 Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me. |
Forum Index : Microcontroller and PC projects : Windows file encryption bug
| Author | Message | ||||
BobD Guru  Joined: 07/12/2011 Location: AustraliaPosts: 935 |
Microsoft has issued a fix for several unsupported operating systems, to fix the vulnerability to the latest file encryption bug. Read about and get it here. |
||||
| robert.rozee Guru Joined: 31/12/2012 Location: New ZealandPosts: 2291 |
tried to download it (for XP), but just got sent in circles or to broken links. i'm guessing that it requires an up-to-date internet explorer to download (i run firefox, the copy of internet explorer on my machine is ancient). i have noticed that microsoft has actively purged the net of updates for XP, discovered this a couple of months ago when i did a restore on another XP computer. this means that over time there will be more and more XP machines out there that are just patched up to SP3 with nothing beyond - and then only if the person setting them up has a copy of SP3 saved! an arguement can be put that microsoft, as a matter of 'national security', should make available permanently and without copyright restrictions a static archive of all the security and bug-related patches ever released by them for XP. if they don't want to host it, i'm sure there are other respected sites that would such as .gov.uk or the major anti-virus companies. essentially, it would be a "SP4", no complex automatic updates or 'genuine microsoft' verifications, just a simple archive of service packs and patches. btw, i still run XP for the simple reason - it WORKS. i've never been presented with a compelling reason to abandon it, and if i did change then i'd go for linux or reactos. any later version of windows would not run on the hardware i have, requiring a massive expenditure on new computers that would then perform exactly the same functions as the existing ones. i'd also have to replace printers and scanners no longer supported, and get HDMI capable monitors. a $200 upgrade to win10 would likely cost me 10x or 20x that much in 'collateral damage'. i can appreciate how an organization with hundreds or thousands of XP machines would be reluctant to change. does anyone remember "windows for warships"? i wonder how many such win2k and XP systems are still out there?  cheers, rob :-) |
||||
| BobD Guru Joined: 07/12/2011 Location: AustraliaPosts: 935 |
Rob You are not alone. My fully patched Win 10 can't download those XP patches using IE11 or Edge. I never tried it before because I only have Win 10. If I recall correctly, you can only use the Windows Update Catalog with IE and it has to have an add-on to work. Bob |
||||
Gizmo Admin Group  Joined: 05/06/2004 Location: AustraliaPosts: 5026 |
I had a client hit with ransom ware 2 weeks ago. Lost 6 months of data, and the hacker wanted $11,000 for the key! Now I've nagged and nagged this client in the past about their backups. I've explained how to check the backups by looking at file date stamps, etc, and I've nagged them about swapping out backup drives. I've also nagged them about their continued use of Windows XP and Vista. In the end, they didn't swap over the backup drive, so the last backup was 6 months old. The hacker encrypted their data, including the plugged in backup drive. 6 months data was gone. Fortunately their MYOB data was intact, so I spent the weekend exporting and importing and editing scripts to get some basic record of jobs over the last 6 months. But all their client files, cad drawings, etc, are all gone. I spent the weekend doing this, unpaid, because I knew if I didn't, good chance their business wouldn't survive and then I loose some of my income. Now I dont care if your a Linux, Apple or Windows user, all these systems are vulnerable if connected to the internet, its just a matter of what skills the hacker has. Update your OS! If it can not be updated anymore, dont use it online if you value anything on it. Back up your data, then unplug the friggen drive! If its left plugged in, then its NOT a backup. Any ransom ware attack looks for any backup drives so they can encrypt or nuke it. Cloud storage isn't safe either, if your PC backs up encrypted files to the cloud, then it could be useless. When I back up every few days, I plug in a external HD, run a backup, then unplug it as soon as its finished. I have two drive, and alternate these each week, so worse case is I loose a weeks data. Back up your data! Your unplugged backup is the only real protection you have against ransom ware. Glenn The best time to plant a tree was twenty years ago, the second best time is right now. JAQ |
||||
| Gizmo Admin Group Joined: 05/06/2004 Location: AustraliaPosts: 5026 |
http://www.abc.net.au/news/2017-05-15/what-to-do-if-youve-been-hacked/8526118 The best time to plant a tree was twenty years ago, the second best time is right now. JAQ |
||||
| Phil23 Guru Joined: 27/03/2016 Location: AustraliaPosts: 1664 |
Successfully loaded the update on my one remaining XP box here a couple of hours back. IE8 couldn't cut it though, needed Chrome. Phil. |
||||
| Phil23 Guru Joined: 27/03/2016 Location: AustraliaPosts: 1664 |
Interestingly, I had a client hit with Crypto about 12 months back. Staff member opened an attachment on their workstation; it was all encrypted; but their server suffered minimal encryption... The saving grace for them was that on their mapped drive, at the top of the directory order was a directory called "Archives". It contained daily Zip backups of their data that were subsequently taken off site. What happened (I think), was the encryption engine found that share and started munching thru the 1+ Gig of zips, and was still working on them when someone went & pulled the power lead on the server. When I removed I checked the server drives only about 20% of the zips were processed & the live data in lower subs had not been touched. In hind sight, I do wonder whether keeping a nice big zip file or DVD ISO image in the root of a share could act as a "time delay" to allow users to react if hit. Phil. |
||||
retepsnikrep Senior Member  Joined: 31/12/2007 Location: United KingdomPosts: 131 |
Interesting idea.... Gen1 Honda Insights. |
||||
| BobD Guru Joined: 07/12/2011 Location: AustraliaPosts: 935 |
This ABC page had a link to this Microsoft page and it has the links for the downloads and they work. |
||||
MicroBlocks Guru Joined: 12/05/2012 Location: ThailandPosts: 2209 |
I have a few windows XP machines for special tasks (CNC and lasercutter) they are tuned for what they have to do and are NOT connected to the internet and never will be. If connected to internet then you would at least need Windows 7 or later as those are still updated. Even then lots can be done by not allowing any incoming traffic by using a firewall. If you get hacked by this thing there is only one to blame as by now it should be clear that the most lucrative criminals are on the internet safely working from their desks using other peoples computers to hide their whereabouts. Over are the days of robbing banks, to much risk. Microblocks. Build with logic. |
||||
| Boppa Guru Joined: 08/11/2016 Location: AustraliaPosts: 814 |
I got a pair of old xp laptop/netbooks (1 of each) that play on the net Thing is I have spare hdd's for both with ghosted images on them, plus, there is nothing on them I care about, should they fall victim, it would be `bah' and format and reghost, or even just swap out the hdd and fit the spares For businesses, IMHO, apart from an email one, I see no need for 99% of them to be on the net at all |
||||
| Chris Roper Senior Member Joined: 19/05/2015 Location: South AfricaPosts: 280 |
Unfortunately that would not help in this case, as it spreads using SMB - that is the Local Area Network server packets not the Internet. Infection could be via a memory stick on any device in the local network and within hours every device on that network, including any cloud based backup servers, would be infected. So if that eMail PC was also in the network you have a breach. Only an air gapped computer would be safe - or a patched one. http://caroper.blogspot.com/ |
||||
| Boppa Guru Joined: 08/11/2016 Location: AustraliaPosts: 814 |
I had similar issues at my mums old work, simply refused to backup, despite repeated losses I wrote a batch file to auto backup to external drives in xp, and had a nasty little trick to get them to unplug, in the batch file, play a wav file stored on the ext hdd after an half hour or so (backup done fri arvo just before work finished for the week,) If they booted the system mon morning and the external drive was still plugged in, it played a really annoying siren sound LOUD, until they unplugged it and canceled the player (superglued the speakers volume so it couldnt be turned down lol) if they just canceled it, then every 1/2 hr it would go looking for the wav file on the ext hhd again, if it was still plugged in WEEEP, WEEEP, WEEEEP I had one enterprising sob that tried muting the system volume to stop it, so I started playing silly buggers with the screen instead, making the fonts supersized so only 3 letters fitted on the screen, that sort of thing- he gave up and just unplugged the ext hdd lol |
||||
| Phil23 Guru Joined: 27/03/2016 Location: AustraliaPosts: 1664 |
It was an interesting scenario, The first machine hit was an Embroidery PC; the user opened the attachment, not much later they got the Ransomware message that they were encrypted. There was a few minutes panic amongst the staff, before they (Wisely/Unwisely) rushed to pull the power leads on all the other PC's (Not advice I'd ever given). The phone rang; obviously. I don't remember the exact detail, but in the directory containing the large volume of zip files, I could see the timestamps on the encrypted files & it had been at it for about 5 minutes & the file volume present made it look like it had about 1/2 an hour to go. These zip files were daily archives, all around the 25Meg mark, guessing about 500 in total. I just compressed one of their data directories; locally over the network to a share on my server; 290Meg>25Meg, took about 3 minutes, not sure if encryption would be faster. So it was the work on the 500ish zip file that gave them the time to act. Interestingly, on of my other pieces of advice that they didn't go with was; "Clean your Archives directory up every month". "You don't need them all, just keep EOM ones & anything else significant". Glad they ignored that bit in hind sight. Phil |
||||
 Print this page |
