logo
Just in:
Stepping into the Metaverse: Adidas Partners with Stepn for NFT Collection // UAQ Ruler Extends Sympathies to Oman Following Devastating Floods // Abu Dhabi Police on High Alert for Potential Low-Pressure Weather System // Aramco Vice President addresses Aramco’s sustainability initiatives at One Earth Summit // Ad Blockers Gain New Purpose in Fight Against Government Spyware // UK Poised for Crypto Regulations by July // DFS CIRCLE Celebrates First Anniversary: Journey to ‘Collect the World’ with Exclusive Gifts designed by the trending illustrator, matsui, and Destination-unique Collectibles! // A Taste of Morocco Arrives at Dubai’s Global VillageThe aromatic spices and vibrant culture of Morocco have arrived at the Dubai Global Village, as the Moroccan pavilion officially opened its doors to the public. Spanning an impressive space, the pavilion promises to transport visitors to the heart of Morocco, offering a captivating glimpse into the country’s rich heritage, traditional crafts, and delectable cuisine.Stepping into the pavilion is akin to stepping onto the bustling streets of a Moroccan marketplace. The air is filled with the enticing aroma of fragrant tagines and freshly brewed mint tea, whetting the appetites of visitors. Colorful displays of intricately woven textiles, handcrafted pottery adorned with Berber designs, and gleaming brass lamps line the stalls, each piece a testament to the meticulous skill of Moroccan artisans.Visitors can embark on a sensory journey through Morocco, exploring the vibrant culture and traditions of the North African nation. Those seeking a retail adventure can browse through a curated selection of Moroccan goods, including hand-woven rugs, leather goods, and babouche slippers, all reflecting the country’s unique blend of Arabic, Berber, and European influences.Beyond shopping, the pavilion offers a chance to immerse oneself in Moroccan culture. Live music performances featuring traditional instruments like the oud and the darbuka fill the air, transporting visitors to a vibrant Marrakech marketplace. Artisans showcase their skills, demonstrating the age-old techniques of carpet weaving, pottery making, and metalwork, offering a glimpse into the heart of Moroccan craftsmanship.For those seeking a culinary adventure, the pavilion boasts a variety of restaurants serving up authentic Moroccan delicacies. Visitors can savor the fragrant flavors of tagines, simmered meats and vegetables in a conical clay pot, or sample the fluffy sweetness of baghrir, a type of semolina pancake drizzled with honey and argan oil. No Moroccan experience is complete without a steaming cup of mint tea, traditionally poured from a height to create a foamy head.The Moroccan pavilion at the Dubai Global Village is more than just a marketplace; it’s a portal to a captivating culture. Whether you’re tertarik (attracted) to the intricate craftsmanship, enticed by the flavorful cuisine, or captivated by the lively music, the pavilion offers a chance to experience the magic of Morocco firsthand. // Urgent Plea for De-escalation in the Region Issued by the UAE // Old ‘Ghoshnas’ Dressed Up In ‘Sankalps’ Is BJP’s 2024 Election Manifesto // With record scale, China’s consumer products expo shares opportunities and market with world // Emirati Women Leaders Gather to Celebrate Eid al-Fitr with Fatima bint Mubarak // Andertoons by Mark Anderson for Tue, 16 Apr 2024 // Microsoft Pours $1.5 Billion into UAE AI Leader G42 // Geopolitical Jitters Drive Gold Prices Up // Strengthening Ties: UAE and Malaysia Forge Path for Broader Cooperation // Filecoin Foundation Seeks Legal Answers in China After STFIL Disruption // World Trade Charts New Course After Three Decades // CUHK Tops QS World University Rankings, Solidifying Its Global Research Leadership: Secures Top Positions in Hong Kong with 8 Subjects and 19* Subjects Among Top 50 // ISCA launches Accelerated Pathway Programme to fast-track aspiring Chartered Accountants of Singapore //
HomeBiz TechHow WannaCrypt attacks | ZDNet
Biz Tech
0 likes

How WannaCrypt attacks | ZDNet

1495048512 wannacry talos

We all know — or, well, we should all know — how to block malware attacks.

You don’t install unknown applications. You don’t open dodgy email attachments. And you don’t download files from strange websites. But then, there’s WannaCrypt, aka WannaCry. It starts by infecting you the old-fashioned way, but once it makes it on your network, it uses an out-of-date version of Windows’ Server Message Block (SMB) networking protocol to spread like wildfire.

ADVERTISEMENT
WannaCrypt

WannaCrypt ransomware’s origin story starts in an old Windows networking protocol: SMBv1.

SMB is an old protocol. Although Microsoft is commonly given credit for its creation, IBM network architect Barry Feigenbaum created it in early 1983. Over the years, Microsoft has guided its development.

The protocol is typically used to share files over networks. One version of it, Common Internet File System (CIFS), has been used since the introduction of Windows 2000 for file transfers on Windows and many other operating systems including Linux, Unix, and macOS.

On modern networks, SMB works by using the TCP port 445. Before that it was used with the NetBIOS. But, ever since Microsoft introduced SMBv1 over port 445 in Windows 2000 with Direct hosting of SMB over TCP/IP, a hidden security hole was waiting to be exploited. SMB1 is where the flaw WannaCrypt uses hides.

SMBv1, which has been superseded since SMBv2, was released in 2006. SMBv1 is terribly insecure and you should turn it off. Microsoft strongly recommends disabling SMBv1 on any version of Windows from Vista on up to Windows 10.

There are many ways to exploit the SMBv1 hole — and they’re still being used. Rapid7, makers of the penetrating testing program, Metasploit, reports there are over a million devices, which leave port 445 wide open. Of those, over 800,000 run Windows. Anyone foolish enough to leave this port open to the internet is dumb enough to still be running SMBv1 and to not patch their systems regularly.

ADVERTISEMENT

WannaCrypt is more deadly than previous ransomware, because once any single Windows PC is infected on a network using SMB, all the networked Windows PCs are open to attack. While SMB is used on many operating system — such as the Linux-powered network-attached storage (NAS) on many small business networks — WannaCrypt can only attack Windows systems. Specifically, WannaCrypt uses a SMB Remote Code Execution (RCE) vulnerability to accomplish this.

The mechanism used to spread WannaCrypt is built from from a pair of National Security Agency (NSA) hacker tools (EternalBlue / DoublePulsar), which was revealed by a hacker group called the Shadow Brokers. EternalBlue allows remote attackers to execute arbitrary code on Windows systems via SMB crafted packets. DoublePulsar is a Trojan horse that opens a back door on the compromised computer. Between them, they open the door to attackers and spread the ransomware payload over your Windows network.

Once the ransomware arrives, WannaCrypt tries to connect to the following domains using the Windows API InternetOpenUrlA():

  • www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
  • www[.]ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

Unlike other ransomware programs, if it can get to these sites, it won’t try to do any more harm. If it can’t, then the “fun” begins.

On your infected system, it will create a service called mssecsvc2.0. This program attempts to infect all other Windows PCs it can reach on your network. That done, it will unzip the actual password-protected ransomware .zip archive. This painful package includes a program that encrypts all the files it can find. It then renames them by appending “WNCRY” to the file name. For example, if a file is named “dog.jpg,” it encrypts it and renames it “dog.jpg.WNCRY.”

That done, it then deletes your Volume Shadow files. So, forget about recovering your files from the Windows standard local-backup. It won’t work. If you don’t have a third-party backup of your files, you’re screwed. Their is no way to recover your encrypted files. In theory, you could pay the $300 of Bitcoin ransom — and some people have paid — but there’s no record of anyone getting their files back.

So, what can you do? In short order:

  1. Stop using Windows on the desktop, use Linux instead.
  2. If you insist on using Windows, upgrade to Windows 10
  3. Patch Windows
  4. Disable SMB1
  5. Block port 445 on your network firewall.

While we now note in great detail how WannaCrypt works, there is no cure for it.

Related stories:

(via PCMag)

ADVERTISEMENT

ADVERTISEMENT

Share

Related posts

Biz Tech
Biz Tech
Biz Tech
Biz Tech
Biz Tech
Biz Tech
Just in:
Ad Blockers Gain New Purpose in Fight Against Government Spyware // Abu Dhabi Police on High Alert for Potential Low-Pressure Weather System // UK Poised for Crypto Regulations by July // With record scale, China’s consumer products expo shares opportunities and market with world // Lifeblood for Yemen: UAE-Funded Hospital Brings Hope for Mothers and Children // Stepping into the Metaverse: Adidas Partners with Stepn for NFT Collection // Strengthening Ties: UAE and Malaysia Forge Path for Broader Cooperation // Old ‘Ghoshnas’ Dressed Up In ‘Sankalps’ Is BJP’s 2024 Election Manifesto // Microsoft Pours $1.5 Billion into UAE AI Leader G42 // Filecoin Foundation Seeks Legal Answers in China After STFIL Disruption // Microsoft, UAE AI firm to invest $1.5 billion // Tall & Active: Finding the Perfect Activewear Fit // Urgent Plea for De-escalation in the Region Issued by the UAE // CUHK Tops QS World University Rankings, Solidifying Its Global Research Leadership: Secures Top Positions in Hong Kong with 8 Subjects and 19* Subjects Among Top 50 // How to Use a PR Agency in Dubai to Double Your Sales // A Taste of Morocco Arrives at Dubai’s Global VillageThe aromatic spices and vibrant culture of Morocco have arrived at the Dubai Global Village, as the Moroccan pavilion officially opened its doors to the public. Spanning an impressive space, the pavilion promises to transport visitors to the heart of Morocco, offering a captivating glimpse into the country’s rich heritage, traditional crafts, and delectable cuisine.Stepping into the pavilion is akin to stepping onto the bustling streets of a Moroccan marketplace. The air is filled with the enticing aroma of fragrant tagines and freshly brewed mint tea, whetting the appetites of visitors. Colorful displays of intricately woven textiles, handcrafted pottery adorned with Berber designs, and gleaming brass lamps line the stalls, each piece a testament to the meticulous skill of Moroccan artisans.Visitors can embark on a sensory journey through Morocco, exploring the vibrant culture and traditions of the North African nation. Those seeking a retail adventure can browse through a curated selection of Moroccan goods, including hand-woven rugs, leather goods, and babouche slippers, all reflecting the country’s unique blend of Arabic, Berber, and European influences.Beyond shopping, the pavilion offers a chance to immerse oneself in Moroccan culture. Live music performances featuring traditional instruments like the oud and the darbuka fill the air, transporting visitors to a vibrant Marrakech marketplace. Artisans showcase their skills, demonstrating the age-old techniques of carpet weaving, pottery making, and metalwork, offering a glimpse into the heart of Moroccan craftsmanship.For those seeking a culinary adventure, the pavilion boasts a variety of restaurants serving up authentic Moroccan delicacies. Visitors can savor the fragrant flavors of tagines, simmered meats and vegetables in a conical clay pot, or sample the fluffy sweetness of baghrir, a type of semolina pancake drizzled with honey and argan oil. No Moroccan experience is complete without a steaming cup of mint tea, traditionally poured from a height to create a foamy head.The Moroccan pavilion at the Dubai Global Village is more than just a marketplace; it’s a portal to a captivating culture. Whether you’re tertarik (attracted) to the intricate craftsmanship, enticed by the flavorful cuisine, or captivated by the lively music, the pavilion offers a chance to experience the magic of Morocco firsthand. // UAQ Ruler Extends Sympathies to Oman Following Devastating Floods // Crypto Wallet Urges iPhone Users to Disable iMessage Over Unpatched Vulnerability // LukFook Group Expanded Retail Footprint in Southeast Asia // LinkVector Launches Waitlist For Upcoming Internal Linking Tool Launch //