(The quickest way to register)

Check out our new Mobile App

Forum

  1. User picture
    • Satchman on Wed 17 May 2017
    • 08:32:03 PM UTC

    Community Discussion About The Effects of the "Wanna Cry" Ransomware.

    Dear WOT,

    This was one of the worst virus attacks ever seen. Sources say this hit more than 150 countries and ninety percent of those affected were running Windows XP. A no-longer supported Operating System since April of 2014.

    In a historic move, Microsoft released a patch for Windows XP. This patch only works on machines not affected already by the virus. All modern Windows Systems that had Windows Update turned on, and up-to-date Anti-virus software were protected. This includes, Windows 7, Windows 8.1, and Windows 10 users. Windows 10 was not affected at all.

    Do you believe that it was right for Microsoft to patch Windows XP systems because of the scope and magnitude of the attack? Or do you believe that this practice could lull people into a false sense of security when Windows XP gets hacked again because it is no longer updated? Users got bailed out this time. Should they expect this in the future?

    Additionally, how do you believe the answers to these questions may be the same or different from businesses and home user environments?

    Satch

Comments:

  1. User picture
    • Klemen.Soeargo on Wed 17 May 2017
    • 11:05:22 PM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    In my opinion, the most important answer is backing up your data. The implementation and the complexity may differ from home-user to business, but the principle remains the same: Have a backup that isn't connected to the internet.

  2. User picture
    • Site-rater on Thu 18 May 2017
    • 01:28:06 AM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    How does one convince a workplace to update their computers when they retaliated against me after I told them their free Letsencrypt certificate (which they weren't even using even on pages collecting sensitive information) ran out?
    There are some IT departments out there that just don't seem to care and think a casual SSL Labs report means one is some sort of evil hacker or are just harassing the IT department.

  3. Running a machine with XP, without safeguards or knowledge is foolish.

  4. User picture
    • destinationtruth on Thu 18 May 2017
    • 06:07:07 PM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    It's a 16 year old OS. . . foolish is not upgrading, and even more so since its not being updated anymore by MS. Though I applaud MS for making a patch, yet I would make it the last. Those that haven't learned by now are just on the edge of being stupid. It would be like a security company using an open bed truck to carry money and its guards using water guns for protection. . . and then wondering how this happened. . . being robbed.

    Then again sometimes you just can't fix stupid.

    _https://addons.mozilla.org/en-US/firefox/addon/no-winner/

  5. User picture
    • Dutch Mountain on Thu 18 May 2017
    • 07:44:25 PM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    @ Satch : Besides the discussion you're opening about XP......Good info !

    peterswebsafety.com ( link on my profile page ).

  6. User picture
    • Satchman on Thu 18 May 2017
    • 07:49:55 PM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    Originally posted by: Dutch Mountain
    @ Satch : Besides the discussion you're opening about XP......Good info !

    Thank you Dutch Mountain! Good to see you back!

    Satch

  7. User picture
    • NotBuyingIt on Thu 18 May 2017
    • 10:41:47 PM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" …

    Owners of some Windows XP computers infected by the WCry ransomware may be able to decrypt their data without making the $300 to $600 payment demand … ❞but

    Decryption tool is of limited value, because XP was unaffected by last week's worm.

    Still, it may be helpful to XP users hit in other campaigns.
    See the article at
    https://arstechnica.com/security/2017/05/windows-xp-pcs-infected-by-wcry-can-be-decrypted-without-paying-ransom/
    (Slashdot-ed at https://yro.slashdot.org/story/17/05/18/1947217/windows-xp-pcs-infected-by-wannacry-can-be-decrypted-without-paying-ransom )
     
    One security researcher argued on Twitter:
    The worm doesn't infect WinXP - but the ransomware works on WinXP just fine. Yes, you'd have to manually copy and run it there.
    (Source: https://twitter.com/VessOnSecurity/status/865203180677812225)
     

     Data that is stored in the cloud may become lost in the fog.

  8. User picture
    • Satchman on Fri 19 May 2017
    • 11:55:23 PM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    This article gives somewhat conflicting information,

    It says that Windows 7 was the most hit and that data collected on Windows XP systems was "insignificant." Microsoft says that those who have automatic windows update turned on in Windows 7 and running their anti-virus software, (Microsoft Security Essentials.) are protected. Windows 7 will be supported with system updates untl 2020.

    Microsoft Security Essentials is replaced by Windows Defender on Windows 8.1 and 10. Windows Defender on Windows 7 is a malware blocker only, and users must update to Microsoft Security Essentials or a Third Party AV software to get AV protection on Windows 7. It appears that because the Wanna Cry attack was so severe that Windows Defender on Windows 7 still would block Wanna Cry. More here:

    hxxps://www.yahoo.com/tech/m/b536f096-7c14-38e3-b0d3-715db97d4172/worst-hit-by-wannacry%3A-people.html

    Satch

  9. User picture
    • Javelina on Mon 22 May 2017
    • 11:12:43 AM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    I read Microsoft's TechNet blog post about the patch
    hxxps://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/
    This was one of the comments, and it supports the perspective that Microsoft shouldn't be releasing patches for long past end-of-life versions of Windows:

    "The mere fact that Microsoft released an update for XP is pretty shocking because it’s such an old OS. It would be like patching a vulnerability in Windows 2000 in the year 2016, or patching a vulnerability in Windows 98 in 2014!"

    Kaspersky posted a chart of attack frequency by OS.
    hxxps://twitter.com/craiu/status/865562842149392384
    It indicates that infection distribution was highest for Windows 7 x64, while Windows XP count was insignificant. People in the response thread asked if the findings are applicable to systems with Kaspersky AV installed, or for overall incidence regardless of AV brand, if any. It is a good point, but might be a question that only Microsoft can answer.

    There's ambiguity about whether Win 10 is vulnerable to wanna cry. Microsoft suggested that it isn't. Kaspersky seems to agree, stating that wanna cry could not affect Win 10 unless infected manually. I suspect that there are a lot more home users of Win 10 than business users. That might explain why home users were not impacted as severely as businesses. Businesses are often slower to transition to new OS versions. I mention this because Satchman inquired in his original post.

  10. User picture
    • Javelina on Mon 22 May 2017
    • 11:26:51 AM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    Here's one more ironic detail. Due to an ancient error in Win XP's pseudo-random number generator, systems still running old versions of XP are able to create a decryption key to get their files back! That isn't possible for Vista, Win 7, 8 etc. Symantec figured it out, see here hxxps://medium.com/threat-intel/wannacry-ransomware-decryption-821c7e3f0a2b

    This is due to a flaw that exists in Windows XP versions SP1 and SP2, and which was patched way back in 2008 in Windows XP SP3... However, those that do still have computers running those older systems could exploit a flaw in the pseudo-random number generator (PRNG) that allows someone to predict encryption keys that would be created in the future and, crucially, reveal keys that had been generated in the past. An individual could exploit this flaw to reveal the decryption key in memory if the malware is still running, and hence free their files from the grip of WannaCry.
  11. User picture
    • destinationtruth on Fri 26 May 2017
    • 11:12:51 AM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    A good read from Emsisoft: _http://blog.emsisoft.com/2017/05/18/wannacry-ransomware-interview/?ref=newsbox_ticker170524&utm_source=newsbox&utm_medium=software&utm_content=ticker170524&utm_campaign=ticker170524

    _https://addons.mozilla.org/en-US/firefox/addon/no-winner/

  12. User picture
    • Nulander on Thu 27 Jul 2017
    • 02:07:59 PM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    Just my two cents: I passed on Win10, the last september, after months passed without a working AV solution on the system, due to the increasing resource-demanding solution, no more suitable for 32bit computers. The only thing I got installed was a passive Anti-exploiter tool (Malwarebytes Anti-exploit), an updated browser and an anti-ads plugin, that nowadays protects the user from malicious attacks like malwartisements. I surfed for months without any problem, checking here and there the task manager processes list, in order to ensure that always was fine (as it was). I managed to pass to Win10 for the new developement policy adopted by MS, has directed more efforts in order to make an OS slim and not heavy, like it was for the precedent versions of their products.

    MS should point more about this solution, and I'm talking about the possibility to upgrade to their last released product, even for legacy and low-end systems. It's a good idea, in order to avoid problems.

  13. User picture
    • Nulander on Thu 27 Jul 2017
    • 02:11:57 PM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    MS products still continue to cover a good part of the market, and their move is good. Now we will see what happend with the release of RedStone 3, for it will introduce more security layers, in order to contrast the ransomware plague spreading. I heard about the integration of EMET too (so I don't know how Malwarebytes and similar are going to fit their A-E solution, but doesn't matter). Instead, I have found that the "software SmartScreen warning" doesn't give enough informations and considering that it is a security tool checksum-based, having just a warning window that tells you not to open a file, is stupid. They should fill it with more technical informations, maybe Mutiple-AV check results (for example), to let the user get more infos to decide if launch the tool or not.

  14. User picture
    • Nulander on Thu 27 Jul 2017
    • 02:17:27 PM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    Originally posted by: A440
    Running a machine with XP, without safeguards or knowledge is foolish.

    Not all the people out there have the possibility to spend thousand of Euro to change a computer that is still working, just have an outdated OS. I managed to pass from XP to Win10 just because the MS internal politics have changed after the Ballmer departure (following the Win8 fiasco). Otherwise I would still writing at them moment with an XP machine, for the simply reason that for what I have to do, it works fine and is a non-sense to keep a system stuck with an non optimized OS.

    Computers are not fish tanks. If they are slow and doesn't work well, they're useless. If I know that upgrading could result in this, I avoid doing so. So I remark again: good for MS to have start release products that are based on common sense and not just to harvest the user-base money.

  15. User picture
    • hitbit_3 on Sat 12 Aug 2017
    • 09:55:21 PM UTC

    RE: Community Discussion About The Effects of the "Wanna Cry" Ra

    I visit a lot of business premises. its shocking to see the huge numbers who still run the excellent but now unsupported Windows XP..
    Their lax attitude to security is alarming.

    Hitbit