Actuarial Outpost
 
Go Back   Actuarial Outpost > Actuarial Discussion Forum > Software & Technology
FlashChat Actuarial Discussion Preliminary Exams CAS/SOA Exams Cyberchat Around the World Suggestions


Not looking for a job? Tell us about your ideal job,
and we'll only contact you when it opens up.
https://www.dwsimpson.com/register


Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 05-13-2017, 09:27 PM
PeppermintPatty's Avatar
PeppermintPatty PeppermintPatty is offline
Member
CAS
 
Join Date: Sep 2001
Posts: 39,273
Default WannaCry

I'm surprised there hasn't been a thread on this, yet. Holy s***, this thing spread fast. And was stopped fast -- almost by accident. A malware fighter on vacation noticed some reports of ransomware, but that's so common he didn't pay attention, and went to bed. Then he woke up and saw that there was a disaster. He got a copy of the thing and ran it in a sandbox and found that it was looking for a particular domain that didn't exist. He registered that domain, to create a "sinkhole" to analyze how it was spreading. And it turns out that the virus doesn't do anything if it finds that the domain exists -- probably an intentional kill switch.

Of course, it's only shut down until they recompile it without the kill switch.

The guy who did that was on vacation at the time. His boss gave him an extra week of vacation to make up for it.

(This story transcribed from what a friend told me. Check out the article linked below for the source.)

https://www.malwaretech.com/2017/05/...r-attacks.html
Reply With Quote
  #2  
Old 05-15-2017, 11:25 AM
Actuary321 Actuary321 is offline
Member
 
Join Date: Sep 2001
Posts: 27,761
Default

At a golf outing on Saturday, one of my playing partners, an IT guy at one of the local hospitals, got a call halfway down the 9th (and final for our round) fairway and came over and told us he had to leave and go into work because the hospital had been hit by some ransomware. Haven't had a chance to talk with him to see if this was the one he was hit by.
Reply With Quote
  #3  
Old 05-15-2017, 11:56 AM
yoyo's Avatar
yoyo yoyo is offline
Member
CAS
 
Join Date: Dec 2001
Posts: 22,510
Default

has anyone heard what the ransom demands were?
Reply With Quote
  #4  
Old 05-15-2017, 11:59 AM
Chronus's Avatar
Chronus Chronus is online now
Member
 
Join Date: Sep 2008
Posts: 10,568
Default

Quote:
Originally Posted by yoyo View Post
has anyone heard what the ransom demands were?
$300 in bitcoin was demanded on each locked down PC.
__________________
Quote:
Originally Posted by Uma Karuna View Post
I find men are pretty simple creatures, actually...just figure out what they like (BJs, chicken pot pie, good scotch, whatever) and then give them lots of it, and they're pretty compliant.

Manipulating women...now THAT's hard. Probably because most woman have no clue what they like.
Reply With Quote
  #5  
Old 05-15-2017, 12:07 PM
yoyo's Avatar
yoyo yoyo is offline
Member
CAS
 
Join Date: Dec 2001
Posts: 22,510
Default

Quote:
Originally Posted by Chronus View Post
$300 in bitcoin was demanded on each locked down PC.
are people paying?
Reply With Quote
  #6  
Old 05-15-2017, 12:09 PM
PeppermintPatty's Avatar
PeppermintPatty PeppermintPatty is offline
Member
CAS
 
Join Date: Sep 2001
Posts: 39,273
Default

Quote:
Originally Posted by yoyo View Post
are people paying?
So far they have collected about $50K, which seems really low for such a huge attack. Even with such a modest pay-off, they may have trouble laundering the money. It's hard to know who owns a bitcoin account, but once you use it to pay for something, it's not that hard to know who takes possession of the good or service you pay for.
Reply With Quote
  #7  
Old 05-15-2017, 01:58 PM
yoyo's Avatar
yoyo yoyo is offline
Member
CAS
 
Join Date: Dec 2001
Posts: 22,510
Default

Quote:
Originally Posted by PeppermintPatty View Post
So far they have collected about $50K, which seems really low for such a huge attack. Even with such a modest pay-off, they may have trouble laundering the money. It's hard to know who owns a bitcoin account, but once you use it to pay for something, it's not that hard to know who takes possession of the good or service you pay for.
there are ways to launder bitcoin
Reply With Quote
  #8  
Old 05-15-2017, 12:00 PM
Abelian Grape's Avatar
Abelian Grape Abelian Grape is offline
Meme-ber                         Meme-ber
CAS
 
Join Date: Jul 2014
Favorite beer: Allagash Curieux
Posts: 42,069
Default

It threatened to delete my bookmarks/cookies. It makes me WannaCry just thinking about it.
__________________
Quote:
Originally Posted by Pension.Mathematics View Post
what's your problem man?
Reply With Quote
  #9  
Old 05-15-2017, 12:05 PM
G-Funk's Avatar
G-Funk G-Funk is offline
Member
 
Join Date: Jan 2009
Posts: 1,143
Default

This hit Europe and now Asia a lot harder than the US. Seeing as how this was originally an NSA tool, any possible political blow back?
Reply With Quote
  #10  
Old 05-15-2017, 12:07 PM
PeppermintPatty's Avatar
PeppermintPatty PeppermintPatty is offline
Member
CAS
 
Join Date: Sep 2001
Posts: 39,273
Default

The newspapers are calling it WannaCry, but I notice that the malware blog refers to it as "WannaCrypt", which kinda makes more since, since the thing works by encrypting all your content files.

There have been a bunch of ransomware attacks like this in recent years. This one is unusual because it spread so incredibly fast. It is very good at moving through networks once it gets established on a single computer.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 10:50 AM.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
*PLEASE NOTE: Posts are not checked for accuracy, and do not
represent the views of the Actuarial Outpost or its sponsors.
Page generated in 0.46153 seconds with 9 queries