Like Tree29Likes

ransomware attack?

Closed Thread
Page 4 of 5 FirstFirst 1 2 3 4 5 LastLast
  1. #31

    Join Date
    Oct 2015
    Posts
    121

    Wonder if there are any statistics for how many cases where the hackers did not keep their side of the bargain? (i.e. ransom paid but decryption not completed)


  2. #32

    Join Date
    Aug 2006
    Posts
    11,884
    Quote Originally Posted by dddc:
    Wonder if there are any statistics for how many cases where the hackers did not keep their side of the bargain? (i.e. ransom paid but decryption not completed)
    The answer to that is pretty obvious, surely.

  3. #33

    Windows 10 is very much affected. It needs to be patched.
    https://technet.microsoft.com/en-us/.../ms17-010.aspx


  4. #34

    Join Date
    Feb 2009
    Posts
    8,280
    Quote Originally Posted by flameproof:
    Side note: Windows 10 is not affected. It hits mainly older Windows version that don't have the latest patches.
    Windows 10 is affected without the March windows update. Many companies deploy updates via SCCM servers on their own schedule, rather than through MS windows update, and these companies may be fucked tomorrow.

  5. #35

    Join Date
    Feb 2009
    Posts
    8,280
    Quote Originally Posted by flameproof:
    If you believe you could be effected tomorrow I suggest you boot every single PC up, and down once. Each at a time, before you turn on all.

    Or at least switch the router off when you turn them on and wait a few Minutes.
    I am responsible for 600 machines in 9 offices. I believe we should be protected by Symantec endpoint protection and every machine should be up to date via SCCM. But I am worried if there are machines that for whatever reason do not have the SCCM agent or symantec installed. So what I have done is set up a GPO to block ports 445 and 139 which the ransomware uses to communicate. It may also impact netbios and smb but I'd prefer whatever side effects come from this rather than be hit with this ransonware.

    I've also reconfigured our firewalls to block all web based email in the offices, so basically all staff will not be able to check their personal outlook, gmail, yahoo, etc in the office tomorrow using their office machines. Probably I am going to get complaints but better to be safe rather than sorry and hopefully just for a few days and then I can return things back to normal.
    shri and rani like this.

  6. #36

    Join Date
    Dec 2002
    Location
    θ–„ζ‰Άζž—
    Posts
    47,970

  7. #37

    Join Date
    Oct 2015
    Posts
    121
    Quote Originally Posted by jgl:
    The answer to that is pretty obvious, surely.
    Doesn't seem so clear-cut actually. Seems that to encourage payment of future ransom the performance rate (ie keeping their side of the bargain) is quite high actually, although there have also been a small number of publicized cases where the files were not decrypted even after payment.

  8. #38

    Join Date
    Apr 2003
    Location
    Hong Kong
    Posts
    3,988
    Quote Originally Posted by East_coast:
    It always surprises me that HK immigration systems still run on windows XP an un-supported OS.
    according to the news, the were targeting/exploiting a bug in XP! The UK NHS suffered because many districts they still use XP.

  9. #39

    Join Date
    Feb 2009
    Posts
    8,280
    Quote Originally Posted by JAherbert:
    according to the news, the were targeting/exploiting a bug in XP! The UK NHS suffered because many districts they still use XP.
    No, they targeted/exploited a bug that existed in even the very latest version of Windows until March 2017 (2 months ago).

  10. #40

    Join Date
    Feb 2009
    Posts
    8,280
    Quote Originally Posted by dddc:
    Doesn't seem so clear-cut actually. Seems that to encourage payment of future ransom the performance rate (ie keeping their side of the bargain) is quite high actually, although there have also been a small number of publicized cases where the files were not decrypted even after payment.
    In the similar case I was involved in last year, the hacker did decrypt my files in the end but was slow to respond and then he upped the ransom and this resulted in almost a week of down time. The hacker called himself Diablo Diablo and I called myself Lion and every communication I had with him took about 24 hours to get a response and the reply was usually just one or two words. After I paid the initial 2 BTC ($1000), the tool they provided me generated 4 keys and I think they might have realised we are a company and then they replied "More money". I thought oh fuck these guys are scamming me and I dont even know they have the capability to decrypt even if they wanted to. But I was in a bad situation so I paid another 2 BTC (total 5) and then they decrypted my files.