Grettings to the group, this Rasomware theme is an evolving project, some employe just opened an infected email and it was an attack vector on the internal platform that runs around the LAN via the port 445 SMB protocol using a security hole that already Microsoft solved two months ago.
Precisely the attackers know that many companies do not update the OS of their internal pc for issues of licensing and budget that make them vulnerable, also do not pay much attention to the safety of their equipment, here was shown how fragile it is the windows platform for these attacks and is the bulk of the equipment that these large companies have, such as the case of Telefonica in Spain, FEDEX, hospital networks in England, etc.
These themes are every day in BBVA Corporation in my IT Security (Cybersecurity) Venezuela work, see this problem in a important evolution but it is more to come because they will continue looking for new possibilities to be able to collect the money with the Bitcoins.
On the question of the domains, those that are in the common Internet those are not relevant, only the important are the .onion underground that they use to recolet the extortion money from people-companies through these crypto tools attacks.
As Brian says, linux and mac are safe for now...
73 de Gabriel YV5KXE Venezuela AMPR-Coordinator
Message: 2 Date: Sat, 13 May 2017 04:51:33 +0000 From: R P ronenp@hotmail.com To: AMPRNet working group 44net@hamradio.ucsd.edu Subject: Re: [44net] the current worldwide Windows ransomware situation Message-ID: <BY2PR14MB04246C791B6C331478C3B033C7E30@BY2PR14MB0424. namprd14.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
IM not sure that this is the right group but as i wrote before here we have top experts in it field so Ill try
I read the explain on the virus in the sites ...
The domain is well known .. someone pay for it
is it so problem to catch the person who paid for this domain ???
what about shutting out this domain and by that stop the spread of the software ?
Just a small correction as I don't like to see this kind of misinformation, but .onion is the Tor network and Tor is not underground. It's not because criminals like to use it that it is underground. There are legit sites too within the .onion domain.
Ruben - ON3RVH
On 14 May 2017, at 16:59, Gabriel Medinas gmedinas@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ Grettings to the group, this Rasomware theme is an evolving project, some employe just opened an infected email and it was an attack vector on the internal platform that runs around the LAN via the port 445 SMB protocol using a security hole that already Microsoft solved two months ago.
Precisely the attackers know that many companies do not update the OS of their internal pc for issues of licensing and budget that make them vulnerable, also do not pay much attention to the safety of their equipment, here was shown how fragile it is the windows platform for these attacks and is the bulk of the equipment that these large companies have, such as the case of Telefonica in Spain, FEDEX, hospital networks in England, etc.
These themes are every day in BBVA Corporation in my IT Security (Cybersecurity) Venezuela work, see this problem in a important evolution but it is more to come because they will continue looking for new possibilities to be able to collect the money with the Bitcoins.
On the question of the domains, those that are in the common Internet those are not relevant, only the important are the .onion underground that they use to recolet the extortion money from people-companies through these crypto tools attacks.
As Brian says, linux and mac are safe for now...
73 de Gabriel YV5KXE Venezuela AMPR-Coordinator
Message: 2 Date: Sat, 13 May 2017 04:51:33 +0000 From: R P ronenp@hotmail.com To: AMPRNet working group 44net@hamradio.ucsd.edu Subject: Re: [44net] the current worldwide Windows ransomware situation Message-ID: <BY2PR14MB04246C791B6C331478C3B033C7E30@BY2PR14MB0424. namprd14.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
IM not sure that this is the right group but as i wrote before here we have top experts in it field so Ill try
I read the explain on the virus in the sites ...
The domain is well known .. someone pay for it
is it so problem to catch the person who paid for this domain ???
what about shutting out this domain and by that stop the spread of the software ?
+1
Bob
On 2017-05-14 11:29 AM, Ruben ON3RVH wrote:
(Please trim inclusions from previous messages) _______________________________________________ Just a small correction as I don't like to see this kind of misinformation, but .onion is the Tor network and Tor is not underground. It's not because criminals like to use it that it is underground. There are legit sites too within the .onion domain.
Ruben - ON3RVH
On 14 May 2017, at 16:59, Gabriel Medinas gmedinas@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ Grettings to the group, this Rasomware theme is an evolving project, some employe just opened an infected email and it was an attack vector on the internal platform that runs around the LAN via the port 445 SMB protocol using a security hole that already Microsoft solved two months ago.
Precisely the attackers know that many companies do not update the OS of their internal pc for issues of licensing and budget that make them vulnerable, also do not pay much attention to the safety of their equipment, here was shown how fragile it is the windows platform for these attacks and is the bulk of the equipment that these large companies have, such as the case of Telefonica in Spain, FEDEX, hospital networks in England, etc.
These themes are every day in BBVA Corporation in my IT Security (Cybersecurity) Venezuela work, see this problem in a important evolution but it is more to come because they will continue looking for new possibilities to be able to collect the money with the Bitcoins.
On the question of the domains, those that are in the common Internet those are not relevant, only the important are the .onion underground that they use to recolet the extortion money from people-companies through these crypto tools attacks.
As Brian says, linux and mac are safe for now...
73 de Gabriel YV5KXE Venezuela AMPR-Coordinator
Message: 2 Date: Sat, 13 May 2017 04:51:33 +0000 From: R P ronenp@hotmail.com To: AMPRNet working group 44net@hamradio.ucsd.edu Subject: Re: [44net] the current worldwide Windows ransomware situation Message-ID: <BY2PR14MB04246C791B6C331478C3B033C7E30@BY2PR14MB0424. namprd14.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
IM not sure that this is the right group but as i wrote before here we have top experts in it field so Ill try
I read the explain on the virus in the sites ...
The domain is well known .. someone pay for it
is it so problem to catch the person who paid for this domain ???
what about shutting out this domain and by that stop the spread of the software ?
-
Boudewijn (Bob) Tenty -
Gabriel Medinas -
Ruben ON3RVH