Protect Against WannaCry
 

IN Case anyone unaware of it-:

The WannaCry ransomware, also known as Wanna Decryptor, leverages a Windows SMB exploit, dubbed EternalBlue, that allows a remote hacker to hijack computers running on unpatched Microsoft Windows operating system.
Once infected, WannaCry also scans for other unpatched PCs connected to the same local network, as well as scans random hosts on the wider Internet, to spread itself quickly.

What Has Happened So Far
Day 1: OutCry — WannaCry targeted over 90,000 computers in 99 countries.
Day 2: The Patch Day — A security researcher successfully found a way to slow down the infection rate, and meanwhile, Microsoft releases emergency patch updates for unsupported versions of Windows.
Day 3: New Variants Arrives — Just yesterday, some new variants of WannaCry, with and without a kill-switch, were detected in the wild would be difficult to stop for at least next few weeks.

Protecton Against it-:

1)Microsoft Issues WanaCrypt Patch for Windows 8, XP
2)Disable SMBv1 On Windows [7, 8 and 10]
Stay safe & cheerz :)

Hello,
These steps are against the exploit code not against the file cryptor it self or cryptocurrency mining malware (another malware using the same exploit code to infect vulnerable machines silently without any notification)...

I'll never understand for what hack is useful, there is nothing divine about it, quite human by the way. If I want money I work, work and work and probabily I'll die working, not stealing, this is a shame, like sell reversed softwares.

Appreciate your thought :)
Yup what will they get by doing such nasty things & hurting people like this!! As hospitals, banks etc got badly affected by this! :( Just harming the public...

Anyway heard that this could be possibly attack by North Korea!

Hi

As far as, i have studied -:
Adylkuzz, is a cryptocurrency miner that leverages MS17-010, also known as EternalBlue, to compromise machines. Adylkuzz attackers scan the internet for vulnerable machines to install their malware. Unlike WannaCry, Adylkuzz does not have the ability to self-propagate. It was WannaCry’s ability to self-replicate that meant it spread very quickly within organizations.

As cryptocurrency miner also uses EternalBlue exploit ,so disabling SMB(as mentioned above) should do the job :)

Also re-searched about recovering encrypted data by ransomware in SOME cases-:
Regards

here is a decryptor for the cryptor: https://github.com/gentilkiwi/wanadecrypt
but you need to give him the priv key :)

Full article here :
If you did not reboot your computer yet after your files got encrypted then you may have a chance (on Win XP and Win 7)...

Some good advice here.

Mainly "Defense Advice" part. There can to see what ports are vulnerable and can to block access via firewall.

As I saw here, they're still releasing patches for Windows 10, or even Windows server 2016:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
So we may immune to WannaCry, but not EternalBlue. Better update'em all.

are they still patching old good Win XP? :)

Best 3 rules to follow, even after patching and evrything :

1. Turn off all listening ports on your PC wherever possible.
2. Run at the lowest privilege level possible for accomplishing a particular task (ie. Don't run as administrator just because the PC belongs to you :) )
3. Don't click on or run unknown or untrusted files !

chuck this in a reg file for updates for xp until april 2019

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001

"Windows Embedded Standard 2009" gets updates until 2019.
"Windows XP embedded" (predecessor of "Windows Embedded Standard 2009") does not get updates any more.
"Windows XP" (desktop OS) does not get any updates, it's a different OS.

If updates don't exist you obviously can't get them no matter what registry keys you set.

well i get updates each month on my xp vm so... it works still :) POSReady is Point of Sale Ready, so this setting enables atm's that still have xp to update.. It's that simple.. It was to give them time to update.... google this stuff to confirm... :) So you can update "the desktop OS".. with a little more hardening it's great ;) Maybe try it first then say it doesn't work after...

Well... you both are correct in your context :)
@Kerlingen is correct in saying that Windows xp does not get any updates BUT Microsoft is continuing to support Windows Embedded Industry for another five years until April 2019...

@cybercoder is very much correct in saying that, one can get updates on xp by "tricking" XP by thinking its Windows Embedded POSReady means one can get updates for the next five years. :cool:

Also as these two systems are so interlinked so updates designed for one system should work on the other.

More can be read at - : #peace :)