General Question

imrainmaker's avatar

Are you aware of the latest ransomware attack?

Asked by imrainmaker (4716points) 1 week ago

Here’s the link with details

Observing members: 0 Composing members: 0

9 Answers

imrainmaker's avatar

My apologies.. It should be “ransomware”. Most hit are Europe,Russia and some Asian countries. America was saved partly because stop switch found by a blogger accidentally as given in the link which gave some extra time for patching the systems.

LuckyGuy's avatar

Does anyone know how it gets in? Do you have to open a suspicious link in an email?
Does it get in if Java script is turned off?

chyna's avatar

I just heard about it on the news. It affected Fed Ex in the U.S.

janbb's avatar

@LuckyGuy It attacked networks in my understanding, not personal computers. A large portion of the hospitals in the UK were affected.

Soubresaut's avatar

I read it gets in by getting someone to click on a .zip file attached to an email.

I also read that it was hitting older Windows OS, and that Microsoft has released patches for them (so everybody update!) ... Okay, here’s an article that seems to give a reasonable overview of the attack.

Love_my_doggie's avatar

I heard something about this on the morning news. It’s mostly affecting people in Russia and China. But, of course, electronic malice can spread with astounding speed.

A few years ago, my computer became infected by CryptoLocker. What a nightmare!

johnpowell's avatar

It was actually spread through a few methods. First being your common one from people clicking stuff. But here is the really bad thing. It was using a exploit in SMB which basically means it could spread through a network with absolutely no user interaction. That is how it was taking down entire institutions.

And if you are concerned running Windows update will patch the vuln.

johnpowell's avatar

And I want to add a few things..

CNN and others have made the dude that stopped this as some lucky fool (they have started fixing this). He is actually a top notch security guy.

Thing two. This was stopped by the payload checking if a domain name existed. If it did not exist it would fuck your computer. If it did exist it would not fuck your computer. I don’t really get the logic of taking this approach.

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

For more info.

And here is the domain the malware was going to connect to and the guy bought.

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

LuckyGuy's avatar

The guy is a hero!
You can be sure the next generation payload will not have this flaw. It will likely vary the domain name.

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther