Ransomware attack hits 99 countries

[david smith]

there was a ransomware attack this weekend, this might be the cause,

http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/

 

[Petapann1]

I thought it probably was that. Russia was the country worst affected, also U.K.

 

[Manhai]

So I cannot finish off my MCC2 lol

 

[Phyllo]

there was a ransomware attack this weekend, this might be the cause,

http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/

I think it's simply irresponsible to exploit such vulnerabilities instead of reporting them to those who could fix them, be it an exploit by the NSA or anyone else.

 

[Canadian Cowboy]

For those of you watch NCIS, there was a recent episode where this exact sort of thing happened, to all the wireless devices (laptops, cell phones) used by the NCIS team. Just goes to show how dependent we are on our electronic devices and their capabilities.

Since I apply the patches to my systems as soon as they are released, my systems are safe, according to the information released. Looks like all that time I spent taking backups was a good idea as well. I have clean full disk backups of my systems that I can restore from, if necessary.

It is a fact of life that when it comes to computers used in a business, putting on security patches is always delayed from when the patches come out. Servers cannot be patched on the fly because that interrupts service, and we are usually talking about many servers. As for individual laptops and desktops, they number in the hundreds, so that problem is even larger.

I hope they find the group that is responsible for releasing this ransomeware. I doubt that they will though. I am sure that the thieves have set things up so that the bitcoins are flowing in through dummy accounts, and thus hiding the identity of the thieves. I wonder why they wanted bitcoins rather than real money though?

 

[Phyllo]

I wonder why they wanted bitcoins rather than real money though?

Bitcoins are harder to track down than paper money or a transfer of "real money" to an account.

 

[Canadian Cowboy]

Thanks. I thought that might be the case. I have never used bitcoins, so I don't know much about them.

The only bright side to this event, if you can call it that, is that maybe businesses will put more emphasis on keeping their systems up to date with security patches. I worked in the IT industry for 33+ years and doing security patches was a never ending task. At least our customers did not 'fight us' on the necessity to put on patches and we did it on a regular schedule. Mind you, with hospitals, there is not much down time for patching systems, and usually the computer equipment is only upgraded when it will not longer work.

One thing does concern me though. If you pay the ransom, and your files get unlocked, what is prevent that software from activating again in a month or six months and locking your files again? When the files are unlocked does the ransomewhere self destruct (erase itself), or does it just sit there on your system?

 

[Phyllo]

One thing does concern me though. If you pay the ransom, and your files get unlocked, what is prevent that software from activating again in a month or six months and locking your files again? When the files are unlocked does the ransomewhere self destruct (erase itself), or does it just sit there on your system?

I never had that problem since I pay close attention to which files or attachments or whatever I open and I rather delete an email from an unknown source than to be trapped by something like this. That's the general rule in our company as well and so we never had an issue there, either.
My guess is that like with any kind of blackmail, you don't have any guarantee, neither to get an unlock code when you pay nor that they won't hit you ever again so the best thing to do is to do regular backups and to check before clicking anywhere. There are many sites that deal with the removal of this stuff but I haven't looked into it so far.