Actuarial Outpost
 
Go Back   Actuarial Outpost > Actuarial Discussion Forum > Software & Technology
FlashChat Actuarial Discussion Preliminary Exams CAS/SOA Exams Cyberchat Around the World Suggestions

2016 ACTUARIAL SALARY SURVEYS
Contact DW Simpson for a Personalized Salary Survey

Reply
 
Thread Tools Display Modes
  #1  
Old 05-13-2017, 08:27 PM
PeppermintPatty's Avatar
PeppermintPatty PeppermintPatty is offline
Member
CAS
 
Join Date: Sep 2001
Posts: 32,132
Default WannaCry

I'm surprised there hasn't been a thread on this, yet. Holy s***, this thing spread fast. And was stopped fast -- almost by accident. A malware fighter on vacation noticed some reports of ransomware, but that's so common he didn't pay attention, and went to bed. Then he woke up and saw that there was a disaster. He got a copy of the thing and ran it in a sandbox and found that it was looking for a particular domain that didn't exist. He registered that domain, to create a "sinkhole" to analyze how it was spreading. And it turns out that the virus doesn't do anything if it finds that the domain exists -- probably an intentional kill switch.

Of course, it's only shut down until they recompile it without the kill switch.

The guy who did that was on vacation at the time. His boss gave him an extra week of vacation to make up for it.

(This story transcribed from what a friend told me. Check out the article linked below for the source.)

https://www.malwaretech.com/2017/05/...r-attacks.html
Reply With Quote
  #2  
Old 05-15-2017, 10:25 AM
Actuary321 Actuary321 is offline
Member
 
Join Date: Sep 2001
Posts: 26,812
Default

At a golf outing on Saturday, one of my playing partners, an IT guy at one of the local hospitals, got a call halfway down the 9th (and final for our round) fairway and came over and told us he had to leave and go into work because the hospital had been hit by some ransomware. Haven't had a chance to talk with him to see if this was the one he was hit by.
Reply With Quote
  #3  
Old 05-15-2017, 10:56 AM
yoyo's Avatar
yoyo yoyo is offline
Member
CAS
 
Join Date: Dec 2001
Posts: 20,667
Default

has anyone heard what the ransom demands were?
Reply With Quote
  #4  
Old 05-15-2017, 10:59 AM
Chronus's Avatar
Chronus Chronus is offline
Member
 
Join Date: Sep 2008
Posts: 10,275
Default

Quote:
Originally Posted by yoyo View Post
has anyone heard what the ransom demands were?
$300 in bitcoin was demanded on each locked down PC.
__________________
Quote:
Originally Posted by Uma Karuna View Post
I find men are pretty simple creatures, actually...just figure out what they like (BJs, chicken pot pie, good scotch, whatever) and then give them lots of it, and they're pretty compliant.

Manipulating women...now THAT's hard. Probably because most woman have no clue what they like.
Reply With Quote
  #5  
Old 05-15-2017, 11:00 AM
Abelian Grape's Avatar
Abelian Grape Abelian Grape is offline
Meme-ber                         Meme-ber
Non-Actuary
 
Join Date: Jul 2014
Location: Commuter
Studying for Viticulture dissertation
College: Grape and Wine Institute
Favorite beer: Wine
Posts: 35,389
Default

It threatened to delete my bookmarks/cookies. It makes me WannaCry just thinking about it.
Reply With Quote
  #6  
Old 05-15-2017, 11:05 AM
G-Funk's Avatar
G-Funk G-Funk is offline
Member
 
Join Date: Jan 2009
Posts: 1,079
Default

This hit Europe and now Asia a lot harder than the US. Seeing as how this was originally an NSA tool, any possible political blow back?
Reply With Quote
  #7  
Old 05-15-2017, 11:07 AM
yoyo's Avatar
yoyo yoyo is offline
Member
CAS
 
Join Date: Dec 2001
Posts: 20,667
Default

Quote:
Originally Posted by Chronus View Post
$300 in bitcoin was demanded on each locked down PC.
are people paying?
Reply With Quote
  #8  
Old 05-15-2017, 11:07 AM
PeppermintPatty's Avatar
PeppermintPatty PeppermintPatty is offline
Member
CAS
 
Join Date: Sep 2001
Posts: 32,132
Default

The newspapers are calling it WannaCry, but I notice that the malware blog refers to it as "WannaCrypt", which kinda makes more since, since the thing works by encrypting all your content files.

There have been a bunch of ransomware attacks like this in recent years. This one is unusual because it spread so incredibly fast. It is very good at moving through networks once it gets established on a single computer.
Reply With Quote
  #9  
Old 05-15-2017, 11:09 AM
PeppermintPatty's Avatar
PeppermintPatty PeppermintPatty is offline
Member
CAS
 
Join Date: Sep 2001
Posts: 32,132
Default

Quote:
Originally Posted by yoyo View Post
are people paying?
So far they have collected about $50K, which seems really low for such a huge attack. Even with such a modest pay-off, they may have trouble laundering the money. It's hard to know who owns a bitcoin account, but once you use it to pay for something, it's not that hard to know who takes possession of the good or service you pay for.
Reply With Quote
  #10  
Old 05-15-2017, 11:12 AM
PeppermintPatty's Avatar
PeppermintPatty PeppermintPatty is offline
Member
CAS
 
Join Date: Sep 2001
Posts: 32,132
Default

That amount may grow, though. The message tells you that it's $300 to recover your documents if you act quickly, $600 if you wait, and eventually they will just go away. And the time limit hasn't expired on most of those attacks.

an earlier report said $20K
https://www.theguardian.com/technolo...00-experts-say

now $50K
https://twitter.com/WSJ/status/864135594632519684
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 04:39 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
*PLEASE NOTE: Posts are not checked for accuracy, and do not
represent the views of the Actuarial Outpost or its sponsors.
Page generated in 0.32496 seconds with 9 queries