EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-16-2017, 01:53
abhi93696 abhi93696 is online now
Friend
 
Join Date: Mar 2017
Location: India
Posts: 40
Rept. Given: 0
Rept. Rcvd 9 Times in 2 Posts
Thanks Given: 75
Thanks Rcvd at 53 Times in 23 Posts
abhi93696 Reputation: 9
Protect Against WannaCry

IN Case anyone unaware of it-:

The WannaCry ransomware, also known as Wanna Decryptor, leverages a Windows SMB exploit, dubbed EternalBlue, that allows a remote hacker to hijack computers running on unpatched Microsoft Windows operating system.
Once infected, WannaCry also scans for other unpatched PCs connected to the same local network, as well as scans random hosts on the wider Internet, to spread itself quickly.

What Has Happened So Far
Day 1: OutCry — WannaCry targeted over 90,000 computers in 99 countries.
Day 2: The Patch Day — A security researcher successfully found a way to slow down the infection rate, and meanwhile, Microsoft releases emergency patch updates for unsupported versions of Windows.
Day 3: New Variants Arrives — Just yesterday, some new variants of WannaCry, with and without a kill-switch, were detected in the wild would be difficult to stop for at least next few weeks.

Protecton Against it-:


1)Microsoft Issues WanaCrypt Patch for Windows 8, XP
2)Disable SMBv1 On Windows [7, 8 and 10]
Quote:
If you are using Windows 10, you are on the safe side."The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack," Microsoft says.
Stay safe & cheerz
Reply With Quote
The Following 4 Users Say Thank You to abhi93696 For This Useful Post:
b30wulf (05-16-2017), heXer (05-17-2017), ontryit (05-18-2017), wilson bibe (05-16-2017)
  #2  
Old 05-17-2017, 22:05
Insid3Code's Avatar
Insid3Code Insid3Code is offline
Family
 
Join Date: May 2013
Location: Antartica
Posts: 71
Rept. Given: 36
Rept. Rcvd 60 Times in 30 Posts
Thanks Given: 11
Thanks Rcvd at 45 Times in 21 Posts
Insid3Code Reputation: 60
Hello,
These steps are against the exploit code not against the file cryptor it self or cryptocurrency mining malware (another malware using the same exploit code to infect vulnerable machines silently without any notification)...
__________________
Computer Forensics
Reply With Quote
  #3  
Old 05-17-2017, 23:39
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 384
Rept. Given: 456
Rept. Rcvd 435 Times in 177 Posts
Thanks Given: 112
Thanks Rcvd at 58 Times in 35 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
I'll never understand for what hack is useful, there is nothing divine about it, quite human by the way. If I want money I work, work and work and probabily I'll die working, not stealing, this is a shame, like sell reversed softwares.
Reply With Quote
The Following 4 Users Say Thank You to wilson bibe For This Useful Post:
abhi93696 (05-18-2017), ontryit (05-18-2017), TechLord (05-18-2017), tonyweb (05-18-2017)
  #4  
Old 05-18-2017, 01:28
abhi93696 abhi93696 is online now
Friend
 
Join Date: Mar 2017
Location: India
Posts: 40
Rept. Given: 0
Rept. Rcvd 9 Times in 2 Posts
Thanks Given: 75
Thanks Rcvd at 53 Times in 23 Posts
abhi93696 Reputation: 9
Quote:
Originally Posted by wilson bibe View Post
I'll never understand for what hack is useful, there is nothing divine about it, quite human by the way. If I want money I work, work and work and probabily I'll die working, not stealing, this is a shame, like sell reversed softwares.
Appreciate your thought
Yup what will they get by doing such nasty things & hurting people like this!! As hospitals, banks etc got badly affected by this! Just harming the public...

Anyway heard that this could be possibly attack by North Korea!
Reply With Quote
  #5  
Old 05-18-2017, 22:52
abhi93696 abhi93696 is online now
Friend
 
Join Date: Mar 2017
Location: India
Posts: 40
Rept. Given: 0
Rept. Rcvd 9 Times in 2 Posts
Thanks Given: 75
Thanks Rcvd at 53 Times in 23 Posts
abhi93696 Reputation: 9
Quote:
Originally Posted by Insid3Code View Post
Hello,
These steps are against the exploit code not against the file cryptor it self or cryptocurrency mining malware (another malware using the same exploit code to infect vulnerable machines silently without any notification)...
Hi

As far as, i have studied -:
Adylkuzz, is a cryptocurrency miner that leverages MS17-010, also known as EternalBlue, to compromise machines. Adylkuzz attackers scan the internet for vulnerable machines to install their malware. Unlike WannaCry, Adylkuzz does not have the ability to self-propagate. It was WannaCry’s ability to self-replicate that meant it spread very quickly within organizations.

As cryptocurrency miner also uses EternalBlue exploit ,so disabling SMB(as mentioned above) should do the job

Also re-searched about recovering encrypted data by ransomware in SOME cases-:
Regards
Reply With Quote
  #6  
Old 05-19-2017, 05:58
JMP-JECXZ JMP-JECXZ is offline
Friend
 
Join Date: Mar 2017
Posts: 3
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 0 Times in 0 Posts
JMP-JECXZ Reputation: 0
here is a decryptor for the cryptor: https://github.com/gentilkiwi/wanadecrypt
but you need to give him the priv key
Reply With Quote
  #7  
Old 05-19-2017, 16:33
TechLord TechLord is offline
VIP
 
Join Date: Mar 2005
Location: PlanetTech
Posts: 438
Rept. Given: 363
Rept. Rcvd 174 Times in 75 Posts
Thanks Given: 470
Thanks Rcvd at 867 Times in 217 Posts
TechLord Reputation: 100-199 TechLord Reputation: 100-199
Full article here :
Quote:
https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d
If you did not reboot your computer yet after your files got encrypted then you may have a chance (on Win XP and Win 7)...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 04:22.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX