Kill switch
Blocked by the great firewall?
If reports from China are accurate, the country's often-bootlegged and under-patched Windows installations are being hit hard by the WannaCrypt ransom-worm. While the rest of the world seems to be enjoying some respite from the attacks, after researchers found and activated a kill switch in the original code, Xinhua reported …
More likely new "kill-switch-less" versions resulting in an ELE of Windows XP.
Chinese installs are under-patched because you can get security updates only via Windows Update nowdays. That does not quite work for 95%+ of the XP population over there is installed using one of the stolen product keys which Microsoft has a blacklist on.
One thing for sure - this is going to drastically decrease the number of bootleg XPs still remaining. It will be impossible to attach one of this to a network. While before they just got infected, but still worked, now they will get b0rked within 5-7 minutes after being attached to a network. The fact that MSFT has provided patches will not help - pirated installs cannot get to them.
Heh, precisely what I was thinking.
And now apparently, there's pointers fingering the Norks based on code fingerprint similarities with prior attacks/scam against the Bangladesh bank recently. For whatever that's worth.
China would NOT be happy with the His Chubbiness the Dear Leader, not at all, precious.
Without doubt, the NSA bears some responsibility for the breathtaking failure of security that allowed their hoard of penetration tools to be stolen. What disappoints me is that in two days I've not read a single line about the culpability of The Shadow Brokers. Presumably, they released the remainder of their purloined Equation Group kit to protest Trump policies. It is wholly unsurprising that it was not Trump who was the target of the cybercrims that gleefully snatched up the exploits; we were.
Agree with their politics or no, The Shadow Brokers are no heroic Elliot Alderson-type figures. They deserve a healthy slice of blame for the damage their political protest has wrought.
...the NSA started this. So it's their fault.
"He started it" was shot down as a viable argument in my life around grade 3. There's plenty of fault to be spread around on this one. The people who found the exploit and wrote the tools to use them, the people who stole the tools and released them into the wild, the people who implemented this campaign, the people running un-patched and unprotected machines, the people who wrote the OS with all the vulnerabilities and didn't get them patched quickly enough when said vulnerabilities were exposed... I am sure I am missing someone, but blame doesn't help at this point. It may help after it has been determined who pulled the trigger. I am more interested in what can be done to prevent crap like this from happening in the future and I don't hear that being discussed much.
To summarize:
1) China and Russia got hit hard.
2) China and Russia play hard ball.
3) Fingerprints point at the Norks.
Which got me thinking. What if somebody was upset with the Norks but couldn't deal with them as he'd like to because it would upset the Chinese? Releasing something like WannaCry with Nork fingerprints on it would solve his problems. The Chinese wouldn't object to fatty-boy getting assassinated because they'd be the ones doing the assassinating.
The Trump just isn't smart enough to come up with a plan like that. But the CIA are.
@ handleoclast not "smart enough" more like "stupid enough".
The attack is too obvious even for the CIA so it is more likely that it is some other cackhanded group.
Examining who gains from punishment of pirated XP in these countries and is pompously benighted enough to imagine the bovine excrement flavour breadcrumbs would be swallowed without anyone choking does offer some suggestions.
Up to $64k now. See https://twitter.com/actual_ransom.
Still, for the time it took to write, the risk, and the fact that they don't dare actually extract the cash, the miscreants aren't gonna see a very good ROI :-)
A security guy was quoted on National Public Radio this morning with what may be the understatement of the week; that, generally, these types of jobbers will try to avoid infecting countries where they live or hope to get their Bitcoins extracted through. These bozos apparently didn't think that part through and, "if the perpetrators live in one of the countries that have been hit hardest -- say, Russia -- that would be an incredibly bad life choice."
I think the Russian Federation is still ahead with at least 70 000 infections.
As for those responsible.
Probably time to start wearing a money belt and checking that fake ID you bought is really solid and ready to use.
Coat because you don't know when you may have to go out the (back) door in a hurry.