Global ransomware attacks

Discussion in 'The Guru's Pub' started by alanm, May 12, 2017.

  1. CrazY_Milojko

    CrazY_Milojko Ancient Guru

    Messages:
    2,426
    Likes Received:
    986
    GPU:
    Asus STRIX 1070 OC
    On a serious note... Things like this aren't easy to crack, but not impossible for some of those. I remember the case of one older women living near me, few years ago some kind of ransomware (she clicked on some fishy *.exe in attachment of e-mail message) encrypted thousands of pictures, videos and docs on her laptop asking for some $200 or a bit more ransom to decrypt everything, but there was time limit for that, few weeks iirc and she was late so all of here files were encrypted without chance to be usable again. It was some new V2 or whatever type of ransomware, freshly released month or two before and back then there was no way to crack it, dunno now. Few weeks before that someone found a way and made a tool to crack/decrypt previous not sure V1 or it was V1.1 revision of the same type of ransomware, found a forum/thread about that ransomware, how it works, how it was cracked, decryption tool and lots of posts people thanking the author of that decrypion tool... and lots of other post of people crying because they were stucked with much more advanced V2 revision of same ransomware. Later I've never checked if that newer revision was busted or not.
     
  2. alanm

    alanm Ancient Guru

    Messages:
    10,663
    Likes Received:
    2,760
    GPU:
    Asus 2080 Dual OC
  3. CrazY_Milojko

    CrazY_Milojko Ancient Guru

    Messages:
    2,426
    Likes Received:
    986
    GPU:
    Asus STRIX 1070 OC
    Yep, brute force is useless against today's advanced 128-bit and 256-bit encryptions, no one with a bit of a healthy brain cells would waste his time and computing power going with brute force against it.

    Ransomware I was talking about had some design flaw, at least first version if it, someone smart enough saw that and made a decrypt tool using that design flaw. It was interesting for me to read in deep analysis backthen made by the author if that free decrypting tool, how that ransomware works, crucial desing flaw used to made decryption tool... Obviously the author of busted ransomware had read the same article too and made a new advanced version of same ransomware, way more complex than it's predecessor... Can't find that forum/thread or whatever it was, would like to read whole article once more.
     
  4. Black_ice_Spain

    Black_ice_Spain Ancient Guru

    Messages:
    4,583
    Likes Received:
    17
    GPU:
    5700XT
    if the data is encrypted, even if your network is controlled, encryption will make sure that the data is not read on it's meaningful form (even though it will be stolen).

    Of course if you keep the way to decrypt the data on the same PC or your data gets stolen while it's decrypted by any of your processes (like flying thru the network decrypted), it will be stolen.

    Of course if data is stolen and outside your control and it's valuable enough, they'll spend big amounts of money and eventually (maybe years) it would be cracked and read on it's meaningful form (decrypted).
     

  5. allesclar

    allesclar Ancient Guru

    Messages:
    5,713
    Likes Received:
    111
    GPU:
    GeForce GTX 1070
    Hacking computer systems demanding payment which prevents people suffering from serious illness's including cancer from getting vital treatment?

    I think not. I hope they rot in hell.
     
  6. Black_ice_Spain

    Black_ice_Spain Ancient Guru

    Messages:
    4,583
    Likes Received:
    17
    GPU:
    5700XT
    They hacked computer systems randomly, end of the phrase.


    Public workers who didn't do their job (politicians included) and didn't provide a safe infrastructure prevented people suffering serious illness's including cancer from getting vital treatment.
     
  7. Ghosty

    Ghosty Ancient Guru

    Messages:
    6,197
    Likes Received:
    326
    GPU:
    AMD Radeon Graphics
    It only effected the clerical PC's at the hospitals. Even then it was limited to a around 40 or so.
     
  8. Turanis

    Turanis Ancient Guru

    Messages:
    1,779
    Likes Received:
    475
    GPU:
    Gigabyte RX500
    Windows 7 PCs infected by WannaCry ransomware can be unlocked without paying

    https://arstechnica.co.uk/security/2017/05/windows-7-2003-vista-wannacry-decryption/


    Wanakiwi can decrypt Windows 7 and 2003 PCs infected with Wanna Decryptor, and possibly Vista and Server 2008 machines too.


    Windows XP Users Can Remove WannaCry Infection Without Paying the $300 Ransom


    http://news.softpedia.com/news/wind...ection-without-paying-300-ransom-515852.shtml

    And thanks to new software developed by French researcher Adrien Guinet, Windows XP users whose computers were compromised by WannaCry can remove the infection without having to pay the $300 ransom.

    A tool that he posted on Github can search for the decryption key in the memory if the computer wasn’t rebooted after being infected, so if you already restarted the system and it then got locked down by WannaCrypt, this isn’t going to work.

    If the aforementioned condition is met, the app can recover the prime numbers of the RSA private key that are being used by WannaCry to encrypt your files.

    “It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory,” the researcher explains.
     
    Last edited: May 19, 2017
  9. Extraordinary

    Extraordinary Ancient Guru

    Messages:
    19,562
    Likes Received:
    1,629
    GPU:
    ROG Strix 1080 OC

    Good to see progress, but:

    As was the case with Wannakey, the recovery won't work if an infected computer has been restarted. And even when an infected PC has remained powered on, the decryptor may not work if the memory location that stored the key material has been overwritten. Wanakiwi has not yet been extensively tested on computers with x64 CPUs, so it's possible the tool doesn't work as reliably on that platform. Despite the limitations, wanakiwi represents a major breakthrough that could provide invaluable relief for tens of thousands of people around the world.


    So basically if you reboot and have a 64bit CPU, it probably won't work
     
    Last edited: May 19, 2017
  10. Ghosty

    Ghosty Ancient Guru

    Messages:
    6,197
    Likes Received:
    326
    GPU:
    AMD Radeon Graphics
    Most business pc's wont be 64bit or be rebooted very offen.
     

  11. Extraordinary

    Extraordinary Ancient Guru

    Messages:
    19,562
    Likes Received:
    1,629
    GPU:
    ROG Strix 1080 OC
    Maybe yea, it would take a super old CPU to not be x86_64 though, the article says just the CPU needs to be 64bit to cause the problem, not the OS
     
  12. Hootmon

    Hootmon Maha Guru

    Messages:
    1,232
    Likes Received:
    6
    GPU:
    XFX THICC III Ultra
    Ultimately, the lesson is, or should be, stay updated (Old OS's included) and stay patched., and don't share everything (as in Drive Shares).

    I work for a large organization. Limiting 'easy access' is key.
    If you 'need' admin access, then limit it to the necessary programs/keys/files. The days of 'complete access' for Admins has been over for a while now.

    Barring that, a good backup scheme will save your ass.
    Don't have one? Then you are an idiot. Sorry.

    You need a local Image backup for easy retrieval and something offsite for disaster recovery.
    Don't have one? Then you are an idiot. Sorry.
     
    Last edited: May 19, 2017
  13. Ghosty

    Ghosty Ancient Guru

    Messages:
    6,197
    Likes Received:
    326
    GPU:
    AMD Radeon Graphics
    Also, how many pc's have yet to be upgraded to Win 7 yet given the end of support? A low number I would asume. (Apart from 95% of China)
     
  14. yasamoka

    yasamoka Ancient Guru

    Messages:
    4,857
    Likes Received:
    246
    GPU:
    EVGA GTX 1080Ti SC
    https://en.wikipedia.org/wiki/Discrete_logarithm#Cryptography

    While you're at it, smartass, solve this mathematical problem too, the Discrete Logarithm Problem. Then we can crack public key encryption too. LOL

    You're disgracing yourself at this point. Just stop.
     
  15. Ghosty

    Ghosty Ancient Guru

    Messages:
    6,197
    Likes Received:
    326
    GPU:
    AMD Radeon Graphics
    It's very possible with quantum computers.
     

  16. Darkest

    Darkest Ancient Guru

    Messages:
    10,121
    Likes Received:
    100
    GPU:
    HD7950
    Well, that explains this misunderstanding.

    Stevevnicks is a time traveller and has a quantum computer running Linux.
     
  17. Ghosty

    Ghosty Ancient Guru

    Messages:
    6,197
    Likes Received:
    326
    GPU:
    AMD Radeon Graphics
    If he does I bet his uses Ubuntu. :)
     
  18. lucidus

    lucidus Ancient Guru

    Messages:
    11,836
    Likes Received:
    1,375
    GPU:
    .
    The only quantum I care about is nuka cola quantum!
     
  19. Turanis

    Turanis Ancient Guru

    Messages:
    1,779
    Likes Received:
    475
    GPU:
    Gigabyte RX500
    Looks like who design this ransomware was a noob and this time was not russians,chinese or nkoreans.
    The design was to target only Windows 7 and his fans,WinXp was a collateral victim.
    Who wanna destroy Windows 7 fanbase and who delay Windows 7 Updates? Who,Redmond,who?

    Windows 7 Users Hit the Hardest by WannaCry Ransomware.Around 98 percent of infected systems were running Windows 7

    Specifically, more than 60 percent of the computers that were compromised by WannaCry were running the 64-bit versions of Windows 7, while the 32-bit flavor of the operating system was the runner-up with nearly 32 percent.

    Ironically, Windows 7 was supposed to be secure against WannaCry, as Microsoft shipped patches to block the infection in March this year, and since it’s still supported, this OS version received them as well.
    http://news.softpedia.com/news/windows-7-users-hit-the-hardest-by-wannacry-ransomware-515887.shtml

    Windows XP Survived the WannaCry Fiasco Unexpectedly Well.Stats show Windows XP wasn’t the biggest victim of WannaCry

    Windows 7 was the biggest victim of the WannaCry outburst, with statistics provided by Kaspersky confirming that the operating system launched in 2009 accounted for nearly 98 percent of all infections.

    But there’s also another side of the story: Windows XP, which launched in 2001 and is considered super-vulnerable to hacker attacks, represented only a very small number of attacks, even though most people expected it to be the main target of the ransomware.

    “The Windows XP count is insignificant,” Costin Raiu, director of Global Research and Analysis Team at Kaspersky, explained, confirming that Windows 7 was the Windows version that was hit the hardest.
    http://news.softpedia.com/news/wind...annacry-fiasco-unexpectedly-well-515890.shtml

    Too bad for "russians" or "n-koreans",who design this ransomware,the Windows 7 still has life in it. :)
     
  20. vf

    vf Ancient Guru

    Messages:
    1,879
    Likes Received:
    109
    GPU:
    AMD Radeon™
    Noob? It was some damage that was done especially for the NHS.
     

Share This Page