- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Calling IT Security Experts: anything we should be aware of?
Posted on 5/15/17 at 9:27 am
Posted on 5/15/17 at 9:27 am
Seems like there is a massive worldwide randsomware virus out there. Anything in particular we should watch out for or stay away from?
What should we know?
What should we know?
7
Posted on 5/15/17 at 9:34 am to WONTONGO
here's a blog update from MS about it
LINK
more info
LINK
LINK
quote:
Starting first in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year. A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers. While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected.
more info
LINK
This post was edited on 5/15/17 at 9:38 am
Posted on 5/15/17 at 9:41 am to WONTONGO
(no message)
This post was edited on 12/21/21 at 11:04 am
Posted on 5/15/17 at 9:53 am to WONTONGO
From my limited understanding:
Windows 10 = ok
Windows 8.1/8 = ok
Windows 7 = ok
Anything other than these need to get patched via MS Windows Update process NOW.
Windows 10 = ok
Windows 8.1/8 = ok
Windows 7 = ok
Anything other than these need to get patched via MS Windows Update process NOW.
Posted on 5/15/17 at 10:58 am to gmrkr5
Any idea how it was being delivered? I assume email but can't confirm.
Was there an attachment or a URL?
Was there an attachment or a URL?
Posted on 5/15/17 at 11:06 am to WONTONGO
There are certainly things you can do to reduce your risk like anti-virus/malware software and staying up to date on your patches. But I wonder what the backup strategy was for these organizations that got hit. If you don't have a backup plan with offsite storage in place you should look into one. That can be a 3rd party cloud service like Carbonite but it can also be as simple as running Windows backup on an external hard drive and/or burning to a blu ray once a month (or more often depending on your data).
Posted on 5/15/17 at 11:08 am to mastersleestak
quote:
Any idea how it was being delivered? I assume email but can't confirm.
Was there an attachment or a URL?
i know it's phishing but not sure of the payload yet...
Posted on 5/15/17 at 11:09 am to TigerinATL
quote:
There are certainly things you can do to reduce your risk like anti-virus/malware software and staying up to date on your patches. But I wonder what the backup strategy was for these organizations that got hit. If you don't have a backup plan with offsite storage in place you should look into one. That can be a 3rd party cloud service like Carbonite but it can also be as simple as running Windows backup on an external hard drive and/or burning to a blu ray once a month (or more often depending on your data).
true, but easier said than done...
most large organization use some form of replication in their backup solution. it doesnt take long at all to start replicating encrypted assets
Posted on 5/15/17 at 11:14 am to gmrkr5
quote:
most large organization use some form of replication in their backup solution. it doesnt take long at all to start replicating encrypted assets
True, but Replication =/= backup is like IT 101 level knowledge. Like you said, easier said than done, but I think this ransomware epidemic is underscoring that maybe a true backup solution is worth the small amount of time and money they weren't willing to budget for before.
This post was edited on 5/15/17 at 11:15 am
Posted on 5/15/17 at 11:19 am to TigerinATL
quote:
True, but Replication =/= backup is like IT 101 level knowledge. Like you said, easier said than done, but I think this ransomware epidemic is underscoring that maybe a true backup solution is worth the small amount of time and money they weren't willing to budget for before.
agree with everything you said, but the reality is lots of large organizations replicate to a different site and call it their backup.
In most DR scenarios that replicated "backup" is what they consider ideal...but like you said, get hit with ransomeware and you realize why replication is an awful solution
This post was edited on 5/15/17 at 11:21 am
Posted on 5/15/17 at 12:07 pm to WONTONGO
If you have a decent sized business, chances are one of your employees already fricked you.
Vigilant patching cycles, people
Vigilant patching cycles, people
Posted on 5/15/17 at 12:50 pm to gmrkr5
quote:
i know it's phishing but not sure of the payload yet...
nevermind... this is a true worm.
Posted on 5/15/17 at 2:23 pm to Carson123987
quote:
Vigilant patching cycles, people
the greatest virus headache i've ever had in my 15 years of jobs of IT security could have been avoided by a single windows patch. (and some a-hole not checking a button on our AV console)
This post was edited on 5/15/17 at 2:24 pm
Posted on 5/15/17 at 2:39 pm to 3nOut
On any windows machine including Server 2012
in cmd run
wmic qfe|find "KB4012212"
If this does not send back a hyperlink and a shown support file KB4012212. Download that package IMMEDIATELY.
in cmd run
wmic qfe|find "KB4012212"
If this does not send back a hyperlink and a shown support file KB4012212. Download that package IMMEDIATELY.
Posted on 5/15/17 at 3:58 pm to gmrkr5
quote:
nevermind... this is a true worm.
Yes it is, as it can propagate across the network with no user intervention. What I am hearing is there's two main infection vectors: 1 - infected attachments/zip files via spear phishing campaigns; 2 - direct infection via servers with SMB directly exposed to the internet.
This post was edited on 5/15/17 at 3:59 pm
Posted on 5/15/17 at 4:25 pm to jdd48
We run Applocker and BitLocker but since this was ransomware built on some CIA bullshite would it have been able to work around it?
This post was edited on 5/15/17 at 4:27 pm
Posted on 5/15/17 at 7:15 pm to Tigeralum2008
quote:
We run Applocker and BitLocker but since this was ransomware built on some CIA bullshite would it have been able to work around it?
Probably not, unless you've got unpatched XP/7/8.1/2003 PC's or servers. From what I understand, besides utilizing the ETERNALBLUE exploit, the exploit code itself wasn't super sophisticated.
Make no mistake though, NOTHING is ever bullet proof when it comes to network security. There are documented AppLocker and Bitlocker bypass methods.
Posted on 5/16/17 at 7:38 am to DoubleDown
quote:
Windows 8.1/8 = ok
Windows 8, not 8.1 is officially unsupported, so you have to patch it, Vista and XP manually. As well as 2003 Server.
Posted on 5/16/17 at 9:19 am to jdd48
quote:
Yes it is, as it can propagate across the network with no user intervention. What I am hearing is there's two main infection vectors: 1 - infected attachments/zip files via spear phishing campaigns; 2 - direct infection via servers with SMB directly exposed to the internet.
I've yet to see any evidence suggesting phishing as an attack vector.
Page 1 of 2
Popular
Back to top
Follow TigerDroppings for LSU Football News