massive ransomware outbreak - Windows all versions

[ensignvorik]

qnap posted that they also ran their own tests :}



https://www.qnap.com/en/news/2017/prote ... overy-plan

More like following in the footsteps of every other 'security vendor' and trying to cash in on it themselves.

[Moogle Stiltzkin]

My view is that the reason a particular OS is attractive to criminals is because it's easy to hack.

just saw an article regarding the exact thing you mentioned. thought you might find it as interesting read as i did

WannaCrypt Makes an Easy Case for Linux
This guy admits that it’s a tired argument but is using the recent/current ransomware fiasco to raise awareness for Linux and its security benefits again. Yes, you’ve heard most of it before: businesses should all switch from Windows, as it is a huge target for exploits, but he does try to make a novel point by noting that more and more companies are switching to Software as a Service (SaaS) or the cloud (meaning that work is increasingly done through a web browser), making Linux deployment more practical and sensible now. Er, wouldn’t Linux just become as vulnerable as Windows if its usage were to rise to the same level...

http://www.techrepublic.com/article/wan ... for-linux/

https://www.hardocp.com/news/2017/05/19 ... _for_linux


agree? disagree?

personally i did try linux variant for desktop use at one point but i just couldn't get use to it. windows is so simple and i'm far more familiar with it. When windows 10 came out and they messed with start, i used stardock fences to simplify the front end processes. Also tried mac but don't like that either

More like following in the footsteps of every other 'security vendor' and trying to cash in on it themselves.

well i had a different impression. they actually bothered to test wannacry and how would qnap users deal with such a situation if they were affected. their at least in touch with the hot issues affecting us and offering some tips. that certainly can't be a bad thing for us now is it i'm subscribed to multiple sources so i for one appreciate these sorts of newsletters i get from them every now and then, because i don't always read the news to keep on top of things all the time

Unless I'm being blind, I can't find the setting to change what kind of QNAP I have on my profile. I now own a TS-253A

by the way did you ever figure this out yet? i also need to change my profile.... i got multiple qnap so how do i add them all...

French Researchers Find Way to Unlock WannaCry without Ransom
A group of security experts and hackers have come up with a way to save Windows files encrypted by WannaCry. The tool, dubbed "Wanakiwi," appears to work as advertised for XP to Windows 7, although there are two caveats: it will only work on systems that have not been rebooted since becoming infected, and it must be applied before the deadline that locks out files permanently. The blog article referenced in the article that spells out the specifics seems to be located here.

https://www.hardocp.com/news/2017/05/19 ... out_ransom

[ensignvorik]

Unless I'm being blind, I can't find the setting to change what kind of QNAP I have on my profile. I now own a TS-253A

by the way did you ever figure this out yet? i also need to change my profile.... i got multiple qnap so how do i add them all...

Nope, apparently they removed the option to edit it, so you're stuck with whatever NAS you had when you first registered!

[Toxic17]

by the way did you ever figure this out yet? i also need to change my profile.... i got multiple qnap so how do i add them all...

Submit a Ticket with QNAP, select Category, "Forum Administration" and ask them to change your NAS Model.

[OneCD]

just saw an article regarding the exact thing you mentioned. thought you might find it as interesting read as i did

Thanks Moogle - that was interesting.

agree? disagree?

Agree in general with the author - but also don't think his article will have any positive effect. The same tired old comments are being posted below it.

personally i did try linux variant for desktop use at one point but i just couldn't get use to it.

Linux isn't for everyone. There is an extremely steep learning curve no matter which distribution you start with. In some ways, it's like having to start all over again with computers. Takes lot of patience and lots of research. It also means looking at operating systems in a different way, and learning a whole new vocabulary.

It was very difficult for the first 18 months or so after I started running Linux web-server at home (LAMP), and had to keep a Windows PC nearby to do things the 'old way'. The difficulty was primarily due to my own ignorance. But, I could see that this system didn't crash on it's own, and could in fact run for years without needing to be rebooted. At that time, Windows XP was lucky to get through a single 8-hour day without crashing. Linux was also fast! Even on my old Pentium 2 CPU. Far fewer instructions that need to be processed.

But I was still frustrated by simple things. I thought I should be able to right-click on a desktop and create an icon. At at the time, that wasn't possible with the distros I used. Couldn't understand why something so simple wasn't possible. To create a desktop icon entry meant manually writing a text file with all the parameters. Which means learning where it has to go. And what it needs to contain. By the time I had learned all that, I wasn't using the desktop much anymore.

I didn't appreciate back then that many volunteer programmers had been busy behind-the-scenes building a very solid system. Silly things like desktop icons could wait. "Let's get the security and reliability things working properly, before moving onto issues of convenience". Then one day KDE arrived and left Windows in the dust with GUI ability. It still does - even Windows 10 is completely outclassed.

One of the best things I learned was to ensure I knew what was being installed and why. This was forced on me by my various distributions. To not just blindly accept everything on offer that appears on the screen. Learn what those error messages mean. If not, be prepared to at least Google them. Good user security practices immediately eliminate a staggering range of malware from ever being installed. But it takes time for these good practices to become good habits.

I accept that not everyone actually enjoys using a computer. To some people, they are all the same - a magic box with buttons that they have to use whether they like it or not. So, once they learn an OS (usually Windows) - that's it. The learning stops. Some are genuinely surprised to learn that Windows isn't the only operating system available for the PC. Those people will never change their OS. I'm sure Microsoft are quite happy about that.

It's these people that are the motivation to make operating systems easier to use. Which occurs at the expense of security. Windows may be easy to use, because the security that should be in place to protect the user has been (unfortunately) abandoned. Look at what Google has done to Linux with Android in order to make it easy to use.

I can't see this abandonment of security ever happening to Linux as a whole due to the ever-increasing number of specialised distros out there. At the extreme end of the spectrum, there are a number of ultra-paranoid coffee-drinkers who think security is paramount because the NSA is spying on them. They will keep producing distros where security is REQUIRED - not optional. And that's a good thing.

Finally: when antivirus programs become the norm for an OS, it's time to re-evaluate its security.

I'll climb down off my soap-box now.

[Moogle Stiltzkin]

by the way did you ever figure this out yet? i also need to change my profile.... i got multiple qnap so how do i add them all...

Submit a Ticket with QNAP, select Category, "Forum Administration" and ask them to change your NAS Model.

ooo i'll try that thx

[OneCD]

As the number of deposited bitcoins has slowed to a trickle, this will be my final update (13 days since the first announcement).

49.77529937 bitcoins (AU$162,220.42) were extorted.

This is approximately 404 minimum payments (in US$). This is the number of people who didn't keep Windows up-to-date and didn't have backups and decided to pay the ransom.

The ransomware BTC addresses can be viewed here:

• 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
• 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
• 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

BTC addresses sourced from Rapid7

[dolbyman]

not a bad amount....but a very low number for such a global scare

[Johnno72]

Certainly does reveal some interesting figures all round, it does show how many people whom do keep OS updates happening. Certainly a great boost for the argument that Microsoft says about forcing automatic updates to their OS. Proof in the pudding, 404 (lets say 500 all including unreported attacks, I know of three) in total got hit, when you add some info as below to the argument it is interesting that only such a miniscule amount got hit:
• 1.25 billion Windows PCs running today. (That includes all versions of Windows.)
• 500 million Windows 7 licenses sold in the last two years. It’s a safe bet that more than 80% of those licenses were sold on new PCs, which means there are at least 400 million active Windows 7 users today. (Some licenses might have been bought by corporations for upgrades, but not yet deployed.)

source: https://www.businessinsider.com.au/righ ... ?r=US&IR=T

[AlastairStevenson]

it is interesting that only such a miniscule amount got hit:

The number of organisations that were affected was several hundreds of thousands, and that's only those that were reported.
Within some organisations were many PCs.
So the scale was actually very large.

The number 404 quoted is simply the count of those who have paid the ransom to the known bitcoin wallets.

[schumaku]

The number of organisations that were affected was several hundreds of thousands

I have zero compassion for organisations which have failed to keep their system up2date - with patches available months before. Appears there are many responsible Cxx and IT managers in a much to comftable position - enough reason to fire them all.