New massive ransomware attack paralyzing European banks, airports, government departments


#1

Originally published at: http://boingboing.net/2017/06/27/new-massive-ransomware-attack.html


A new ransomware strain is seemingly using a leaked NSA cyberweapon to race around the planet
#2

And this still probably won’t be enough to get the corporate world to take computer security seriously.


#3

And they still want to handicap encryption.

Yes these attacks use encryption as well to lock people out but do politicians really think that criminals will stop using encryption because of the law? They aren’t idiots. You need strong encryption to stop malicious 3rd parties from pulling these attack off in the first place.

By all means, pass laws weakening encryption. We’ll see how that turns out.


#4

It’s not that hard to run a browser inside a virtual machine that isn’t Windows. I don’t know why more people aren’t doing this.


#5

Between this and the recently discovered remote code execution vulnerabilities in Microsoft Defender/Security Essentials, I am seriously considering whether I should move not just Firefox but also Thunderbird, mIRC (replace it with irssi or something?), RSSOwl, and Pidgin into their own VM and turn off MSE. Except that’s still not everything that communicates with the internet and thus might have a remote code execution vulnerablity…


#6

If I may ask, how much direct experience do you have in the corporate world and ITsec/Infosec? Its very easy to heckle from the sidelines, but its a whole lot harder to be part of trying to get things even close to right.

As above, how much large scale desktop deployment and maintenance have you been personally involved in?


#7

20 years of direct and indirect at Boeing. As soon as workstations could realistically be locked down they were.
As a server admin and someone who supposedly knows better I still didn’t have admin rights to my laptop. Didn’t really need it. I had specific account for server access and could not use my standard account for anything other than email, office, etc. Because I had access to the servers that hosted the HR data with all the fun PII things (we didn’t actually have direct access to the data that I was aware of) I had to sign a doc that I was using workstation xyz every 6 months, I had to scan my machine for PII data every 90 days, and we got background checks every 2 years.

We were not even allowed to add users to permission groups as we honestly had no way to tell who was who. That was delegated to people who knew the group and they had a webtool to add/remove users.

My last 2 years I did have local admin rights as the app the group that I was with supported required it. We had to have a manager sign off every 6 months.


#8

No large scale deployment, just a few machines in my office.


#10

It sounds like a lot of the machines being hit are POS and ATM terminals and kiosks along with some airline booking systems and hospital networks. All of this screams “Windows XP installations” on older hardware and maybe Win2K3 and older on some servers, probably running legacy applications. I know upgrades take time, but XP had its latest release nine years ago and its extended support ended three years ago.

But no-one in the supermarket’s executive suite wants to be responsible for the short-term expense of upgrading the checkout machines and no-one in the hospital’s billing department is ready to learn a new system after they went to all the trouble of learning the current one a decade ago, so the XP machines keep chugging along, connected to the Internet, unpatched and vulnerable and (if you’re lucky) running security software that hasn’t received an update for three years.


#11


#12

So many things could have been done – with a massive influx of money, people, and, especially governmental requirements. Microsoft should have been forced, as a matter of homeland security, to stop at, say, Windows 7, and concentrate on locking it and previous versions down. They should never have been allowed to abandon Windows XP. The reality is that too many things depend on Windows, especially equipment. They should have been forced to keep it as secure as possible.

And perhaps some of those really bright people at the NSA could be working on making computers more secure, instead of less.


#13

While I agree with you on not handicapping encryption, most ransomware attacks are through fishing or other system compromise where encryption is not necessarily the fix.


#14

And it looks like everybody is fucked.

GOT BACKUPS?


#15

@doctorow
update everyone is hosed…


#16

Two separate issues. No one wants to hobble encryption because of ransomware, they want to hobble it to spy on you. Encryption won’t save you here anyway, malware can still encrypt your encrypted volume.


#17

If you don’t, why the hell not?


#18

And from what I understand you can get permanently hosed with that.


#19

Unless you backup your data online. If someone bricked my current drive i’d be fine, though it’d be annoying having to redownload everything again.


#20

Or into an air-gapped backup (or two) that only gets plugged in and turned on to run the backup. You might have to reinstall your OS, but at least your losses are minimised and you aren’t running the risk of your cloud provider getting hit.

Sleep tight on that thought.


#21

Fair enough. In that time you may well have been involved in some incidents despite all the lockdown? Its neither easy nor fun is it? Sounds like we’ve got about the same time under our belts, by my estimation things are getting worse not better in terms of the actual quantifiable risks and damages from malware despite all the tools and effort to attempt to counter it.

Things are very different when the number is in the thousands.

All what you say sounds as if you think MS “should have been” nationalized.