Avast WEBforum
Other => General Topics => Topic started by: vianello_85 on May 12, 2017, 08:30:07 PM
-
http://www.independent.co.uk/news/uk/home-news/nhs-cyber-attack-hospitals-hack-england-emergency-patients-divert-shut-down-a7732816.html
https://www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html
And more news
Be careful to open mail (ramsoware attack), and make sure you have the updated pc.
They take advantage of an old security breeze windows
I opened this 3d given the severity of the situation, are talking about the Italian news
-
Hospital computers across Britain shut down by cyberattack, hackers demanding ransom
https://www.rt.com/uk/388115-nhs-hospitals-cyber-attack/
-
It probably doesn't help that the UK NHS is still using XP I believe, they paid a large sum to Micro$oft to provide further support. Certainly doctors surgeries or outpatient departments that I have seen recently were still using it.
-
It probably doesn't help that the UK NHS is still using XP I believe, they paid a large sum to Micro$oft to provide further support. Certainly doctors surgeries or outpatient departments that I have seen recently were still using it.
I'm also certain that the further support for XP expired in May 2015.
-
It probably doesn't help that the UK NHS is still using XP I believe, they paid a large sum to Micro$oft to provide further support. Certainly doctors surgeries or outpatient departments that I have seen recently were still using it.
I'm also certain that the further support for XP expired in May 2015.
I don't have the exact dates, but given what I have seen they are still using XP and I would imaging they would still be paying through the nose for support.
-
Only system that don't have this fix can become victim of the attacks
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Latest status is that over 45.000 attacks have taken place spread out over 74 countries.
Most attacks where against Russian companies/institutions.
-
so the question is.... does a paid version of Avast find it?
-
Paid or free doesn't matter they are using the same detection methods.
https://www.avast.com/virus-update-history
-
The thing that I don't get it is that why don't they install newer version of Windows Operating System. I understand that some or most of their programs that they use may or may not work on new windows OS. Their IT department should make compatibility as quickly as possible. Even here (NZ) whenever i go places like banks,shops, university, hospitals they all moved to Windows 10 why can't those affected countries can't move to new windows OS :o
-
Are we safe now that Avast is up to date?
How does this thing spread?
Is is dangerous to be online now?
-
It is always dangerous to be online.
On a average day 1 million new threats are emerging.
All Windows versions that are not patched are vulnerable.
There is no patch for XP, only for Vista and newer.
-
Will avast stop the attack?
-
@bingvarstand: Use common sense
a) Make sure you have the latest Windows OS System and make sure it's fully up-to-date via Windows Update.
b) Make sure you have the latest version of Avast.
c) Only download programs software from official website.
d) Make sure all your other browsers (google chrome, Firefox, internet explorer are up-to-date) and other program such as java, flash player, adobe reader. Including your graphics drivers. Including your other programs that you use i.e. other editing program such as AutoCAD and etc are fully up-to-date.
e) Install a second anti malware scanner such as MalwareBytes.
f) Don't click on links/ads that is too good to be true that appear in the browser. Install AdBlock Plus to block these annoying messages.
g) Don't click on links/attachment in emails from unknown senders. If a friend or a company sends a attachment or links that you are not sure about contact them to make sure.
h) Install Unchecky so whenever you install a program it won't install potential unwanted software/program along with the program you want to install, because at present when you want to install a program, it also installs other programs that is not necessary.
i) Scan your whole computer once every week by Avast and MalwareBytes.
j) Don't install other optimizer/system registry/ etc because they will cause more harm in your computer.
k) Make sure you install patches/updates/bug fixes/etc that is delivered through your machine manufacturer i.e. HP, DELL, and etc. They use HP Support Assistant and DELL Support Assist to transfer these updates to your computer.
-
See reply #7
-
@bingvarstand: Use common sense
a) Make sure you have the latest Windows OS System and make sure it's fully up-to-date via Windows Update.
b) Make sure you have the latest version of Avast.
c) Only download programs software from official website.
d) Make sure all your other browsers (google chrome, Firefox, internet explorer are up-to-date) and other program such as java, flash player, adobe reader. Including your graphics drivers. Including your other programs that you use i.e. other editing program such as AutoCAD and etc are fully up-to-date.
e) Install a second anti malware scanner such as MalwareBytes.
f) Don't click on links/ads that is too good to be true that appear in the browser. Install AdBlock Plus to block these annoying messages.
g) Don't click on links/attachment in emails from unknown senders. If a friend or a company sends a attachment or links that you are not sure about contact them to make sure.
h) Install Unchecky so whenever you install a program it won't install potential unwanted software/program along with the program you want to install, because at present when you want to install a program, it also installs other programs that is not necessary.
i) Scan your whole computer once every week by Avast and MalwareBytes.
j) Don't install other optimizer/system registry/ etc because they will cause more harm in your computer.
k) Make sure you install patches/updates/bug fixes/etc that is delivered through your machine manufacturer i.e. HP, DELL, and etc. They use HP Support Assistant and DELL Support Assist to transfer these updates to your computer.
Great advice, thanks.
See reply #7
It says so on the list so yes?
-
Your welcome :). Yes Avast will stop these attacks. Just make sure you keep it always up-to-date (program version)
-
Given that there were at least 4 major rollups today and many more streaming updates today (DavidR would be able to say roughly how many streaming updates) the answer would be yes.
PEBKAC would be the rule: :D It is the user that provides most of the risk.
-
Agree with you mchain, but we still haven't woken up to the situation we have now in our part of the world.
First the global puppet masters worked hand in foot with governments and big global corps to spy on their own citizens.
They also dumbed them down to a level where they won't even have to fear the least form of any futile resistence.
I see youngsters now that haven't even learnt how to discern between even and uneven month days on the knuckles of their two hands. What do these Mrs Robinsons learn these kids these days? They cannot fence for themselves whatoever.
Same in the digital world. Gaping holes in propriety software. Windows defender holed, cannot be patched because many AV have it disabled by default. You have a problem with global ransomeware now as the goodies wrought by NSA, CIA, FBI also finally land with the bad and the ugly. IT has not learned to protect us. All clever d*ckies have to leave the office as they form a threat to their ruling dumb but greedy manager class. Staff, that are too dumb to p**p, but greedy and manipulative enough to rule the meek out of all of their money. I do not see a solution for the near future, I only see the situation detoriating further. Who's gonna save us? A Russian tree saint like Kaspersky or DrWeb's?
Make America great again, and if you have to admit you dumbed them down yourself and worked your infrastructure down the drain. Then your leaders start whining and blame the Russkies and other well educated people. Like the end-times of Imperial Rome it is. I cannot feel pity for them anymore now, and I laugh when I see al the hospital and police sites having to be taken down against the global ransomeware threat we have at her hands now. When will the people learn to go back and fence for themselves again.
polonus
-
Oh and now away from the more negative complaints
to some more practical tips in the light of the threat of WannaCry ransomeware!
1. Patch, patch, patch, and keep patching.
2. Perform vulnerability scanning.
3. Block Tor onion networking for your firm's network.
4. Make that ports 137-139 and 445 can never be reached from the Interwebs.
5. Use 2FA and IP restriction whenever RDP has to be available from the Internet.
6. Use anti-exploit products onto your end-points.
7. Work SMB through your local FW.
8. Filter all outgoing traffic and use IPS.
9. Block all mail related scripts and executables.. (info credits go to SecGuru_OTX).
Read: http://blog.talosintelligence.com/2017/05/wannacry.html#more
https://www.bleepingcomputer.com/news/security/wana-decryptor-wanacrypt0r-technical-nose-dive/
polonus
-
And perhaps the best tip.
Stay away from computers if you haven't got a clue about security.
I still see that most people are using a account with admin rights for daily use.
-
Microsoft Releases Emergency Windows XP Update to Block WannaCry Ransomware
http://news.softpedia.com/news/microsoft-releases-emergency-windows-xp-update-to-block-wannacry-ransomware-515689.shtml
-
Hi Eddy,
The ironic part of it is that when you take your computer from the Internet the ransomeware cannot see the killswitch. ;D :o
The problem is everything (all systems) works with Microsoft software, that is our problem.
When are they gonna hold these folks at Redmond responsible for our predicaments,
and what they do to our parts of the world?
polonus
-
'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack
-
This would have done it also > http://www.turnofftheinternet.com/ ;D
-
Hi Eddy,
But these escaped NSA tools now further escaped and has gotten into the hands of cybercriminals and have hit victims in 74 countries so far.
They knew it all along that Microsoft (from initial versions henceon) never was fit to be hung unto the Internet, and they kept all the now vicitims in the dark over the years.
Every patient that dies in hospital because of this, every western defense plane that makes a crash landing because of this
should hold these folks that creates such insecurity on purpose or by sheer incompetence responsible. And we aren't out of the woods yet, folks, far from that. Bunch of greedy clowns putting us all at risk.
polonus
-
@ polonus
Your list in Reply #18 is missing one function and probably the most important.
Backup, backup, backup and don't forget to backup. I think that you get the picture.
A robust backup and recovery strategy is crucial to combat 'any eventuality' not just virus/ransomeware.
-
Hi DavidR,
Cannot but agree with you there!
That was why it was not "my list", but some-one else's.
Of cource the first thing to perform on firing up any device is to make a complete back-up.
And then for those that hesitate the 'cloud' is never far off from your keyboard.
A pity however we will get more of these M$ A1 denial stories, they have never told it like it really was.
But we grown-ups here have known this all of the time.
Pity really this vulnerable Microsoft Software comes in large department store cash machines, and also in defense systems the freedom of our world relies on. So I hope they have that first priority also on the top of their priority list.
Damian
-
Follow the misery the guv spooks and cybercriminals created for us: https://intel.malwaretech.com/botnet/wcrypt
polonus
-
Follow the misery the guv spooks and cybercriminals created for us: https://intel.malwaretech.com/botnet/wcrypt
polonus
If you click the link above, a nice redirect before getting to the page.
-
Still new
http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html
-
1) Does Avast protect against this ransomware?
2) Does is require the victim to download some kind of file, or can it infect a device even without that?
-
Ehmen, go read the posts in this thread (and the others about this subject) and go read the links that have been posted.
-
Having this patch (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) makes one immune to the threat, or it just reduces the chances of getting it?
-
Having this patch (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) makes one immune to the threat, or it just reduces the chances of getting it?
https://forum.avast.com/index.php?topic=52252.msg1394233#msg1394233
-
But no-one here saw a link with the new positioning of Microsoft in the market. Recent blocking of torrenting, no more right to tinker (resource hacking), making the switch to linux harder: https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot_criticism
First they had to fear the anti-monopoly EU measures that guaranteed browser choice for you end-user. Now they come with more of the same or you have to pay for the Premium version. The globalists dictating on your choice, your freedom of information.
All platforms are gonna look the same like on an android and not everyone can afford a Mac or Premium Windows.
Just a couple more of these NSA inspired cybercriminal ransomeware attacks and they can further their agenda(s) much easier.
Dumb down the masses and feed them more of the same, away with Modern Renaissance, hello back Dark Feudal Middle Ages.
Time for the Rise of Dajjal :o
polonus
-
‘Like letting Tomahawk missiles get stolen’: Microsoft slams NSA mishandling of exploits
https://www.rt.com/usa/388374-microsoft-ransomware-tomahawk-attack/
-
Just stumbled unto this info online: Hi,
Just to have it stopped before anything can do it's work:
In powershell and leave powershell open:
https://gist.github.com/N3mes1s/afda0da98f6a0c63ec4a3d296d399636
$createdNew = $False;
$mutex = New-Object -TypeName System.Threading.Mutex($true, "MsWinZonesCacheCounterMutexA", [ref]$createdNew);
It blocks the process that encrypts.
Infocredits go to: Alex Warmerdam
polonus
-
For good explanation of how it works see this (https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/?utm_source=googleplus&utm_medium=social)
-
Block those WannaCry IP's: https://secure.dshield.org/forums/diary/WannaCry+Do+your+own+data+analysis/22424/
List:
'188.166.23.127','91.219.236.222','46.101.166.19','193.23.244.244','62.210.124.124','2.3.69.209',
'144.76.92.176','91.121.65.179','146.0.32.144','148.244.38.101','91.219.237.229','50.7.161.218',
'149.202.160.69','217.79.179.177','87.7.10.93','163.172.149.155','212.47.232.237','192.42.115.101',
'171.25.193.9','81.30.158.223','178.62.197.82','195.22.26.248','79.172.193.32','212.47.244.98',
'197.231.221.221','38.229.72.16','5.35.251.247','198.96.155.3','46.101.166.19','128.31.0.39',
'213.61.66.117','23.254.167.231'
polonus
-
I have to say that trying to block individual IPs which are likely to be constantly changing is like trying to shoot a moving target. Unless there is some form of updated browser add-on, trying to update these manually is a bit crazy.
-
Hi DavidR,
Yes, know there are other ways to skin this proverbial animal, but as I stumbled upon the IP blocking by DShield, I would not like to have the info withheld from our users, just to be complete on the Wannacry related info and some here may appreciate this info. I know some of our good friends on these forums here are into IP blocking. That's all and why.
Damian
-
Decryptor tool for WannaCry-ransomeware on XP: https://github.com/aguinet/wannakey
polonus
-
Going over the Ooniprobe censorship and blocking reported IPs:
http://money.cnn.com/2017/02/08/technology/ooniprobe-censorship-mobile-app/
I stumbled upon this in Germany:
https://explorer.ooni.torproject.org/measurement/20170520T002129Z_AS680_bOmWCjhuoFhTdDyTbkO5o7QsVTzozuSQLhW0RebwGY2GsqStrN?input=128.31.0.39:9131
setting out clearly that the initial NSA tools were being positioned against tor-users, read also this:
https://security.stackexchange.com/questions/42751/attack-on-tor-with-stolen-private-keys-of-main-nodes
See also: https://otx.alienvault.com/indicator/ip/128.31.0.39/ & http://www.malware-traffic-analysis.net/2015/09/18/index.html
and this report: http://trapx.com/wannacry-thoughts-and-threat-intelligence/ (info credits for links by, Moshe Ben Simon, VP ofServices and TrapX Labs, StackOverflow's trankvilezator on insider NSA attacks against the general public's infrastructure.
Now after this has been going on for 5 years, we all should be aware what the proliferation of such official guv malware used in these actions has brought us all: threats and threats and new threats. These spooks have turned the Interwebs in an even more insecure place for all users.
polonus
-
WannaCry - Don't get caught, be prepared.
https://youtu.be/6Ad-eXoQVIk
WannaCry - An Easy Fix
https://youtu.be/1p62X8MBpF4
-
Hi bob3160,
Apparently mankind does not learn from history. This should never have happened after what we remember of the Blaster disaster.
It still did. There were people that were willingly sitting on exploits, they better had shared with the community to be patched.
And I asume also in the AV industry there is insecurity that has not been shared with those it should have been shared with.
polonus
-
The aftermath of this has not left us with 16.000 servers still infested and some 91.000 unpatched:
https://blog.shodan.io/analyzing-post-wannacry-smb-exposure/
NSA oversight really has some explanation to do towards the global community and to those whom they endangered
with their schemes, and not only think 'about the glory of the bold and the free'. :( >:(
Good Google launched a back-up tool for us all. ;)
polonus
-
New attack
http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-hack-cyber-attack-wannacry-world-global-ukraine-russia-rosneft-maersk-a7810656.html
-
New attack
http://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-hack-cyber-attack-wannacry-world-global-ukraine-russia-rosneft-maersk-a7810656.html
Petya-based ransomware is spreading and infecting computers around the world
https://blog.avast.com/petya-based-ransomware-using-eternalblue-to-infect-computers-around-the-world