This is the reason I got sent home early today. Anyone else?
Researchers at the computer security company Symantec said the new attack was using the same hacking tool created by the National Security Agency that was used in the WannaCry attacks. Called Eternal Blue, the tool was among dozens leaked online last April by a group known as the Shadow Brokers. The N.S.A. has not acknowledged its tools were used in WannaCry or other attacks.
Unless of course like me you found some ghetto version like I did that doesn't give a shit and encrypts wrong, doesn't spread right and essentially just burns the first point of infection. Which is ok I guess.
Of the countless things to blame and hate the NSA for, this is miniscule. Pebkac. Being proactive with things you imagine to be important in the digital realm are solely the users responsibility.
Microsoft, Windows and the Internet do NOT mix with mission critical systems for good reason. NASA and Boeing don't run flight systems on windows... Why rely on a 3rd party to protect your interest and well being?
Yes i know it's just i am working my ass off atm. The result of this is a retarded setup of my NAS with debian that wasn't updated for like 2 months. When threadripper hits the market i am gonna delete this M$ shit into oblivion don't you worry. with a fresh fedora 26 + Win10 wm with no access to my NAS ofc.
To be fair any system can be reverse engineered and exploited. Or a hardware failure can corrupt your data, windows isnt the only factor although over the last 2 years I've come to really dislike windows and cloud services.
Didn't check any of the posted links, but the theory is that it's not a criminal gang behind this, but a governmental player, because parts of the code is sloppy as hell which brings up the question that the ransom might be just a decoy.
What about end of lifeing ancient protocols. SSL3 is still a thing, RC4 is still a thing. Smb1 is still a God damn thing. Burn them out of the internet connected devices and we can all move on.
I've been providing some support to a client that was hit. Everything I have seen says this was designed to destroy important data. It's not typical ransomeware for sure.
The file extensions it looked for are typically things you find on developers and sysadmins workstations rather than typical home users. It also entered the network via an accounting package update process. It was also designed to use capture d admin credentials to spread itself to machines patched against the vulnerabilities that wannacry used.
Basically you needed good network/domain segmentation and strict admin hygiene to stop shit like this spreading. Many windows admins still don't work like their *nix counterparts and work with elevated credentials for everything. It's bad practice and allows crap like this to spread.
There are some refinements (cf. Petya ransomware) http://www.bbc.com/news/technology-40442578 Cyber-attack was about data and not money! The Petya malware variant that hit businesses around the world may not have been an attempt to make money, suspect security experts.