back to article Ransomware scum have already unleashed kill-switch-free WannaCry‬pt‪ variant

Miscreants have launched a ransomware worm variant that abuses the same vulnerability as ‪the infamous WannaCry‬pt‪ malware. Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, …

  1. Martijn Otto

    Inevitable

    This was - of course - inevitable and it only shows how effective the NSA is at undermining everyones security.

  2. Pascal Monett Silver badge
    Flame

    Re: Inevitable

    And, of course, there isn't a single politician that will derive any parallel with backdoored encryption. Can't be, it's backdoored for The Good Guys (TM) !

  3. tfb Silver badge

    Re: Inevitable

    And the good guys have such good security that none of the backdoor keys will ever leak. Nothing has ever leaked from the NSA for inst... oh, wait.

  4. The Man Who Fell To Earth Silver badge
    FAIL

    Re: Inevitable

    Oh yea. Because the likes of the FSB & PLA must be too stupid to have also discovered these types of vulnerabilities.

  5. Anonymous Coward
    Anonymous Coward

    Re: Inevitable

    Oh c'mon...it will be spun as

    "If we have back doors we can prevent this sort of thing happening by getting into the system and blocking it"

  6. Version 1.0 Silver badge

    Re: Inevitable

    Don't blame the NSA - anyone could have discovered this issue and weaponized it. Certainly the NSA should have reported it to Microsoft but they apparently didn't ... who knows.

    The real issue here is that Microsoft stopped has patching XP and Vista systems in an attempt to force users to upgrade - that's where the real money is in these vulnerabilities. So who's going to make out like a bandit from WannaCry et al? Expect Microsoft Win 10 share to increase over the next few months - they are the real winners here.

  7. Anonymous Coward
    Anonymous Coward

    Re: Inevitable

    So you're blaming a commercial company for not patching a 13 year old OS?

    Really?

  8. P|H

    Re: Inevitable

    If back doors ever become a reality and the key is ever stolen (it will be), there will be no need for "ransomware". The crims will simply help themselves to your bank account or whatever else they want. You won't have to open a dodgy email or click a bad link. Best yet it won't matter what OS you use. And then, goat farming in the hills begins to look attractive.

  9. Anonymous Coward
    Anonymous Coward

    Re: Inevitable

    @Version 1.0

    I wouldn't be so sure. My phone has been off the hook all day with people asking if certain software will work under Ubuntu. Totally unsolicited.

    I think people are legit pissed at MS this time and are finally fed up with a dash of genuine concern.

  10. Mage Silver badge

    Re: The real issue here is that Microsoft stopped has patching XP

    Actually technically they haven't stopped. (Vista yes).

    BUT THE PATCHING IS NEARLY IRRELEVANT!

    Like most other spam borne "attacks" this would be totally mitigated by

    1) User training and common sense.

    2) Better configured systems.

    XP use by NHS is a red herring.

    Even if EVERYONE used Linux* and it was updated daily, it will NOT stop this until the USERs are better trained and use email properly.

    [*Because all the spam based attacks would be aimed at Linux]

  11. Anonymous Coward
    Anonymous Coward

    Re: Inevitable

    Yes. If they're selling their operating system to clients for use in everything from medical equipment to warships and that equipment has an expected lifetime of decades, then the operating system should be supported for that lifetime.

    Microsoft have made billions upon billions from the taxpayers. Supporting the stuff they have sold isn't much to ask. No-one is asking for new features or upgrades, only critical security updates.

  12. Version 1.0 Silver badge

    Re: Inevitable

    Sure, I'm blaming them - I know that the way of the world here is that when you buy stuff these days it's actually supported for a year or so ... and then it's junk?

    The next time you take a journey, check the age of the aircraft, train, car, bike etc. - if it's 13 years old then maybe it will crash and the manufacturer will tell you that it's your fault?

    The fact is that Microsoft actually had a fix for this vulnerability but they were only releasing it if you had a continuing support contract - sure, Windows isn't very secure but why? Because it's not built for security, it's built to be cheap and disposable.

    It's designed to be required to be replaced because that's where the money is - and this applies to whatever ever of Windows you are running today - it's going to be vulnerable tomorrow.

  13. Version 1.0 Silver badge

    @mage "User training and common sense"

    That will only protect you against the obvious - you're still toast whenever the NSA and their ilk want access.

  14. Donn Bly
    Mushroom

    Re: If they're selling their operating system to clients for use in everything

    Debian derivatives are used in dozens of pieces of equipment around my office -- when there is a flaw who is the one responsible for getting all of the that equipment updated? Should Public Interest be blamed for a unpatched hole in a 10 year old router and expected to fix it -- even when newer versions that fixed the flaw have already been shipped? Of course not.

    So why should Microsoft be blamed for the same situation? They sold operating system, but they aren't the one putting it in medical equipment. That was done by the manufacturer of the equipment, which, by the way, as an OEM assumed all ongoing support. The end-of-life date on the OS was well known before it was installed. It is the equipment manufacturer that screwed you over, not Microsoft.

    The systems integrator that put Windows on Warships is the one who made the claim of fitness for purpose, not Microsoft. THEY are the one who should be held accountable. If that integrator needs to go back and pay Microsoft for ongoing support that's their problem -- they made the choice to integrate Microsoft and they have the live with the results of their decisions.

  15. Infernoz Bronze badge
    FAIL

    Re: Inevitable

    * Microsoft realised that the security in XP was grossly inadequate, so recruited crackers and other experienced security staff for a new OS, re-built for security, thus the poor 1st attempt in Vista, and the usable 2nd attempt in Windows 7.

    * The version of SMB (Windows Networking) supported by XP has pathetic security, especially with increasing computer processing power, and I was shocked to see the pathetic default Samba client levels in Mint and no GUI to fix this easily!!!

    * Microsoft provided ample advance warning of EOL for XP/2003, and only offered escalating cost post-EOL support as a _temporary_ stop-gap, because XP is not worth supporting for security reasons, so organisations have no excuses to still be using it, especially on the Internet!

    * Yes, the NSA is criminal for making these immoral and unlawful cyber weapons, but crackers were already attacking the inadequately secured XP.

    * The public leak of these cyber weapons at least makes most of the threats publicly known so that they can be combated en-mass now, including by Microsoft, rather than the much harder work to identify/combat hidden black hat criminal uses.

    * Organisation and other users of XP, and suppliers of equipment requiring XP which have not already implemented/provided an upgrade to at least Window 7 are frankly negligent and should be humiliated/sued; they don't deserve any sympathy.

    The Swift (inter-bank payments service) must also be heavily-pressured/humiliated/sued to get its act together, because it reportedly still requires the only slightly less dated Vista version of Windows to run their client software in banks, which is probably one reason why several Swift client banks have been virtually bank robbed! Swift should really be using a secure *BSD OS for this, let-alone any version of Windows!

  16. Ken Hagan Gold badge

    Re: Inevitable

    "Because the likes of the FSB & PLA must be too stupid to have also discovered these types of vulnerabilities."

    If they knew about them, they didn't do a very good job of protecting their own gear from them.

  17. John Brown (no body) Silver badge

    Re: Inevitable

    "If they knew about them,"

    You mean like the NSAUSA did such a good job

  18. Trigonoceps occipitalis

    Re: Inevitable

    Yes, but if the crypto is back doored all I need to do is ring NSA/GCHQ, problem solved!

  19. TheVogon Silver badge

    Re: Inevitable

    "So you're blaming a commercial company for not patching a 13 year old OS?"

    Windows XP is nearly 16 years old now...

  20. M.

    Re: Inevitable

    Your Comment: "Yes, the NSA is criminal for making these immoral and unlawful cyber weapons..."

    Unlawful? By what law, specifically? (NOTE: Title 10 and Title 50 authorities directly - and legally - trump certain US laws.) As an analogy - It's not "illegal" for a policeman to speed to catch up to a criminal. It's not "illegal" for the NSA to create tools to compromise computers.

    You can argue all day as to whether it is illegal to DEPLOY tools, once created, against CERTAIN computers, but I don't think you have a leg to stand on calling the fact that NSA *creates* such a tool - if they even did create one themselves - in any way an illegal act.

  21. Anonymous Coward
    Anonymous Coward

    Re: Inevitable

    Well in the UK, the police (and,bulance/fire tenders) can be prosecuted for their actions while speeding. It does not happen very often but not unknown. As to GCHQ, much of what they have done has been shown to be unlawful it is just that successive government have not pursued them (simply hangs legislation and given retrospective blessings.

  22. Michael Habel Silver badge

    Re: Inevitable

    Implying that Windows (H)8, and Windows X are better than an unmaintained Windows XP SP3 Installation. Which can still do it's job. Probably better than those other Two numbskull OSs. Assuming Microsoft were kind enough to continue supporting it. But, alas that way only madness lay. As XP does not contain Tracker's, and (Cr)App Stores to take your Moneyz.

  23. veti Silver badge

    Re: @mage "User training and common sense"

    @Version 1.0:

    If the NSA/GCHQ/etc. really want to read what's on your computer, they will. Don't kid yourself otherwise. This has been the case since you got that first 33.6 kbps dialup modem.

    But they're unlikely to encrypt the contents and demand bitcoin from you. That's not their MO. Far too revealing, for one thing.

  24. Ropewash

    Re: Inevitable

    FSB & PLA

    I can't be the only one who wondered what the frontside bus or a programmable logic array had to do with this story.

  25. Pompous Git Silver badge

    Re: Inevitable

    "Windows XP is nearly 16 years old now..."
    Almost legal then :-)

  26. Scorchio!!

    Re: Inevitable

    Last night on BBC Radio 4 news I head that the NHS IT organisation warned trusts of the risks if they did not deploy the patch to protect them against this very thing; they were arned, but why the hell are people still opening attachments and clicking on links? My mother made this mistake once, in 1998, and has not done so since. If someone of her age can be immune so can NHS staff.

  27. Scorchio!!

    Re: The real issue here is that Microsoft stopped has patching XP

    Thank you Mage; user training and impulse control. I've never fallen for this kind of crap, and I don't let my guard down.

  28. Jess

    Re: So you're blaming a commercial company for not patching a 13 year old OS?

    When said OS is used with systems that cannot be upgraded, yes.

    (because it would make expensive hardware unusable.)

    But also the people who made and OKed the decision to purchase such unsuitable systems should be held to account.

    Why would anyone buy a jack of all trades system, with a life of a decade or so to run expensive equipment meant to last thirty years with a specific requirement?

  29. Pompous Git Silver badge

    Re: So you're blaming a commercial company for not patching a 13 year old OS?

    "Why would anyone buy a jack of all trades system, with a life of a decade or so to run expensive equipment meant to last thirty years with a specific requirement?"
    No alternative. Hospitals use hundreds of devices "monitoring equipment, alarms, compounders, radiology, things of those nature" that were designed to specifically run with XP. There are zero or close to zero that run on other OSs. You can't purchase what doesn't exist.

  30. Charles 9 Silver badge

    Re: So you're blaming a commercial company for not patching a 13 year old OS?

    But I wonder if it's possible to MAKE it exist with something like, "This 8-figure contract will go to the first company that's makes their equipment X, Y, and Z completely."

  31. DuncanLarge Bronze badge

    Re: Inevitable

    "Don't blame the NSA - anyone could have discovered this issue and weaponized it. Certainly the NSA should have reported it to Microsoft but they apparently didn't ... who knows."

    It's clear the NSA intended to not inform Microsoft at all as this was part or their arsenal, a secret tool on their version of a Bat Belt. We must blame the NSA as they developed it, hoarded it and then lost control of it when it got out. This should be an example of how such organisations should not be using such methods.

    The only way Microsoft knew about this and patched this was because the NSA lost control of the code to ShadowBrokers who then reported it to Microsoft giving them enough time to roll out a patch before a public release.

    As you correctly say, anyone could have developed code that exploits the flaw. But who detected that flaw first? So who should have the social responsibility to improve the "cyber" defense of at least their own nation by disclosing such a flaw?

    The NSA found it. Kept it secret, then lost the code due to real humans making mistakes or breaking in who discover a pot of "hacker gold" runnable and mature from the fist double click.

    For this very reason Apple, correctly, refused to create a version of iOS that could be installed on an iphone to weaken the pin entry screen to allow the FBI entry. Apple knew they could not simply trust that this hacked version of iOS could be kept under control.

  32. inmypjs Silver badge

    Re: Inevitable

    "blaming a commercial company for not patching a 13 year"

    I think blaming and criticising a company that sold you buggy vulnerable crap and refuses to fix bugs because someone else didn't find and advise them of them soon enough is entirely justified.

    I have some compilers from a company with a policy that finding a bug in an obsolete unsupported version of the compiler entitles you to a free upgrade to a current supported version. That would be the policy of a decent company (which Microsoft clearly isn't). Of course Microsoft's current supported version being a piece of shit that no one wants would stymie such a policy.

  33. Wayland Bronze badge

    Re: If they're selling their operating system to clients for use in everything

    Don Bly, The Ian bloke from the name Deb-Ian died. Apparently committed suicide. That's how spooks die. Don't be so sure they don't have a backdoor into Linux. The FreeBSD people think Linux is not hardcore enough which is why it's not very popular. If you want cool things in Linux it's going to have backdoors.

  34. Wayland Bronze badge

    Re: So you're blaming a commercial company for not patching a 13 year old OS?

    In my experience with embedded systems there is nothing particularly fancy about the way the PC talks to the special hardware. There is nothing that says it can't be upgraded to say 32 bit Windows 7 or even rewritten for Linux. Much of the code is written in C or Delphi. It would take a bit of work but not impossible.

    The problem is that like Microsoft the manufacturers have moved on. They are playing with their next big thing and have forgotten about that old stuff.

    What is needed is a commitment from the manufacturers to either support the gear for 30 years or share the code and the schematics. Obviously a consideration would be required from the buyer, I don't see why they should do that for free.

    The easiest thing would be to keep XP going and Microsoft will do that if you pay them. The next thing would be to fit each XP system with a hardware firewall. Don't expect XP to protect itself, put a packet sniffing firewall in between.

  35. TheSkunkyMonk

    Re: So you're blaming a commercial company for not patching a 13 year old OS?

    Thanks for my morning giggle, just the thought of manufacturers making stuff that lasts really got me going! https://www.youtube.com/watch?v=zdh7_PA8GZU

  36. Roland6 Silver badge

    Re: So you're blaming a commercial company for not patching a 13 year old OS?

    The easiest thing would be to keep XP going and Microsoft will do that if you pay them. The next thing would be to fit each XP system with a hardware firewall. Don't expect XP to protect itself, put a packet sniffing firewall in between.

    Firstly, from the way MS behaved around the time of XP's EOL, it was clear they had zero intention of keeping XP going - MS wanted to make a break with the past, even if that break could hurt them commercially. Additionally, given the size of payments they received from user organisations, such as the UK government, for the extended support service MS reluctantly did offer, I suspect given MS were already committed to maintaining XP POS until 2019, it received sufficient monies to more than cover the costs of maintaining the XP support team for 10 years; extending XP's EOL to 2024; yet they haven't.

    Secondly, how would a hardware packet sniffing firewall given any protection against WannaCrypt, given the initial infection vector was believed to have been a poisoned email attachment and if you were running SMB the relevant ports would be open.

  37. tom dial Silver badge

    Re: Inevitable

    The present"back door" would be through compromise of Apple's (or Microsoft's) code signing key(s) or use of the keys to sign bogus software. Is there really reason to suppose that their security protections are fundamentally superior to those at the NSA? Would they not be subject in a similar way to vulnerability from disloyal or planted employees or accidents that expose them in environments less protected than planned.

  38. tom dial Silver badge

    Re: Inevitable

    Microsoft became aware of the particular vulnerability soon enough to develop and issue a remedial patch for the vulnerability more than five weeks before its first reported use in malware. The notion that ShadowBrokers reported the vulnerabilty to them is much less plausible than the more common presumption that the NSA did so. The patch was marked "critical" and that should have informed anyone paying attention of the need for prompt action. US DoD rules require deployment of these items within 10 days of availability, and while they do not always meet that, those who do not have to report often and in detail on the deployment until it is complete.

    The firmware the FBI wanted from apple, contrary to repeated claims, was not installable on "an iphone" in the general sense. The order required it to be specific to the iPhone described in detail in the court order and required that it not be usable for other iPhones. That is something that Apple certainly could have ensured since the code would need to be signed by them. Apple certainly would have been ordered to provide similar firmware in other cases. However, if the cryptographic implementation was secure and Apple continued to control the signing process, release of any or all copies of such firmware would not have been able to compromise untargeted iPhones.

  39. Dr Who

    You could look at an event such as that of the last few days as the Internet's version of a wildfire. In the short run some damage is done but in the long run the fire's job is to clear out dead wood and enable the regrowth of a stronger, healthier ecosystem. Short term pain for long term gain.

  40. Anonymous Coward
    Unhappy

    And in a few years it will all be forgotten.

    Nachi / Blaster anyone?

  41. John Smith 19 Gold badge
    Unhappy

    "the last few days as the Internet's version of a wildfire. "

    "Wildfire" is also the name of the lab in "The Andromeda Strain."

    Let's hope this situation can be contained with less drastic measures.

  42. katrinab Silver badge

    Not really.

    "We've installed the MS security patch, we've restored from back-up. Everything's OK now".

    Papworth NHS Trust has had something like 16 of these ransomware attacks in the last 12 months, and hasn't done anything. It is going to take a lot more than this to change management attitudes.

  43. Mage Silver badge

    Internet's version of a wildfire.

    No, because very few organisations and users will learn the real lessons.

    Patching and AV inevitably often is bolting the stable door after horses gone for the first hit. Yet proper user training and proper IT configuration mitigates against almost all zero day exploits. I struggle to think of any since 1991.

    Firewalls, routers, internal email servers (block anything doubtful), all superfluous services and applications removed, no adhoc sharing. users not administrators, and PROPER training of users.

  44. Anonymous Coward
    Anonymous Coward

    In the short run some damage is done but in the long run the fire's job is to clear out dead wood

    I wish! The idiots who think it's fine to run XP are paid ten times more than me and they'll still be in the same role this time next year. They'll be no getting rid of dead wood, just more winging it and forcing underpaid Techies to work more weekends after more screw ups.

  45. AlbertH

    Papworth NHS Trust has had something like 16 of these ransomware attacks in the last 12 months, and hasn't done anything. It is going to take a lot more than this to change management attitudes.

    That's particularly scary - for me - since I'm one of their patients!

  46. Pen-y-gors Silver badge

    Oh what fun...

    I've been watching the malwaretech live infection map (https://intel.malwaretech.com/pewpew.html) - it's absolutely addictive!

    But just noticed that someone in Nigeria has been hit with wcrypt. Tee-hee!

  47. wyatt

    Re: Oh what fun...

    There are some really useful (and fun) websites out there.. remembering where they all are is a nightmare (or remembering they're there to use rather).

  48. GrumpyOldBloke
    Trollface

    Re: Oh what fun...

    > someone in Nigeria has been hit

    Yes, my uncle. A Nigerian Prince desperately trying to get his money out of the country. With his computer out he is now looking for an honest soul who can help him for a 10% cut of the funds. Due to the nature of his finances the money can only be moved to a credit card account. If someone would be so kind as to send him theirs...

  49. Stuart 22

    Is it just me?

    Its surely incredible that a lone pizza stuffed actor could get immediate access to the worm and spend a night before he spotted the 'call home' vector? Is that really that hard? And beat the best resourced detection agencies worldwide?

    Surely every IT detective agency including GCHQ would have sandboxed it on first sight, thrown their best at it if only to beat their friends across the pond, to save Jeremy Hunt & Mother Theresa's bacon just ahead of a new funding opportunity (aka new government).

    It all smells not only of pizza but planted news. And if it is genuine what on earth are we paying this organisation and every anti-virus firm for?

  50. allthecoolshortnamesweretaken Silver badge

    Re: Oh what fun...

    Kinda reminds me of this...

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018