Re: [44net] the current worldwide Windows ransomware situation

+1 Bob On 2017-05-14 11:29 AM, Ruben ON3RVH wrote: > (Please trim inclusions from previous messages) > _______________________________________________ > Just a small correction as I don't like to see this kind of misinformation, but .onion is the Tor network and Tor is not underground. > It's not because criminals like to use it that it is underground. > There are legit sites too within the .onion domain. > > Ruben - ON3RVH > >> On 14 May 2017, at 16:59, Gabriel Medinas &lt;gmedinas(a)gmail.com&gt; wrote: >> >> (Please trim inclusions from previous messages) >> _______________________________________________ >> Grettings to the group, this Rasomware theme is an evolving project, some >> employe just opened an infected email and it was an attack vector on the >> internal platform that runs around the LAN via the port 445 SMB protocol >> using a security hole that already Microsoft solved two months ago. >> >> Precisely the attackers know that many companies do not update the OS of >> their internal pc for issues of licensing and budget that make them >> vulnerable, also do not pay much attention to the safety of their >> equipment, here was shown how fragile it is the windows platform for these >> attacks and is the bulk of the equipment that these large companies have, >> such as the case of Telefonica in Spain, FEDEX, hospital networks in >> England, etc. >> >> These themes are every day in BBVA Corporation in my IT Security >> (Cybersecurity) Venezuela work, see this problem in a important evolution >> but it is more to come because they will continue looking for new >> possibilities to be able to collect the money with the Bitcoins. >> >> On the question of the domains, those that are in the common Internet those >> are not relevant, only the important are the .onion underground that they >> use to recolet the extortion money from people-companies through these >> crypto tools attacks. >> >> As Brian says, linux and mac are safe for now... >> >> 73 de Gabriel YV5KXE >> Venezuela AMPR-Coordinator >> >> >> Message: 2 >> Date: Sat, 13 May 2017 04:51:33 +0000 >> From: R P &lt;ronenp(a)hotmail.com&gt; >> To: AMPRNet working group &lt;44net(a)hamradio.ucsd.edu&gt; >> Subject: Re: [44net] the current worldwide Windows ransomware >> situation >> Message-ID: >> <BY2PR14MB04246C791B6C331478C3B033C7E30@BY2PR14MB0424. >> namprd14.prod.outlook.com> >> >> Content-Type: text/plain; charset="iso-8859-1" >> >> IM not sure that this is the right group but as i wrote before here we >> have top experts in it field so Ill try >> >> I read the explain on the virus in the sites ... >> >> The domain is well known .. someone pay for it >> >> is it so problem to catch the person who paid for this domain ??? >> >> what about shutting out this domain and by that stop the spread of the >> software ? >>