Proactive protection against the WannaCry ransomware

[tao]

The WannaCry ransomware has been a major news story over the last few days. It has infected hundreds of thousands of computers worldwide (mostly in Russia), including some well-known companies and institutions. All the programs in our public Main Test Series now detect the WannaCry malware samples by means of signatures, but we decided to find out which of these programs would have blocked the malware proactively, i.e. before the the outbreak started and the malware samples became known. We ran a proactive protection test, i.e. we used vulnerable Windows 7 systems with definitions prior to May 12^th. A WannaCry malware sample was then executed on offline systems. The list below shows which of the tested programs would have protected the system, and which did not.

 

< Table here in the original article not copied >  [Note: Please do visit the article's webpage.  ]

 

As can be seen above, a majority of these products protected against this ransonware, but over 200,000 systems worldwide were compromised by it nonetheless. New variants might appear, and results for the next outbreak could look different. Users are advised to keep their systems patched, enable AV protection (i.e. do not disable features) and keep it up-to-date, as well as practising safe computing.

 

[tao]

Another informative, useful, document (PDF), a bit dated (2016):

 

Protection test against ransomware threats.

 

Synopsis:

An objective of the test conducted by AVLab in October 2016 was to check a real protection provided by security software against threats of crypto-ransomware to home users and small and medium businesses. Results presented in this document reflect actual effectiveness of antivirus software, that by using all available protection components and correlated dynamic heuristic and behavioral methods, provide end users with comprehensive real-time protection, including a detection of unknown crypto-ransomware threats.

Although, some tested security suites allow users to create a separate folder, where files are continuously monitored against modification by antivirus software, purpose of the test was to verify, if it handles modern and unknown threats of crypto-ransomware. This kind of malicious software is highly destructive — often causes a financial loss and affects a business productivity resulting in a standstill in a company.

 

If interested, Please download and read the entire 15-page PDF document. 

 

 

[Sylence]

This AV is good protection for it too

https://padvish.com/index.php/en/

[straycat19]

The best protection against ransomware is not to do stupid things.  Stupid things include clicking on a link in an email or downloading and opening an email attachment.  Most people aren't smart enough to know how to check a link in an email to see where it is really going and no one should ever download an email attachment.  Too bad most commercial ISPs don't take the steps that big business and government take on removing links and attachments in emails.  If we want to send a link to someone we type it out in text only, like hxxp://google.com/nomalwarehere.html  and everyone knows to copy and replace the x with t.  Attachments are not allowed and contractors and other agencies know to upload any documents to our ftp server where they are scanned multiple times before being made available to the intended recipient.  

 

Everything that is being published now about protecting against WannaCry could have been done  years ago if Microsoft hadn't kept the fact  that SMB was vulnerable to itself.  Now they want to blame it on the NSA for not telling them.  Hell, they knew.  How did I know to block the ports that it was using...because the SMB fault was well known, and those ports had been used by various malware for the last 18 years. I don't blame the NSA for not telling Microsoft, nor any other government agency, or even private security personnel who have found faults in the operating systems that can be utilized for the good of the nation.  There are holes in Windows 10 you could drive a truck thru, and just like everything else Microsoft doesn't patch, these haven't been patched either.  The most famous and unknown to 99.99999% of the world is a hole that has been there since Windows 3.1 and still not patched and can be used by anybody that knows where it is to take over another computer.  I am sure the NSA, CIA, and FBI know about it, and probably other intelligence agencies in other countries.

 

Microsoft has not been able to secure Windows in 35 years of trying so users need to take the steps necessary to secure themselves.  All the patches and updates in the world are not going to protect  you, they are only going to open up more vulnerabilities as the last 35 years has proven, otherwise we would have an ironclad operating system.

[tao]

1 hour ago, straycat19 said:

...Microsoft has not been able to secure Windows in 35 years of trying so ...

Mankind has not not been able to secure themselves since their origination millions of years ago, eh. 

 

The only security is knowing that there is no 'perfect' security; insecurity is the other side of the same coin; they can't be separately had; and living this way -- without chasing the impossible -- is the only 'sane' way of living.   

 

Microsoft is doing a wonderful job with such a complex software, with a zillion components, a zillion third-party programs, a zillion permutations and combinations; and a zillion hackers -- and a zillion critics, always hollering.

 

Isn't it a miracle that the damn thing works as much as it works, minute by minute, hour after hour, day after day, month after month, and year after year!

 

Kudos to human creativity (both the so-called positive and the so-called negative; two sides of one coin.) 

Kudos to Microsoft!  

 

[And let's not forget our gratitude to Microsoft, whose bugs, processes, and procedures contribute to this forum's continued existence, eh. Let's be 'honesty' loyal to Microsoft.  ]

 

 

 

[tao]

58 minutes ago, saeed_dc said:

This AV is good protection for it too

https://padvish.com/index.php/en/

(practical protection.)

 

Keeping in mind (the caution):

"What security is there for us here in her caravanserai
when every moment camel bells cry, "Pack up the loads!"?"  ~ Hafiz

 

Sane Living:

"Run from what's comfortable.  Forget safety. Live where you fear to live. Destroy your reputation.

 Be notorious. I have tried prudent planning long enough. From now on I'll be mad.”  ~ Rumi.

 

 

 

[Sylence]

1 hour ago, adi said:

(practical protection.)

 

Keeping in mind (the caution):

"What security is there for us here in her caravanserai
when every moment camel bells cry, "Pack up the loads!"?"  ~ Hafiz

 

Sane Living:

"Run from what's comfortable.  Forget safety. Live where you fear to live. Destroy your reputation.

 Be notorious. I have tried prudent planning long enough. From now on I'll be mad.”  ~ Rumi.

 

 

 

 

God of poems, Adi

[steven36]

3 hours ago, straycat19 said:

Microsoft has not been able to secure Windows in 35 years of trying so users need to take the steps necessary to secure themselves.  All the patches and updates in the world are not going to protect  you, they are only going to open up more vulnerabilities as the last 35 years has proven, otherwise we would have an ironclad operating system.

Actually when windows 1st came out  there were no windows updates at all  they didn't  even care.  Windows Update was introduced as an Internet web site with the launch of Windows 95, 21 years ago ,  Still there security was crap  even on fully patched systems up  until  like Windows 7 came out  ,everybody that was using XP  when it was still a pup use too have install 3rd party firewalls . 3rd party Antivirus , 3rd party anti spyware programs  to try to even stay protected .

 

One time on XP  before SP2 came out I caught a Virus  from Windows update website because I  just had reformatted and had not installed a 3rd party firewall yet . Virus could get right by the old Windows XP firewall before  SP2 .

 

It's a joke over on the Linux forums that when you visit the Windows forums there always one user in every forum trying too be helpful  telling you too install 5 of this 3 of that and 2 of this and that should fix it.

 

3 hours ago, straycat19 said:

The best protection against ransomware is not to do stupid things.  Stupid things include clicking on a link in an email or downloading and opening an email attachment.  Most people aren't smart enough to know how to check a link in an email to see where it is really going and no one should ever download an email attachment.  Too bad most commercial ISPs don't take the steps that big business and government take on removing links and attachments in emails.  If we want to send a link to someone we type it out in text only, like hxxp://google.com/nomalwarehere.html  and everyone knows to copy and replace the x with t.  Attachments are not allowed and contractors and other agencies know to upload any documents to our ftp server where they are scanned multiple times before being made available to the intended recipient.  

This was a Windows Exploit  I was reading over bleeping computer were there were some caught this and they didn't do nothing and they caught  this . The stupid thing  they done was not do windows updates .

Quote

 

 

Makpptfox

My dedicated server have been hit by WannaDecryptor but i've done nothing that could have leaded to an infection of it, how is it possible ?
(and by nothing, I mean litterally nothing, It was on a standby since 3 days, I've connected via the windows remote desktop sooner today and tonight I was infected)

 

 

Quote

 

  Terrum

Which Server OS version do you use? If it's Server 2008, it's probable that you haven't used Windows Update to fix the critical exploit that was deployed back in March to fix this. I'm guilty of this also - but I can't seem to find which KB fixes this exploit.

 

 

Quote

 

Terrum

 

It's a Windows exploit, which is why Windows Updates exist - to fix these exploits.

 

You didn't have to visit any dangerous sites and you didn't have to download any files. An exploit in Windows will let a hacker put files into your computer as they wish.

 

Which is why it's always good to keep your computer up-to-date with Windows Update.

 

https://www.bleepingcomputer.com/forums/t/646476/wannacry-wncry-wanacrypt0r-wana-decrypt0r-ransomware-help-support-topic/

These 3rd party  programs are useless though because the flaw is already been patched in windows  in March .. There has already been 2 or 3 new kinds of rasomware came out by now infecting people  and site is posting about this one.

[tao]

13 minutes ago, saeed_dc said:

 

God of poems, Adi

(Banda) Servant. 

 

When enough is enough,

What use is any more --

Baradar?   

[steven36]

5 minutes ago, 0bin said:

https://www.cvedetails.com/vulnerability-list/cvssscoremin-9/cvssscoremax-10/vulnerabilities.html

People have just been lucky for a lot of years now , new vulnerability come out in Windows and other OS every day  and Microsoft has been very slack at patching them  they have 3 mths  before it gets reviled , but how smart is it  for Google and others to post unpatched exploits too the public ?  All it takes is some that have tools  that can make  the exploit spread as a worm or Virus and  it can take out 1000s maybe millions in a few days before a patch can even be made !

[steven36]

6 minutes ago, 0bin said:

Who tells if not already happen?

It's just like on Linux  the other day in Ubuntu they found were a hacker could exploit the Guest login  they didn't wait 3 mths to do something  they sent out a update  to disable Guest logins tell they fixed it.  On windows  you have to  wait anywhere from 3mths to a year  to get a patch . Stuff like this needs too stop but posting exploits to the public is not the right way  to get them fixed . Because there not fixed  yet and vendors already know about them . They need too pass a law  that  if a vendor dont patch  before 30 days they can be sued and that will get them on the ball.

[Sylence]

42 minutes ago, adi said:

(Banda) Servant. 

 

When enough is enough,

What use is any more --

Baradar?   

 

Are you by any chance Persian? 

[steven36]

27 minutes ago, 0bin said:

Global speaking, no law, no one is ever agree with another, sometime only simpathy and on real stuff they s... like climate change that affect every robot breathing on planet Earth.

 

Different approach, different results, the package approach of Linux is the winning one.

 

About public or private, I don't know, no one wanna cry, right?

There is no excuse $290 billion company  like Microsoft  who don't even pay there beta testers to not patch faster when open source  witch mostly gets donations patches everything they find with in  1-3 days .  They save enough on beta testing to pay researchers  for  better security  and hire researchers. Look at how much money Google spend on  it a year and they find a lot problems in Windows and other OS too  ..If it not for Google research it would take years in some cases to get a patch. 

 

Microsoft don't have any new ideas anymore they buy them  for all the money they spend on things that mostly fail and spend on lawyers because  of things that's wrong with there products because there being drug in too court they could make a safer  OS  . 

 

People use to use the excuse that Windows has more users than anyone else  is the reason they have more malware . But  this year that excuse was proved to be just a invalid excuse .Because Android has more users than windows now and still they have less malware and Google is paying big money too stop what malware they do have.

[DKT27]

As no one mentioned already, I will do, excellent posts, helpful and nice work posting them here.

 

I do not know much about filesharing on WAN/LAN and I'm still learning, but I do know that almost all the computers with SMB and filesharing in the OS enabled are not necessarily hackable as long as their account are password protected, that is all I can say from my personal testing done.

 

As for protection, I do believe companies are legally liable to protect their users as long as users use the updated and supported products I think.

[steven36]

22 minutes ago, DKT27 said:

As for protection, I do believe companies are legally liable to protect their users as long as users use the updated and supported products I think.

I posted a article on this yesterday the experts will argue with you about this Microsoft has strong protection against this.

 

WannaCry ransomware: Other companies can be sued for their lax cyber security, but not Microsoft

http://tech.firstpost.com/news-analysis/wannacry-ransomware-other-companies-can-be-sued-for-their-lax-cyber-security-but-not-microsoft-say-experts-376402.html

Microsoft's  Rep is already damaged the only reason they care is they don't want too  lose there user base too something else . They only patch to make the end user have a sense of security . If they were liable they could be sued for shunting off  updates on OS that still have millions of users  on them. and forcing people too buy new software and hardware.for there own profit

[tao]

32 minutes ago, saeed_dc said:

Are you by any chance Persian? 

No, but, feel not that i'm not. 

Not Christian or Jew or Muslim,
not Hindu ,Buddhist, Sufi, or Zen.

Not any religion
or cultural system.

I am not from the East or the West,

[...]
I do not exist,
[...]

My place is placeless,
[...]
I belong to the beloved,
[...]

first, last, outer, inner, only that
breath breathing human being.

~ Rumi

 

To tie to the present technical article thread:

  Ransomware-proof -- without any protection.

Completely vulnerable -- yet perfectly safe,

Baradar!

 

 

[tao]

11 minutes ago, 0bin said:

... अद्रॊहम अविसंवादं परवर्तन्ते तदाश्रयाः

...dismiss all grounds of quarrel and uniting with one another ...

An ancient Sanskrit Prayer (For ever and ever):

 

ॐ सर्वे भवन्तु सुखिनः।

सर्वे सन्तु निरामयाः।

सर्वे भद्राणि पश्यन्तु।

मा कश्चित् दुःख भाग्भवेत्॥

ॐ शान्तिः शान्तिः शान्तिः ॥

 

May all be happy!

May all be healthy!

May all see goodness!

May none suffer!

Peace!  

 

[Sylence]

12 minutes ago, adi said:

No, but, feel not that i'm not. 

Not Christian or Jew or Muslim,
not Hindu ,Buddhist, Sufi, or Zen.

Not any religion
or cultural system.

I am not from the East or the West,

[...]
I do not exist,
[...]

My place is placeless,
[...]
I belong to the beloved,
[...]

first, last, outer, inner, only that
breath breathing human being.

~ Rumi

 

To tie to the present technical article thread:

  Ransomware-proof -- without any protection.

Completely vulnerable -- yet perfectly safe,

Baradar!

 

 

 

 

You sir are an Interesting human being 

[tao]

3 minutes ago, saeed_dc said:

You sir are an Interesting human being 

Please let me remain free of the burden of 'being interesting.'

Just remaining a human is a 'complete job'.

 

 

[If interested, please read Hafiz's "Being Human".  ]

 

[DKT27]

@0bin and @adi: You guys are on a roll. Really, nice to see this, all of it.

[Sylence]

[Recruit]

Which is the source for this fu*ki*g sh*t ?

My country appears to chart but I haven't heard something concretely, only some isolated cases were shown to tv & press.

 

While in the UK lots of computers only from NHS were compromised , not to talk about the others, the whole world heard about that, end even so, the UK is not into the chart.

 

[Sylence]

12 minutes ago, Recruit said:

Which is the source for this fu*ki*g sh*t ?

My country appears to chart but I haven't heard something concretely, only some isolated cases were shown to tv & press.

 

While in the UK lots of computers only from NHS were compromised , not to talk about the others, the whole world heard about that, end even so, the UK is not into the chart.

 

 

someone from Ukraine gave it to me

[steven36]

1 hour ago, Recruit said:

Which is the source for this fu*ki*g sh*t ?

My country appears to chart but I haven't heard something concretely, only some isolated cases were shown to tv & press.

 

While in the UK lots of computers only from NHS were compromised , not to talk about the others, the whole world heard about that, end even so, the UK is not into the chart.

 

The source was kaspersky 

https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/

 

[Recruit]

25 minutes ago, steven36 said:

The source was kaspersky 

https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/

 

Yeah, I understood more now : the chart is from the beginning of the attack and it shows the situation for about 45000 computers and maybe a bit more.

But until present more than 300000 were compromised so the chart is not so relevant for these days, considering that it does not show nor even half of them ......