• Friendly reminder: The politics section is a place where a lot of differing opinions are raised. You may not like what you read here but it is someone's opinion. As long as the debate is respectful you are free to debate freely. Also, the views and opinions expressed by forum members may not necessarily reflect those of GBAtemp. Messages that the staff consider offensive or inflammatory may be removed in line with existing forum terms and conditions.

Status
Not open for further replies.
Front-page Updated

Major Ransomware attack worldwide at the moment.

image.jpeg

looks like the world is being attacked by a very serious Ransomware virus.

so far UK, US, China, Russia, Spain and many more data's being hold to Ransom. its called WannaCry. and affects windows computers.

The infections seem to be deployed via a worm - a program that spreads by itself between computers.

Most other malicious programmes rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.

By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too.

Some experts say the attack may have been built to exploit a weakness in Microsoft systems that had been identified by the NSA and given the name EternalBlue.
Click to expand...

http://www.bbc.co.uk/news/technology-39901382
 
Last edited by Chary,
  • Like
Reactions: The Catboy, Anonymous42456, GilgameshArcher and 7 others
Click to expand...
Yepi69

Yepi69

Jill-sandwiched
Member
Level 9
Joined
Nov 29, 2010
Messages
2,862
Trophies
2
Age
28
Location
Behind you
XP
1,776
Country
Portugal
GerbilSoft said:
It's back, and this time it's much worse.

The Petya ransomware has been updated to use the same EternalBlue vulnerability as WannaCry, but with an added "feature": once it gets onto a vulnerable machine, it proceeds to use wmic and psexec to reuse authentication credentials to infect other machines on the network. This works even if the other machines have been patched.

As an added bonus, the Petya ransomware installs itself into the hard drive's MBR, then reboots into a fake CHKDSK process (which is actually encrypting the HDD). Once it's done, it prompts you to send $300 worth of Bitcoin in order to recover your files.
Click to expand...
I wonder how it'll work with GPT.
 
tunip3

tunip3

[debugger active]
Banned
Level 9
Joined
Oct 31, 2016
Messages
1,675
Trophies
0
XP
1,661
Country
United Kingdom
GerbilSoft said:
It's back, and this time it's much worse.

The Petya ransomware has been updated to use the same EternalBlue vulnerability as WannaCry, but with an added "feature": once it gets onto a vulnerable machine, it proceeds to use wmic and psexec to reuse authentication credentials to infect other machines on the network. This works even if the other machines have been patched.

As an added bonus, the Petya ransomware installs itself into the hard drive's MBR, then reboots into a fake CHKDSK process (which is actually encrypting the HDD). Once it's done, it prompts you to send $300 worth of Bitcoin in order to recover your files.
Click to expand...
oh lord plus didnt an emergency patch for everything including xp
 
dankzegriefer

dankzegriefer

Banned!
Banned
Level 5
Joined
Aug 19, 2015
Messages
896
Trophies
0
Age
40
XP
560
Country
United States
EthanAddict said:
Does it affect Linux??!?! No? Windows peasants
Click to expand...
I love Linux and prefer it over Windows, but I use windows as my daily driver.

Why?

Fucking driver support. Linux's driver support is shit.

--------------------- MERGED ---------------------------

samcambolt270 said:
so, what would we do to protect ourselves this time?
Click to expand...
If you're updated and all PCs on your network are you're safe
 
samcambolt270

samcambolt270

Well-Known Member
Member
Level 12
Joined
Dec 24, 2014
Messages
1,163
Trophies
0
XP
2,840
Country
United States
dankzegriefer said:
I love Linux and prefer it over Windows, but I use windows as my daily driver.

Why?

Fucking driver support. Linux's driver support is shit.

--------------------- MERGED ---------------------------


If you're updated and all PCs on your network are you're safe
Click to expand...
ok, good.
 
GerbilSoft

GerbilSoft

Well-Known Member
Member
Level 14
Joined
Mar 8, 2012
Messages
2,395
Trophies
2
Age
34
XP
4,253
Country
United States
Yepi69 said:
I wonder how it'll work with GPT.
Click to expand...
If you're using UEFI+GPT on the main boot disk, the MBR boot sector isn't actually used. UEFI boots the operating system kernel directly from the System partition.

That could be one way to prevent this malware from doing any damage, assuming it doesn't handle this case.

Note that Windows only supports booting from GPT disks if using UEFI, so if your main boot disk is GPT, you should be fine here.

EDIT: The Windows portion of the ransomware might overwrite the primary GPT, since that area is normally empty and is used by bootloaders on MBR/BIOS systems. However, the GPT is both checksummed and duplicated (a second copy is stored at the end of the disk), so this should be recoverable.
 
Last edited by GerbilSoft,
D

Deleted User

Guest
GerbilSoft said:
It's back, and this time it's much worse.

The Petya ransomware has been updated to use the same EternalBlue vulnerability as WannaCry, but with an added "feature": once it gets onto a vulnerable machine, it proceeds to use wmic and psexec to reuse authentication credentials to infect other machines on the network. This works even if the other machines have been patched.

As an added bonus, the Petya ransomware installs itself into the hard drive's MBR, then reboots into a fake CHKDSK process (which is actually encrypting the HDD). Once it's done, it prompts you to send $300 worth of Bitcoin in order to recover your files.
Click to expand...
fucked up.gif

Now, this is gonna sound stupid and paranoid as shit, but I don't even wanna touch my Windows VMs now because I feel like I'll accidentally get infected and fuck up the two Windows computers in the house.
 
  • Like
Reactions: DeoNaught
Yepi69

Yepi69

Jill-sandwiched
Member
Level 9
Joined
Nov 29, 2010
Messages
2,862
Trophies
2
Age
28
Location
Behind you
XP
1,776
Country
Portugal
GerbilSoft said:
If you're using UEFI+GPT on the main boot disk, the MBR boot sector isn't actually used. UEFI boots the operating system kernel directly from the System partition.

That could be one way to prevent this malware from doing any damage, assuming it doesn't handle this case.

Note that Windows only supports booting from GPT disks if using UEFI, so if your main boot disk is GPT, you should be fine here.
Click to expand...
Also turning on Secure Boot would be a good idea, in fact I'm gonna do that right now.
Had it disabled since Linux doesn't like it.
 
DeoNaught

DeoNaught

I'm here to steal memes and break dreams
Member
Level 10
Joined
Aug 22, 2016
Messages
2,260
Trophies
0
Location
Constant Fear
Website
Gbatemp.net
XP
2,258
Country
United States
Tomato Hentai said:
View attachment 91617
Now, this is gonna sound stupid and paranoid as shit, but I don't even wanna touch my Windows VMs now because I feel like I'll accidentally get infected and fuck up the two Windows computers in the house.
Click to expand...
Same, This is only windows correct?

Also Op should update first post
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Iran launches retaliatory attack against Israel

US university cancels its own Valedictorian's speech

O.J. Simpson has died at 76 due to prostate cancer

Smoking Ban Bill (UK) Passes First Hurdle

Arizona supreme court brings back 1864 Abortion ruling

Trump fined, threatened jail time for violating gag order in stormy daniels case

"It Depends": Trump on Violence regarding 2024 election

RISAA, the FISA Mass Surveillance Expansion

General chit-chat
Help Users
    AncientBoi @ AncientBoi: Noooo, If I wake up, I'll get a woody