123
返回列表 發帖
samiux

Rank: 3Rank: 3Rank: 3
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2017-5-14 01:35 | 只看該作者

All about WannaCry and Jaff Ransomware

本帖最後由 samiux 於 2017-5-16 18:23 編輯

To all sysadmins and Windows users,

Talos conducts a research on WannaCry Ransomware and there are some hints for preventing the attack even your system is infected the malware.

Player 3 Has Entered the Game: Say Hello to 'WannaCry'

Meanwhile, there is another ransomware namely, Jaff which is also in the wild.

Jaff Ransomware: Player 2 Has Entered The Game

Please read the above links carefully if you have Windows boxes in your network.

Hope this may help.

Samiux

Update news about WannaCry on 2017-05-14 :

It's Not Over, WannaCry 2.0 Ransomware Just Arrived With No 'Kill-Switch'

Update about WannaCry Variants on 2017-5-15 :

The latest news about WannaCry in Hong Kong yesterday night advising your systems to disconnect to the internet is in question.

Beware that when your systems are already infected with WannaCry or its variants, you should allow the systems to connect to internet in order to communicate with the kill-switches that are registered by the Infosec Researchers.  When your infected systems can communicate with the kill-switch domains, the malware will be quited and the encryption stopped.

Update about WannaCry on 2017-05-15 Part 2 :

It seems WannaCry and its variants are under control.  Thanks for the 2 outstanding Infosec Researchers to discover the hidden domains and registered the kill-switch domains as well as allows all users in the world to connect to in order to sinkhole it.  Thanks again. :D

When your system or network can access the following 2 domains (at the moment), the malware will quit and do not encrypt your box, they are :

iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

or

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

If your system cannot access internet, you can create a website internally and allows port 80 to be accessed on the said domains.

By the way, even if your systems and network do not seem to be affected, make sure to update your systems with Microsoft patches.

Update about WannaCry on 2017-05-16 :

The third sinkhole domain is :

ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf.com

or

www.ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf.com

Make sure the above said 3 domains are not being blocked.

Update Reason :
- Update News of WannaCry
收藏 分享

0

mmaurice

Rank: 1
2#
發表於 2017-5-14 02:04 | 只看該作者
回復 1 #samiux

linux 版純講 windows?

乜理由?

epc 另有保安版

via HKEPC Reader for Android

TOP

volospin

Rank: 7Rank: 7Rank: 7Rank: 7Rank: 7Rank: 7Rank: 7
3#
發表於 2017-5-14 08:46 | 只看該作者
回復 samiux
linux 版純講 windows?
乜理由?
epc 另有保安版
via HKEPC Reader for Android ...
mmaurice 發表於 2017-5-14 02:04


I only see it is talking about ransomware.
And nobody can guarantee it will not happen to Linux.

I think this ransomware is worth spreading the news.

TOP

twaiho2003

Rank: 3Rank: 3Rank: 3
4#
發表於 2017-5-14 09:19 | 只看該作者
用docm黎觸發, 咁以後淨係開docx, xlsx, 同pptx囉
呢D叫 "橋唔怕舊 最緊要受"

不過lan內散播呢招真係新野

TOP

mmaurice

Rank: 1
5#
發表於 2017-5-14 13:08 | 只看該作者
回復 3 #volospin

咁 Linux 機,冇火牛唔 work.

講火牛好冇?火牛好重要架。

via HKEPC Reader for Android

TOP

samiux

Rank: 3Rank: 3Rank: 3
6#
發表於 2017-5-14 13:57 | 只看該作者
回復 volospin

咁 Linux 機,冇火牛唔 work.

講火牛好冇?火牛好重要架。

via HKEPC Reader for Android ...
mmaurice 發表於 2017-5-14 13:08


@mmaurice,

In general speaking, a Linux sysadmin may maintain a network with a lot of difference kind of operating systems, such as Linux, macOS and Windows as well as *BSD.  Even Android and iOS may be included too.

Therefore, handling malware attacks for macOS and Windows is also a job for Linux sysadmin.  

May be you are a single user of Linux system and do not understand of the job description of a Linux sysadmin.

In my opinion, anyone should know this kind of information for keeping their network/systems safe and health.

Samiux

TOP

samiux

Rank: 3Rank: 3Rank: 3
7#
發表於 2017-5-14 15:27 | 只看該作者
Update news about WannaCry :

It's Not Over, WannaCry 2.0 Ransomware Just Arrived With No 'Kill-Switch'

Samiux

TOP

volospin

Rank: 7Rank: 7Rank: 7Rank: 7Rank: 7Rank: 7Rank: 7
8#
發表於 2017-5-14 15:44 | 只看該作者
回復 volospin
咁 Linux 機,冇火牛唔 work.
講火牛好冇?火牛好重要架。
via HKEPC Reader for Android ...
mmaurice 發表於 2017-5-14 13:08


Sorry, I do not understand what you are talking about.

TOP

mmaurice

Rank: 1
9#
發表於 2017-5-14 16:37 | 只看該作者
Sorry, I do not understand what you are talking about.
volospin 發表於 2017-5-14 15:44



    Anything IMPORTANT, not == it is related to linux.


Linux board should ONLY allow talking of Linux solely.

If any topic is off topic, admin should MOVE to relevant board instead.

WTF did wannacry have to do with LINUX?

TOP

mmaurice

Rank: 1
10#
發表於 2017-5-14 16:37 | 只看該作者
Sorry, I do not understand what you are talking about.
volospin 發表於 2017-5-14 15:44




There is another board about security,

the wannacry post should normally be moved there.

That's it.

TOP

123
返回列表