Jump to content

Wanna Cry ransomware hits the heart of Bangkok


webfact

Recommended Posts

Wanna Cry ransomware hits the heart of Bangkok

BY JONATHAN FAIRFIELD

 

Screen-Shot-2560-05-15-at-10.50.19-AM-63

Wanna Cry in Bangkok. Image: @ALiCE6TY9

 

BANGKOK: -- Thailand’s government is urging users to beware of the dangerous ransomware dubbed Wanna Cry which has hit at least 200,000 victims in 150 countries worldwide.

 

Prime Minister Prayuth on Saturday instructed the Ministry of Digital Economy and Society to closely monitor the situation and advise the public where necessary.

 

Despite a report on Monday claiming the ransomware had yet to be detected in Thailand, pictures shared on Twitter on Sunday claimed the contrary.

 

The pictures revealed that two digital advertising hoardings had become infected with the virus and rather than displaying the usual advertisements, instead showed a message from hackers as the Bangkok traffic passed by.

 

Full story: http://tech.thaivisa.com/wanna-cry-ransomware-hits-the-heart-of-bangkok/21648/

 
tt.jpg
-- © Copyright Thai Tech 2017-05-15
 
Link to comment
Share on other sites

  • Replies 75
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

40 minutes ago, webfact said:

Despite a report on Monday claiming the ransomware had yet to be detected in Thailand, pictures shared on Twitter on Sunday claimed the contrary.

I personally have;learned  to not believe a thing any government reports states to the press. What ever is stated I always believe the opposite and it usually comes true.

Link to comment
Share on other sites

Windows 10 was protected a few weeks ago if updates were installed but XP was not being updated so unless the recent emergency update installed it was open game.  Thankfully someone had built in a kill switch into the software, which was activated, or this would have been many, many times worse.  The problem these days is use of bitcoin type payment now makes it very attractive to a huge number of get rich quick types (well beyond geeks) so expect much more of this type activity, unless steps are taken to control payment systems.

 

Make image backups and keep detached from computer seems to be a good idea now - unfortunately Windows 10 tried to prevent us doing that so it is not an easy task for people to follow through on.

Link to comment
Share on other sites

Believe 7-10 were patched prior to this issue but XT had not been (or not installed by many as not normally updated now).  But a patch does not rule out getting hit by another version prior to a new patch so best to have secured image backup available just in case - at least you would be able to get most of your data restored (up to last backup) and a lost less need to wanna cry.  

 

This has become big business with the ability to extract ransom money so expect we can expect a lot more attacks.

Edited by lopburi3
Link to comment
Share on other sites

What Thailand needs urgently is not a new cyber security bill but a couple of hundreds top IT specialists to check and upgrade all government systems and sites and which could give security advice for other vitally important systems (hospitals, traffic light management etc.). 

Link to comment
Share on other sites

2 hours ago, samtam said:

I  didn't "upgrade" to Windows 10, so I'm still using Windows 7. Don't think their patch covered W7, but not sure. 

To prevent a WannaCry / WannaCryptor infection on windows 7 you need to disable something called SMB, I've included instructions to disable SMBv1, SMBv2 and SMBv3 on Windows 7 in this post. Note - there are different commands for other versions of windows - see the link at the end.

 

Doing the following on a Windows 7 installation will stop it :

 

Open a command prompt by clicking the 'round start menu button' then enter 'cmd' in the box at the bottom and press enter.

 

Copy and paste the following 4 separate lines one by one into the black command prompt window that pops up.

 

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

 

After each line there will be a confirmation that it worked on the screen.

 

you must reboot the computer for this to become live and then you won't become infected with this particular variant of malware.

 

The above information comes from : https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

 

Also note that if you're on a corporate network that uses SMB for whatever reason then it might not be such a great idea to do this, speak to the systems administrator but for home users it's just fine.

 

There are new variants of this malware circulating right now and they don't have the 'killswitch' in them.

Link to comment
Share on other sites

1 hour ago, ukrules said:

To prevent a WannaCry / WannaCryptor infection on windows 7 you need to disable something called SMB, I've included instructions to disable SMBv1, SMBv2 and SMBv3 on Windows 7 in this post. Note - there are different commands for other versions of windows - see the link at the end.

 

Doing the following on a Windows 7 installation will stop it :

 

Open a command prompt by clicking the 'round start menu button' then enter 'cmd' in the box at the bottom and press enter.

 

Copy and paste the following 4 separate lines one by one into the black command prompt window that pops up.

 

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

 

After each line there will be a confirmation that it worked on the screen.

 

you must reboot the computer for this to become live and then you won't become infected with this particular variant of malware.

 

The above information comes from : https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

 

Also note that if you're on a corporate network that uses SMB for whatever reason then it might not be such a great idea to do this, speak to the systems administrator but for home users it's just fine.

 

There are new variants of this malware circulating right now and they don't have the 'killswitch' in them.

I checked that several times. It looks, my Windows 7 Premium doesn't have this SMB features. I might be wrong, but it was mentioned on other places as well.

Link to comment
Share on other sites

What's the Thai for 'serves you right'. Upgrade to Windows 10 was FREE, even to illegal copies of xp, 7 & 8, which most PCs in Thailand were running. I have even been in Bangkok Banks who are still running xp. Get Windows 10 Creators upgrade on all your PCs, it works fine, no problems with the software at all.

Edited by wgdanson
Link to comment
Share on other sites

9 minutes ago, alocacoc said:

I checked that several times. It looks, my Windows 7 Premium doesn't have this SMB features. I might be wrong, but it was mentioned on other places as well.

Get rid of Windows 7 and install 10.

Link to comment
Share on other sites

3 hours ago, longtom said:

What Thailand needs urgently is not a new cyber security bill but a couple of hundreds top IT specialists to check and upgrade all government systems and sites and which could give security advice for other vitally important systems (hospitals, traffic light management etc.). 

Bangkok Bank is still using xp.

Link to comment
Share on other sites

Just now, alocacoc said:


Not if the user regularly installs the updates which I do.

Sent from my SM-G900F using Tapatalk
 

Why did you not upgrade for FREE to W10?

And how old is the car you drive.......10 years?

Link to comment
Share on other sites

6 minutes ago, wgdanson said:

What's the Thai for 'serves you right'. Upgrade to Windows 10 was FREE, even to illegal copies of xp, 7 & 8, which most PCs in Thailand were running. I have even been in Bangkok Banks who are still running xp. Get Windows 10 Creators upgrade on all your PCs, it works fine, no problems with the software at all.

You never had the option to upgrade to 10 from XP.

Link to comment
Share on other sites

Just now, wgdanson said:

Why did you not upgrade for FREE to W10?

And how old is the car you drive.......10 years?

Why I should? Win7 runs fine on my notebook. May be not Win 10. Since win 7 is fully supported by MS, no reason to change. In the worst case I would have to buy a new Notebook, since my Samsung isn't the newest one. But again, everything runs very well.

Link to comment
Share on other sites

Just now, alocacoc said:

Why I should? Win7 runs fine on my notebook. May be not Win 10. Since win 7 is fully supported by MS, no reason to change. In the worst case I would have to buy a new Notebook, since my Samsung isn't the newest one. But again, everything runs very well.

Try W10, you'll be surprised and SAFE.

Link to comment
Share on other sites

Just now, wgdanson said:

You can get a real version of W10 for less than Bht4000 = no problems.

 

Of course you can.

 

But that wasn't the point of my post; you told people that you could upgrade for free from XP to 10, I said you couldn't, that's all.

Link to comment
Share on other sites

6 hours ago, fruitman said:

I don't get it, does this virus only affect to windows XP systems? Or also to Win10?

 

And does it also affect legal licensed update windows XP systems? If not than Thailand is sure in danger.

Nobody should be running Windows XP.  M$ dropped support for it long ago.

Link to comment
Share on other sites

2 minutes ago, alocacoc said:

Might be. But I'm concerned about availability of drivers for my 4 Year old Samsung.

I upgraded a 3 yr old Intel NUC, no driver problems at all. Working like a dream.And no malware.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...