Posted on 05/12/2017 4:12:56 PM PDT by monkapotamus
NEW YORK (AP) Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users files for ransom at a multitude of hospitals, companies and government agencies.
It was believed to the biggest attack of its kind ever recorded.
The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.
(Excerpt) Read more at apnews.com ...
I work in cyber security. We are already not able to keep up with customer demand. Nor can we find qualified people. I get the feeling that this is only going to make things worse for me. Good job security I guess.
The sources of these attacks can be tracked down but the nationz wher they come from won’t go after the criminals.
I have not read about any Linux computers being affected.
Here's the Microsoft bulletin on this:
Good point. This should cause people to reevaluate the dependence on windows.
nor Macs
Ding ding ding ... we have a winner!
Windows fundamental architecture makes insecure, period.
The problem isn’t Windows; it’s failure to update, and clinging to, older versions that are less secure. Windows 10 has automatic updates of an anti-virus app that blocks ransomeware.
So I had about 20 tabs open under Chrome and Edge (I use a bit of both) and one of the tabs starts flashing and I am locked out of all other tabs. I press on the flashing tab and a message pops up with an alert of a worm/virus intrusion.
Here is the message:
See the 'Microsoft' phone at the bottom. I called it and a person answered saying they were Microsoft. I said Ok, here's the message I am getting. The person starts talking nonstop telling me to go to the 'run' md window and trpe 'hh microsoft'.
I ask how do I know you are Microsoft? The person on the other end assures me they are Microsoft and not to worry, just enter the cmd and press enter. I do that. Then windows start popping up and things are installed on my SP3.
In the meantime, I take a snapshot of the message above and look up a Microsoft support number on the internet while listening to the person on the other end lecture me about IT and network matters, telling me my entire network an IP address is reached, damaged, compromised.
I knew I had been taken in a senior like moment. I should have been sharper, quicker, never letting it get that far.
The conversation kept meandering and I asked again "How do I know you are Microsoft?". I asked, "Where is all this leading?" "Why are you spending time 'educating me' and not telling me how I can get this all fixed?"
And this lecture continued until a minute later I was told that I would receive anti-hacking tools, for a 'cost'.
Uh-huh ... Bullsh*t.
I disconnected the SP3 from the wireless internet router and went to the router and pulled the plug.
I called Microsoft support and after paying $99, I talked to a pro who spent a good chunk of time getting all the crap that was installed off, a massive amount of intrusion files. The Microsoft Pro saw the message above with the phone number and checked it was not a Microsoft number nor the number of any affiliate. It was a scam which I had the sense to realize but should have been quicker to sense.
So here's what you do:
Have a real Microsoft support number handy. When you get some sort of lockout event and a message with a Microsoft phone number, first pull the plug on your router, then call the real Microsoft number and verify the message phone number is real or not. They won't charge for checking phone numbers.
Then start running security scans and get rid of all the crap that got downloaded. If you're still unsure, consider paying for a Microsoft Pro to get cleaned up and steer you back to safety.
Oh, and Microsoft, the real Microsoft told me I was one of the lucky few for having pulled the power plug on the wireless router.
Couldn't someone offer a huge amount of money to anyone who can develop software to track down and identify these criminals? Or is that naive thinking?
I knew I shouldn’t have pressed Ctril-X-Enter.
That bulletin is for March.... this is a new variation which has been hitting over 40 countries now.
My brother and I were discussing it this afternoon fro his work place....it’s coming in on e-mail.....so people should watch what they are clicking open carefully. They should do that anyway.....
Hectoring people on the OS that is run on their system is like blaming the gun for someone’s death. It is who pulled the trigger that is to blame.
Attacking hospitals is beyond the pale and ought to bring with it the death penalty.
I am not kidding.
Alert!!!!.....THIS THING IS HUGE AND BAD NEWS!
DAY THE EARTH WAS HACKED....Drudge has Good Articles on this:
BIGGEST RANSOMWARE OUTBREAK EVER... DEVELOPING...
AT LEAST 99 COUNTRIES ATTACKED...
NSA CYBER WEAPON...
HOSPITALS CRIPPLED, TELECOMMS SNARLED...
GERMAN TRAIN CHAOS...
RUSSIAN GOVT HIT...
SPEED AND SCALE STARTLES EXPERTS...
It’s now believed to be the biggest cyber attack of its kind ever recorded.
Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack the biggest ransomware outbreak in history.
the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.
FBI Gives Hollywood Hacking Victims Surprising Advice:
.. “Pay the Ransom”...
The frequency of the attacks has overwhelmed the FBI’s Los Angeles field office, which has been unable to properly investigate all of them. The FBI’s surprising advice, according to industry sources: Pay the ransom. After all, the hackers aren’t asking much more than a Cannes hotel tab. In all of the Hollywood extortion cases, the hackers demanded less than $80,000. A law enforcement source says that in California, losses would need to exceed $50,000 for the U.S. Attorney’s office to prosecute, thus keeping the FBI from pursuing most of these cases.
Need to see a clean out at the CIA and NSA for developing the tools in the first place and then to compound their stupidity, allowing them to be stolen and released.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.