Ransomware

246

Solutions

554

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

So with the recent WannaCry malware, there were 3 (afaik) bitcoin addresses circulated to receive ransom payments:

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

At the time of this writing, it looks like around 34 BTC ($60k USD) have been extorted to date. Really low take (imo), considering the widespread reports of this attack. I'm curious if there are any other BTC wallet addresses out there?
9
LVL 3

Expert Comment

by:Michael Arciniega
I wonder how effectively they'll be able to use those funds since they have such a large target on their heads and every transaction on the chain is public information. Can they use enough coin mixers to obfuscate their identity?
0
LVL 21

Author Comment

by:Lucas Bishop
Up to 40 BTC ($70k) now.

Considering it's only 40BTC, they could easily run it through multiple mixers in small batches and see good results on obfuscation. Nothing like the 5,500 BTC Tomas Jirikovsky tried to tumble and cash out.

However, I suspect WannaCry has negatively effected enough SysAdmins, that the interest in tracing transactions related to these addresses through the blockchain may be much more fruitful than traditional attempts. I wouldn't be surprised if the perpetrators don't even try to cash out, considering the risk vs reward doesn't make financial sense.
0
Ransomware - Wannacry/wcry and everything else ...

Ransomware in general is something none of us wish to deal with.  The latest Wannacry problem is worse.  This is not because of what it is but rather of the extent to which it has affected our users.  There have been a plethora of great suggestions all over this site.  I would add to those with the following suggestions:
•      Completely check your system for viruses with a reputable virus checker
•      Check any suspected files and or links at virustotal.com
•      Make sure you have a tested versioning backup system
•      Do a complete scan of your system
•      Updates
        o      Make sure all your programs and your operating system is up to date (even old Windows OS’s now
                have updates, like windows XP – check the Microsoft website and do a windows update)
        o      If you are unable to do updates on your own machine due to company policy, make sure that your IT
                department is doing the updates.
•      Do not, click on an attachment in your email, even if it is from someone you know – call them up and check
        that they sent it – they’ll understand.

Whenever I touch a system I do a “ransomware check” which involves the following:
•      Create a blank text file called myapp.txt in the root drive (c:\) and rename it to myapp.exe
•      Run FoolishIT’s Cryptoprevent
•      Install an anti-ransomware tool such as BD Antiransomware, MBAM Antiransomware, Kaspersky
        Antiransomware for business, etc.
•      …
20
LVL 114

Expert Comment

by:John
The overall advice to keep automatic updates on to keep updates current, keep Antivirus up to date and firewalls up to date is something we have said many times in here (sometimes to deaf ears).

Two really important points. Stop the excuses and dump all desktop operating system earlier than Windows 7 and all server operating systems earlier that Server 2008.

Second: get top notch spam filters. That is how this malware gets in.
3
LVL 14

Expert Comment

by:Natty Greg
I can not stress enough about proxy and spam filter, content filter along with gateway antivirus scanning, patching all systems and educating users.
2
The global technology community is grateful for the team of tech professionals and their genius download of the malware domain and sinkhole use to stop the international Ransomware attack. However, this sinkhole is only a fix to one sample of the WannaCry attack. To protect yourself from further attacks, please patch your systems as soon as possible.
10
Given the global WannaCry crisis that's been developing over the last few days, this morning Experts Exchange fast-tracked the Ransomware proposed topic and made it official.

So as you discuss the impact of WannaCry, and share news and advice related to it or Ransomware in general, be sure to use the new topic in your posts, questions, articles or videos. And special thanks to all of the IT Experts that are helping to combat this menace!
10

Expert Comment

by:Daniella Barion
It's great, let's share ideas and discuss security matter.
1
WannaCry... I really wanna cry... this whole thing is insane. No, I've not been infected... nor have any of my clients. And yes, it's still possible some of my, shall I say, lesser attentive clients could be infected tomorrow or at some point in the future. But this whole thing is driving me nuts. It wouldn't be a story if IT management had taken security and patching seriously. The malware uses an exploit patched two months ago. If people patched regularly, nothing would be infected. I hate to say this - largely because the policy annoys me and has seriously inconvenienced me on more than one occasion - but this is exactly why Microsoft has started forcing Windows 10 computers to patch and reboot on a monthly (or more frequent) basis.

Let me be clear - there are thousands of new threats EVERY DAY. The way you protect yourself is by being diligent about your own security and learning to use technology / implement technology in a manner that keeps it as secure as possible. Absolute security is not possible - security itself is a balance of minimizing the threat risk and minimizing the user's inconvenience. But the way to be safe - and to protect your valuable information - is to take a tiered approach and, among other things, educate yourself/your users so they understand what to look for. Implement policies that minimize access - we're not trying to suggest your administrative assistant is untrustworthy - but do they really need access to the accounting data to do their …
18
LVL 133

Expert Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
150 Countries affected and at least 250,000 devices, and $48,000 paid so far in Ransom monies!
2
LVL 133

Expert Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
a little bit busy at present!!!!

Layer Technologies.....

1. Anti-virus
2. Patch
3. Whitelist of apps which are allowed to run!
4. Reduce Admin rights!
1
What have we learnt today about the WannaCry ransomware attack, what you should do.

1. do not block the URL KILLSWITCH - This will stop the spread in your network.

2. Make sure your Anti-Virus Definitions are up to date. 30% of Vendors had definitions updated by end of play Friday 15th May. This will stop trojan exeuting.

3. Patch Risky OS first e.g. Windows 2003 and XP, there are PATCHES available! - This will stop the payload exploit getting into the server.

4. Patch Windows 7, 8, 10, 2008, 2012 and 2016.  Check for a Security Rollup since March 2017.
5
5
5
LIVE updates on the recent ransomware attack from our CISO, Director of Security, and Chief Technologist
The news broke on Friday of a massive ransomware attack on the UK NHS and the attack has now impacted up to 200,000 organisations in 150 countries. Our security experts have received interview requests from across the globe. We want to make sure our customers and friends know exactly what happened and what they can do about it. So, on Monday (AM in the US and PM in Europe) join our brightest security minds for a LIVE panel discussion on the massive breaches and what it all means for you.
Specifically we’ll discuss:

Register HERE!

Specifically we’ll discuss:
•      Exactly what happened, how the bad guys got in, and what it means
•      Possible ways to prevent future attacks of this nature
•      Up-to-the minute updates on the situation
•      Where patch, privilege management and whitelisting fit into all this
Honestly, this is a webinar you do not want to miss. It won’t be a product pitch, but a discussion about what’s going on and how to get it fixed so we’re all safer.  

http://mkto-i0073.com/r0020I2K0ZCW5eQXb00f0F0
10
LVL 133

Author Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
it's in the LINK

5.00 PM GMT
0
LVL 133

Author Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
The event will start at 10:00 am Denver Time on May 15, 2017.
0
5
LVL 7

Expert Comment

by:Brian Matis
It sure is... Thanks for doing your part, Andy, to help get everyone paying attention!
0
Some sites in NHS England, are now considering PAYING RANSOM requests to get files back, because of NO BACKUPS!
2
Microsoft release Security Patches for Windows XP and Windows 2003, against the SMBv1 Security Exploit which the NSA have been using for years!

see

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
11
LVL 133

Author Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
Correct, and for good measure turn fire ON, and block port 445.
5

Expert Comment

by:Adrienne Morgan
I love you to death because of your words and sayings
0
This is what is on some of the NHS screens at present!

3500.jpg
0
LVL 7

Expert Comment

by:Brian Matis
:-(
0
LVL 133

Author Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
DO NOT PAY THE RANSOME!
0
0
0
UK NHS (Health Service) in Meltdown, after now 36 Trusts around the UK are now considering paying the RANSOM demands, to get data back....as they maybe have no backups!

SHOCKING .... but does not surprise me!
1
LVL 7

Expert Comment

by:Brian Matis
I can understand the desire to pay... I can imagine for many places, a $300 ransom is cheaper than the costs of restoring the backups. But doing it does set a terrible precedent that could be much costlier in the long run, since it would further embolden more hackers. Raises the question: should there be a general policy of never negotiating with hackers?
0
LVL 133

Author Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
So far $48,000 USD has been paid!

PAY NO MORE....

DO NOT NEGOTIATE/PAY WITH HACKERS! OR CRIMINAL GANGS!
0
Organizations in 99 countries are being targeted and hacked by “WannaCry” ransomware, which takes advantage of a Microsoft vulnerability. If you haven’t already, install the official patch (MS17-010) to close the affected SMB Server vulnerability.

https://www.nytimes.com/2017/05/12/world/europe/international-cyberattack-ransomware.html
5
7
LVL 19

Author Comment

by:Kyle Santos
Nice.  Thank you.
1
LVL 133

Expert Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
I blame the NSA for creating the tools!
4

Ransomware

246

Solutions

554

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.