Of interest is none of the AI solutions on VT are detecting this. Definitely a good source to test against the third party anti-ransomware solutions.
Eset thinks this is related to SMB exploit that was patched in March: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx If so, I guess these concerns deserve to get nailed for failing to apply a two month old patch.
https://www.forbes.com/sites/thomas...ed-by-wannacry-ransomware-in-global-explosion So much about NOBUS.
I do know one thing for sure, we will never know the total impact of this attack. Most nailed concerns will pay up and state anyone who leaks they were nailed will be fired immediately.
Seems like forbes.com is still using an anti-adblocker, couldn't read it. But I've read that British hospitals were also hit, this seems to be quite serious. So it's more proof that dedicated anti-ransomware security tools combined with a good back up strategy is a must.
In this case system update would be best defense. Vulnerability can be exploited to run malware that can do whatever attacker wants (not just ransomware). For many sysadmins stability is as important as security so sometimes they don't update critical systems as soon as update is released. This can become big problem. Once that other attackers start to "smell blood"...
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ Impressive
'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack https://www.theguardian.com/technol...tch-to-stop-spread-of-ransomware-cyber-attack
You mean installing patches? Yes of course, but what if it was a true "zero day" bug, then it wouldn't have helped. This is a great opportunity for security companies to promote their "next gen" AV systems that can block ransomware and other malware. But I also wonder if a simple white-listing tool would have stopped this attack.
In playing with malware and scripts, ERP will stop everything, and it has a solution for the click happy users. Set a master password, and then click all the password options and see what you can get past it.
