arrow_upward

Pages (2):
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
lokf virus attacks !
#1
One of the Wanacry Virus attacked my home network and caused 5 computers in my home to be encrypted and caused my home security system to be totally paralyzed! The attacker asked for a ransom of 980 USD as a ransom to reopen all files on my PC! Because it is urgent, if anyone has a solution, please let me know as possible!
Terminal
Solo Developer
#2
a) Why are you posting this in the VPS support and help forum when it IS ABSOLUTELY NOT related to issues with your VPS?
b) A solution to this problem? There is no solution to this problem, yet. You have no backups? Too bad. The latest iterations of WannaCry have not been taken down so far.... which means that there is no decryption key available to help out people who are affected.

If you can backup all encrypted files to a spare HDD and keep it stored somewhere. Meanwhile reinstall all affected systems. Hope for a tool or key to be released when WannaCry gets taken down and when that happens (maybe in some years) you might be able to decrypt your files.

RL fact: The company I work for has been hit by Emotet/Trickbot and the latest iteration of WannaCry. There is no real way out. Whole domain infrastructure that was built over several years was destroyed. We had to rebuild everything and lost a lot of files that were needed for people to work. Atleast the company now pays a bit more attention to what we say and has granted us funds for a proper offline tape backup infrastructure and a 10 GbE backup network infrastructure.
[Image: zHHqO5Q.png]
#3
Well, you are asking for a miracle, as said by "Hidden Refuge" there is no way to revert the latest variants of WannaCry... yet.
Nowadays a lot of software of backup & restore have implemented a "ransomware protection", a example is Acronis True Image that keep a incremental backup of your data.

So, right now there is no help that I can provide you but only the suggestion to be careful next time and takes scheduled backup of your data.
BTW, no virus can just attack your network, someone from the inside downloaded an infected excutable and then it spread over your network.
Thanks to Post4VPS and Bladenodefor VPS 14
#4
Oh ... oh my god!
I was very panicked, because one of these PCs was the core of my home's security!
And now I have to work 24 hours to replace the External Disk and reinstall all infected PCs!
At least if you have the same experience, please post here, I want to know!
Terminal
Solo Developer
#5
(11-14-2019, 06:20 PM)chanalku91 Wrote: One of the Wanacry Virus attacked my home network and caused 5 computers in my home to be encrypted and caused my home security system to be totally paralyzed! The attacker asked for a ransom of 980 USD as a ransom to reopen all files on my PC! Because it is urgent, if anyone has a solution, please let me know as possible!

Is this ransomware still a threat?.. Thought Microsoft have released the patches years ago!!... Yet another reason to switch to Linux desktops Folks.

Unfortunately, a post-mortem recovery for such incidents is impossible without the adhoc keys.

The real question to ask in your case, as a sysadmin, is: how did that ransomware find its way into your Lan? you should find the breach.

Good Luck!
VirMach's Buffalo_VPS-9 Holder (Dec. 20 - July 21)
microLXC's Container Holder (july 20 - ?)
VirMach's Phoenix_VPS-9 Holder (Apr. 20 - June 20)
NanoKVM's NAT-VPS Holder (jan. 20 - ?)
#6
Maybe it's because one of the SSID's wasn't given a password for guests!
Even Neighbors also use the SSID!
I don't know what they did!

When my PC was infected I did not find a way to restore it!
Except through Backup!

I want to ask @ "Hidden Refuge" is it true that Wanacry Virus can spread through WiFi Networks?
Terminal
Solo Developer
#7
It is almost irrelevant what kind of network you are in (wired/wireless). WannaCry uses several methods to attack machines on the network. Windows machines are all generally full of security holes and WannaCry uses them to break into the machine and spread further. A wireless network is no different from a wired network other than how you physically connect to the network.
[Image: zHHqO5Q.png]
#8
@chanalku91. Today I've got more time for a Google search on this; so here is what I've got, if it's of any help.

The specifics of this ransomware are too technical but I want to refer you to an article by Sophos (from 2 months ago): WannaCry – the worm that just won’t die that kind of lay out the big picture of the "wannacry" current situation. It also refers to a research article (in PDF) done by Peter Mackenzie of Sophos Group: WannaCry Aftershock for more in-depth information.

In that research article, there is a section called "Recommendations and advice" which states the following:
Quote:The most important advice we can share is patch your computers, all of them. Do it now!

You can use the instructions in the following article to check if your computer is patched against EternalBlue: How to Verify if a Machine is Vulnerable to EternalBlue - MS17-010.

If you are a Sophos customer and (....)

SophosLabs has published a list of Indicators of Compromise (IoCs) relating to this research on our Github page, at https://github.com/sophoslabs/IoCs

As I said in my previous post, the patch exists since 2017; which means that your windows PCs aren't still patched against EternalBlue vulnerability, which make them a target for this Wannacry ransomware.
VirMach's Buffalo_VPS-9 Holder (Dec. 20 - July 21)
microLXC's Container Holder (july 20 - ?)
VirMach's Phoenix_VPS-9 Holder (Apr. 20 - June 20)
NanoKVM's NAT-VPS Holder (jan. 20 - ?)
#9
wannacry is very old at this point . but some of ransomware still spread mainly from pup and application downloaded from unknown sources . for wannacry the server is probably inactive and it not spreading anymore
Terminal
humanpuff69@FPAX:~$ Thanks To Shadow Hosting And Post4VPS for VPS 5
#10
Thats really sad attackers are really smart they will find so many ways to hack the computer ,droning viruses on computer to smart even sometimes antivirus software can't detect them
thank you post4vps and  racknerd for wonderful vps3  Heart
 
Pages (2):
lockThread Closed 


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post

person_pin_circle Users browsing this thread: 4 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting