'Accidental hero' halts ransomware attack and warns: this is not over

The Guardian ^ | May 13, 2017 | Nadia Khomami and Olivia Solon

[Leaning Right]

The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.

*snip*

...the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.

[TexasFreeper2009]

why cant the police just arrest the people who’s account or address the ransom money is being sent too.

Seems like it would be fairly easy to catch them.

[ratzoe]

..why would anyone click on the attachment?

Maybe you didn't notice but there are, at least, 65,844,954 stupid people in this country alone.

[Bob434]

If it’s dangerous, I’ll contact them too- the reason for posting it was to ask if there’s a way I can find out if it’s a bad site or not- The fella in previous post stated they got similar one from their brother-

I’ not sure how ot check a link like that other than hte general link checkers- do you know of a way to check it safely?

We use linux, so we’re probably ok- but if the link is not good, I’ll need to contact my friend to let them know they have been hacked

[zeestephen]

Re: “I ran it through link checkers- and nothign showed up suspicious”

Except...

The Russian email address!

[zeestephen]

Re: “why cant the police just arrest the people who’s account or address the ransom money is being sent too.”

Because Bitcoin accounts are anonymous - similar to a numbered Swiss bank account, but Swiss accounts no longer exist, because Swiss banks got hit with huge lawsuits for abetting tax fraud.

[Bob434]

well yes, i know it’s russian- but again- none of the link scanners show any suspicious activity at the link- that’s why i was asking if there was a way to verify if it’s not an infected site- or phishing site or whatever-

I’ve run it through link scanner, nortons, macafee safesite- and several others-

Yup- it’s a russian site- but nothing is showing up as phishing or virus- I woudl like to know if there’s a way to be sure- so i can contact my friend to assure them or warn them one way or the other-

[LostInBayport]

Thank you for that. I checked and I updated GWX and am now in the process of downloading some Windows updates (I hadn’t updated since early last year).

[Flying Circus]

We have auto updates turned off much of the time because we use satellite internet and M$ would eat up all our data during prime hours without giving options to schedule updates during our virtually unlimited off hour data. I don’t understand why users are not given options to schedule updates without jumping through hoops with complex scripting.

[Bob434]

That was pretty nasty of you- There was no need for a post like that- I explained why i posted what i did- I was hoping someone would know how to check it for safety- your post was uncalled for

[bert]

I was uncomfortable with Windows 10 until I needed to update Office. I now run Office 365 business with Outlook and One Drive

The entire microsoft suite is geared toward operation in and out of the cloud on multiple devices. The reason for Windows 10 in my view is the cloud. If you live at home alone perhaps the older windows versions are ok. But if you venture out Windows 10 et al will be good friends

Regarding outlook business, I originally got Office 365 home inadvertently. I learned that to synch my calendar and contacts with my other laptop and I phone and Kindle, I needed Office 365 Business. I have everything that is office on all devices pretty much at once, everywhere there is a wireless collection.

When viewing the big, perhaps cinemascope picture, Windows 10 is actually very good.

[reformedliberal]

I had a ransomware attack about a year ago. It came from clicking on an insanely cute ad for animal pics. Now, I never click on *sponsored* links. I use AdBlockPlus and don’t see the ads.

I paid via credit card. When the bill came, the vendor was in China. I contested the payment, told them what had happened and that I was the victim of a cybermugging. They reversed the charges.

I added MalwareBytes after my husband cleaned my entire system and reinstalled everything. After this, I kept receiving “tech support” phone calls and emails, I guess so they could recoup their losses. I don’t answer or if I do, hang up when I identify them (by the Indian accents). I delete all spam without even looking at it.

A friend got ransomware literally out of nowhere. She had a browser window open, was in the work area of her office computer and out of nowhere, the thing froze, alarms, etc. She unplugged and took it in for repair. Most of her files were not recoverable.

These things lurk all over the Internet.

[caww]

Well I ran it today.

I think that Microsoft doesn’t ‘automatically update’....you have to check for updates.

[Mad Dawgg]

The list has been invoked, Disaster imminent?

For when the INTERNET goes down and quits working completely (Sorta like Congress only funner)

I've created a FRee Republic Emergency Ping list (as suggested by mitch5501 ) called:

The "The INTERNET isn't working" ping list:

IF you would like "ON' or "OFF the list FReep Mail me OR ping me in a thread with your request. This will not be a High Volume Ping list (Well at least we hope the INTERNET doesn't quit working frequently)

"So let it be written. So let it be done."

The List: mitch5501; Rocky; Pajamajan; Mad Dawgg; hoosiermama; SE Mom; null and void; BenLurkin; bigheadfred; redhead; berdie; Old Sarge; wyokostur; GeronL; TheOldLady; ducttape45; Gefn; IYellAtMyTV; Redcitizen; LonePalm; garandgal; Fiddlstix; bt_dooftlook; liberalh8ter; Mercier; Truth29; PA Engineer; citizen; bleach; Greetings_Puny_Humans; TangoLimaSierra; Chickensoup; rexiesmom; FourtySeven; RinaseaofDs; RikaStrom; ozarkgirl; Grimmy; Jet Jaguar; silverleaf; tcrlaf; Red Badger; mumblypeg; LadyBuck; Bookwoman; RinaseaofDs; aragorn; LucyT; sportutegrl

[caww]

Well I have Norton’s Full House and so far nothing ever got through.....

[LostInBayport]

Please add me to your ping list, Mr. Dawgg!

[glasseye]

I think Microsoft did this.
Makes the Vista-XP users upgrade.
Microsoft is the big winner here...

[rarestia]

MS17-010 patches a flaw in the SMB protocol that allows it to be utilized to spread an infection faster. With the vulnerability present, an attack can spread very quickly across a network. With the protocol patched, the attack would be localized to a machine. Couple that with SMB1.0 being enabled on most Windows machine, and an attack can be devastating.

I’m not sure in what world you live where ransomware programs don’t need privileged access, but that’s exactly how they’re initiated. A seemingly innocuous file is executed in a Windows environment, and yes, if you’re a local administrator on your system, you elevate that program to allow it to run. If, however, you follow best practices and turn UAC to max and set yourself with a non-administrative user to do common tasks, that infection isn’t going to be able to execute without you typing in the administrator password at least once.

Microsoft systems are not inherently insecure. The user makes it so. That’s not to say that Microsoft couldn’t do better to inform users that they should run everything with a standard user account, but less than 5 minutes of searching the Internet yields dozens of sites with walkthroughs on how to do exactly that. Yes, Apple devices do that from the get go, and if you have the patience for Linux, you learn quickly that elevating with sudo is the only way to get anything done. Microsoft operating environments can be run the exact same way and are just as secure as anything Apple or Linux has out there.

And while I know I’m not going to convince you on anything, your rambling screed indicates your absolute disgust with Microsoft as an entity, I will say that I’ve been using Microsoft operating systems for over 20 years and have never once had a virus infect my system. The bulk of that 20 years went without antivirus protection as well. Your ire is misdirected at the operating system when in reality it’s the user base that’s the problem in a majority of cases.

[Grimmy]

If the internet does go down, I won’t be able to troll leftists and French people.

I’ll probably die of a toxic buildup of unvented spleen.

[Kirkwood]

Microsoft still updates the XP, Vista, and Win7 users who have paid for support, which is essentially the Enterprise versions still used on commercial systems. In theory they could still update the regular user systems, but that doesn’t make money when they are trying to sell new operating systems and software that only runs on the newest OS.

Keep Java disabled from the control panel menu and your chances for being locked by ransomware goes down to virtually zero.