massive ransomware outbreak - Windows all versions

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
ensignvorik
Easy as a breeze
Posts: 312
Joined: Sat Jul 14, 2012 8:24 pm

Re: massive ransomware outbreak - Windows all versions

Postby ensignvorik » Sat May 20, 2017 2:22 am

Moogle Stiltzkin wrote:qnap posted that they also ran their own tests :}

Image

https://www.qnap.com/en/news/2017/prote ... overy-plan


More like following in the footsteps of every other 'security vendor' and trying to cash in on it themselves.
Unless I'm being blind, I can't find the setting to change what kind of QNAP I have on my profile. I now own a TS-253A

User avatar
Moogle Stiltzkin
Experience counts
Posts: 4958
Joined: Thu Dec 04, 2008 12:21 am
Location: Malaysia
Contact:

Re: massive ransomware outbreak - Windows all versions

Postby Moogle Stiltzkin » Sat May 20, 2017 10:50 am

OneCD wrote:My view is that the reason a particular OS is attractive to criminals is because it's easy to hack.



just saw an article regarding the exact thing you mentioned. thought you might find it as interesting read as i did :mrgreen:

WannaCrypt Makes an Easy Case for Linux
This guy admits that it’s a tired argument but is using the recent/current ransomware fiasco to raise awareness for Linux and its security benefits again. Yes, you’ve heard most of it before: businesses should all switch from Windows, as it is a huge target for exploits, but he does try to make a novel point by noting that more and more companies are switching to Software as a Service (SaaS) or the cloud (meaning that work is increasingly done through a web browser), making Linux deployment more practical and sensible now. Er, wouldn’t Linux just become as vulnerable as Windows if its usage were to rise to the same level...


http://www.techrepublic.com/article/wan ... for-linux/

https://www.hardocp.com/news/2017/05/19 ... _for_linux


agree? disagree?

personally i did try linux variant for desktop use at one point but i just couldn't get use to it. windows is so simple and i'm far more familiar with it. When windows 10 came out and they messed with start, i used stardock fences to simplify the front end processes. Also tried mac but don't like that either :S




ensignvorik wrote:
More like following in the footsteps of every other 'security vendor' and trying to cash in on it themselves.


well i had a different impression. they actually bothered to test wannacry and how would qnap users deal with such a situation if they were affected. their at least in touch with the hot issues affecting us and offering some tips. that certainly can't be a bad thing for us now is it :) i'm subscribed to multiple sources so i for one appreciate these sorts of newsletters i get from them every now and then, because i don't always read the news to keep on top of things all the time :)

Unless I'm being blind, I can't find the setting to change what kind of QNAP I have on my profile. I now own a TS-253A


by the way did you ever figure this out yet? i also need to change my profile.... i got multiple qnap so how do i add them all... :mrgreen:



French Researchers Find Way to Unlock WannaCry without Ransom
A group of security experts and hackers have come up with a way to save Windows files encrypted by WannaCry. The tool, dubbed "Wanakiwi," appears to work as advertised for XP to Windows 7, although there are two caveats: it will only work on systems that have not been rebooted since becoming infected, and it must be applied before the deadline that locks out files permanently. The blog article referenced in the article that spells out the specifics seems to be located here.


https://www.hardocp.com/news/2017/05/19 ... out_ransom
NAS
[Main Server] QNAP TS-653A w. 4x HGST Deskstar NAS (HDN724040ALE640) EXT4 Raid5
[Backup] QNAP TS-659 Pro w. 5x 2TB Samsung EcoGreen F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TS-509 Pro w. 4x 1TB Western Digital RE3 (WD1002FBYS) EXT4 Raid5
[Backup] QNAP TS-228
[Backup] QNAP TS-128 w. 1x 1TB Western Digital RE3 (WD1002FBYS)

Other Network Devices
Asus AC68U AC1900 Router (RT Merlin firmware)|30mbps download/10mbps upload FTTH Internet | Windows 10 Enterprise, Water Cooled PC with Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides and useful articles posted by me
[Review] Moogle's QNAP experience
[Megathread] Qnap Frequently asked questions V2, click to read here

ensignvorik
Easy as a breeze
Posts: 312
Joined: Sat Jul 14, 2012 8:24 pm

Re: massive ransomware outbreak - Windows all versions

Postby ensignvorik » Sat May 20, 2017 3:23 pm

Moogle Stiltzkin wrote:
Unless I'm being blind, I can't find the setting to change what kind of QNAP I have on my profile. I now own a TS-253A


by the way did you ever figure this out yet? i also need to change my profile.... i got multiple qnap so how do i add them all... :mrgreen:



Nope, apparently they removed the option to edit it, so you're stuck with whatever NAS you had when you first registered!
Unless I'm being blind, I can't find the setting to change what kind of QNAP I have on my profile. I now own a TS-253A

User avatar
Toxic17
Experience counts
Posts: 3823
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: massive ransomware outbreak - Windows all versions

Postby Toxic17 » Sat May 20, 2017 3:29 pm

Moogle Stiltzkin wrote:by the way did you ever figure this out yet? i also need to change my profile.... i got multiple qnap so how do i add them all... :mrgreen:


Submit a Ticket with QNAP, select Category, "Forum Administration" and ask them to change your NAS Model.
Regards Simon

QTS 4.3/4.2 MANUAL

Submit a ticket - QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


Intel NUC DN2820FYKH - Debian 9.1 Stretch - CumulusMX 3.0.0 Build 3043
NAS: TVS-463/QM2-2P 4.3.4.0387 βeta2 - TS-121 4.3.3.0361 - APC Back-UPS ES 700G
QPKG's: TwonkyMedia - QApache - QSonarr - QNBZGet - phpMyAdmin - Qmono
Network: VM Hub 3.0 - Sophos XG - Ubiquiti CloudKey - UniFi AP AC Pro - TL-SG1016DE - Cisco SLM2008

User avatar
OneCD
Experience counts
Posts: 3231
Joined: Sun Aug 21, 2016 10:48 am
Location: over there, behind that sofa...

Re: massive ransomware outbreak - Windows all versions

Postby OneCD » Sat May 20, 2017 4:57 pm

Moogle Stiltzkin wrote:just saw an article regarding the exact thing you mentioned. thought you might find it as interesting read as i did :mrgreen:

Thanks Moog - that was interesting. :D

Moogle Stiltzkin wrote:agree? disagree?

Agree in general with the author - but also don't think his article will have any positive effect. The same tired old comments are being posted below it.

Moogle Stiltzkin wrote:personally i did try linux variant for desktop use at one point but i just couldn't get use to it.

Linux isn't for everyone. There is an extremely steep learning curve no matter which distribution you start with. In some ways, it's like having to start all over again with computers. Takes lot of patience and lots of research. It also means looking at operating systems in a different way, and learning a whole new vocabulary.

It was very difficult for the first 18 months or so after I started running Linux web-server at home (LAMP), and had to keep a Windows PC nearby to do things the 'old way'. The difficulty was primarily due to my own ignorance. But, I could see that this system didn't crash on it's own, and could in fact run for years without needing to be rebooted. At that time, Windows XP was lucky to get through a single 8-hour day without crashing. Linux was also fast! Even on my old Pentium 2 CPU. Far fewer instructions that need to be processed.

But I was still frustrated by simple things. I thought I should be able to right-click on a desktop and create an icon. At at the time, that wasn't possible with the distros I used. Couldn't understand why something so simple wasn't possible. To create a desktop icon entry meant manually writing a text file with all the parameters. Which means learning where it has to go. And what it needs to contain. By the time I had learned all that, I wasn't using the desktop much anymore. :lol:

I didn't appreciate back then that many volunteer programmers had been busy behind-the-scenes building a very solid system. Silly things like desktop icons could wait. "Let's get the security and reliability things working properly, before moving onto issues of convenience". Then one day KDE arrived and left Windows in the dust with GUI ability. It still does - even Windows 10 is completely outclassed.

One of the best things I learned was to ensure I knew what was being installed and why. This was forced on me by my various distributions. To not just blindly accept everything on offer that appears on the screen. Learn what those error messages mean. If not, be prepared to at least Google them. Good user security practices immediately eliminate a staggering range of malware from ever being installed. But it takes time for these good practices to become good habits.

I accept that not everyone actually enjoys using a computer. To some people, they are all the same - a magic box with buttons that they have to use whether they like it or not. So, once they learn an OS (usually Windows) - that's it. The learning stops. Some are genuinely surprised to learn that Windows isn't the only operating system available for the PC. Those people will never change their OS. I'm sure Microsoft are quite happy about that.

It's these people that are the motivation to make operating systems easier to use. Which occurs at the expense of security. Windows may be easy to use, because the security that should be in place to protect the user has been (unfortunately) abandoned. Look at what Google has done to Linux with Android in order to make it easy to use.

I can't see this abandonment of security ever happening to Linux as a whole due to the ever-increasing number of specialised distros out there. At the extreme end of the spectrum, there are a number of ultra-paranoid coffee-drinkers who think security is paramount because the NSA is spying on them. They will keep producing distros where security is REQUIRED - not optional. And that's a good thing.

Finally: when antivirus programs become the norm for an OS, it's time to re-evaluate its security. And when an infected operating system can infect the systems around it and spread without human assistance - dump it. It's done-for.

I'll climb down off my soap-box now. ;)

I've switched to pure Debian on my production NAS (TS-569 Pro), with the backup NAS (TS-559 Pro+) to follow, so I'll no longer be able to use or support QNAP's firmware. This means no more closed-source software, "Malware Removers", etc ... If you have the means, I highly recommend it. Powerup/poweroff times are < 1 minute. :D

one.cd.only@gmail.com

User avatar
Moogle Stiltzkin
Experience counts
Posts: 4958
Joined: Thu Dec 04, 2008 12:21 am
Location: Malaysia
Contact:

Re: massive ransomware outbreak - Windows all versions

Postby Moogle Stiltzkin » Mon May 22, 2017 1:23 pm

Toxic17 wrote:
Moogle Stiltzkin wrote:by the way did you ever figure this out yet? i also need to change my profile.... i got multiple qnap so how do i add them all... :mrgreen:


Submit a Ticket with QNAP, select Category, "Forum Administration" and ask them to change your NAS Model.


ooo i'll try that thx :mrgreen:
NAS
[Main Server] QNAP TS-653A w. 4x HGST Deskstar NAS (HDN724040ALE640) EXT4 Raid5
[Backup] QNAP TS-659 Pro w. 5x 2TB Samsung EcoGreen F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TS-509 Pro w. 4x 1TB Western Digital RE3 (WD1002FBYS) EXT4 Raid5
[Backup] QNAP TS-228
[Backup] QNAP TS-128 w. 1x 1TB Western Digital RE3 (WD1002FBYS)

Other Network Devices
Asus AC68U AC1900 Router (RT Merlin firmware)|30mbps download/10mbps upload FTTH Internet | Windows 10 Enterprise, Water Cooled PC with Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides and useful articles posted by me
[Review] Moogle's QNAP experience
[Megathread] Qnap Frequently asked questions V2, click to read here

User avatar
OneCD
Experience counts
Posts: 3231
Joined: Sun Aug 21, 2016 10:48 am
Location: over there, behind that sofa...

Re: massive ransomware outbreak - Windows all versions

Postby OneCD » Thu May 25, 2017 2:55 am

As the number of deposited bitcoins has slowed to a trickle, this will be my final update (13 days since the first announcement).

49.77529937 bitcoins (AU$162,220.42) were extorted.

This is approximately 404 minimum payments (in US$). This is the number of people who didn't keep Windows up-to-date and didn't have backups and decided to pay the ransom. :S

The ransomware BTC addresses can be viewed here:

BTC addresses sourced from Rapid7

I've switched to pure Debian on my production NAS (TS-569 Pro), with the backup NAS (TS-559 Pro+) to follow, so I'll no longer be able to use or support QNAP's firmware. This means no more closed-source software, "Malware Removers", etc ... If you have the means, I highly recommend it. Powerup/poweroff times are < 1 minute. :D

one.cd.only@gmail.com

dolbyman
Ask me anything
Posts: 6539
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: massive ransomware outbreak - Windows all versions

Postby dolbyman » Thu May 25, 2017 3:21 am

not a bad amount....but a very low number for such a global scare

User avatar
Johnno72
Know my way around
Posts: 222
Joined: Fri Jul 31, 2015 1:35 pm
Location: Australia

Re: massive ransomware outbreak - Windows all versions

Postby Johnno72 » Thu May 25, 2017 6:20 am

Certainly does reveal some interesting figures all round, it does show how many people whom do keep OS updates happening. Certainly a great boost for the argument that Microsoft says about forcing automatic updates to their OS. Proof in the pudding, 404 (lets say 500 all including unreported attacks, I know of three) in total got hit, when you add some info as below to the argument it is interesting that only such a miniscule amount got hit:
1.25 billion Windows PCs running today. (That includes all versions of Windows.)
500 million Windows 7 licenses sold in the last two years. It’s a safe bet that more than 80% of those licenses were sold on new PCs, which means there are at least 400 million active Windows 7 users today. (Some licenses might have been bought by corporations for upgrades, but not yet deployed.)

source: https://www.businessinsider.com.au/right-now-there-are-125-billion-windows-pcs-worldwide-2011-12?r=US&IR=T
OS: Windows 10 Pro Insider Preview Build 17035.rs_prerelease.171103-1616 x64
NAS: QNAP TS-EC2480U-RP 16G 24 Bay Rackmount - Firmware: 4.3.3.0361 Build 20171101
StoragePool / DataVol: Storage Pool 1 / DataVol1: Single 29.04TB - Thick Volume: 29TB
HDD's: Western Digital - Model: WDC WD4001FFSX-68JUN0 Red Pro NAS 3.5"
HDD Size: 4TB - HDD Firmware all HDD's: 81.00A81
RAID Configuration: RAID6 x 10, HotSpare x 1, ColdSpare x 1 - Network: 1GbE
UPS: CyberPower PR3000ELCDRT2U Professional Rackmount LCD 3000VA, 2250W 2U Line Interactive UPS
QNAP Hardware details required: https://forum.qnap.com/viewtopic.php?f=5&t=68954

AlastairStevenson
Experience counts
Posts: 1807
Joined: Wed Jan 08, 2014 10:34 pm

Re: massive ransomware outbreak - Windows all versions

Postby AlastairStevenson » Thu May 25, 2017 11:50 pm

it is interesting that only such a miniscule amount got hit:

The number of organisations that were affected was several hundreds of thousands, and that's only those that were reported.
Within some organisations were many PCs.
So the scale was actually very large.

The number 404 quoted is simply the count of those who have paid the ransom to the known bitcoin wallets.
TS-431+ as primary storage and media server and a bunch of IP cams under Surveillance Station.

User avatar
schumaku
Guru
Posts: 42774
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: massive ransomware outbreak - Windows all versions

Postby schumaku » Fri May 26, 2017 3:50 am

AlastairStevenson wrote:The number of organisations that were affected was several hundreds of thousands
I have zero compassion for organisations which have failed to keep their system up2date - with patches available months before. Appears there are many responsible Cxx and IT managers in a much to comftable position - enough reason to fire them all.


Return to “Users' Corner”

Who is online

Users browsing this forum: No registered users and 8 guests