Jump to content
You are not logged in ▶️ Click to sign-up or login ×

Wanna Cry ransomware hits the heart of Bangkok

webfact

By webfact
in Thailand News

 Share

Recommended Posts

Pib Star Member

Pib

Posted
Posted

Here's Microsoft Customer guidance weblink for description and download of their security patch for older systems like XP....apologies if already posted in this tread.  Don't think the patch automatically downloads to older systems like XP systems unless maybe you were a paying customer for continued support after life cycle support to the masses ended Apr 14. 

 

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Link to comment
Share on other sites
  • Replies 75
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

worgeordie Star Member

worgeordie

Posted
Posted

"Despite a report on Monday claiming the ransomware had yet to be detected in Thailand, pictures shared on Twitter on Sunday claimed the contrary."

one hand not knowing what the other is doing, but its all under control, trust us.

regards worgeordie

Link to comment
Share on other sites
JAS21 Platinum Member

JAS21

Posted
Posted
13 hours ago, alocacoc said:

He won't find it.

 

Fact: Both, Win7 and Win 10 got at the same day the patch against this wannacrypt. So, without the patch, both OS are same vulnerable.

 

This SMB thing affects only Win 7 server and Win 10. It was never implemented in Win7 home. That's because there is nothing to disable. Win 10 users can disable it if they want. But as long they patched their OS properly, they are safe too.

I have two PCs ... one with W7 Ultimate and the other W7 Pro.  Do I need to run this SMB thing that I read about...tks

Link to comment
Share on other sites
Pib Star Member

Pib

Posted
Posted

Yes

1 hour ago, JAS21 said:

I have two PCs ... one with W7 Ultimate and the other W7 Pro.  Do I need to run this SMB thing that I read about...tks

Yes, but since Win 7 is still supported by MS you would have got the patch automatically in March unless you have updates turned off.   

Link to comment
Share on other sites
JAS21 Platinum Member

JAS21

Posted
Posted
1 minute ago, Pib said:

Yes

Yes, but since Win 7 is still supported by MS you would have got the patch automatically in March unless you have updates turned off.   

Sorry please clarify a little more... the YES is that I still need to run that SMB thing or I don't need to run it as my updates are up to date.

 

While on the subject my main PC has three drives

C is an SSD and I keep little that is important to me on it.

F and M are two separate Hard drives

F is a backup of M

 

Yes I know if my PC catches fire I will loose all my files.

 

Do virus only attack the main drive ... the one with Win7 on. So if I get bad news I can just re-install Win7 on C drive

 

Sorry I am not exactly PC intelligent as you can easily gleam. I do have an external backup though.

 

tks

 

Link to comment
Share on other sites
samtam Platinum Member

samtam

Posted
Posted
18 hours ago, ukrules said:

To prevent a WannaCry / WannaCryptor infection on windows 7 you need to disable something called SMB, I've included instructions to disable SMBv1, SMBv2 and SMBv3 on Windows 7 in this post. Note - there are different commands for other versions of windows - see the link at the end.

 

Doing the following on a Windows 7 installation will stop it :

 

Open a command prompt by clicking the 'round start menu button' then enter 'cmd' in the box at the bottom and press enter.

 

Copy and paste the following 4 separate lines one by one into the black command prompt window that pops up.

 

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

 

After each line there will be a confirmation that it worked on the screen.

 

you must reboot the computer for this to become live and then you won't become infected with this particular variant of malware.

 

The above information comes from : https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

 

Also note that if you're on a corporate network that uses SMB for whatever reason then it might not be such a great idea to do this, speak to the systems administrator but for home users it's just fine.

 

There are new variants of this malware circulating right now and they don't have the 'killswitch' in them.

Thanks. I will try this. I'm not clear from the link whether this should be a temporary disable or permanent.

Link to comment
Share on other sites
Pib Star Member

Pib

Posted
Posted
1 hour ago, JAS21 said:

Sorry please clarify a little more... the YES is that I still need to run that SMB thing or I don't need to run it as my updates are up to date.

 

While on the subject my main PC has three drives

C is an SSD and I keep little that is important to me on it.

F and M are two separate Hard drives

F is a backup of M

 

Yes I know if my PC catches fire I will loose all my files.

 

Do virus only attack the main drive ... the one with Win7 on. So if I get bad news I can just re-install Win7 on C drive

 

Sorry I am not exactly PC intelligent as you can easily gleam. I do have an external backup though.

 

tks

 

The update/patch takes care of the SMB vulnerability.    Since you have updates enabled you are good.

 

Malware can attach all drives like how the wannacry ramsomware looks for certain files/files extensions regardless where they are located on your "puter.

Link to comment
Share on other sites
ukrules Star Member

ukrules

Posted
Posted
4 hours ago, samtam said:

Thanks. I will try this. I'm not clear from the link whether this should be a temporary disable or permanent.

It disables it permanently. The commands turn off the service which starts automatically when the comuter starts.

 

This is why the 'start=disabled' part of the command is there. Once it's disabled it won't start again unless it's enabled using different commands. Also this is why you need to reboot because the service might be running, there are other ways to stop a running 'background service' but rebooting is going to be easier for most people.

 

Apparently this SMBv1 is only really used by some older industrial machines and some scanner/printers which are connected through the network so it's not something that's going to be used by a lot of people.

 

But if you do disable SMBv1 and your network connected scanner no longer works, this is going to be the reason.

Link to comment
Share on other sites
ukrules Star Member

ukrules

Posted
Posted
5 minutes ago, samtam said:

OK, and if that is the case, how do I re-install?

 

I have done a Windows Update ( recently and yesterday), so perhaps not necessary to do these?

The instructions to reactivate SMBv1 are on the microsoft link, however nobody should be using it these days anyway as it has vulnerabilities - it's dead.

 

Yes, the update will have fixed your problem anyway so don't worry about it.

Link to comment
Share on other sites
wakeupplease Rookie Member

wakeupplease

Posted
Posted
On 15/05/2017 at 10:55 AM, ukrules said:

To prevent a WannaCry / WannaCryptor infection on windows 7 you need to disable something called SMB, I've included instructions to disable SMBv1, SMBv2 and SMBv3 on Windows 7 in this post. Note - there are different commands for other versions of windows - see the link at the end.

 

Doing the following on a Windows 7 installation will stop it :

 

Open a command prompt by clicking the 'round start menu button' then enter 'cmd' in the box at the bottom and press enter.

 

Copy and paste the following 4 separate lines one by one into the black command prompt window that pops up.

 

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

 

After each line there will be a confirmation that it worked on the screen.

 

you must reboot the computer for this to become live and then you won't become infected with this particular variant of malware.

 

The above information comes from : https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

 

Also note that if you're on a corporate network that uses SMB for whatever reason then it might not be such a great idea to do this, speak to the systems administrator but for home users it's just fine.

 

There are new variants of this malware circulating right now and they don't have the 'killswitch' in them.

or go down to the apple mac shop and invest in a real computer, thats your best bet

Link to comment
Share on other sites
Pib Star Member

Pib

Posted
Posted
1 hour ago, alocacoc said:

C_8hs_kUQAArZQc.jpg

 

An ATM in India. We can be happy that Thai ATMs aren't affected.

 

A Thai ATM would instead say, "Oops, we have raised our foreign card fee again....it's now Bt250"

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.







×
×
  • Create New...