[BartSimpson]

https://www.washingtonpost.com/world/eu ... c6143860bd

https://www.theverge.com/2017/6/27/1587 ... e-wannacry

Yep, another one of the NSA's "back door" exploits is being used by criminals to facilitate the Petya ransomware attack.

It's already confirmed to be hitting in the USA and Canada per FBI-DHS.

Don't open emails from people you don't know and don't open links or attachments in unexpected emails from people you do know.

Speak to the sender to verify that the suspect message is genuine before you act on it.

Or become a statistic.

Your choice.

[BRAH]

Or stay off the internet.

[BartSimpson]

BRAH BRAH:

Or stay off the internet.

Probably not a bad idea today.

[DrCaleb]

BartSimpson BartSimpson:

BRAH BRAH:

Or stay off the internet.

Probably not a bad idea today.

Luckily, most of my internet facing stuff is Linux or HP-UX.

[BartSimpson]

Message from US CERT:

[DrCaleb]

If you don't have a recent backup of your stuff, now would be a good time.

[BartSimpson]

Merck Pharmaceuticals got nailed.

http://www.philly.com/philly/business/m ... ?mobi=true

On a government web conference Merck confirmed the source of the infection was one jacktard employee who just had to open a link...

The ransomware apparently doesn't need admin rights on the local machine, courtesy of the NSA exploit.

Right now they've lost all of their active network systems and they've gone to disaster recovery mode to start rebuilding their network from backups. Over 80% of their client workstations are dead in the water. Mobile devices seem to be okay so far.

Edit: Their stock price will take a tumble today in anticipation of a write down of profit due to recovery from the attack.

[DrCaleb]

Funnily, we were supposed to have a meeting planning our ransomware strategy in the context of data and it's value. Yesterday. Postponed for a week.

[DrCaleb]

It's getting bad. Reports are that the shipping company Maersk, is shut down.

https://arstechnica.com/security/2017/0 ... worldwide/

[BartSimpson]

Check your pm box!

[DrCaleb]

Appreciated!

I'm reading that this bastard has several attack vectors, not just the one exploited by WannaCry.

https://mobile.twitter.com/Binary_Defen ... 5657424896

[BartSimpson]

US Department of Health and Human Services got hit. Damn.

[BartSimpson]

Well, that wasn't really all that informative, was it?

[BartSimpson]

The ransomware spreads via SMBv1 and the first recommendation is to disable SMBv1 on your firewalls if possible.

Also confirmed is that the ransomware uses the EXTERNAL BLUE exploit that was leaked from the NSA.

[BartSimpson]

To make sure SMB1 is disabled on your computer run this in PowerShell:

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

You should get a 'false' for SMB1 and a true for SMB2 if you use SMB2.