Reply to this topicStart new topic
> Ransomware Virus Hits 75000 Windows Computers
Todd Simpson
post May 13 2017, 09:05 PM
Post #1


GMC:er
Group Icon

Group: GMC Instructor
Posts: 14.853
Joined: 23-December 09
From: Atlanta, Georgia, USA
Member No.: 8.794



There is a ransomware malware attack going around that has infected about 75,000 windows computers all over the world. It requires 300 dollars if you want your computer unlocked or it destroys your data. Here is a link to info about it from symatec. GOOD NEWS: If you have a MACINTOSH, you are in NO DANGER at all. This only impacts windows machines, as do sooooo many malware attacks. There are just wads and wads of openings in windows. If you do run a windows machine, just run the updater and it will patch the security for now so that you don't get hit with this in the event somebody else tries to use it again.
https://www.symantec.com/connect/blogs/what...acry-ransomware

I made the switch to macs years ago, despite the many issues I have with Apple and with their product line in general, I've stayed a "Mac Guy" mostly for using LOGIC PRO (my fave daw). The side benefit is that I keep hearing about all these windows exploits that don't impact linux and mac folks typically. though there are some. It's just way more rare. Macs are CRAZY pricey to be sure. Also, the new macs are a pinch crap IMHO compared to machines made just a few years ago. if you are thinking about getting a mac, I'd say get a laptop made between 2013 and 2016. This seems to be the sweet spot in terms of price and they are about as fast as the laptops they make today. Also, the Macbook pro is a standard bit of kit in the music world for a reason. It always works, packs plenty of power for it's size, not prone to attack, runs logic, and will show up in nearly every pro studio you walk in to. I think they should be paying me for all this promo smile.gif Along with IBANEZ!!!!

One thing to note, apple just "OBSOLETED" (meaning the machines won't take OS updates) a wad of machines. Mostly 2011 and before. So I'm selling my two 2011 Macbook pros and keeping my one 2012. I'll be buying a newer (2013 probably) macbook pro with the proceeds. I don't buy desktop machines anymore. Laptops are quad core monsters, even from half a decade ago. Put in an SSD drive and a 5 year old macbook can do anything, with zero lag. Anyhoo, used macbooks are a good way to go for music bits. Save yourself the money from buying a new one and get another guitar smile.gif
Todd

My setup has actually gotten more simple over time. One laptop, one HD monitor instead of computer monitor, KRK speakers, 11 rack. HD tv is just for home use. The laptop and 11 rack are the core of the rig and they are easily portable. Attached Image

This post has been edited by Todd Simpson: May 13 2017, 09:08 PM


--------------------
Go to the top of the page
 
+Quote Post
Crappylicks
post May 16 2017, 10:15 PM
Post #2


Learning Roadie
*

Group: Members
Posts: 19
Joined: 16-October 16
From: New York, NY
Member No.: 22.135




Disable SMB1
Win Server 2003 and XP remain vulnerable.
Thanks
Go to the top of the page
 
+Quote Post
Todd Simpson
post May 16 2017, 11:09 PM
Post #3


GMC:er
Group Icon

Group: GMC Instructor
Posts: 14.853
Joined: 23-December 09
From: Atlanta, Georgia, USA
Member No.: 8.794



If you are running Windows XP it's time for an upgrade folks!!

Todd

QUOTE (Crappylicks @ May 16 2017, 05:15 PM) *
Disable SMB1
Win Server 2003 and XP remain vulnerable.
Thanks



--------------------
Go to the top of the page
 
+Quote Post
Rammikin
post May 16 2017, 11:26 PM
Post #4


Experienced Rock Star
*

Group: Members
Posts: 870
Joined: 4-November 10
Member No.: 11.529



Microsoft issued patches for XP and Server 2003 on friday.


--------------------
Go to the top of the page
 
+Quote Post
Crappylicks
post May 16 2017, 11:34 PM
Post #5


Learning Roadie
*

Group: Members
Posts: 19
Joined: 16-October 16
From: New York, NY
Member No.: 22.135



For PC reasons only (see what I did there?)

Time to trade in the XP, 2003 computers and possibly the TV/VCR combo.

:Hiding my BetaMax:
Go to the top of the page
 
+Quote Post
Rammikin
post May 16 2017, 11:40 PM
Post #6


Experienced Rock Star
*

Group: Members
Posts: 870
Joined: 4-November 10
Member No.: 11.529



That's good advice of course. But....there's a reason why this attack has a distinctive pattern when you look at the countries that are hardest hit. These are mostly machines running pirated copies of Windows. The owners of these machines are not in a position to upgrade to a newer version of windows.


--------------------
Go to the top of the page
 
+Quote Post
Todd Simpson
post May 17 2017, 12:28 AM
Post #7


GMC:er
Group Icon

Group: GMC Instructor
Posts: 14.853
Joined: 23-December 09
From: Atlanta, Georgia, USA
Member No.: 8.794



Very true! The big chunks of Asia and such that are running govt machines and such are going to have to patch. I was making the comment for any GMCers that may be using XP. Patch it quick! or better yet, as was mentioned, scrap it (you can keep your vcr, I still have mine) and get a new copy of windows. Or better yet, get a Mac smile.gif

But the libraries, Hospitals, Govt buildings and server rooms running the old software, they are just in a pickle. Best case, they can patch it, if they have the I.T. folks. If not, lots of machines are still on the hook.

The worst part for me is that our very own Govt/NSA/CIA worked with Microsoft to create these security holes so that they could break in to any computer at any time, including computers on American soil, being owned and run by law abiding Americans. Just irks me. There are probably similar security holes in the newest versions of windows as well. It's just that the hackers have not leaked them yet.

Todd




[
quote name='Rammikin' date='May 16 2017, 06:40 PM' post='747974']
That's good advice of course. But....there's a reason why this attack has a distinctive pattern when you look at the countries that are hardest hit. These are mostly machines running pirated copies of Windows. The owners of these machines are not in a position to upgrade to a newer version of windows.
[/quote]


--------------------
Go to the top of the page
 
+Quote Post
Rammikin
post May 17 2017, 01:02 AM
Post #8


Experienced Rock Star
*

Group: Members
Posts: 870
Joined: 4-November 10
Member No.: 11.529



QUOTE (Todd Simpson @ May 16 2017, 11:28 PM) *
The worst part for me is that our very own Govt/NSA/CIA worked with Microsoft to create these security holes so that they could break in to any computer at any time, including computers on American soil, being owned and run by law abiding Americans.


Anything's possible. But, as unsubstantiated conspiracy theories go, that one is extremely unlikely. The NSA definitely was hoarding zero-day exploits, and Microsoft criticized the NSA for that last week. However, the idea that Microsoft was involved in intentionally creating the vulnerabilities is pretty hard to believe. Such a plan would have required a large number of people who no longer work for Microsoft to remain quiet about this for the past 15 years. And the fact that Microsoft issued a patch for this months ago also seems to prove your conspiracy theory wrong.


--------------------
Go to the top of the page
 
+Quote Post
Todd Simpson
post May 17 2017, 07:02 AM
Post #9


GMC:er
Group Icon

Group: GMC Instructor
Posts: 14.853
Joined: 23-December 09
From: Atlanta, Georgia, USA
Member No.: 8.794



That one is not actually an unsubstantiated conspiracy theory. It's the sad truth.

" It's understood the software nasty is wielding the leaked NSA cyber-weapon EternalBlue, which attacks SMB file-sharing services. "[The] infection vector is unknown but suspect internet facing machines are spreading infections exploiting a Samba vulnerabilities, MS17-010 and CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148," a source told El Reg. MS17-010 is the SMB vulnerability exploited by EternalBlue."

https://www.theregister.co.uk/2017/05/12/sp...mware_outbreak/

I somehow thought this was common knowledge by now. But even so, if it's not it should be wink.gif Yeah, it's NSA cyberweapon that was built to take advantage of known vulnerability holes in windows. This was meant to stay secret between Microsoft and the govt. but hackers leaked it. So there's that. It's a matter of historical record at this point. A quick google search from your news outlet of choice will bring up the same thing.


Here was the actual Headline, it included the mention of NSA @ the register.

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

http://www.theregister.co.uk/2017/05/13/wa...ansomware_worm/

The Register is a respected tech site in the UK and U.S. But the same news is available from mainstream outlets as well.

Here is CNN talking about the danger of state sponsored exploitation of operating system vulnerabilities in relation to this particular malware.
http://www.cnn.com/2017/05/14/opinions/wan...bility-urbelis/

So yeah, it's been all over the news that the govt had their hand in the pie. I'm surprised you hadn't heard? More surprised that you didn't google it before accusing me of posting "unsubstantiated conspiracy theories". I"m not prone to that. I tend to check various news outlets and get facts straight before I go throwing things like this around. I do take offense at such accusations, but I try not to.

Todd



QUOTE (Rammikin @ May 16 2017, 08:02 PM) *
Anything's possible. But, as unsubstantiated conspiracy theories go, that one is extremely unlikely. The NSA definitely was hoarding zero-day exploits, and Microsoft criticized the NSA for that last week. However, the idea that Microsoft was involved in intentionally creating the vulnerabilities is pretty hard to believe. Such a plan would have required a large number of people who no longer work for Microsoft to remain quiet about this for the past 15 years. And the fact that Microsoft issued a patch for this months ago also seems to prove your conspiracy theory wrong.


This post has been edited by Todd Simpson: May 17 2017, 07:38 AM


--------------------
Go to the top of the page
 
+Quote Post
Rammikin
post May 17 2017, 11:26 AM
Post #10


Experienced Rock Star
*

Group: Members
Posts: 870
Joined: 4-November 10
Member No.: 11.529



Slow down. You've simply jumped to a conclusion that isn't substantiated by what you've read smile.gif.

The NSA has long been known to hoard zero-day vulnerabilities. The one used in wannacry was leaked a few weeks ago. That much is widely known. What's far-fetched is your idea that Microsoft was complicit in this. You wrote this above:

QUOTE
our very own Govt/NSA/CIA worked with Microsoft to create these security holes


Over the years, there have been plenty of vulnerabilities in Windows. There are many reasons for that, chief among them is the inherent complexity in Windows. The idea that they were intentionally put there by Microsoft, at the behest of the government or anyone else, while possible, is unsubstantiated and almost certainly false.



--------------------
Go to the top of the page
 
+Quote Post
Todd Simpson
post May 17 2017, 06:30 PM
Post #11


GMC:er
Group Icon

Group: GMC Instructor
Posts: 14.853
Joined: 23-December 09
From: Atlanta, Georgia, USA
Member No.: 8.794



I see what you are saying. I'm really blaming NSA, our own Govt more than microsoft. Microsoft is just a company with a product. It's our own NSA that got leaked and afterward, the tools were abused to create this hack. So it's really the NSA that I'm irked with, not Microsoft.

Todd

QUOTE (Rammikin @ May 17 2017, 06:26 AM) *
Slow down. You've simply jumped to a conclusion that isn't substantiated by what you've read smile.gif.

The NSA has long been known to hoard zero-day vulnerabilities. The one used in wannacry was leaked a few weeks ago. That much is widely known. What's far-fetched is your idea that Microsoft was complicit in this. You wrote this above:



Over the years, there have been plenty of vulnerabilities in Windows. There are many reasons for that, chief among them is the inherent complexity in Windows. The idea that they were intentionally put there by Microsoft, at the behest of the government or anyone else, while possible, is unsubstantiated and almost certainly false.



--------------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 


RSS Lo-Fi Version Time is now: 17th August 2017 - 10:53 AM