In May this year, there was a worldwide cyberattack by the WannaCry ransomware cryptoworm. Among other victims around the world was the United Kingdom’s National Health Service (NHS).
I’m interested in reading from people who know how the internet works about how this cryptoworm spread, and whether computers are still at risk today from this or similar attacks.
All I know is that the attacks made headlines for a couple of days and then disappeared.
think like so many things it requires an idiot to execute a (email or whatever) malicious attachment, somewhere.
I see they are installing a revolving door and a conveyor belt at the White House, that should speed up replacements.
White House Offices are going to be fitted with sliding hatch in the floor, when the President replaces someone, the hatch opens and the person falls into a vacuum tube and is then ejected outside, straight into a media scrum.
KJW said:
In May this year, there was a worldwide cyberattack by the WannaCry ransomware cryptoworm. Among other victims around the world was the United Kingdom’s National Health Service (NHS).I’m interested in reading from people who know how the internet works about how this cryptoworm spread, and whether computers are still at risk today from this or similar attacks.
I heard that the latest ransomware attack was stopped by an amateur by the simple process of registering a website, and holding that website secure against hacker attacks.
It was unusual in that the loophole dated all the way back to Windows XP, making Microsoft produce an update even back to Windows XP. You should be triply safe now from the original attack.
1) Safe because the necessary website is registered.
2) Safe because Windows updates have covered it on all operating systems.
3) Safe because of protection by anti-virus software.
As for similar attacks, I can’t say.
I’ve recently been reading an ancient history book about computer security (written about 1990) which, together with other old stuff I’ve read, makes me realise that the purpose of “white hat” hackers is to discover security loopholes that “black hat” hackers can steal and exploit. That seems to be what’s happened here.
transition said:
think like so many things it requires an idiot to execute a (email or whatever) malicious attachment, somewhere.
It is my understanding that this was not the case for the WannaCry attack. For WannaCry, the payload was delivered in internet packets that did not require any user action to execute. Microsoft had released updates to fix the underlying vulnerability about two months before the attack, but the nature of the attack indicates just how vulnerable we really are to malicious code. And it is this particular vulnerability that is why I started this thread. It is easy to feel safe against malicious email attachments which we don’t have to open, but how can we feel safe if all that is required to become infected is simply to connect to the internet?
mollwollfumble said:
You should be triply safe now from the original attack.1) Safe because the necessary website is registered.
2) Safe because Windows updates have covered it on all operating systems.
3) Safe because of protection by anti-virus software.
As for (1), there have been worms found more recently that do not include the kill switch.
As for (2) and (3), suppose that for whatever reason a person hasn’t turned on their computer since Microsoft released the security update. Turning on their computer for the first time since the attack, from the time they connect to the internet to the time they have downloaded and installed all the updates, what is the likelihood of becoming infected by a similar worm?
mollwollfumble said:
I’ve recently been reading an ancient history book about computer security (written about 1990) which, together with other old stuff I’ve read, makes me realise that the purpose of “white hat” hackers is to discover security loopholes that “black hat” hackers can steal and exploit. That seems to be what’s happened here.
{whispers}
I get the impression that the NSA hats are a little grey.
On a related topic, I found this Wikipedia article interesting: https://en.wikipedia.org/wiki/Vault_7
{/whispers}
KJW said:
transition said:
think like so many things it requires an idiot to execute a (email or whatever) malicious attachment, somewhere.
It is my understanding that this was not the case for the WannaCry attack. For WannaCry, the payload was delivered in internet packets that did not require any user action to execute. Microsoft had released updates to fix the underlying vulnerability about two months before the attack, but the nature of the attack indicates just how vulnerable we really are to malicious code. And it is this particular vulnerability that is why I started this thread. It is easy to feel safe against malicious email attachments which we don’t have to open, but how can we feel safe if all that is required to become infected is simply to connect to the internet?
I read the wiki article re just this a few weeks back, after some TV program that covered it.
just don’t open anything that might be dodgy of emails, I mean I know what is likely to turn up. I get SFA junk near nothing that way, but other day did get something and just deleted it.
run all your security bolted down hard, and don’t visit the internet pollution.
KJW said:
In May this year, there was a worldwide cyberattack by the WannaCry ransomware cryptoworm. Among other victims around the world was the United Kingdom’s National Health Service (NHS).I’m interested in reading from people who know how the internet works about how this cryptoworm spread, and whether computers are still at risk today from this or similar attacks.
How detailed an analysis do you want? The malware infected target machines using an exploit developed by the NSA called EternalBlue, which targets a vulnerability in the Microsoft implementation of the Server Message Block, SMBv1. This vulnerability allows specially crafted messages to execute arbitrary code on an exposed machine. A simple way to protect a machine would be to disable SMBv1. A second part of the malware, called DoublePulsar, also developed by the NSA, is a “back door” which allows the malware to spread. DoublePulsar already infects tens of thousands of computers; WannaCry can use an already-installed implementation, or install one itself.
There are detailed technical documents on Microsoft’s website.
transition said:
just don’t open anything that might be dodgy of emails
Although originally thought to be delivered by email, it was subsequently discovered that WannaCry was NOT delivered by email. And it wasn’t delivered by visiting a malicious website. It was the result of simply being connected to the internet and not having installed the appropriate security update, which was fortuitously available at the time of the attack, but not guaranteed for future attacks.
Incidentally, the “kill switch” to which mollwollfumble refers was apparently installed in WannaCry to stop it from being analysed in a sandbox, where any network traffic is replied to promptly, even if it’s to a nonextent address. It sent a request to a nonexistent web address; if it got a reply, it knew it was in a sandbox, so did nothing. The researcher who registered the address thus convinced the malware that it was in a sandbox, so it did nothing.
KJW said:
transition said:
just don’t open anything that might be dodgy of emails
Although originally thought to be delivered by email, it was subsequently discovered that WannaCry was NOT delivered by email. And it wasn’t delivered by visiting a malicious website. It was the result of simply being connected to the internet and not having installed the appropriate security update, which was fortuitously available at the time of the attack, but not guaranteed for future attacks.
Yeah doesn’t bother me too much, not like the sky’d fall in if my computer died, like they have done previously. Probably get a few more jobs done around the place.
Only thing that freaks me about the internet is how unnecessary a lot of it is. That’n too that it looks very liberating but has some repressive aspects hidden away in the apparently liberating. It’s polluting the aether also.
btm said:
How detailed an analysis do you want?
I’ve read the Wikipedia article about the attack. It focussed on the computer-side of the attack, and I consider it sufficient for my purposes. But I would like to know more about the internet-side of not just the attack but also of worms in general. Why would the worm appear at the internet side of my modem?
just did the security updates for that
thought may as well
Dear KJW.
I find that the worst possible kind of malware is “security updates” from Microsoft. They crash, freeze and slow computers, cause loss of programs and all sorts of other nasties. And they affect millions of computers every day.
I far prefer to take my chance with the viruses.