|
#1
|
|||
|
|||
Protect Against WannaCry
IN Case anyone unaware of it-:
The WannaCry ransomware, also known as Wanna Decryptor, leverages a Windows SMB exploit, dubbed EternalBlue, that allows a remote hacker to hijack computers running on unpatched Microsoft Windows operating system. Once infected, WannaCry also scans for other unpatched PCs connected to the same local network, as well as scans random hosts on the wider Internet, to spread itself quickly. What Has Happened So Far Day 1: OutCry — WannaCry targeted over 90,000 computers in 99 countries. Day 2: The Patch Day — A security researcher successfully found a way to slow down the infection rate, and meanwhile, Microsoft releases emergency patch updates for unsupported versions of Windows. Day 3: New Variants Arrives — Just yesterday, some new variants of WannaCry, with and without a kill-switch, were detected in the wild would be difficult to stop for at least next few weeks. Protecton Against it-: 1)Microsoft Issues WanaCrypt Patch for Windows 8, XP 2)Disable SMBv1 On Windows [7, 8 and 10] Quote:
|
The Following 5 Users Say Thank You to abhi93696 For This Useful Post: | ||
b30wulf (05-16-2017), heXer (05-17-2017), Indigo (07-19-2019), ontryit (05-18-2017), wilson bibe (05-16-2017) |
#2
|
||||
|
||||
Hello,
These steps are against the exploit code not against the file cryptor it self or cryptocurrency mining malware (another malware using the same exploit code to infect vulnerable machines silently without any notification)...
__________________
Computer Forensics |
The Following User Says Thank You to Insid3Code For This Useful Post: | ||
Indigo (07-19-2019) |
#3
|
|||
|
|||
I'll never understand for what hack is useful, there is nothing divine about it, quite human by the way. If I want money I work, work and work and probabily I'll die working, not stealing, this is a shame, like sell reversed softwares.
|
#4
|
|||
|
|||
Quote:
Yup what will they get by doing such nasty things & hurting people like this!! As hospitals, banks etc got badly affected by this! Just harming the public... Anyway heard that this could be possibly attack by North Korea! |
The Following User Says Thank You to abhi93696 For This Useful Post: | ||
Indigo (07-19-2019) |
#5
|
|||
|
|||
Quote:
As far as, i have studied -: Adylkuzz, is a cryptocurrency miner that leverages MS17-010, also known as EternalBlue, to compromise machines. Adylkuzz attackers scan the internet for vulnerable machines to install their malware. Unlike WannaCry, Adylkuzz does not have the ability to self-propagate. It was WannaCry’s ability to self-replicate that meant it spread very quickly within organizations. As cryptocurrency miner also uses EternalBlue exploit ,so disabling SMB(as mentioned above) should do the job Also re-searched about recovering encrypted data by ransomware in SOME cases-: Regards |
The Following User Says Thank You to abhi93696 For This Useful Post: | ||
Indigo (07-19-2019) |
#6
|
|||
|
|||
here is a decryptor for the cryptor: https://github.com/gentilkiwi/wanadecrypt
but you need to give him the priv key |
The Following User Says Thank You to JMP-JECXZ For This Useful Post: | ||
Indigo (07-19-2019) |
#7
|
|||
|
|||
Full article here :
Quote:
|
The Following User Says Thank You to TechLord For This Useful Post: | ||
Indigo (07-19-2019) |
#8
|
|||
|
|||
Some good advice here.
Mainly "Defense Advice" part. There can to see what ports are vulnerable and can to block access via firewall. |
The Following User Says Thank You to uranus64 For This Useful Post: | ||
Indigo (07-19-2019) |
#9
|
|||
|
|||
As I saw here, they're still releasing patches for Windows 10, or even Windows server 2016:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx So we may immune to WannaCry, but not EternalBlue. Better update'em all.
__________________
My Personal Blog:http://ltops9.wordpress.com |
The Following User Says Thank You to Levis For This Useful Post: | ||
Indigo (07-19-2019) |
#10
|
|||
|
|||
Quote:
1. Turn off all listening ports on your PC wherever possible. 2. Run at the lowest privilege level possible for accomplishing a particular task (ie. Don't run as administrator just because the PC belongs to you ) 3. Don't click on or run unknown or untrusted files ! |
The Following User Says Thank You to TechLord For This Useful Post: | ||
Indigo (07-19-2019) |
#12
|
|||
|
|||
chuck this in a reg file for updates for xp until april 2019
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] "Installed"=dword:00000001 |
The Following 3 Users Say Thank You to cybercoder For This Useful Post: | ||
#13
|
|||
|
|||
"Windows Embedded Standard 2009" gets updates until 2019.
"Windows XP embedded" (predecessor of "Windows Embedded Standard 2009") does not get updates any more. "Windows XP" (desktop OS) does not get any updates, it's a different OS. If updates don't exist you obviously can't get them no matter what registry keys you set. |
The Following User Says Thank You to Kerlingen For This Useful Post: | ||
Indigo (07-19-2019) |
#14
|
|||
|
|||
well i get updates each month on my xp vm so... it works still POSReady is Point of Sale Ready, so this setting enables atm's that still have xp to update.. It's that simple.. It was to give them time to update.... google this stuff to confirm... So you can update "the desktop OS".. with a little more hardening it's great Maybe try it first then say it doesn't work after...
Last edited by cybercoder; 06-10-2017 at 00:56. |
The Following User Says Thank You to cybercoder For This Useful Post: | ||
Indigo (07-19-2019) |
#15
|
|||
|
|||
Well... you both are correct in your context
@Kerlingen is correct in saying that Windows xp does not get any updates BUT Microsoft is continuing to support Windows Embedded Industry for another five years until April 2019... @cybercoder is very much correct in saying that, one can get updates on xp by "tricking" XP by thinking its Windows Embedded POSReady means one can get updates for the next five years. Also as these two systems are so interlinked so updates designed for one system should work on the other. More can be read at - : #peace |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Visual Protect | Spotted Horse | General Discussion | 10 | 09-17-2004 14:58 |