International cyber attacks put ransoms on German rail station screens - Sensationalist Headlines

[IMG_thumb]https://pbs.twimg.com/media/C_rGXw1WAAE2oI_.jpg[/IMG_thumb] [QUOTE]A fast-moving wave of cyber attacks that swept the globe Friday targeted German rail operator Deutsche Bahn. The software attacks exploited a flaw exposed in documents leaked from the US National Security Agency and use a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin, reports news agency AFP. The ransomware demands payment of 275 euros in Bitcoin within three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to a screen message. Affected by the onslaught were computer networks at hospitals in Britain, Russia's interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx, as well as organisations in Sweden. The US Department of Homeland Security's computer emergency response team said it was aware of ransomware infections "in several countries around the world." Jakub Kroustek of the security firm Avast said in a blog post update around 2000 GMT, "We are now seeing more than 75,000 detections... in 99 countries." Germany's Deutsche Bahn (DB) computers were also impacted, with the company reporting on Saturday morning that display panels in the stations were affected.[/QUOTE] Source: [url]https://www.thelocal.de/20170513/international-cyber-attacks-put-ransoms-on-german-train-departure-boards[/url]

isnt that the same ransomware that was used on the uk hospitals yesterday edit: yep [url]http://www.bbc.com/news/technology-39901382[/url]

It is, although it doesn't seem to affect the schedule plan shown in the screen (except for the window of the ramsonware's warning)

Should the average joe worry about this sort of thing? Is there some page online detailing some simple steps to proof yourself against these attacks? It's not like Common Sense 2017 plays a role when railway terminals that never browse the web are affected.

[QUOTE=bitches;52224113]Should the average joe worry about this sort of thing? Is there some page online detailing some simple steps to proof yourself against these attacks? It's not like Common Sense 2017 plays a role when railway terminals that never browse the web are affected.[/QUOTE] Backup your shit (family pics etc..) and you will be fine.

[QUOTE=Fourier;52224119]Backup your shit (family pics etc..) and you will be fine.[/QUOTE] Not what I'm asking about. Is the method by which this attack spreads fully understood to the point that the average citizen has a means of defense [I]to not get the malware in the first place?[/I]

[QUOTE=bitches;52224113]Should the average joe worry about this sort of thing? Is there some page online detailing some simple steps to proof yourself against these attacks? It's not like Common Sense 2017 plays a role when railway terminals that never browse the web are affected.[/QUOTE] as long as if you patched your shit, you should be fine. this exploit was fixed in march

[QUOTE=bitches;52224125]Not what I'm asking about. Is the method by which this attack spreads fully understood to the point that the average citizen has a means of defense [I]to not get the malware in the first place?[/I][/QUOTE] from [URL="https://www.reddit.com/r/netsec/comments/6atfkl/wanacrypt0r_ransomware_hits_it_big_just_before/dhh9s7h/?st=j2nmdnxw&sh=7572a870"]reddit[/URL] [QUOTE]Get the word out ... Disable SMB. Update Windows. [url]https://support.microsoft.com/kb/2696547[/url] describes how to disable SMB v1 on supported Windows and Windows Server versions. Effected versions and relevant updates: Windows Vista with Service Pack 2 x86 KB4012598 Windows Vista with Service Pack 2 x64 KB4012598 Windows Server 2008 with Service Pack 2 x86 KB4012598 Windows Server 2008 with Service Pack 2 x64 KB401259 Windows 7 with Service Pack 1 x86 KB4012212 or KB4012215 Windows 7 with Service Pack 1 x64 KB4012212 or KB4012215 Windows Server 2008 R2 with Service Pack 1 KB4012212 or KB4012215 Windows 8.1 x86 KB4012213 or KB4012216 Windows 8.1 x64 KB4012213 or KB4012216 Windows Server 2012 KB4012214 or KB4012217 Windows Server 2012 R2 KB4012213 or KB4012216 Windows 10 x86 KB4012606 Windows 10 x64 KB4012606 Windows 10 version 1511 x86 KB4013198 Windows 10 version 1511 x64 KB4013198 Windows 10 version 1607 x86 KB4013429 Windows 10 version 1607 x64 KB4013429 Windows Server 2016 KB4013429 [url]https://technet.microsoft.com/en-us/library/security/ms17-010.aspx[/url][/QUOTE]

[QUOTE=elitehakor;52224132]as long as if you patched your shit, you should be fine. this exploit was fixed in march[/QUOTE] So it's just a matter of keeping up to date with Windows? [editline]13th May 2017[/editline] [QUOTE=frdrckk;52224136]from [URL="https://www.reddit.com/r/netsec/comments/6atfkl/wanacrypt0r_ransomware_hits_it_big_just_before/dhh9s7h/?st=j2nmdnxw&sh=7572a870"]reddit[/URL][/QUOTE] How is disabling parts of Windows a solution? Does updating Windows alone not do enough? Is that information still valid compared to modern Windows updates of this month?

[QUOTE=bitches;52224137]So it's just a matter of keeping up to date with Windows? [editline]13th May 2017[/editline] How is disabling parts of Windows a solution? Does updating Windows alone not do enough? Is that information still valid compared to modern Windows updates of this month?[/QUOTE] it helps a lot but it isn't surefire. there's still a chance you can get hit by an attack before it's patched SMB is the protocol that this attack exploits. updating should fix it, but disabling it can help with paranoia [editline]13th May 2017[/editline] actually now that i've read it more, it's just showing you how to disable the obsolete version of SMB, which is probably a good idea [editline]13th May 2017[/editline] ransomware is pretty nasty, and lately i've seen attack vectors where common sense wouldn't help you. i almost got hit by it on my macbook because an update to transmission got hijacked. luckily i was saved by the good grace of laziness

Same ransomware we've been discussing in this thread: [url]https://facepunch.com/showthread.php?t=1563720[/url] Also, missing from this thread - Microsoft released patches for Windows XP/Server 2003/Windows 8, available here: [url]https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/[/url]

Disabling SMB through registry hacks is a really awesome way to mess up various parts of your system/network for no reason. Microsoft just released updates to OSes as far back as XP and Server 2003 (Which is End of Life by the way, they did this because they wanted to help) If you want to be safe [B][U]UPDATE YOUR SYSTEMS, THAT'S ALL.[/U][/B] Also, this has been patched in recent Windows versions for quite awhile now. The entire issue with the NHS and whatnot is because those systems [I]are still running Windows XP.[/I] This is the entire reason Windows is pushing updates harder and harder. They burned themselves back in XP and now they're trying to prevent the lax updating as much as possible.

That's what you get with "never change a running system". This only applies to systems that are made out of shit and mut. (There are very few exceptions, though.) Do things probably so they don't break apart after updates.

[QUOTE=subenji99;52224238]Same ransomware we've been discussing in this thread: [url]https://facepunch.com/showthread.php?t=1563720[/url] Also, missing from this thread - Microsoft released patches for Windows XP/Server 2003/Windows 8, available here: [url]https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/[/url][/QUOTE] Thanks for this. I'm one of those strange mutants that never bothered with switching from 8 to 8.1 because of laziness and I've already become fully adapted to the weird bits of it.

[QUOTE=Gbps;52224240]Also, this has been patched in recent Windows versions for quite awhile now. The entire issue with the NHS and whatnot is because those systems [I]are still running Windows XP.[/I][/QUOTE] Literally every company machine I've seen runs on either 2000 or XP, and they will never upgrade until the machines either finally break down physically or if they get hit by something like this.

[QUOTE=Gbps;52224240]Disabling SMB through registry hacks is a really awesome way to mess up various parts of your system/network for no reason.[/QUOTE] Windows actually has multiple versions of SMB avaliable afaik (SMB2 on W7, SMB3 on 8+), disabling SMB1 won't mess up a thing on your computer besides external systems that rely on SMB1, [URL="https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012"]although MS doesn't recommend it as a final solution.[/URL] Even when you do patch your system or move to a newer OS, you'd still probably want to move from SMB1. [URL="https://twitter.com/NerdPyle/status/863459472617857024"]The next Windows release will find SMB1 disabled, at least.[/URL] My favorite part is this: [media]https://twitter.com/NerdPyle/status/719977329548664832[/media]

[QUOTE=Gbps;52224240]This is the entire reason Windows is pushing updates harder and harder. They burned themselves back in XP and now they're trying to prevent the lax updating as much as possible.[/QUOTE] Yeah, they're using a toilet plunger to force untested landmines down everyone's throats. They've released more machine killing updates since Windows 10 came out than they have in the past 20 years. Before Windows 10 came out, I never got calls about Windows Update killing machines, now it's a regular occurrence and in many cases requires an OS reload because no restore point was made before the updates were installed. So users basically have a choice between malware killing the machine or Windows Updates killing the machine, no wonder why people are finding ways to hack the registry and kill WU.