CKA Forums
Login 
canadian forums
bottom
 
 
Canadian Forums

Author Topic Options
Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Tue Jun 27, 2017 9:59 am
 


https://www.washingtonpost.com/world/eu ... c6143860bd

https://www.theverge.com/2017/6/27/1587 ... e-wannacry

Yep, another one of the NSA's "back door" exploits is being used by criminals to facilitate the Petya ransomware attack. :roll:

It's already confirmed to be hitting in the USA and Canada per FBI-DHS.

Don't open emails from people you don't know and don't open links or attachments in unexpected emails from people you do know.

Speak to the sender to verify that the suspect message is genuine before you act on it.

Or become a statistic.

Your choice. :|


Offline
CKA Super Elite
CKA Super Elite
 Vancouver Canucks
User avatar
Profile
Posts: 9445
PostPosted: Tue Jun 27, 2017 10:01 am
 


Or stay off the internet. :roll:


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Tue Jun 27, 2017 10:02 am
 


BRAH wrote:
Or stay off the internet. :roll:


Probably not a bad idea today.


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33975
PostPosted: Tue Jun 27, 2017 10:09 am
 


BartSimpson wrote:
BRAH wrote:
Or stay off the internet. :roll:


Probably not a bad idea today.


Luckily, most of my internet facing stuff is Linux or HP-UX.


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Tue Jun 27, 2017 10:13 am
 


Message from US CERT:


Attachments:
File comment: US CERT
US-CERT.PNG
US-CERT.PNG [ 56.96 KiB | Viewed 23 times ]
Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33975
PostPosted: Tue Jun 27, 2017 10:17 am
 


If you don't have a recent backup of your stuff, now would be a good time.


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Tue Jun 27, 2017 10:24 am
 


Merck Pharmaceuticals got nailed.

http://www.philly.com/philly/business/m ... ?mobi=true

On a government web conference Merck confirmed the source of the infection was one jacktard employee who just had to open a link... :roll:

The ransomware apparently doesn't need admin rights on the local machine, courtesy of the NSA exploit.

Right now they've lost all of their active network systems and they've gone to disaster recovery mode to start rebuilding their network from backups. Over 80% of their client workstations are dead in the water. Mobile devices seem to be okay so far.

Edit: Their stock price will take a tumble today in anticipation of a write down of profit due to recovery from the attack.


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33975
PostPosted: Tue Jun 27, 2017 10:46 am
 


Funnily, we were supposed to have a meeting planning our ransomware strategy in the context of data and it's value. Yesterday. Postponed for a week. 8O


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33975
PostPosted: Tue Jun 27, 2017 11:13 am
 


It's getting bad. Reports are that the shipping company Maersk, is shut down.

https://arstechnica.com/security/2017/0 ... worldwide/


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Tue Jun 27, 2017 11:23 am
 


Check your pm box! [B-o]


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33975
PostPosted: Tue Jun 27, 2017 11:29 am
 


Appreciated! [B-o]

I'm reading that this bastard has several attack vectors, not just the one exploited by WannaCry.

https://mobile.twitter.com/Binary_Defen ... 5657424896


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Tue Jun 27, 2017 12:08 pm
 


US Department of Health and Human Services got hit. Damn. 8O


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Tue Jun 27, 2017 12:20 pm
 


Well, that wasn't really all that informative, was it? :roll:


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Tue Jun 27, 2017 1:17 pm
 


The ransomware spreads via SMBv1 and the first recommendation is to disable SMBv1 on your firewalls if possible.

Also confirmed is that the ransomware uses the EXTERNAL BLUE exploit that was leaked from the NSA. :evil:


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63946
PostPosted: Tue Jun 27, 2017 2:13 pm
 


To make sure SMB1 is disabled on your computer run this in PowerShell:

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

You should get a 'false' for SMB1 and a true for SMB2 if you use SMB2.


Post new topic  Reply to topic  [ 37 posts ]  1  2  3  Next



Who is online

Users browsing this forum: No registered users and 2 guests




 
     
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © Canadaka.net. Powered by © phpBB.