{"id":7651,"date":"2017-05-15T14:10:13","date_gmt":"2017-05-15T22:10:13","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/15\/news-1436\/"},"modified":"2017-05-15T14:10:13","modified_gmt":"2017-05-15T22:10:13","slug":"news-1436","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/05\/15\/news-1436\/","title":{"rendered":"Wanna Cry some more? Ransomware roundup special edition"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 15 May 2017 21:25:02 +0000<\/strong><\/p>\n<p>Whether you call it WannaCry, WannaCrypt, WCrypt, Wanacrypt0r, WCry, or one of the other names currently vying for the &#8220;call me this&#8221; crown, the ubiquitous ransomware which brought <a href=\"https:\/\/www.theguardian.com\/technology\/2017\/may\/12\/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20\" target=\"_blank\" rel=\"noopener noreferrer\">portions of the UK&#8217;s NHS to its knees over the weekend<\/a> along with everything from train stations to ATM machines is still with us, and causing mayhem Worldwide. As a result, our regular roundup has been replaced with what will hopefully serve as a useful place to collect links related to the attack.<\/p>\n<p>First thing&#8217;s first: this was a <a href=\"https:\/\/www.engadget.com\/2017\/05\/13\/microsoft-windowsxp-wannacrypt-nhs-patch\/\" target=\"_blank\" rel=\"noopener noreferrer\">big enough incident<\/a> that Microsoft created a special patch for Windows XP users, some three years after it had the plug pulled on support. Regardless of Windows OS, <a href=\"https:\/\/blogs.technet.microsoft.com\/msrc\/2017\/05\/12\/customer-guidance-for-wannacrypt-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">go get your update<\/a>.<\/p>\n<p>Now that we have that out of the way, here&#8217;s some handy links for you to get a good overview of what&#8217;s been going on:<\/p>\n<ul>\n<li>A <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/05\/wanacrypt0r-ransomware-hits-it-big-just-before-the-weekend\/\" target=\"_blank\" rel=\"noopener noreferrer\">rundown by our good selves<\/a>, detailing the spread and tactics used by this worm to deposit Ransomware globally.<\/li>\n<li>A <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2017\/05\/the-worm-that-spreads-wanacrypt0r\/\" target=\"_blank\" rel=\"noopener noreferrer\">deep dive into the Malware<\/a> by one of our\u00a0Malware research specialists.<\/li>\n<li>Watching the infection <a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2017\/05\/15\/wannacry-contagion-sends-doctors-back-to-pen-and-paper\" target=\"_blank\" rel=\"noopener noreferrer\">bounce around doctor&#8217;s surgeries<\/a>.<\/li>\n<li>How the purchase of a URL dealt a <a href=\"https:\/\/www.theguardian.com\/technology\/2017\/may\/14\/malware-tech-cyber-attack-surf-fan-loves-pizza-anonymous-hero-who-halted\" target=\"_blank\" rel=\"noopener noreferrer\">massive blow<\/a> to the previously unstoppable spread.<\/li>\n<li>What happens when the URL purchasing White Hat is <a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2017\/05\/15\/media-hounds-wannacry-ransomware-hero\/\" target=\"_blank\" rel=\"noopener noreferrer\">doxxed by the press<\/a>.<\/li>\n<li>People are <a href=\"https:\/\/twitter.com\/mikko\/status\/864107673146490880\" target=\"_blank\" rel=\"noopener noreferrer\">paying to retrieve files<\/a>, but it seems they&#8217;re taking quite a gamble.<\/li>\n<li>The Malware authors are <a href=\"https:\/\/twitter.com\/hackerfantastic\/status\/863833239475171329\" target=\"_blank\" rel=\"noopener noreferrer\">processing decryption manually<\/a>. If you pay, but they can&#8217;t be bothered \/ their PC explodes \/ they&#8217;re hauled off to jail, you&#8217;re definitely not getting files back anytime soon.<\/li>\n<li>More\u00a0problems: <a href=\"https:\/\/twitter.com\/malwrhunterteam\/status\/864075206037561347\" target=\"_blank\" rel=\"noopener noreferrer\">fake decryption tools<\/a>. Misery begets misery.<\/li>\n<li>It may be down, but it <a href=\"http:\/\/www.tomsguide.com\/us\/wannacry-ransomware-outbreak,news-25086.html\" target=\"_blank\" rel=\"noopener noreferrer\">most certainly isn&#8217;t out<\/a> with fresh infections still taking place.<\/li>\n<li>Accusations of an <a href=\"https:\/\/www.wired.com\/2017\/05\/wannacry-ransomware-hackers-made-real-amateur-mistakes\/\" target=\"_blank\" rel=\"noopener noreferrer\">amateur hour operation<\/a>, despite the problems caused so far.<\/li>\n<li>Another &#8220;kill-switch&#8221; domain <a href=\"https:\/\/twitter.com\/DanielGallagher\/status\/864178085184274432\" target=\"_blank\" rel=\"noopener noreferrer\">has been registered<\/a>, hoping to slow the follow-up tides of Ransomware related doom.<\/li>\n<li>The <a href=\"https:\/\/www.theregister.co.uk\/2017\/05\/15\/wannacrypt_sitrep\/\" target=\"_blank\" rel=\"noopener noreferrer\">hunt is now on<\/a> for the people behind it all. They&#8217;ve managed to annoy at least 3 major spy agencies, so good luck I guess.<\/li>\n<li><a href=\"https:\/\/twitter.com\/malwareunicorn\/status\/864178257251377152\" target=\"_blank\" rel=\"noopener noreferrer\">And finally<\/a>&#8230;<\/li>\n<\/ul>\n<p>This is a rapidly changing story, with a lot of valuable follow-up data being posted to haunts favored by security researchers such as Twitter, and we&#8217;ll likely add more links as the days pass. Update your security tools, patch your version of Windows and stay safe!<\/p>\n<p>&nbsp;<\/p>\n<p><em>The Malwarebytes Labs Team<\/em><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/05\/wanna-cry-some-more-ransomware-roundup-special-edition\/\">Wanna Cry some more? Ransomware roundup special edition<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/05\/wanna-cry-some-more-ransomware-roundup-special-edition\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 15 May 2017 21:25:02 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/05\/wanna-cry-some-more-ransomware-roundup-special-edition\/' title='Wanna Cry some more? Ransomware roundup special edition'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/03\/photodune-15810889-blueprint-of-ransomware-s-900x506.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A special compilation of security news related to the recent Worldwide outbreak of ransomware which has caused chaos for multiple organizations.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/\" rel=\"category tag\">Cybercrime<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/malware\/\" rel=\"category tag\">Malware<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/malware\/\" rel=\"tag\">malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ransomware\/\" rel=\"tag\">ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/spam\/\" rel=\"tag\">spam<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/wanacrypt0r\/\" rel=\"tag\">WanaCrypt0r<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/wannacry\/\" rel=\"tag\">WannaCry<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/wannacrypt\/\" rel=\"tag\">WannaCrypt<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/wcrypt\/\" rel=\"tag\">WCrypt<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/05\/wanna-cry-some-more-ransomware-roundup-special-edition\/' title='Wanna Cry some more? Ransomware roundup special edition'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/05\/wanna-cry-some-more-ransomware-roundup-special-edition\/\">Wanna Cry some more? Ransomware roundup special edition<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[4503,3764,3765,10518,12255,12252,12273,12274],"class_list":["post-7651","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-cybercrime","tag-malware","tag-ransomware","tag-spam","tag-wanacrypt0r","tag-wannacry","tag-wannacrypt","tag-wcrypt"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7651"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7651\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}