massive ransomware outbreak - Windows all versions

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

massive ransomware outbreak - Windows all versions

Post by Moogle Stiltzkin »

'Biggest ransomware outbreak in history' hits nearly 100 countries with data held for ransom
Qnap uses linux so less relevant. though if you run virtual os with windows... hm?

Anyway seems to be big news atm :X seems theres currently a global ransomware problem happening atm which is affecting all versions of windows.

One of the main problems is, if any pc is infected, it can potentially infect other pcs on the same network.
Update 8: Microsoft has pushed out hotfixes for WannaCry and older Windows OS.

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).
Update 7: Microsoft Statement - "Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance."

Update 6: FedEx has instructed approximately 80,000 employees, via email, to turn off their computers till Monday while it tries to deal with the WannCry ransomware.

Update 5: FedEx (FDX ) here in the United States has now been impacted by the WannaCry ransomware. FedEx has not determined exactly how it is spreading, but it is. Virtual Machines currently seem to be the most vulnerable on its network. FedEx is currently shutting down its PCs and taking its ESX servers offline as well.

Update 4: In-house HardOCP security experts have reported that the Russian Ministry of the Interior (Police) network has now been taken down by WannyCry ransomware.

Update 3: Microsoft pushed out a Security Bulletin MS12-010-Critical server patch in March as reported by the BBC, but many have not yet updated the vulnerable systems.

Update 2: HardOCP in-house security experts have verified that the WannaCry ransomware attack is being conducted using Eternal Blue. Eternal Blue was an exploitation tool released in Vault 7, the NSA tool dump from WikiLeaks. You can use this page to watch the current infection rate worldwide after you click connect.

Update: HardOCP in-house security experts have verified that the WannaCry ransomware is using a remote command execution vulnerability through Server Message Block (SMB).

While the outbreak was at first mainly located in Spain, it has quickly spread worldwide. It would be good for our System Admin readers to be very aware of this as it seems to be a very nasty strain of ransomware. Microsoft issued a patch for this on March 14th.

Image
if you don't like blocks of text, here is a video summary whats happening
[youtube=]GtWTWe4Ao8w[/youtube]


if your a newbie, here is a video intro what ransomware is and why you should be wary of it
[youtube=]shDgBHUXnr8[/youtube]


You can read the full story here
https://www.hardocp.com/news/2017/05/12 ... e_vigilant

http://www.abc.net.au/news/2017-05-13/b ... ns/8523102

:mrgreen:


in qnap related news, they reminded about updating firmware to latest version with security fixes (as you rightly should).
QNAP Security Advisory and Malware Remover Update Notice
Taipei, Taiwan, May 12, 2017 - QNAP® Systems, Inc. is committed to the protection of the privacy and data security of our users. The QNAP Cyber Security Team actively and regularly performs security checks on all QNAP NAS systems and recently identified an attack that possibly exploits known vulnerabilities in earlier QTS versions. Malware can then be downloaded and executed, which in turn installs a QTS 4.2.5 build on the compromised system. This malware may potentially result in unauthorized access to NAS data.

To ensure data security, QNAP strongly recommend that users immediately install Malware Remover 2.1.2 on their QNAP NAS. Malware Remover 2.1.2 can detect and delete malware on your NAS. After running Malware Remover 2.1.2 and confirming the malware is removed from your NAS, update your NAS to the latest version of QTS available for your NAS, and change the passwords for all NAS users. You can learn more about this vulnerability at QNAP Security Bulletins.

https://www.qnap.com/en/support/con_show.php?cid=117


Installing Malware Remover 2.1.2

Log on to QTS as administrator.
Open the App Center and then click the Search icon.
Type “Malware Remover” and then press ENTER. The Malware Remover application appears in the search results list.
Click Install.


About QNAP

QNAP Systems, Inc., as its brand promise "Quality Network Appliance Provider", aims to deliver comprehensive offerings of cutting edge network attached storage (NAS) and network video recorder (NVR) solutions featured with ease-of-use, robust operation, large storage capacity, and trustworthy reliability. QNAP integrates technologies and designs to bring forth quality products that effectively improve business efficiency on file sharing, virtualization applications, storage management and surveillance in the business environments, as well as enrich entertainment life for home users with the offering of a fun multimedia center experience. Headquartered in Taipei, QNAP delivers its solutions to the global market with nonstop innovation and passion.

to weather the current storm, some simple steps you can do

1. update windows asap...
2. update anti virus.... you can refer to the site https://www.av-test.org/en/ to figure out which AV is most effective.
3. update anti malware e.g. malwarebytes, hitman....
4. update your router (especially great with third party routers which are usually fastest with security patches like rt merlin for asus routers)
5. update qnap firmware if you haven't
6. make sure you have backups.... so even if your pc gets ransomware hit, you can format then restore using backup.
7. keep up to date on the tech sites on the ongoing situation for the dos and donts :X at least for the next few days.
8. don't click links from unexpected emails that say their from nigerian prince etc :S thats how you get infected.
9. for browsing web i'd strongly recommend chrome with gorhill's plugins umatrix and ublock. keeps stuff from getting stored on your hard drive unless you first give the green light. prevents adware and other stuff :mrgreen:


PS: this is why we keep backups. If you want to backup your desktop/laptop to QNAP there is apps like Aomei backupper which i tested is able to backup your computer to your qnap without issue :) there probably other alternative apps/methods to go about it which you can google.

pro tip, if your encrypting your backup, make sure the encryption password key is complex.... the encryption is only as good as your key complexity. If your managing a ton of complex keys then something like keepass to store them then only having to remember 1 complex master key should be manageable (just keep it hidden somewhere :mrgreen: )

for windows you probably want to use something like this to keep the analytic junk on silence :roll:
https://www.oo-software.com/en/shutup10

also sorry for the noise :mrgreen: kek
Last edited by Moogle Stiltzkin on Sun May 14, 2017 8:14 am, edited 19 times in total.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
OneCD
Guru
Posts: 12038
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: massive ransomware outbreak - Windows all versions

Post by OneCD »

Thanks Moogle. :)

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: massive ransomware outbreak - Windows all versions

Post by Moogle Stiltzkin »

OneCD wrote:Thanks Moog. :D

np :) just felt it was serious enough to report. I'm keeping track atm for what windows is doing to fix this :shock:

i got bunch of security stuff on my pc, but others on my network aren't as security conscious as i am which is a problem :( xd
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
OneCD
Guru
Posts: 12038
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: massive ransomware outbreak - Windows all versions

Post by OneCD »

Feeling quite good about my Debian 8 workstation right now. ;)

(I can never find a 'smug' emoji when I need it. So, this will have to do):

Image

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
elvisimprsntr

Re: massive ransomware outbreak - Windows all versions

Post by elvisimprsntr »

Glad I have a Linux/MacOS household. I have one W7 VM on my QNAP which I use once every 6 mo.
User avatar
Johnno72
Easy as a breeze
Posts: 378
Joined: Fri Jul 31, 2015 1:35 pm
Location: Australia

Re: massive ransomware outbreak - Windows all versions

Post by Johnno72 »

Having a MAC / Linux / Android will not stop you from getting malware or virus infections, if anything the MAC / Android platforms are being specifically targeted in these attacks more than any other platform at the moment.

So I wouldn't get too complacent if I were you.
OS: Win10 Professional v2004 OS Build 19041.388 x64
NAS: QNAP TS-EC2480U-RP 16G 24 Bay - Firmware: v4.4.3.1421 build 20200907. Updated from v4.4.3.1400 Build 20200817 Official
StoragePool / DataVol: Storage Pool 1 / DataVol1: Single 29.04TB - Thick Volume: 29TB
HDD's: Western Digital - Model: WDC WD4001FFSX-68JUN0 Red Pro NAS 3.5"
HDD Size: 4TB - HDD Firmware all HDD's: 81.00A81
RAID Configuration: RAID6 x 10, HotSpare x 1, ColdSpare x 1 - Network: 1GbE
UPS: CyberPower PR3000ELCDRT2U Professional Rackmount LCD 3000VA, 2250W 2U Line Interactive UPS
QNAP Hardware details required: viewtopic.php?f=5&t=68954
Remote Administration of: TVS-863+ 16G on UPS Cyberpower OLS1500E+RMcard205
User avatar
OneCD
Guru
Posts: 12038
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: massive ransomware outbreak - Windows all versions

Post by OneCD »

Johnno72 wrote:if anything the MAC / Android platforms are being specifically targeted in these attacks more than any other platform at the moment.
This particular one is Windows-only. :shock:
Gizmodo wrote:Unknown attackers deployed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren't updated after March 14 with the MS17-010 patch were affected; this patch resolved an exploit known as ExternalBlue ...
To their credit, it seems Microsoft did fix this vulnerability a while back. It's only unpatched systems being affected.

Microsoft have just released an emergency patch which goes back as far as WinXP. They claim Win10 is not vulnerable.
http://www.catalog.update.microsoft.com ... =KB4012598

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: massive ransomware outbreak - Windows all versions

Post by Moogle Stiltzkin »

Hero spent $10.69 to halt global cyberattack
WannaCry Ransomware Halted by Accident
As we reported on yesterday, there was a little bit of a ransomware making its way around the world. It turns out, one of the reasons this outbreak was not as bad as it could have been was because of a lucky accident.

A security blogger who goes by the name of MalwareTech started digging into the WannaCry Ransomware while on vacation. He noticed that the ransomware was attempting to contact a specific address every time it infected a new computer. That address it was contacting, a long mess of numbers and letters, had apparently not been registered, so he paid $10.68 to register it. Turns out that the ransomware was programmed with a "kill-switch" stopping its spread if it got a response from that site, and as soon as the site responded, the ransomware stopped spreading.

While this particular strain of the ransomware has thus been stopped, this does not mean that future strains will have this same kill-switch. This discovery also does nothing for those who have already been impacted.

More detailed information can be found in MalwareTech's blog.
source:
http://money.cnn.com/2017/05/13/technol ... index.html

https://www.malwaretech.com/2017/05/how ... tacks.html


just the hero we need :mrgreen:
Last edited by Moogle Stiltzkin on Sun May 14, 2017 9:54 am, edited 2 times in total.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
kherr4377
Been there, done that
Posts: 898
Joined: Mon Jun 03, 2013 3:33 am

Re: massive ransomware outbreak - Windows all versions

Post by kherr4377 »

i think the next round won't have a 'kill' switch ....... :S :S
Production :
TVS-673 4.3.4 0387
4 X 3TB WD RED : 1 X 4TB HGST DESKSTAR R5
32GB
LAN-10G1SR-D, FiberHal for Cisco SFP-10G-SR
NETGEAR ProSAFE SS3300-28X

Backup :
TS-469L 4.3.4 0387
4 X 3TB WD RED R5
3GB
Located detached garage .. cheap offsite solution ...

2nd TS-469L awaiting drives and reassignment for front-line duty .......
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: massive ransomware outbreak - Windows all versions

Post by Moogle Stiltzkin »

60220478.jpg
:(
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: massive ransomware outbreak - Windows all versions

Post by Moogle Stiltzkin »

OneCD wrote:Feeling quite good about my Debian 8 workstation right now. ;)

(I can never find a 'smug' emoji when I need it. So, this will have to do):

Image
here made one for you :mrgreen: shalltear from overlord

Image


you can use :)
https://imgflip.com/memegenerator

http://imgur.com/
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
OneCD
Guru
Posts: 12038
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: massive ransomware outbreak - Windows all versions

Post by OneCD »

:DD

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: massive ransomware outbreak - Windows all versions

Post by schumaku »

Can't see much fun. If **** "professional", paid, IT managers and their people are unable to deploy security updates available in time, they should be fired and never get a job in IT again. The same applies to the well paid CIO and then the CEO, CFO and never come back into a similar job, because they failed to manage and control their organisations.
User avatar
OneCD
Guru
Posts: 12038
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: massive ransomware outbreak - Windows all versions

Post by OneCD »

Agreed.

But events like this form part of the 'Microsoft Economy' that these same IT managers bought into. They chose to trust their important data and businesses to the most hacked operating system in history. Clearly, this was the wrong thing to do.

<rant> Windows has long been the OS that costs a lot more to own than just the purchase price. Just look how much Microsoft charge to become a 'Microsoft Certified Engineer' (or whatever they're calling it these days) - they actually charge people so they can learn how to perform (temporary) repairs to this shoddy OS. Am I the only one who thinks this ridiculous sham has gone on long enough? </rant>

I'm certain some of those IT managers will pay the ransom, blame-shift to the hackers, and keep their jobs. ;)
Last edited by OneCD on Sun May 14, 2017 5:13 pm, edited 1 time in total.

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: massive ransomware outbreak - Windows all versions

Post by schumaku »

Without going into an OS war ... if other OS (or more it's software environment) had the same attractivity to the criminals, efforts would be shifted. And this started happened a longer time ago already. mac OS has massively gained attractivity. And the majority of Linux and other U**x-like OS in the field are not set-up in a reasonable secure way, too.
Locked

Return to “Users' Corner”