No username? Register here.
Go Back   ZClub.net > General > Anything and everything
Click here for your insurance needs

Reply
 
Thread Tools Display Modes
  #1  
Old 13-05-2017, 01:39 AM
Paul_S's Avatar
Paul_S Paul_S is offline
Z Club member
Fourth gear
 
Join Date: Jan 2007
Location: Nr Ashford, Kent
Posts: 655
Member 408
WannaCry ransomware attack

This is a good time to check your backups and make sure your antivirus software is up to date.

BBC report on worldwide ransomware attack
__________________

Reply With Quote
  #2  
Old 13-05-2017, 08:00 PM
johnymd's Avatar
johnymd johnymd is offline
Z Club member
Sixth gear
 
Join Date: Jun 2003
Location: Benfleet, Essex
Posts: 5,034
Member 514
Just to add. Make sure you back drive is only connect while doing a backup or it will also become encrypted. Your antivirus software is totally ineffective again crypto malware. Had a few companies been hit already.
__________________
Drives:

'73 240z 1JZ-GTE. Was pretty quick. 11.10@132.5mph
'72 240z RHD (4BOA) Being painted Orange. Bodyshop.
'72 240z LHD Black. Sold.
'73 240z LHD Green. Sold.
'73 240z LHD White. Sold - Future race car.
'73 240z LHD Blue. Sold.
'73 260z LHD Orange. Sold to a good home.
'70 240z LHD Yellow. On route and cant wait.
Skyline R33 GTS - Gone
Skyline R34 GTR - Gone
Toyota Surf 3.0TD

Go to: www.240z.me.uk to checkout the cars.
Reply With Quote
  #3  
Old 13-05-2017, 09:20 PM
jonbills's Avatar
jonbills jonbills is offline
Impartial bystander
Fifth gear
 
Join Date: Sep 2005
Location: Harpole-cum-Salford
Posts: 1,990
Member 254
It's "only" ineffective until the antivirus software has got a copy of the malware's signature.
Mine's had protection since 5.30 yesterday, so that's alright then!
https://community.sophos.com/kb/en-us/126733
__________________
1974 260z
Reply With Quote
  #4  
Old 13-05-2017, 09:48 PM
johnymd's Avatar
johnymd johnymd is offline
Z Club member
Sixth gear
 
Join Date: Jun 2003
Location: Benfleet, Essex
Posts: 5,034
Member 514
Most antivirus software will find it after the event but the malware will usually disable the antivirus first.
__________________
Drives:

'73 240z 1JZ-GTE. Was pretty quick. 11.10@132.5mph
'72 240z RHD (4BOA) Being painted Orange. Bodyshop.
'72 240z LHD Black. Sold.
'73 240z LHD Green. Sold.
'73 240z LHD White. Sold - Future race car.
'73 240z LHD Blue. Sold.
'73 260z LHD Orange. Sold to a good home.
'70 240z LHD Yellow. On route and cant wait.
Skyline R33 GTS - Gone
Skyline R34 GTR - Gone
Toyota Surf 3.0TD

Go to: www.240z.me.uk to checkout the cars.
Reply With Quote
  #5  
Old 13-05-2017, 10:02 PM
jonbills's Avatar
jonbills jonbills is offline
Impartial bystander
Fifth gear
 
Join Date: Sep 2005
Location: Harpole-cum-Salford
Posts: 1,990
Member 254
No, it's just software, the same as everything. It'll be scanned before its loaded and if it matches a known signature it won't be run.
__________________
1974 260z
Reply With Quote
  #6  
Old 14-05-2017, 11:09 AM
johnymd's Avatar
johnymd johnymd is offline
Z Club member
Sixth gear
 
Join Date: Jun 2003
Location: Benfleet, Essex
Posts: 5,034
Member 514
The majority of these attacks are through an RDP connection or external access through a security volnerability. They do also come in via email attachments but these are mostly stopped by your AV software as you say. The attacks you see in the press at the moment are mostly through remote access to the servers that hold the data and well protected with the latest virus definitions but as I say, they are ineffective against this type of attack.
__________________
Drives:

'73 240z 1JZ-GTE. Was pretty quick. 11.10@132.5mph
'72 240z RHD (4BOA) Being painted Orange. Bodyshop.
'72 240z LHD Black. Sold.
'73 240z LHD Green. Sold.
'73 240z LHD White. Sold - Future race car.
'73 240z LHD Blue. Sold.
'73 260z LHD Orange. Sold to a good home.
'70 240z LHD Yellow. On route and cant wait.
Skyline R33 GTS - Gone
Skyline R34 GTR - Gone
Toyota Surf 3.0TD

Go to: www.240z.me.uk to checkout the cars.
Reply With Quote
  #7  
Old 14-05-2017, 11:37 AM
Rob Gaskin's Avatar
Rob Gaskin Rob Gaskin is offline
Membership Secretary
Sixth gear
 
Join Date: Dec 2002
Location: Hinckley
Posts: 9,963
Member 214
Right, I'm running Windows 7 and using McAfee, how vulnerable am I?

What about my Android devices (Samsung)?

I am out of my depth with this stuff as you will have realised.
__________________
240Z '71 Built and Modified by DJR
Reply With Quote
  #8  
Old 14-05-2017, 11:59 AM
STEVE BURNS's Avatar
STEVE BURNS STEVE BURNS is offline
I loved my 280ZX
Sixth gear
 
Join Date: Jan 2002
Location: Greenford, Middlesex
Posts: 10,245
Member 6
Quote:
Originally Posted by Rob Gaskin View Post
Right, I'm running Windows 7 and using McAfee, how vulnerable am I?

What about my Android devices (Samsung)?

I am out of my depth with this stuff as you will have realised.
Me too Rob you are not alone
Only difference with me is I am Running Windows 10 and using McAfee and also have Tablet as well
Maybe need a guide line in idiot talk from someone on what to check
__________________
Z Club # 6,
300zx-club.com #16,
300zx.co.uk #96,
350ZUK #151,
350Z-UK #79,
IZCC #2872
Reply With Quote
  #9  
Old 14-05-2017, 12:02 PM
jonbills's Avatar
jonbills jonbills is offline
Impartial bystander
Fifth gear
 
Join Date: Sep 2005
Location: Harpole-cum-Salford
Posts: 1,990
Member 254
If you have autoupdate on Rob, and up to date antivirus, you're not vulnerable to this one. It's windows only so other devices not vulnerable to this.
However there are always more. Don't click on things in email or websites that you're not very sure of.

John, it's SMB not RDP. SMB is a LAN filesharing protocol, on by default in Windows. The windows implementation had a vulnerability that allows code running on a primary machine running smb to pass itself to another machine via smb, and for the code to then run on the other machine as part of the trusted smb server.
Microsoft patched it back in march, but not XP of course.

What this means is that it has two means of propagating: 1) through email / weblinks, which I've been referring to and 2) machine to machine in a LAN/intranet through the SMB server running by default on all windows in, that is much harder for AV to detect.
This propagation mode is why it was so effective in the NHS. They have large LANs running SMB with unpatched (xp, and prob others) windows.

The actual file encryption /ransomming is standard stuff. The smb propagation was the clever bit.
__________________
1974 260z
Reply With Quote
  #10  
Old 14-05-2017, 12:32 PM
johnymd's Avatar
johnymd johnymd is offline
Z Club member
Sixth gear
 
Join Date: Jun 2003
Location: Benfleet, Essex
Posts: 5,034
Member 514
On the 2 servers I have witnessed this ransomeware they were both accessed through the Internet via a domain admin account with low password security. Access to both companies 2012r2 servers was through an RDP connection. Both servers were up to date with security updates and had Eset server file security installed. None of the pc's or other servers on the networks were effected (other than losing access to server data and exchange emails) and the antivirus software removed the virus after all the files on the servers were encrypted. Both attacks were from the wallet virus. One was quite a few months ago and the other at the beginning of last month. These may differ from the current round of attacks.
__________________
Drives:

'73 240z 1JZ-GTE. Was pretty quick. 11.10@132.5mph
'72 240z RHD (4BOA) Being painted Orange. Bodyshop.
'72 240z LHD Black. Sold.
'73 240z LHD Green. Sold.
'73 240z LHD White. Sold - Future race car.
'73 240z LHD Blue. Sold.
'73 260z LHD Orange. Sold to a good home.
'70 240z LHD Yellow. On route and cant wait.
Skyline R33 GTS - Gone
Skyline R34 GTR - Gone
Toyota Surf 3.0TD

Go to: www.240z.me.uk to checkout the cars.
Reply With Quote
  #11  
Old 14-05-2017, 12:45 PM
Paul_S's Avatar
Paul_S Paul_S is offline
Z Club member
Fourth gear
 
Join Date: Jan 2007
Location: Nr Ashford, Kent
Posts: 655
Member 408
Microsoft have actually been good enough to release a patch for XP and other unsupported Operating Systems --> http://www.catalog.update.microsoft....px?q=KB4012598

Fair play to them for that
__________________

Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 10:20 AM.

The Future Is Bright... The Future Is ZClub!

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright ZClub.net, All Rights Reserved.