May 13, 2017

"Governments, companies and security experts from China to the United Kingdom on Saturday raced to contain the fallout from an audacious cyberattack that spread quickly across the globe..."

"... raising fears that people would not be able to meet ransom demands before their data are destroyed. The global efforts come less than a day after malicious software, transmitted via email and stolen from the National Security Agency, exposed vulnerabilities in computer systems in almost 100 countries in one of the largest 'ransomware' attacks on record," the NYT reports.

65 comments:

AReasonableMan said...

Update your operating system.

John Lynch said...

That's one way to finally kill Windows XP.

traditionalguy said...

Microsoft needs some sales. This is a great marketing demonstration that out of date versions of Windows software is deadly and must be replaced now.

Temujin said...
This comment has been removed by the author.
AReasonableMan said...

John Lynch said...
That's one way to finally kill Windows XP.


I love Windows XP, MS's best product up until the current version. We still use it to run some instruments, but we never connect them to the internet. They are 'dumb' computers.

Temujin said...

This is the end

rhhardin said...

It's an opportunity to buy that bigger HD, reinstall the operating system and the daily backup files. You don't backup?

Most people running XP can't upgrade (as it's called) because the applications they need won't work on the new OS.

It's called bit rot. Meddling with the rules by graduate students breaks all the old stuff, and the old stuff happens to be pretty valuable.

rhhardin said...

New operating systems are ransomware themselves.

Let us charge you again for what we already sold you.

David said...

Stolen from the NSA?

Yikes.

rhhardin said...

The ransomware notice ought to have a link to Microsoft to buy a new OS.

rhhardin said...

Microsoft stopped supporting XP because they were making no money on fixing what they put errors into. In fact losing money because you weren't buying the new stuff.

EDH said...

I'm surprised they can't track or seize the ransom payments.

rhhardin said...

On the bright side, it probably stopped Iran's nuclear program again.

rhhardin said...

Windows 10 users, this is you in five more years.

rhhardin said...

My windows XP laptop

$ uptime.sh
uptime 499:21:31:53 43191113 seconds 500 days ago at 12:19:16

Pretty stable system.

Dust Bunny Queen said...

This is a great marketing demonstration that out of date versions of Windows software is deadly and must be replaced now.

This is a better demonstration of not putting all your eggs into one basket. Having ALL of your sensitive data on a computer, not having any paper backups or worse not having back up in data formats that are subject to corruption from the internet.

The people in the hospital getting chemo treatment have ALL their data in ephemeral forms for convenience sake. How convenient is that now?

Dust Bunny Queen said...

New operating systems are ransomware themselves.

Let us charge you again for what we already sold you


AMEN! Microsoft Office is ransom ware!!!!

Original Mike said...

"New operating systems are ransomware themselves."

As usual, rh nails it.

Original Mike said...

This is why I disconnect my backup drive unless I'm actually doing a backup.

St. George said...

One wonders if it was a North Korean attack.

A reminder that any sophisticated party--state or non-state actor--could take out power grids...as happened in the Ukraine in 2015.

Here is a Booz Allen white paper on how the attack was executed. It took months of planning....https://www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-went-out.pdf

This Wired article...
https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/
....makes clear that a similar attack here would be worse because our systems are more automated.

sinz52 said...

The best protection against things like this is to set up your computers as dual boot. So they can boot up in either Windows or Linux.

Many database management systems support both operating systems. Implement your IT system to run on top of those with portable applications that run on both Windows and Linux. If Windows is compromised, you reboot into Linux and you're back in business within minutes. If someday, Linux is attacked, you reboot into Windows.

There are plenty of tutorials on how to dual-boot your computer.

Fernandinande said...

An “accidental hero”* has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware."

*"accidental hero" is fake news; a security guy figured it out.

Darrell said...

"accidental hero" is fake news; a security guy figured it out.

The way I took it was that the guy who registered the domain name he spotted in the ransomware didn't know it would help stop the spread (act as a kill switch). He thought he could make a few bucks off the bad guys by selling them back their domain name.

AReasonableMan said...

sinz52 said...
The best protection against things like this is to set up your computers as dual boot. So they can boot up in either Windows or Linux.


This is good advice but not trivial for most users, who only have a dim understanding of what an operating system is, much less why you might want two.

buwaya said...

Microsoft causes more disruption than all the virus makers put together, simply through the never-ending monthly patches. The trouble days can be predicted; its the few days after patch day.

buwaya said...

Dual boot and etc are for computer aficionados. That is an expensive and messy thing for business users.

FullMoon said...

Kaspersky did a "Ask me Anything" on Reddit two days ago.

Just before virus hit.

If you are interested

exhelodrvr1 said...

Women and minorities hardest hit

Original Mike said...

At the Senate Select Committee on Intelligence hearing Thursday the assembled Directors of the FBI, CIA, NSA, DNI, DIA, NGA were asked if they would have Kaspersky software on their computers. They all said "Nyet".

Mark said...

Stolen from the NSA?

Yes, that is certainly a "wait a moment" response to the story. All this talk about operating systems, etc., is all fine, but let's go back to this particular point. And also consider the possibility that NSA has already in some way had monitoring software placed on all our computers. Oh, and that U.S. intel communities have already been outed as being able to mimic the Russians in their own hacking operations.

buwaya said...

For what its worth, Microsoft had a patch for this thing two months ago. If you keep up with MS patches you wouldnt be worrying.

Rusty said...

rhhardin said...
My windows XP laptop

I've got a few older desktops running XP only because the the macinetool software was written for it.
I'm going to investigate and see if linuxcnc will run the newr macines.
Like a desktop 3d printer.

mockturtle said...

Yes, that is certainly a "wait a moment" response to the story. All this talk about operating systems, etc., is all fine, but let's go back to this particular point. And also consider the possibility that NSA has already in some way had monitoring software placed on all our computers. Oh, and that U.S. intel communities have already been outed as being able to mimic the Russians in their own hacking operations.

Mark, I agree. Just how 'secure' is the National Security Agency? When did it happen and who knew about it? And, as you point out, what were they doing with this program?

Original Mike said...

Thanks, buwaya. I thought I had read that.

mockturtle said...

I switched to Mac two years ago.

Dust Bunny Queen said...

I do routine back ups of data to several USB sticks. Two for our business, Redundant back up USBs. It would be devastating to lose the Quickbooks data, pdfs of various documents, correspondence, serial numbers of equipment and to whom sold and when installed, well data. We do also have a card-ex back up of the well data and equipment. I back up the data on the business sticks every single time I make changes. In addition to keeping the hard/paper copies of shipping documents/billing/serial #s of equipment, I scan to PDF for convenience. Instead of rifling through boxes of invoices they are also digital.

Personal items like photos, music, videos and scans of personal documents are on separate USBs and backed up monthly or when there is a change. Redundant USBs for the music so I can play music while camping with a blue tooth wireless speaker and an old laptop.

USBs are more convenient for me than an external hard drive because I have several computers in two buildings that need to be synchronized, for the business files. So I just transport the data in my pocket and restore to the various locations. No big deal.

Mark said...

What was NSA doing with this program?

My impression is that the NSA created the program.

Hammond X. Gritzkofe said...

Yes, XP was nice. Nothing in Win7 that I needed. Win10 found new hiding places for some settings, and deleted other settings completely. Memo to Microsoft: PC != tablet; for some, touch screen operating system on a computer is a bug not a feature.

Yes, dual boot is nice. At least carry a live Linux USB stick.

Microsoft Office? Viva LibreOffice and OpenOffice. Viva Gimp. Viva Audacity.

mockturtle said...

My impression is that the NSA created the program.

Yes, but for what application?

Darrell said...

My impression is that the NSA created the program.

Yes, but for what application?


To do something extra-legal. Like taking out a single computer but making it look like a wide-spread attack by amateur hackers.

mockturtle said...

Darrell suggests: To do something extra-legal. Like taking out a single computer but making it look like a wide-spread attack by amateur hackers.

Ah, so. Like the Tylenol murder case.

tcrosse said...

Yes, XP was nice.

What about Windows Vista ? Or has that been flushed down the memory hole ?

David Begley said...

Bitcoin makes this ransom business possible.CIA and NSA should take it down.

Darrell said...

Vista is built on XP. And it lost MS support this year, too.

Fernandinande said...

mockturtle said...
Yes, but for what application?


"to remotely commandeer computers running Microsoft Windows."

Hackers added the replication (worm).

Darrell said...

Some suggest that this was a roundabout attack on Bitcoin--getting people mad enough to put an end to the alternate currency. One that can't be tracked and controlled by elites.

David Begley said...

Darrell:

The prime use for bitcoin is for criminal activity.

John Lynch said...

Rhardin-
My Windows 10 is my Windows 7 from 2009. Haven't paid diddly since then. Seems like good value to me. Windows defender killed this virus off my system, too. Easy to complain about MS, but they are a really good company in terms of what the consumer gets.

If you don't upgrade OSs they can't run newer programs. I'm fine with it.

Darrell said...

The prime use for bitcoin is for criminal activity.

You can say the same for US $100 bills.

Etienne said...

The reason this attack succeeded, is people don't update their software.

Being a nerd, I can show you the two ways I back-up all my computers. You can steal my computer and I can have a replacement running in less than an hour. With all my files restored.

It's not magic. It's just how it was done in the 20th Century.

rhhardin said...

Microsoft, seeing its reputation going to shit, released a free update for XP and others for the bug

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

seems to apply harmlessly for me.

YoungHegelian said...

I'm sorry, but for the companies, as opposed to the individuals, who got hit by this, I say ---- fuck 'em!

You have no idea how hard it is to "sell" backup & recovery capabilities to companies. It's not that expensive, especially when amortized out or examined from risk-mitigation standpoint. But, getting companies to spend e.g. $5k, when they'll lose several times that in just being down for one day is like pulling teeth.

"The shit just works, man. It's almost never down. We've never had a major data loss before. No, we're not goin' there."

Every ---- EVERY! data store in a company needs to have rapid & redundant backup & restore capabilities, on-premise & off. It's on the level of "Do you have business insurance?". That major corporations still get walloped by this stuff means that a buncha CIO's, CFO's & even CEO's need to find new lines of work.

Etienne said...

The cable modem is the biggest threat to consumers. The speed is too high.

At least with dialup modems, peoples homes were too slow to attack, and they weren't online 24/7 with no one watching.

My last career dealt with computers and servers, so my home system (connected to a cable modem) is sophisticated yet simple, also pretty cheap.

cable modem<->Netgate SG-1000 firewall<->Switch

The Switch is also important. It offers technical advantages over the old Hub.

If everything is clean and simple, it is easy to back up.

Leigh said...

Here's what NSA whistle-blower Bill Binney had to say about these global attacks:

"This is what I called short sighted finite thinking on the part of the Intelligence Community managers.

This is also what I called (for some years now) a swindle of the tax payers. First, they find or create weaknesses then they don’t fix these weaknesses so we are all vulnerable to attack.

Then, when attacks occur, they say they need more money for cyber security — a total swindle!!! [Indeed.]

This is only the second swindle of the public. The first was terror efforts by saying we need to collect everything to stop terror — another lie. They said that because to collect everything takes lots and lots of money.

Then, when the terror attack occurs, they say they need more money, people and data to stop terror. Another swindle from the start. [The war on terror is a “self-licking ice cream cone”, because it creates many more terrorists than it stops.]

And, finally, the latest swindle “THE RUSSIANS DID IT.” This is an effort to start a new cold war which means another bigger swindle of US tax payers.

For cyber security, I would suggest the president order NSA, CIA and any others to fix the cyber problems they know about; then, maybe we will start to have some cyber security."


http://www.zerohedge.com/news/2017-05-13/top-nsa-whistleblower-ransomware-hack-caused-“swindle-taxpayers”-intelligence-agenci

rhhardin said...

My XP laptop now

$ uptime.sh
uptime 0:00:11:27 687 seconds 0 days ago at 18:43:53

start counting cpu clock cycles over again.

rhhardin said...

I suspect what the patch fixes is the network spreading, not the appearance in the first computer, which is still vulnerable via phishing or whatever it was.

Some bug not fixed in some other place.

Etienne said...

rhhardin said...I suspect what the patch fixes is the network spreading

You are correct. The target computer is still toast on the Internet, but now it can't spread it's death to all the other members of the LAN, or (God forbid) tunnel network partners.

YoungHegelian said...

I've looked further into what needs to be done to protect my clients. Almost everything I've read so far has been, from a technical point of view, worthless. This article from Microsoft is about the best I've found so far.

YoungHegelian said...

Also, talk about yer freakin' PR nightmare! This is a page from google cache of what the IT security company Sophos pulled from its web site.

Etienne said...
This comment has been removed by the author.
Etienne said...
This comment has been removed by the author.
Etienne said...
This comment has been removed by the author.
Sammy Finkelman said...

buwaya said...5/13/17, 10:09 AM

For what its worth, Microsoft had a patch for this thing two months ago. If you keep up with MS patches you wouldn't be worrying.

But not for Windows XP, which tey stopped supporting in April, 2014. But now, after this, they did make a patch available for Windows XP.

They did have a patch for Vista because the patch was put up on March 14 and they stopped supporting Vista on April 11.



Sammy Finkelman said...

Dust Bunny Queen said...5/13/17, 10:19 AM

I do routine back ups of data to several USB sticks.

You need a few, because ofthe possibility that a biruus could infect the USB. That's how the Stuxnet virus infected the Iranian computers controllingthe centrifuges. So I'd say you need maybe at least 4 or 5 USB backups. Just to catcxch what is happening. Some of the backups can be older, so at least you;d have the long term things.

Maybe also backup to write rprotected device like a CD-ROM. And there's paper. Photographs.

You can lose USBs but that's anoher reason to have several.

Etienne said...

Think Off-site storage.

For consumers this means Google Drive or Microsoft One-Step or whatever they call it.
Then there's also Dropbox.

It's easy to compress and encrypt the files before uploading them.