Jump to content
abhi93696

Protect Against WannaCry

Recommended Posts

abhi93696

IN Case anyone unaware of it-:

The WannaCry ransomware, also known as Wanna Decryptor, leverages a Windows SMB exploit, dubbed EternalBlue, that allows a remote hacker to hijack computers running on unpatched Microsoft Windows operating system.
Once infected, WannaCry also scans for other unpatched PCs connected to the same local network, as well as scans random hosts on the wider Internet, to spread itself quickly.

What Has Happened So Far
Day 1: OutCry — WannaCry targeted over 90,000 computers in 99 countries.
Day 2: The Patch Day — A security researcher successfully found a way to slow down the infection rate, and meanwhile, Microsoft releases emergency patch updates for unsupported versions of Windows.
Day 3: New Variants Arrives — Just yesterday, some new variants of WannaCry, with and without a kill-switch, were detected in the wild would be difficult to stop for at least next few weeks.

Protecton Against it-:

1)Microsoft Issues WanaCrypt Patch for Windows 8, XP

Quote

2)Disable SMBv1 On Windows [7, 8 and 10]

Quote

 

Quote

If you are using Windows 10, you are on the safe side."The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack," Microsoft says.

 

Stay safe & cheerz :)

  • Upvote 1

Share this post


Link to post
Share on other sites
Jatoba_King

I found its Decrypt key 

Share this post


Link to post
Share on other sites
Jasi2169
2 hours ago, Jatoba_King said:

I found its Decrypt key 

from where ?

saying does not prove anything

 

also

 

Official windows support help to disable and enable i prefer regedit

 

https://support.microsoft.com/en-in/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

 

attached my registry to disable SMB1 and SMB2 (/SMB3)

 

just double click it and give admin access and done

 

wannacry_SMBfix_jasi.reg

  • Upvote 4

Share this post


Link to post
Share on other sites
samoray

@Jasi2169: does your registery hack works for win10 , Or I'm safe on win10 and dont need to disable anything?

Share this post


Link to post
Share on other sites
Jatoba_King

One of the hacker has provided me in one of my gorup below are is the details

 

 

The password to decrypt WannaCry files is “[email protected]” and now people can happily recover back their data after this massive attack without paying the hackers any ransom and path their system before getting targeted by another ransomware or any other kind of virus.

  • Upvote 1

Share this post


Link to post
Share on other sites
Jasi2169
15 hours ago, samoray said:

@Jasi2169: does your registery hack works for win10 , Or I'm safe on win10 and dont need to disable anything?

Microsoft says win10 is safe atm

but disabling smb will work in win 10 too anyway smb doesnot

break anything which is needed for me

 

Jatobaking seems like the password maybe wrong unless someone try and see ,ryt now we are safe so affected may try and let other know

  • Upvote 1

Share this post


Link to post
Share on other sites
Jatoba_King

Thank you jasi2169 for providing useful information

Edited by Jatoba_King

Share this post


Link to post
Share on other sites
Cachito

@Jatoba_King

I am not sure about wannycry, but I don't think they would make it this easy...

Other ransomware create random key-pairs and send the private key to some online server. Others download a pre-generated public key and encrypt with it. But in any of those cases you have a simple password to decrypt the files.

I don't think they are stupid enough to make it this easy.

 

EDIT: 

Quote

 The password “[email protected]” is not used to encrypt files. It is only used by the malware to decrypt some of its components.

Source: https://isc.sans.edu/forums/diary/WannaCryWannaCrypt+Ransomware+Summary/22420/

Edited by Cachito
  • Upvote 2

Share this post


Link to post
Share on other sites
abhi93696

@Jatoba_King The malware contains two separate decryption/encryption routines- one for the bulk of the victims’ files, encrypted with a unique key per file. To decrypt the files, a private RSA key is needed from the creators, who are supposed to deliver it in a “.dky” file

 

Full Article-: http://blog.checkpoint.com/2017/05/14/wannacry-paid-time-off/

Share this post


Link to post
Share on other sites
TechLord

Right now the easy way to prevent infection in the first place is to turn off SMB v1.

 

In any case, your  computer needs to be "listening" on the 139,445 - which is why mostly servers are affected. If you have a good firewall that blocks incoming connections on those ports, then again you are safe from this worm.

 

Having said that, its always best to be up to date wit the latest patches.

 

Once you've been infected, there's no option to decrypt it without getting the key from the originators - at least this is so, for most of the "in-the-wild" samples that we'd encountered in the past few  days.

  • Upvote 3

Share this post


Link to post
Share on other sites
Jatoba_King

Guys my friend is suffering from ransomware please suggest the method for decrypt 

Share this post


Link to post
Share on other sites
Jatoba_King

Please help

IMG_0337.JPG

Share this post


Link to post
Share on other sites
Kjacky

wanna cry attacked 23 Railway station computers in kerala

news in malayalam

 

 

  • Upvote 1

Share this post


Link to post
Share on other sites
abhi93696

Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days

 

However, this time the Shadow Brokers leaks will not be available for everybody, as the hacking collective said:

"TheShadowBrokers is launching new monthly subscription model. Is being like [the] wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month."
 
Lol more like these(WannaCry) may come in future!!:D

Share this post


Link to post
Share on other sites
Phoenix
8 hours ago, Jatoba_King said:

Guys my friend is suffering from ransomware please suggest the method for decrypt 

 

 

Why you and your friend is taking lots of pressure. Are you afraid of loosing your data? Simple trick to regain your date:

 

As per the posts this ransomeware targets Windows.

 

I think using a Linux can solve the problem. There are software which can run from CD and can be used for data transfer.

 

After data transfer you can format the infected drive saving your data. This can work for saved data only.

 

Keep searching for better ideas. :)

Share this post


Link to post
Share on other sites
Jatoba_King

Before getting any idea he formate his whole hard-disk.

Share this post


Link to post
Share on other sites
abhi93696
On 2017-5-16 at 9:48 AM, Jatoba_King said:

One of the hacker has provided me in one of my gorup below are is the details

 

 

The password to decrypt WannaCry files is “[email protected]” and now people can happily recover back their data after this massive attack without paying the hackers any ransom and path their system before getting targeted by another ransomware or any other kind of virus.

Hey this pwd is unlocking the "sample" of ransomware available online! :D Not 4 recovering something! 

 

Also It corrupts shadow volumes to make recovery harder. 

Share this post


Link to post
Share on other sites
Jasi2169

just flashed windows 7 from scratch and updated may security update kb4019254 this one is important which fixes this

 

anyway i have all data rar archived with password protected in DVDs and i have more than 100DVDs in my drawer also some main data in also uploaded on mediafire.com ,my data is safe still i dont download unknown stuff and use ublock origin always when u download from 3rd party hosts those ads popup wont work and virus kind of stuff does not download

keep antivirus updated and keep applying Security Updates for windows"

 

anyway burning data to DVDs always help and i am doing this since 2013

  • Upvote 1

Share this post


Link to post
Share on other sites
samoray

one of my friends has been suffering from a ransomware, and he almost loses every file on his computer.

after some googling I found a solution to recover all the files, BUT on earlier versions (3 or 4 days before) and it was more than excellent for my friend.

I used an application named "shadow Explorer"  to recover all files on previous version.

I suggest everyone to use that application to recover his valuable files.

  • Upvote 1

Share this post


Link to post
Share on other sites
Kjacky
9 hours ago, Jasi2169 said:

just flashed windows 7 from scratch and updated may security update kb4019254 this one is important which fixes this

 

anyway i have all data rar archived with password protected in DVDs and i have more than 100DVDs in my drawer also some main data in also uploaded on mediafire.com ,my data is safe still i dont download unknown stuff and use ublock origin always when u download from 3rd party hosts those ads popup wont work and virus kind of stuff does not download

keep antivirus updated and keep applying Security Updates for windows"

 

anyway burning data to DVDs always help and i am doing this since 2013

i'm also using the same way because i can't loose the files for the third time

  • Upvote 3

Share this post


Link to post
Share on other sites
neil

old outdated dying computers are affected by this sh!t. who cares for those systems. go get a new computer with win 10 pro.  

Share this post


Link to post
Share on other sites
neil
On 5/17/2017 at 10:32 PM, Jasi2169 said:

anyway i have all data rar archived with password protected in DVDs and i have more than 100DVDs in my drawer also some main data in also uploaded on mediafire.com

win 10 pro has bitlocker. plz update yr lappy. 

it also has hyper-v

Edited by neil

Share this post


Link to post
Share on other sites
neil
On 5/17/2017 at 11:57 AM, Kjacky said:

wanna cry attacked 23 Railway station computers in kerala

news in malayalam

 

 

LOL

does she knows hows to works on the workstations?

Share this post


Link to post
Share on other sites
neil
On 5/17/2017 at 10:30 AM, Jatoba_King said:

Guys my friend is suffering from ransomware please suggest the method for decrypt 

 

do you know calculus. use it to reconstruct it's private key.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

Guidelines