WannaCry Factsheet (continuously updated) and Patches for Legacy Windows

Th3Z0ne · May 14, 2017, 7:53pm

Human operator must unlock decryption on the tor C2 server:

Aka - they run - you loose; no decryption ever

turin231 · May 16, 2017, 12:00pm

Good news everyone!

catsay · May 16, 2017, 1:07pm

Fun story! I tried submitting it to WineHQ AppDB with a platinum rating. (This was on the 13th I Think)
But sadly the reviewers didn't see the joke...

Yes I'm looking at you JeffZ!!

A Preview of what It would have looked like:

Test data/ Ratings etc doesn't show for the version preview unfortunately. It was quite funny.

thegai02 · May 16, 2017, 1:53pm

Don't WannaCry, use linux.

jak_ub · May 16, 2017, 5:31pm

"No, Windows, No cry"

full adapted lyrics

No, Windows, no cry
No, Windows, no cry
No, Windows, no cry
No, Windows, no cry

Said , said, said, I remember when we used to have
In the documents folder, on disk
Files, used by our programs
And they would mingle with their content.
Good files we had, oh, good files we've lost
Along the way
In this "great" future, you can forget your files
So dry your tears, I seh

No, Windows, no cry
No, Windows, no cry
'Ere, little darlin', don't shed no tears
No Windows, no cry

Said , said, said, I remember when-a we used to have
In the documents folder, on disk
And then drives would make the LED lights
As it was cipther burnin' through the files
Then it would save its own code
Of which it'll share with you
My login is my only carriage
So I've got to push on through
But while I'm gone, I mean
Everything's gonna be all right
Everything's gonna be all right
Everything's gonna be all right
Everything's gonna be all right
I said, everything's gonna be all right-a
Everything's gonna be all right
Everything's gonna be all right, now
Everything's gonna be all right

So, Windows, no cry
No, no, Windows, Windows, no cry
Woman, little sister, don't shed no tears
No, Windows, no cry

Said , said, said, I remember when we used to have
In the documents folder, on disk
And then drives would make the LED lights
As it was cipther burnin' through the files
Then it would save its own code
Of which it'll share with you
My login is my only carriage
So I've got to push on through
But while I'm gone

No, Windows, no cry
No, Windows, no cry
Woman, little darlin', say don't shed no tears
No Windows, no cry

Eh! (little darlin', don't shed no tears
No Windows, no cry
Little sister, don't shed no tears
No, Windows, no cry)

Markus27 · May 17, 2017, 8:11am

Guys, if you still have not patched your Windows, you should do this now.
The WannaCry ransomware is still active. New variant of WannaCry ransomware is able to infect 3,600 computers per hour -
https://malwareless.com/new-variant-wannacry-ransomware-able-infect-3600-computers-per-hour/. If your computer is infected with this virus, don't pay the ransom - many people who have paid Bitcoins don't receive the decryptor. All top
security companies are currently working to develop a decryption solution

anon37371794 · May 19, 2017, 8:57am

If you want to see WannaCry in action, you may want to check out yesterday's episode of Know How.

Zumps · May 19, 2017, 11:13am

Haven't booted into Win10 in a couple of months on my main machine, am a bit weary as to whether now is the right time to do so, if only to update. Might just nuke it actually...

anon37371794 · May 19, 2017, 11:49am

No need to be weary. Just test to see if your PC is vulnerable for remote infection. You can do that from Linux

https://www.grc.com/shieldsup

Click the "proceed" button
In the blue frame there's a text box. Enter 445 in there and click the "User Specified Custom Port Probe" text below it on the left.

If it passes the test, your router is not responding to calls on port 445 so you don't have to worry about Wannacry entering your PC via IP scans. So you can reboot safely into Win10 and let it update.

Zumps · May 19, 2017, 12:12pm

Thanks a lot for the link man! However, my ISP use NAT (If I understand this networking thing correctly), so the IP and router grc.com/shieldsup is testing is my ISP (445 is closed btw) and not my home router. Is this just as good, or?

Edit: BTW UPnP is disabled by my ISP (and on my router).

anon37371794 · May 19, 2017, 12:30pm

I'm no expert on NAT, hopefully someone more knowledgeable can chime in on that.

nx2l · May 19, 2017, 12:42pm

Is is true that the people behind wannacrypt are giving Taiwan a pass and decrypting their systems for free??

Th3Z0ne · May 19, 2017, 7:15pm

Even if your ISP was not using carrier grade NAT your router will always ( as you only get one IP) - that means as long as you do not explicitly port forward anything to the SMB port of your Win10 machine and no other machine on your network is already infected (assuming that is not the case ) you are save to just power it up and fetch all the fixes.

Vanesse · May 22, 2017, 8:11am

Yes, I saw the Taiwanese has discussed this in their forum. Someone even posted that the hacker has said that he overestimated the revenues of Taiwanese people.
WannaCry hit tens of thousands of computers in China.

catsay · May 22, 2017, 8:40am

My old ISP in South Africa got screwed solid. Not even remotely surprised. They are absolutely useless SCUM and had the better part of a week to prepare.

Went as far as USSD menus and Telkom’s mobile app no longer working. Now you know to what depth they screwed themselves.

nx2l · May 22, 2017, 11:06am

So setup a VPN to Taiwan & connect your infected machine and it should decrypt itself?? lol

urbanman2004 · June 2, 2017, 4:13pm

Thanks, this is very useful