November 29, 2022
risks-remain-for-ransomware-worm

Microsoft’s flagship operating system franchise, Windows 10, accounts for another 15 percent, while older versions of Windows including 8.1, 8, XP and Vista, make up the remainder, BitSight calculated.

In paragraph 22 of this story, we asked about the spelling of Samil Salim’s first name. Now, it’s corrected.

The majority of those caught up in the ransomware attack last week were running Microsoft’s Windows 7 operating system without the latest security updates, according to a survey by security ratings firm BitSight.

Researchers are confident that identifying “patient zero” would help authorities capture the criminal authors of WannaCry, which remains a threat in China and Russia despite being beaten badly in the hardest-hit regions.

They are studying how to identify flaws that limit the virus’ spread to improve their luck.

Experts say that while the WannaCry ransomware strain affected computers at more than 300,000 internet addresses, further attacks that fix weaknesses in WannaCry will follow those that hit larger numbers of users, with more devastating consequences.

“Some businesses are unaware of the threats; some don’t want to interrupt crucial business procedures; and sometimes they are short on employees,” said Ziv Mador, vice president of security research at Trustwave’s Israeli SpiderLabs unit.

“There are plenty of reasons people wait to patch and none of them are good,” said Mador, a former long-time security researcher for Microsoft.

Pratley, the director of investigations & incident response at UK consulting firm MWR InfoSecurity, said that the worm-like ability of WannaCry to infect other computers on the same network suggests Windows 7 is its target.

BitSight data shows that of 160,000 computers connected to the internet that were attacked by WannaCry, Windows 7 accounts for 67% of infections, despite accounting for less than half of global Windows PC usage.

Health systems in Britain run on computers that are vulnerable to attacks but are also incapable of spreading infections. Computer viruses that originated on older versions of Windows, for example, were found to be incapable of spreading infections and played a much smaller role in the global assault than was initially realized.

Researchers at MWR and Kyptos say that Windows XP crashes before the virus can spread in laboratory testing.

According to BitSight, Windows 10, the latest version of Microsoft’s flagship operating system franchise, accounted for another 15 percent, while older versions of Windows including 8.1, 8, XP and Vista, accounted for the remaining 15 percent, it said.

BASIC COMPUTER KNOWLEDGE

Experts say that organisations that heed Microsoft’s urgent message to install a critical security patch as soon as possible are immune to the warning.

Since WannaCry damaged computers across the world, many users have been unable to access their files or warn others about their download. According to Microsoft, SMB, the file sharing feature in Windows that the Shadow Brokers group claimed was used by NSA intelligence operatives to sneak into Windows PCs, is turned off by default. However, some users have disabled the feature using a software utility. It is not known whether the same covert hackers group behind WannaCry also disabled SMB. It is also unclear whether the group used the same breach to compromise Microsoft as WannaCry, or whether it hacked its own way to the company.

“People who installed supported versions of Windows and patched up immediately were not affected,” Trustwave’s Mador said.

In 2014, Microsoft withdrew support for older versions of Windows software such as 16-year-old Windows XP and required users to pay hefty annual fees instead. The British government canceled a nationwide NHS support contract with Microsoft after a year, leaving local trusts to upgrade their systems.

In the wake of the WannaCry ransomware outbreak, U.S. software giant Microsoft last weekend released a free Windows XP and other older Windows versions patch that it previously offered only to paying customers.(reut.rs/2qvSPUR)

Microsoft did not respond to requests for comment.

On Sunday, the U.S. software giant demanded intelligence services to strike a better balance between their desire to keep software flaws secret – in order to carry out espionage and cyber warfare – and sharing those flaws with technology companies to better secure the internet (reut.rs/2qAOdLm).

According to Kryptos Logic, Chinese and Russian addresses accounted for more than half of all internet failures globally due to WannaCry last week. Both countries experienced high infection levels on Thursday and Friday, according to data provided to Reuters by threat intelligence firm Kryptos Logic.

The proportion of WannaCry infections in the United States is 7 percent of the world’s total and in Britain, France, and Germany, just 2 percent of attacks on the world, Kryptos reported. (AMansi.rs/2qIUckv)

THOSE WHO HAVE NOT EXPLORED ARE STUPID AND STILL INSPIRED BY THEIR HISTORY.

A ransomware that combines wrongly coded copycat software that has been loaded with amateur coding mistakes and leaked spy tools is rising, according to researchers.

“The magnitude of this attack is so much greater than any other because the intent has changed from information theft to business disruption”, said Samil Neino, chief executive of Los Angeles-based Kryptos Logic.

The security experts who have hailed Hutchins’s kill- Switch as the decisive step in stopping the ransomware’s rapid worldwide spread have praised it as the “antidestroyant” mechanism.

The WannaCry virus seems to target mainly enterprises rather than consumers, since once it infects one machine, it stealthily spreads across internal networks, making it impossible for a single household machine to be affected. In large firms, on the other hand, individual consumers at home may not be able to be affected.

300,000 infected internet connections are linked to computers across the world by Kryptos.

The company is gathering information to arrive at a more robust estimate of how many ransomed computers are affected by WannaCry and how many more are affected by the way it spreads quietly inside company networks, potentially affecting a million machines. It is aiming to release a more comprehensive estimate Thursday.

How sophisticated ransomware has become, forcing even unaffected organizations to rethink strategies is revealed in the recent attack, Liran Eshel, chief executive of CTERA Networks said.

A flight route is an escape route.

Researchers from a number of security firms said they had so far been unable to find a way to decrypt files locked away by WannaCry and said they were likely to be unsuccessful.

Researchers at Symantec this week discovered that the Wanna Cry ransomware code doesn’t allow the attackers to track payments using unique bitcoin addresses, thus rendering users “unlikely to get files restored”, according to a tweet from the company’s Security Response team.

Experts said that many organizations have back-up and retrieval procedures in place that enable technicians to re-image infected computers, which may have caught out by the attack.

Experts who have studied WannaCry code say it is unlikely to infect data-backup systems because it does not employ coding techniques that are more sophisticated than those that are used for individual computers.

Why is it that such a small number of victims pay ransoms into these three bitcoin accounts, when WannaCry directs victims to? These factors help to explain the mystery.

Less than $83,000 were paid into the WannaCry blackmail accounts by Thursday (1800 GMT) six days after the ransomware attack began and one day before it begins locking up all of its victims’ computers forever. (Reuters graphic: [tmsnrt.rs/2rqaLyz)

The most comprehensive yearly survey of security flaws, the 2017 Verizon Data Breach Investigations Report, found that more than three months elapsed before at least 50% of organisations installed major new software security patches.

Microsoft’s security patch arrived nine weeks before WannaCry.

“The same things are causing the same problems,” MWR research head Pratley said.

“Although they did some of the basics, we haven’t seen many organizations fall over,” he said.

For a visual on WannaCry worm, click here

A list of exchanges and delays was provided. All quotes were delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays.

Leave a Reply

Your email address will not be published. Required fields are marked *