WannaCry ransomware

[Bly]

A few of you people have stated you never update your Windows machines because if it ain't broke you don't fix it.
Apparently this variant of ransomware can access PCs via an unpatched Windows OS without you clicking on a link or opening an attachment. The only prevention is to keep your systems updated.
Anyone get burnt by this one?

What you need to know about the WannaCry Ransomware

 

[bob]

If you back up your machines to external storage then what's the big deal? Just replace everything necessary, give Ahmed or Mustafa or whomever the finger, and get on with your life.

If any one of these a$$holes should find their way onto any machine of mine, and good luck with that, not a nickel will be forthcoming. No matter what it takes. I'm perfectly willing and able to spend thousands to avoid paying these crotchwhistles a dime. As well as fantasizing about finding and killing everything they love.

 

[GAC05]

Can't you just close and lock your windows?
(frantically downloading/installing Win7 updates 51 of 75 dating back to 2014)

 

[GAC05]

Bob if you ever run them down just give their contact info to the sales staff over at Imageclub10

 

[Bly]

Or just cut the cord to your modem. Job done.

 

[visual800]

I dont run updates and "knock on wood" never had one take over my machine ....having said that I have removed several off others' computers that did run updates. Ironic isnt it. As far as an article written by Symantac on this issue, I would imagine their goal is to scare the h@ll out of people just so you can load their bloated, system slowing programs to monitor your machines. Symantac is one of the worst antivirus programs on the market.

Should you ever be infiltrated by this ransom ware, unhook the ethernet and prepare for a couple hours of fun. Malwarebytes, ccleaner, regedit can usually remove them. It also may take some manual removing from registry

 

[particleman]

It is not worth the risk to skip updates these days. You can roll them back if they break something. This ransomeware is based on an actual NSA exploit released to the internet recently. It was patched by Microsoft 2 months ago.

UPDATE YOUR WINDOWS

 

[WildWestDesigns]

A few of you people have stated you never update your Windows machines because if it ain't broke you don't fix it.

Updates are one of those double edged swords. Yes, it is good to do updates, if the updates are only about updating and patching the system. I have little faith with MS about that and the culture that they have surrounding updates and how they are used on the Win 10 platform. Why I have seriously toyed with not upgrading to the new platform, but all my other instances of Windows (ranging from Win 98 to 8.1) are run on VMs and in every possible conceivable way not attached to an outside network. Computers that are, do get regularly updated, but they aren't Windows or Mac based.

Now, the flip side is that updates bring about instability by their very nature. Actually understandable in MSs case (think of all the hardware/software combinations that run Windows), even Apple has it's issues from time to time and I have far less sympathy when it happens to them.

However, updates in of themselves don't stop some poor soul that clicks and opens the application that wrecks havoc on the system. Especially that poor soul that is running Windows as a full blown admin user with full privileges and is not password protected.

If you have mission critical files/applications on a computer that sees an outside network (I alway suggest not having mission critical computers attached to an outside network), make sure you have anti-virus/malware program running (it's folly not to, even on Linux and Mac rigs), make sure you have backups (notice the "s", not just one) of those necessary files, folders, OS. If you are hit, just whip HD and reload.

Also be aware, that I've known people that didn't think that they had anything on the computers and they actually did. Some malicious code is designed to as stealthy as it can be, so just keep that in mind.

 

[WildWestDesigns]

It is not worth the risk to skip updates these days. You can roll them back if they break something. This ransomeware is based on an actual NSA exploit released to the internet recently. It was patched by Microsoft 2 months ago.

UPDATE YOUR WINDOWS

There is actually a push for mandated backdoors. If that actually does happen, updates really becomes a moot point as those are things that will never get patched.

I find that scary on so many levels.

 

[boxerbay]

my windows 98 machine is running fine. lol.

 

[SignBurst PCs]

From my perspective, I would have a really hard time making a case against automatic updates. There is just so much crap out there if you are connected to the Internet. Yes, there are occasional hiccups with updates, but in my experience, they sure are a lot easier to solve than encryption malware.

Bob, even if you are backed up to an external source, if that external source is connected to the computer when it is compromised, the external source can become encrypted too (even over the network).

There is no "cure" for a "properly encrypted" malware, other than PAY. Even then, you are not guaranteed to get your encryption key. You are dealing with dishonest criminals here.

Automatic updates do not guarantee that you will not be compromised. Locking my front door at home doesn't guarantee that I won't be burglarized either, but I still do it.

 

[WildWestDesigns]

From my perspective, I would have a really hard time making a case against automatic updates. There is just so much crap out there if you are connected to the Internet. Yes, there are occasional hiccups with updates, but in my experience, they sure are a lot easier to solve than encryption malware.

I could agree with that if MS was actually decent with their updates (I don't know of one update that hasn't caused issue on my dad's Win 10 rig or for other people that have migrated to Win 10 that use the same software that I do, in fact, they had just got the big update 2 days ago and it broke a couple of modules with said program) and if there wasn't excess "stuff" with their updates. I have more faith in keeping my Linux rigs up to date then I did with updates my MS rigs (when they were installed on bare metal). And that has been the cause since the 9x days. Not everyone's experience given the amount of hardware/software combinations that are out there, but that has been our experience.

Then, of course, you have to take it on faith that on a close source system that the updates provided adequate patches in their updates.

However, I firmly believe any production rig should not be connected to an outside network. Backups of both files and OSs should be isolated after the backups have been done.

Of course, all of this talk about making sure to be updated is all moot if there are mandated backdoors (which seems to be a persistent desire). In a closed source system, they may actually exist already, hard to really tell, at least easily.

I'm not against updates in general, it's how they are being deployed that's a big big problem. They are good when they are done right, but they bring about instability as well. Which is no bueno in a production environment.

 

[SignBurst PCs]

Like I said, I am speaking from my perspective. We have shipped "a few" computers to folks in the sign industry. Every one is shipped with auto-updates enabled and very few people change that after the computer is delivered. We have experienced very few auto-update related problems outside of the semi-forced Windows 10 upgrades. Other industries, especially those with ultra-proprietary software and custom software will have a different experience. I am not saying it is a perfect system, but I would have to say that the threat of being compromised outweighs the potential for update problems in most cases. There are always exceptions.

 

[Pauly]

I always keep my operating system updated. And i always keep my software updated.

You can use any anti virus software as you please, or any ant malware. You need to keep those updated to track the newest threats.

Dont want to keep it updated? don't hook it to the internet. simple. transfer files p2p or usb flash drive. But you better make sure the other PC is secure. or a virus will travel from 1 pc to another via a USB or a p2p connection.

 

[bob]

...Bob, even if you are backed up to an external source, if that external source is connected to the computer when it is compromised, the external source can become encrypted too (even over the network)....

That's true but my external storage is a 2TB passport drive that gets plugged in, machine is backed up, and the the drive is disconnected. So, yeah, if some buttcrust grabs me during the 45 minute backup then I'm hosed. What are the odds? I guess I could make them 100% in my favor merely by unhooking from my internet connection during the backup. Not a problem since the connection is out of a 5 port switch that sits right in front of my keyboard.

 

[WildWestDesigns]

Other industries, especially those with ultra-proprietary software and custom software will have a different experience. I am not saying it is a perfect system, but I would have to say that the threat of being compromised outweighs the potential for update problems in most cases. There are always exceptions.

I don't think auto updates in of itself is a complete solution.

Again, relying on the patch actually being good (which is hard to verify with MS and Apple updates), I have seen a Win 10 update render malwarebytes useless (dad's computer). It actually pops up in the notifications saying as much. It's no longer usable with this version of Windows. The joys of always being bleeding edge. I would say malwarebytes is also not ultra proprietary or custom (I may be wrong with that). And it would also be something that you wouldn't want to have a compatibility issue, especially when trying not to be compromised. That's a big problem that I have with auto updates. I've seen even the little day to day stuff go bad.

Don't get me wrong, I believe in updates, just not forced (unless you change a setting or two in the registry that prevents download/install of updates, otherwise they are forced), especially when other fluff is put in there. I'm the type that goes through all the Linux updates and picks and chooses what I want to update or not update. I also come from using Fedora in production, so I'm using to having to reinstall (from CLI) the nvidia driver (which is how it's done due to RH's stance on open source) everytime a kernel update breaks it. Not to mention the aggressive EOL schedule of Fedora.

The thing that gets me though, with all this talk of updates, why aren't the routers or the IoTs being updated more (or even at all)? No matter how protected your computer is, having some of those other devices compromised can be just as bad for a network. Especially as more and more things are interconnected.

 

[WildWestDesigns]

But you better make sure the other PC is secure. or a virus will travel from 1 pc to another via a USB or a p2p connection.

While I'm one that believes a PC computer includes Mac and Linux based ones, not all do, but I would suggest that you better make sure that your Mac and/or Linux also has ways to scan things as they can be a "typhoid mary" and never know it.

Although I'm a firm believer in having anti-virus/malware programs on all internet connected computers regardless of OS.

 

[Pauly]

While I'm one that believes a PC computer includes Mac and Linux based ones, not all do, but I would suggest that you better make sure that your Mac and/or Linux also has ways to scan things as they can be a "typhoid mary" and never know it.

Although I'm a firm believer in having anti-virus/malware programs on all internet connected computers regardless of OS.

PC personal computer. But really it does refer to a windows base device. But i'm using it as a general machine.
You can get viruses on mac or linux. not as common vs windows but it happens.

 

[WildWestDesigns]

PC personal computer. But really it does refer to a windows base device. But i'm using it as a general machine.

See, when I was growing up the term was OS agnostic. It really meant a computer that could do all of the processes without the need to be connected to a mainframe (I would argue that we are going back to that type of computing just in a slightly different way). It was really only when Apple was marketing itself as different then Windows that it has slowly meant Windows machines, but I digress.

You can get viruses on mac or linux. not as common vs windows but it happens.

A lot of stuff now is being OS agnostic. Couple of yrs ago PDF reading in web browsers was used as a vector for virus on OSs. Now you have scripts embedded in doc files that are served as vectors for any OS that can read those files.

That landscaping is changing and part of the problem is that those using some UNIX like system (Linux, Mac etc) are being complacent.

Windows as always done things out of convenience for the user, that I would argue is bad and keeps them easier to be susceptible for compromise though. That and the sheer user base amount, Windows machines will probably be a big target for a long time to come.

I do believe computers should be updated, if you need to use legacy programs that can't run on newer machines, run VMs and isolate them. The one thing that I don't like about updates, particularly with how MS does them, is that the come with unnecessary fluff (that would include ads, but ironically I do believe Jobs had his name on a patent to embed ads in an OS, but never put it into action).

One thing that I do think is just as important as updates, is educating the user base. It seems to me that most computer users, use computers just as tools to do a job, nothing more. So there is no desire to learn anything more then what just gets the job done. No matter how up to date a rig is, that's not going to help with the human element.

Just like the mere fact of having an anti-virus program isn't going to be the end all be all protection.

I think that there is a false sense of security (oh the irony) for users that think just doing those 2 things is enough.

Keep in mind to, other devices are starting to be attacked on a network and not just the traditional attacks on desktop, laptop computers. Routers being a big one. Something that doesn't keep updated (if at all) often and most people don't even think about it. No matter how protected your computer is, if they can get your router, they can still do things. May not be as severe, but they can still have "fun".

 

[WildWestDesigns]

This isn't totally off topic, but this is something that I thought I would post, particularly I thought it would be of interest to anyone that has the affected HP laptops for anything.

An article about it in more easy to digest form.

Now, this illustrates that it's good to update, however, bare in mind, the first "patch" didn't truly fix it. Something that someone has to worry about in a closed source system.

Did this update truly fix the issue or do it just switch things around.

And there are just some things about this that I don't understand why it's even there in the first place. The explanation just seems a little off.

 

[mjkjr]

I've been hoping to switch my shop ovee 100% Linux after having to deal with a very shitty (ongoing win10 experience). I've made the switch at home and am happy enough, even more than 50% of my steam games at home run under linux. I have dual boot win7/ubuntu at work, but because I don't have a reasonable replacement for adobe illustrator, I can't fully switch. I've gotten Ai to "work" under wine, but it is painfully slow compared to native win7. And I'm on a recently built quad-core system with 8Gb of RAM, not like I'm on some ancient box. It seems that I could run the plotters under ubuntu, and am looking forward to switching some of the machines, expecially after having win10 decide in the middle of the work day to perform a 3 hour update

If any of you are on Linux and manage to do print production grade CMYK artwork and have software suggestions, please, let me know what you use.