has a more secure and stable IT network since 12 or 14 years with all offices beign used to, and things working fine. Its just that parts of the coalition parties are in bed with Microsoft lobbyists.

[Dowly]

Quote:

Originally Posted by Skybird

Go digital, its all safe! Nothing to watch here! Governmental databases or private networks, password protected areas, biometric data pools, patients' health files, your private money savings - it all must go digital, its all protected, its all safe! Di-gi-tal! Di-gi-tal!

He types on a discussion forum, a digital media.

[Rockin Robbins]

Quote:

Originally Posted by Skybird

Go digital, its all safe! Nothing to watch here! Governmental databases or private networks, password protected areas, biometric data pools, patients' health files, your private money savings - it all must go digital, its all protected, its all safe! Di-gi-tal! Di-gi-tal!

I really hope for some really serious and painfully hurting hacker strike that destroys some national pension fonds and exposes one or two nation's nation-wide patient file databses and have the ordinary Peter or Paul really suffering form the blow - it seems pain, losses and suffering are the only way to make people stop following like Lemmings the constant and notorious privacy breaching policies of Google and Microsoft and to start yelling down politicians wanting as much digital databases and cashless payment as possible. Only when the sting from the tghreats get felt and make people yell, they will start to maybe question their Lemming habits.

The fully digital world may look shiny and tempting - but before anything else it is a dangerously fragile, risk-exposed and depending world. None of that shoud be voluntarily wanted. Its no fun - its dangerous.

Please note that Skybird forgot to invoke the [IRONY] flag before his first paragraph.

[Rockin Robbins]

Quote:

Originally Posted by Dowly

He types on a discussion forum, a digital media.

It is one thing to consider yourself safe enough to type useless and valueless information on a digital forum. It is quite another to run an entire Walmart, which when Internet service is lost, cannot sell a single item until Internet is restored. It is entirely different from leaving your life savings exposed to vulnerable system, or thousands of people's life savings in a pension fund fully exposed to an Internet hack attack.

I think what Skybird said is actually understating the potential harm of completely trusting a system which is already broken, but we use it for things we cannot afford to lose.

It's really appalling that my credit card is much less secure than my Google account. If I log into my Google account, they send a freshly minted six digit PIN to my cell phone. I must enter that six digit number into the logon screen, thereby affirming that I am not an imposter.

With my credit card company, they merely decline to honor the transaction if it doesn't comply with my "usual pattern of purchases." I call the number on the back of my card and voila! They release the cash to the imposter. All he needs is a bit (not much!) personal information. If he gets one wrong they helpfully give him another chance with another question so he can steal my money.

But equating trust in posting to Subsim with pension funds is just silly. One will never be a target (well, maybe to small time spammers). The other is a big, juicy target for every criminal in their underwear with a computer and idle time.

[em2nought]

Just like we have the option to freeze our credit, we should have the option to not have our bank accounts available over the internet.

[ikalugin]

The story is overblown.

The ransomware in question uses a known and patched vulnerability meaning that if you are a sensible person who patches his OS on time you are safe.

The dependency argument against say Microsoft would work only if this was a zero-day or some other kind of serious stuff.

This is not the first time this (ie a malware that uses a known and patched for vulnerability gets released) and it would not be the last one, as it exploits human laziness and stupidity (not patching on time).

[ikalugin]

Quote:

Putin has made it a state policy to get Windows out of the Russian state'S IT infrastructure.

In this specific case there would be no difference between Windows or Lunix (or any other OS for that matter) because the attack was through a known vulnerability and the reason why it worked was because people did not patch on time.

Quote:

It's really appalling that my credit card is much less secure than my Google account. If I log into my Google account, they send a freshly minted six digit PIN to my cell phone. I must enter that six digit number into the logon screen, thereby affirming that I am not an imposter.

With my credit card company, they merely decline to honor the transaction if it doesn't comply with my "usual pattern of purchases." I call the number on the back of my card and voila! They release the cash to the imposter. All he needs is a bit (not much!) personal information. If he gets one wrong they helpfully give him another chance with another question so he can steal my money.

Strange, but I guess it depends on bank to bank. The bank I use has 2 factor identification as standard for majority of activities, especially on the internet, as well as an effective anti-fraud system (which catches 99.5 percent of fraud attempts if I remember it correctly). For phone banking you need to know full personal data and the password for phone banking (which you can set to anything).

Quote:

But equating trust in posting to Subsim with pension funds is just silly. One will never be a target (well, maybe to small time spammers). The other is a big, juicy target for every criminal in their underwear with a computer and idle time.

You underestimate the effort ones has to make to be an effective cyber criminal and in any case - pension funds just like banks would be bailed out with printed money (another event Skybird would hate to see happening I guess).

[mapuc]

Quote:

Originally Posted by ikalugin

The story is overblown.

The ransomware in question uses a known and patched vulnerability meaning that if you are a sensible person who patches his OS on time you are safe.

The dependency argument against say Microsoft would work only if this was a zero-day or some other kind of serious stuff.

This is not the first time this (ie a malware that uses a known and patched for vulnerability gets released) and it would not be the last one, as it exploits human laziness and stupidity (not patching on time).

That's true-If you install the patches that comes from Microsoft or other companies like your antivirus-provider you are almost safe.

The problem is most of the computers or software that runs a countries supplies like electricity and water, are old. Remember a news program from 2010 or something showing that a majority of the Swedish computers that make sure 80-90 % of the Swedish people had electricity was old XP and most of them wasn't patched.

Late last night and throughout the day the Swedish news paper aftonbladet, wrote-Our supply lines of electricity is in danger-And that's true, ´cause the computers that run this is old.

Then you have to add incompetent people that just can't figure out not to open files that looks not correct or click on a link in a mail. These two factors can make a country go black.

Edit

In the lower part of the TV screen, a text scrolls with a constant text.
Center for Cyber Security, urges owners and administrators to upgrade / patch their windows based systems as soon as possible

Most if not all of our system in Denmark are running on window based systems-Electricity, water etc etc.


Markus