Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT Technology

Cyberattacks From WannaCry Ransomware Slow But Fears Remain (bbc.com) 76

WannaCry ransomware, which has spread across 150 countries, appears to be slowing down with few reports of fresh attacks in Asia and Europe on Monday. A report on BBC adds: However staff beginning the working week have been told to be careful. The WannaCry ransomware started taking over users' files on Friday, demanding $300 to restore access. Hundreds of thousands of computers have been affected so far. Computer giant Microsoft said the attack should serve as a wake-up call. BBC analysis of three accounts linked to the ransom demands suggests only about $38,000 had been paid by Monday morning.
This discussion has been archived. No new comments can be posted.

Cyberattacks From WannaCry Ransomware Slow But Fears Remain

Comments Filter:
  • by courteaudotbiz ( 1191083 ) on Monday May 15, 2017 @09:07AM (#54418209) Homepage
    • - Update your freakin Windows install
    • - Do not expose SMB ports to the Internet (TCP/UDP 445, TCP/UDP 137-139)
    • - Do not open emails with suspicious attachments
    • - Have an updated antivirus scanning your files on-access

    The first 2 steps are the most important. The second one alone should protect you.

    • Re: (Score:1, Troll)

      by MrKaos ( 858439 )

      The biggest problem is you can't fix stupid.

      • by gweihir ( 88907 )

        Indeed. And you cannot fix even more stupid, in particular the people who paid.

        • by MrKaos ( 858439 )
          True that, which probably increases the amount of ransomware we will see in the future. It would seem the sensitive little snowflakes that can't face reality would rather call that a troll than 'calling it as it is seen'.
          • by gweihir ( 88907 )

            People like to ignore what they cannot fix, instead to learn how to fix it. And then they try to convince others that ignoring it is the right strategy in order to get emotional confirmation. I guess quite a few tribes and larger groups of people have failed due to that in history. Of course, this approach is anathema to any good engineer, because if we screw up, things break, sometimes spectacularly. Unfortunately, IT is not a proper engineering field today and many people working in it do not qualify as e

            • by MrKaos ( 858439 )

              People like to ignore what they cannot fix, instead to learn how to fix it. And then they try to convince others that ignoring it is the right strategy in order to get emotional confirmation.

              I couldn't help laughing when I read this as it is so often my experience, especially when people know what you do with technology and they still try to rope you into their illusions so they have a tacit appeal to authority. I gave up trying to help people and just shrugged and let people have their comfort now at the expense of some future disaster that I won't get involved in.

              Unfortunately, IT is not a proper engineering field today and many people working in it do not qualify as engineers from their mind-set and skills. I also support giving engineering degrees to people that can prove good skill and understanding what it means to be an engineer in their field, with some additional qualification required if needed.

              I started very young and just loved electronics and coding. So I think I was in that category for a good portion of my career until

              • by gweihir ( 88907 )

                Inevitably, how this dictates the type of people that get into computing is it currently attracts people comfortable with high levels of uncertainty, something engineers are not. My brother is as Nuclear Physicist, he likes to joke that for him, point A and point B are enough to define a straight line, but an engineer needs more data.

                That captures it well really. I mostly work as an engineer (I am also a scientist, but part-time only), and when I do engineering, I not only want these two points, I want two more in addition so I have generous redundancy and _still_ have redundancy left even if one of the point fails. When doing Science, I am perfectly fine with using only two points ;-)

    • Comment removed based on user account deletion
    • The second one alone should protect you.

      I may be mistaken, but I believe that's not the case. It's also using SMB to spread behind firewalls after someone fails to follow Step 3 that you provided. As such, both Steps 2 and 3 are necessary and must be practiced by everyone behind your firewall, otherwise you may still get infected.

      • If [ step1 is applied ]
        then
        -- you are pretty safe from this shit
        elif [ step1 is applied && step2 is applied ]
        then
        -- you are safer from this shit
        else
        -- you will never be safe from this shit. Points 3 and 4 are general purpose self defense advice.
        fi

        My 2 cents pseudocode.
  • by bulled ( 956533 ) on Monday May 15, 2017 @09:11AM (#54418239)
    Microsoft was whining about this earlier, and they are absolutely right to do so. There is no such thing as 'NOBUS'. There are far more smart people working outside $ORG than inside it and it is hubris to believe that $ORG is the only one smart enough to find any particular exploit.

    With that said, Microsoft made a part of this shit sandwich by refusing to patch older, but still active operating systems until their feet were to the fire. Sure, no one should be running XP any longer, but once on a vendor lock-in treadmill it can be very hard and expensive to get off.
    • by clickety6 ( 141178 ) on Monday May 15, 2017 @09:27AM (#54418331)
      Plus the fact that Microsoft pushed people into not updating by turning their fix-the-bug patch update system into a shill-the-hell-out-of-windows-10 advert delivery system.
      • by bulled ( 956533 )
        Good point, this probably as big a part as the failure to patch older systems.
      • I too am wary of running a patch from MS but they do offer a manual alternative which I used on a Win 7 machine: Create Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1 REG_DWORD: 0 = Disabled --from https://support.microsoft.com/... [microsoft.com] and keep your fingers crossed
    • The trouble is there are perfectly valid reasons for using the older operating systems especially in the cases like hospitals.

      Let's say, as an example, there is an ultrasound machine that was based around Windows XP. I know is sounds odd but there is a case to be made for taking an existing laptop motherboard design and tweaking it to add the special hardware needed for the ultrasound. Especially as the images can be sent to a central file server.

      Now, 4 years later, update the OS.

      Can you guarantee that th

      • by Bigbutt ( 65939 )

        Yea, I have at least two pieces of perfectly good hardware that I can't use except on an XP machine due to the manufacturers using some XP code (browser?). The HP scanner isn't that big a deal, more annoying. But the Sony Handycam means I can't get old recordings off of the tapes without XP.

        [John]

      • by __aaclcg7560 ( 824291 ) on Monday May 15, 2017 @09:44AM (#54418427)

        Let's say, as an example, there is an ultrasound machine that was based around Windows XP.

        Medical devices should be kept on a separate VLAN behind an ACL with a no access to the Internet and a dedicated update server. Exposure to the General VLAN can cause problems. From what I read about the British hospital, there network isn't highly structured.

        • An ultrasound machine should not be running an SMB server either! Nor should it be hosting any data. And it should be possible to return the thing to a default state. Also you should not be using it to browse email and open attachments!
          • Sure. Those of us who have worked in network security long enough know that, but given a design requirement of "Share the diagnostic images with other servers on the network" and an OS that has a built in network sharing protocol, there's a very large incentive to just use what the OS provides.

            Can a Windows XP machine use the SMB client protocol without allowing inbound packets? I don't remember. It's been too long. And I haven't gone over the SMB vulnerability in detail to know exactly how it worked.

            • Can a Windows XP machine use the SMB client protocol without allowing inbound packets?

              Windows XP has SMB 1, which less secure than SMB 2 or 3 (found on Windows Vista or later and Windows 2008 or later).

        • The problem with worms is that one infected device momentarily connected can spread the infection. So someone plugs in a USB flash drive to a computer on your restricted VLAN to copy some MP3s they want to listen to, spreads that infection to that computer, which then spreads it to the rest of the devices on the VLAN. The strength of your security is determined by your weakest link - in this case the dumbest person with physical access to your secure network.
          • So someone plugs in a USB flash drive to a computer on your restricted VLAN to copy some MP3s they want to listen to, spreads that infection to that computer, which then spreads it to the rest of the devices on the VLAN.

            If you plugged a USB stick into a workstation at my job, the USB port would shut down and security will stop by in five minutes to confiscate the USB stick. Authorized USB sticks have built-in hardware encryption and are registered with an authentication server.

            • I'm guessing you work at a company that is IT related. I could be wrong but in my experience most companies that are not in the IT field see IT as a loss generator. As such, the lower the cost and inconvenience to users, the better.

              And when it's the CEO that wants to share his daughter's Christmas choir video with the whole company - no I'm not kidding - that USB stick gets greenlit.

              • I'm guessing you work at a company that is IT related.

                I worked in government IT. The three-letter agency I work for is definitely not IT-related. I've gotten blowback from friends who think I work for the NSA (I can neither confirm nor deny) and was responsible for what happened this weekend.

                • Ah. Governmental IT. The government has been bitten a few times already about security so they take it a bit more seriously.

                  Just to clarify, I'm not arguing about the best practices. I'm just playing devil's advocate as to how this situation could have happened. I do contract development work. The shortcuts taken to fit the work into the budget are scary.

                  This is also why the concept of IoT scares the living shit out of me.

        • Absolutely. The impact could have been lessened with proper security on the network but the people yelling "Get the latest OS!" are starting to get annoying. It's not all about desktop PCs, laptops and servers.

          And I say "lessened," since I haven't gone in to the SMB vulnerability in depth. Any file server to which these devices attach may have been vulnerable since these devices couldn't communicate with a patched OS...but that's purely speculation on my part.

          But too many people still think that security

  • by Crookdotter ( 1297179 ) on Monday May 15, 2017 @09:17AM (#54418279)
    Ransomware has been around for ages now. Surely someone can come up with an OS defense rather than tit for tat patches and upgrades. File versioning going back in history that you can't edit, only recover from? Every file modification makes a new file. Sure, disk space gets eaten up very fast but with large Tb drives that should surely give companies some breathing room, and home users too. Why isn't this an easy option to switch on in windows?
    • by swb ( 14022 )

      File versioning going back in history that you can't edit, only recover from?

      Regular backups, perhaps on some multiple-time-per-day schedule, stored in a security domain separate from the source backup domain seems like the most viable working solution now.

      Too many of the exploits hit admin/root privileges and then attack the OS backup defenses and occasionally even backup systems running in the same security domain. You need backups not accessible by even top-level user IDs, and preferably offline.

    • by gweihir ( 88907 )

      There are defenses that work. Just not on Windows. As usual, MS is far behind.

  • Not too long ago you didn't need to worry about viruses at all unless you actively ran something with a .EXE .COM or .BAT extension, then through the expansions of javascript, flash, and even html, now you can get infected in dozens of ways without your even knowing it happened or what website did it. This should never have been allowed, but someone wanted it to happen, and this is where we are now thanks mostly to Microsoft.

    • OR you could run a fundamentally safer operating system and don't run anything with a DMG extension unless you knowingly downloaded it from a known site.

    • I haven't had an virus outbreak on my personal PCs in 10+ years. If you practice safe computing by keeping your PCs up to date, avoiding naughty bits on the Internet, and being careful not to click on links and/or attachments in email, you won't have any problems.
      • by Bigbutt ( 65939 )

        Yep. Not even once (NB that I'm aware of). Add in an ad blocker of some sort and that my firewalls (iptables, pf, iptables again, and pfsense) over the years don't permit externally initiated access and I'm still clean. I do scan somewhat regularly, malwarebytes being my go to scanner, and catch an occasional sketchy cookie. The first time I ran it, several years back, it found several waiting viruses in my really old email backup of my work emails (work let us use our personal computers to VPN in, and Eudo

  • We need USB drives (mimicking a SAN) with physical switches to put them into one of four states:

    * normal operation

    * write-only until full, then read-only until physically reconfigured. Basic info like free space can be read, but that's all. Otherwise, it's a lockbox.

    * write-mostly until full, then read-only until physically reconfigured

    * a hybrid of the second & third modes... everything is encrypted using a random key printed on the label. Without the key, it acts like write-only. With the key, it acts

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...