I also have updates turned off and am just running a bone stock windows 7 install and i just monitor all my incoming and outgoing files
Is this virus only spreading via file transfers to home users? As in , can a machine that is connected to the internet but has no updating or cloud based file transfers of any type going on in the background still get the virus?
to my knowledge , any windowx xp machine connected just straight to the internet with no updates essentially just sits there and only uses the internet to update the clock occasionally
OK, this is somewhat off topic, but its still related the the couple of comments here about Windows spying. I mentioned elsewhere in this thread that my primary workstation dual boots W10 and Solus. My W10 install includes games and various hardware configuration utilities. There are no documents, e-mail, income tax forms, or any other personal stuff there. Everything else is on Solus.
I've been feeling pretty good about my privacy until reading your note. For some reason, when I did read it, the recent news that Ubuntu and SUSE will be offered in the Windows store just popped into my head and I gt a sick feeling in my stomach. Can Windows now read EXT4, ZFS and other popular Linux/Unix file systems? Surely SUSE isn't going to run on NTFS, is it?.
TL:DR - Does W10 now have the ability to read my Linux partitions and then phone home?!?!?! Someone please tell me that they are running Ubuntu and SUSE in some sort of a container, or VM.
So the way to get it is via network share and when opening fishy emails?Cant install the patch since I disabled Windows update ever since I installed 8.1 and also killes Windows Update Service in Services panel.
I have updates off by default, because MS loves to force telemetry and other shit down my throat along with actually important updates and then stops me from removing them, because they're "part of the system" now.
Still not like it matters, as always I turned update on and it's stuck in a update search loop, resetting it does nothing. The manual update packages do the same. And the update troubleshooter won't even start.
GG. At least I don't really have any files that aren't replaceable, so worst case scenario, replacing them will just waste my time.
EDIT: I am running the powershell commands to stop SMB and create the mutex to stop the ransomware, just in case it reaches me, hope that holds out till update stops looping ... preferably before the sun implodes would be nice. //facepalm
EDIT2: Well Win Update finally stopped bugging out, luckily it turned out I had two of the updates already installed.
I have received a number of fishy emails that I assume may be this since it was distributed both through its ability to worm into systems and through email.
Going to try and monitor a dedicated network with this virus installed multiple times to see if I can capture the transfer of the key. Doubt I'll find much but since there was already a killswitch made, I doubt the devs made the most secure code and the decryption keys could have a pattern if visible through the network
They may have misunderstood it a little, but it uses an exploit that the NSA tools used as well.
Eh you don't have to upgrade, you never did. Some people were just too stupid to click no and installed 10 "by accident". To the contrary, it doesn't even give you the upgrade button anymore, you have to do it manually now.
Yes the patch has been out since March. It was one of the reasons for the delayed patch day IIRC.
Also holy shit the amount of people here deactivating Windows Update is obnoxious. You people are the problem lol. It's worse then in some companies, at least they update once in a while.
same here. i wish they only updated security patches and not pack all that crap into their updates that makes the operating system worse.
there's method to the madness.
Even this new wannacry virus requires getting onto a machine via an initial file transfer from somewhere and can then spread within that network. Most people who purposely shut off updates are ones that monitor every single incoming file. Most of them run no cloud service of any kind that automatically moves files back and forth. These machines are subject to very little change.
With microsoft turning every single computer on earth into an internet terminal and data mining system that constantly spies on your files system and actions , why would I ever want that compared to just bone stock windows 7 with none of that crap installed? My important data is on a DAS that's unplugged on a shelf.
actually no , so many people didn't want the upgrade that microsoft starting using some of those worst malware tactics to trick people into upgrading to it including making the X at the top of the notification an agreement to install windows 10.
I wouldn't even slightly surprised if they invented this virus in the first place. They've proven to me how low they stoop to make people upgrade.
I am crying - webserver with SMB enabled ... I am literally crying ... to bad I don't have my shodan.io account ... would be interresting what shodan.io will find.
We rely mostly on Dropbox. One infected machine will wreak havoc for everyone in the office. If that happens, I'm just going to wait for my boss to panic and completely lose his mind before I tell him that I made a full backup of all the company's data over the weekend.
question: since when you encrypt a file it creates a new,encrypted file, then deletes the original, might it be possible to recover the original via standard (deleted) file recovery utilities?
Infographic above says that individual files are encrypted with different keys. Recovery depends on whether the original files are overwritten on the physical hard disk. If you were, say, using a copy-on-write filesystem on a mostly-empty drive, then the encrypted versions would go in free space on the drive, not directly over your files. It's possible that most of your files would be untouched (a la recycling bin). But in most filesystems, the encrypted copy is written directly over the old file, making it much harder to recover (as if a random-bytes pass had been performed). Not sure about full-drive, if that's the case, but does ransomware usually do that? Might cause system instability, won't boot, therefore harder to pay ransoms.
So far I have not heard of any ransomware that actually would do full disk encryption as in, unmounting it, copying content to temp, creating encrypted volume, and than storing stuff init.
They are scrubbing the drives that are mounted for file types of interrest and than encrypt one by one ... avoiding executables and dlls as to keep the system running.
Some replace explorer.exe or logon service to display their Message though.
