Ransomware cyberattack

[aceluby]

25 minutes ago, Altherion said:

Yes, Microsoft would generally prefer that people use pirated Windows than develop their own alternative. Imagine if Russia or China or some other large country decides to officially switch to another operating system (they don't even have to write a new one from scratch, just take a Linux variant and customize it). Suddenly, if any hardware manufacturer wants to sell computers in that country, they have to provide official drivers and software manufacturers have to provide a compatible version of their product. Of course, once the work is done, there is nothing restricting its use to that specific country so the non-Windows alternative can spread. The reputation damage due to unlicensed product is part of the price for being a global monopoly.

Linux has been around for 30 years with broad developer support across the entire world.  And even with that market demand for hardware/application/driver support, major companies simply forego that market.  Not only that, we're seeing a major shift in technology away from personal computers except in cases that require good processing power.  The days of a regular joe needing a PC for day to day computing is nearing an end since nearly everything can be done from your phone.  So not only has it had plenty of time to catch on with viable alternatives aplenty over decades of time, the need for it will become less and less as the next generation looks to do more with their phone.  This scenario just doesn't look plausible.

[Kalbear]

24 minutes ago, Commodore said:

looks like only around $100k ransom has been paid

 

In addition to that, everyone is watching the wallets for withdrawals really carefully, and is spending a lot of effort in tracking them down.

Which seems like a problem for a supposed untraceable currency, but in this case its openness is helping the people looking for the culprits while also making the money essentially untouchable. 

[Robin Of House Hill]

It's time for someone to take down bitcoin.

[Kalbear]

On 5/12/2017 at 5:11 PM, Robin Of House Hill said:

It is what happens when you use a network that is a security nightmare, using obsolete software, without scanning email attachments, used by personnel who are clueless about the technology they are using who have been inadequately trained.

Critical data, whether government, or business, needs to be on a totally separate, secure network with substantially different protocols than the internet.

This is literally nothing to do with the problem that happened at all. 

[Commodore]

1 hour ago, Kalbear said:

Which seems like a problem for a supposed untraceable currency, but in this case its openness is helping the people looking for the culprits while also making the money essentially untouchable. 

This is true, it doesn't take much to go from untraceable to easily traceable. But that's a feature, depending on whether your goal is anonymity or transparency. 

[Kalbear]

6 minutes ago, Commodore said:

This is true, it doesn't take much to go from untraceable to easily traceable. But that's a feature, depending on whether your goal is anonymity or transparency. 

Given that the goal of the criminals is to be untraceable it seems like it's not a particularly good feature. If your goal is to be, well, untraceable, and that's your selling point, making it instead be completely and totally traceable and watchable seems like a fairly large bug.

Now, I personally think having a totally traceable currency has a ton of value in many different ways, but one of the things it does is allow for governments to track what you're buying and selling. I'm shocked that you're happy with this obvious use of a cryptocurrency to track its users.

[Commodore]

14 minutes ago, Kalbear said:

Now, I personally think having a totally traceable currency has a ton of value in many different ways, but one of the things it does is allow for governments to track what you're buying and selling. I'm shocked that you're happy with this obvious use of a cryptocurrency to track its users.

Matching an identity to an address is not a trivial thing.

There are also efforts to update the protocol to make transaction more anonymous.

[Kalbear]

Just now, Commodore said:

Matching an identity to an address is not a trivial thing.

There are also efforts to update the protocol to make transaction more anonymous.

Something being not trivial is not the same thing as being untraceable. And basically so long as they want to use this money for something along the way chances are good that it'll be found. 

As to making transactions anonymous, you're simultaneously saying that's good and bad. How does that work?

[Robin Of House Hill]

1 hour ago, Kalbear said:

This is literally nothing to do with the problem that happened at all. 

Except for the part about obsolete software.  You know, like Windows XP which went EOL in April, 2014.

The rest was gratuitous, but none the less, true.

[Kalbear]

Just now, Robin Of House Hill said:

Except for the part about obsolete software.  You know, like Windows XP which went EOL in April, 2014.

Win8 isn't that way, and there were a number of Win10 hits as well.

Just now, Robin Of House Hill said:

The rest was gratuitous, but none the less, true.

The rest of it has nothing to do with any of the way these attacks were spread. Point of fact, there was literally zero defense against this for any user or IT professional who was using this on WinXP or Win8, save not being connected to any other computer.

[Altherion]

47 minutes ago, aceluby said:

Linux has been around for 30 years with broad developer support across the entire world.  And even with that market demand for hardware/application/driver support, major companies simply forego that market.  Not only that, we're seeing a major shift in technology away from personal computers except in cases that require good processing power.  The days of a regular joe needing a PC for day to day computing is nearing an end since nearly everything can be done from your phone.  So not only has it had plenty of time to catch on with viable alternatives aplenty over decades of time, the need for it will become less and less as the next generation looks to do more with their phone.  This scenario just doesn't look plausible.

Being around for a while is not the same thing as being the legally mandated default in a non-trivial fraction of the global market. Also, it wouldn't be vanilla Linux -- a government has the resources to customize it to be more acceptable to the masses. Phones are actually a good example of the latter, albeit with a mega-corporation instead of a government. More than 80% of the smartphones sold last year run a customized version of Linux called Android, but most people don't recognize Android as Linux because Google (and, to a much lesser extent, the phone manufacturers), made quite a few changes to the kernel and then put a whole lot of stuff on top of that altered kernel. A government could do the same thing.

22 minutes ago, Kalbear said:

Win8 isn't that way, and there were a number of Win10 hits as well.

Wait, I thought Win10 was immune? That is, it can of course be infected directly through user carelessness, but not through the Eternal Blue vulnerability.

[Kalbear]

Just now, Altherion said:

Wait, I thought Win10 was immune? That is, it can of course be infected directly through user carelessness, but not through the Eternal Blue vulnerability.

Eternal Blue was patched in March - but if you didn't patch, you didn't get it. 

[Aemon Stark]

I feel like this vindicates Adama's approach to keeping Galactica network-free re: Cylon attacks. 

[Loge]

Some governments actually have created their own Linux distributions, mostly for government/military use. Russia, for example. Of course, mass market adoption is unlikely, unless mandated.

The scary thing about this ransomware is how common it is to run a full desktop OS on a machine with very limited functionality, like ATM or display boards in railway stations (which is how Deutsche Bahn got hit). Looks like really lousy engineering to me.

[Commodore]

16 hours ago, Kalbear said:

Something being not trivial is not the same thing as being untraceable. And basically so long as they want to use this money for something along the way chances are good that it'll be found. 

As to making transactions anonymous, you're simultaneously saying that's good and bad. How does that work?

I'm saying the nature of the protocol allows for anonymity or transparency, depending on how it's used.

[maarsen]

12 hours ago, Loge said:

Some governments actually have created their own Linux distributions, mostly for government/military use. Russia, for example. Of course, mass market adoption is unlikely, unless mandated.

The scary thing about this ransomware is how common it is to run a full desktop OS on a machine with very limited functionality, like ATM or display boards in railway stations (which is how Deutsche Bahn got hit). Looks like really lousy engineering to me.

A few hundred bucks gets a computer board that has all the functionality you need. A custom designed board with only the functions you need will cost much more. 

[Altherion]

It's back and better than ever. The new version purportedly has no kill-switch and uses not just EternalBlue, but a few other exploits to spread.

[Iskaral Pust]

27 minutes ago, Altherion said:

It's back and better than ever. The new version purportedly has no kill-switch and uses not just EternalBlue, but a few other exploits to spread.

Yes, the victim list published so far looks pretty bad.  Several major corporations who had plenty of warning to patch but, as Altherion said, it's not just EternalBlue as the vector.