by "PartyPooper2012" (PartyPooper2012)
Published 05/16/2017 at 06:47
by "PartyPooper2012" (PartyPooper2012)
Published 05/16/2017 at 06:47
No Tags
STARS: 0
Someone here opened an attachment. I isolated the machine, but I am wondering how long till a message pops up saying give us your monies.
Back when Cryptolocker was going around, it took a day or two before everything was encrypted and ransom note popped up. I am wondering how long it takes for this shit to propagate so I can know for sure if the machine is compromised
I know on Friday people started getting the messages asking for money, but I don’t know when those people opened attachment.
I am not talking about those who were hacked via network exploit. I am talking about ground zero people - those who opened attachment and started spread within their network.
"Flavien Vidal" (flyingfrenchy)
05/16/2017 at 06:57, STARS: 0
It was stopped recently... The computer might be infected but it won’t block anything due to crappy coding of the ransomware...
"Illegitimus Prime" (illprime)
05/16/2017 at 07:06, STARS: 1
That halt was only temporary, it’s still live and dangerous. Generally windows 10 systems with Windows defender and the latest updates should be patched for it though.
"McMike" (mcmike)
05/16/2017 at 07:39, STARS: 4
Gmail is blocked at work now because the security certificate is not trusted.
There’s also a XP security update.
https://www.microsoft.com/en-us/download/details.aspx?id=55245
I REPEAT, MICROSOFT XP UPDATE.
"arl" (arl1968)
05/16/2017 at 07:41, STARS: 0
Windows 2003 update also available. Blows my mind.
"facw" (facw)
05/16/2017 at 09:07, STARS: 0
There’s a new version that isn’t stopped by that. And honestly, that guy says he didn’t know what registering the domain would do, which makes me think he got very lucky that it didn’t brick all these systems or something.
"Mr. Plastics powered by GreyGoose" (greygoose)
05/16/2017 at 09:19, STARS: 0
Oh man, I would hate to be the first guy on the network to start all the issues.
"LOREM IPSUM" (lorem---ipsum)
05/16/2017 at 09:42, STARS: 0
Did they fire the employee for gross negligence and overall incompetence?
"Nibbles" (nibbles)
05/16/2017 at 09:45, STARS: 0
74,000 employees, probably as many if not more workstations running 7 through 10, over 15,000 servers from 2003 to 2012 R2, not a single infection
"TheTurbochargedSquirrel" (thatsquirrel)
05/16/2017 at 10:37, STARS: 1
WannaCry seems to encrypt instantly when it makes its way onto your machine.
"PartyPooper2012" (PartyPooper2012)
05/16/2017 at 11:10, STARS: 0
Thanks for this info. Speaking from experience or read it some place?
"TheTurbochargedSquirrel" (thatsquirrel)
05/16/2017 at 11:24, STARS: 1
Looking at some of the info from the researchers working with it they are all reporting that the computer is encrypted as soon as the software is introduced to the machine.
"PartyPooper2012" (PartyPooper2012)
05/16/2017 at 11:46, STARS: 0
That’s good to know. Person here opened attachment and machine has been in isolation for about 24 hours now without anything being encrypted.
by the way, i saw an article where they claim tasksche.exe runs as part of infection to determine which mapped drive to infect.
Best i can tell is that is a malicious executable so I blocked that process. in case I get infected, hopefully that bitch wont run