Post by David E. RossPost by NobodyPost by burfordTjusticeOn Sat, 20 May 2017 11:54:17 +0200 (CEST)
Organization: dizum.com - The Internet Problem Provider
You are not believable.
The article is posted on The Verge, not written by the OP.
"One week after it first hit, researchers are getting a better handle on
how the WannaCry ransomware spread so quickly — and judging from the
early figures, the story seems to be almost entirely about Windows 7."
"According to data released today by Kaspersky Lab, roughly 98 percent
of the computers affected by the ransomware were running some version of
Windows 7, with less than one in a thousand running Windows XP. 2008 R2
Server clients were also hit hard, making up just over 1 percent of
infections."
https://www.theverge.com/2017/5/19/15665488/wannacry-windows-7-version-xp-patched-victim-statistics
However, Micro$oft released a security update to Windows 10 to block
WannaCry and WannaCrypt. To me, this indicates that Windows 10 was no
less vulnerable than Windows 7.
No matter what systems were actually attacked, much of the blame should
be focused on the U.S. National Security Agency (NSA). The NSA
developed the tool used for ransomware and failed to secure its own
computer systems against theft of that malware. The NSA therefore put
United States -- people, businesses, organizations, and even the
government itself -- at risk instead of protecting us.
See my "The Great Computer Plague of 2017" at
<http://www.rossde.com/editorials/edtl_PCplague.html>.
I don't think we should really exaggerate the risk level
for this, at least for home users.
In a corporate environment, it's an issue of "scale".
1) Just the worm-like network packets sent, can slow
a network down. Even if the AV on a target machine
blocks the effects of an incoming packet, the packets
being sent use up network bandwidth. This is why some
enterprises claimed they were "disturbed" by WannaCrypt,
but not turned into a meltdown.
2) There can be a lot more machines on one LAN segment,
compared to a home user.
For a home user, the level of risk is relatively the
same between Locky, and WannaCrypt. Certain flavors of
Locky can crawl through existing file share mounts, or
mount the disk in question (if the mount does not
require the user to type a password perhaps). If you
have only two running computers on your home LAN right
now, Locky could end up encrypting most of the partitions,
while WannaCrypt could encrypt all of them.
In terms of preparedness, both require a complete home
backup strategy, for best protection.
At the current time, you still have to click on an
email attachment, to be infected, for WannaCrypt to
get inside your LAN. The typical IPV4 NAT router
protects against incoming worm-like behavior. It
takes effort for the average user, to have port-forwarded
the necessary port(s), for a Port Forwarded file share
to be an (original) infection vector.
The situation is lamentable, but the solutions
really aren't all that different than preparing
for a visit from Locky.
Now, if any of these things use an Adobe Flash exploit
as the entry vehicle (no matter which Ransomware is involved),
*then* we're in deep trouble. Popular web sites still sell
advertising space involving Flash content from unknown sources.
Whether WannaCrypt or Locky were to get in that way, it
would be a mess. No amount of patching of Adobe Flash,
seems to be enough.
Personally, I'm still worried about Locky.
Paul