Ransomware - WannaCry

[TheGreatOne]

Is there any way for a user to determine if his Windows is (still) vulnerable to this malware ?
Has anyone developed a utility to do that ?

Check this-

For people using the following versions of Windows, make sure you have the following patches installed on your machine:

• Windows XP, Server 2003, and Windows 8 - https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
• Windows Vista and Windows Server 2008 - KB4012598
• Windows 7 and Windows Server 2008 R2 - KB4012212 (standalone) OR KB4012215 (update rollup). NOTE: KB4019265 (May monthly security rollup) integrates the fix as well. Install this if your computer needs patching
• Windows Server 2012 - KB4012214 (standalone) OR KB4012217 (update rollup)
• Windows 8.1 and Windows Server 2012 R2 - KB4012213 (standalone) OR KB4012216 (update rollup). NOTE: KB4019213 integrates the fix as well. Install this if your computer needs patching
• Windows 10 (you can check your installed version and build by pressing Win-R and running winver)
  • Pre-version 1511 - KB4012606
  • Version 1511 - KB4013198
  • Version 1607 (Anniversary Update) and Windows Server 2016 x64 - KB4013429 (OS build 14393.953).
  • NOTE: If you're on any of the following builds of Version 1607, you are safe.
    • 14393.969
    • 14393.970
    • 14393.1066
    • 14393.1083
    • 14393.1198 - Upgrade to this version if you are on an older build of Version 1607
  • All builds of 1703 (Creators Update, build 15063.xxx) are safe

 

[NotMyRealName]

^^ I think his question was a little different, but good info there...

Is there any way for a user to determine if his Windows is (still) vulnerable to this malware ?
Has anyone developed a utility to do that ?

https://www.welivesecurity.com/2017...e-pc-patched-wannacryptor-worm-vulnerability/

https://blog.trustlook.com/2017/05/14/wannacry-ransomware-scanner-and-vaccine-toolkit/

Haven't tested these personally, use at your own discretion.

 

[vishalrao]

https://arstechnica.com/security/20...-wcry-can-be-decrypted-without-paying-ransom/

 

[vivek.krishnan]

https://arstechnica.com/security/20...-wcry-can-be-decrypted-without-paying-ransom/

I believe that hinges on a few factors

Firstly, you need to have not rebooted the computer and secondly, luck.

 

[NotMyRealName]

I'm more interested in his claim that win xp can't be infected over the network. What about all the reports of ATMs in china showing the ransom note window then? The email, flash drive, etc. vectors won't work on an ATM, only the SMB exploit.

 

[Mr.J]

How to check installed updates

Appending "> location\xyz.txt" at the end of cmd creates xyz.txt at the location with results of command within.

Combine both and you get a searchable text file.

 

[6pack]

I believe that hinges on a few factors

Firstly, you need to have not rebooted the computer and secondly, luck.

and you need huge balls to do anything on the only available copy of your important work. (I'm assuming that if you require to decrypt it, then you need something on it badly, else you might as well as just remove the hdd and install a new os)

 

[NotMyRealName]

You don't really need to reinstall the OS. Only documents and media files are encrypted, and once you follow the rather straightforward way of cleaning out the malware, your system is fine.

 

[NotMyRealName]

Here's an interesting stat about infected windows versions:

https://www.theverge.com/2017/5/19/15665488/wannacry-windows-7-version-xp-patched-victim-statistics

 

[vivek.krishnan]

OK,

So after this and Petya, the goverment is asking MS for a one time discount.

They expect that Windows 10 (dunno edition) will be 1K or less.

https://scroll.in/latest/842358/cen...rade-to-protect-systems-against-cyber-attacks

http://indianexpress.com/article/te...or-discount-on-windows-os-government-4730448/

The irony is that these holes were because of MS, and switching to Linux is the better option - and educating users is best.

 

[Crazy_Eddy]

The irony is that these holes were because of MS, and switching to Linux is the better option - and educating users is best.

BOSS Linux?

But yeah if the stats are right that the majority of infected PCs were running Win 7, then they all could've upgraded to Win 10 for free last year.

 

[vishalrao]

Yeah but you know corporates, slow to upgrade and Win10 Enterprise Edition isn't exactly great for enterprises (yet). My workplace still uses Win7 mandatory.