Trojan.Ransom.WannaCrypt (WanaCrypt0r 2.0/WannaCry, NHS Ransomware)
Vložit
- čas přidán 13. 05. 2017
- / danooct1
/ danooct1
a few links for further (and interesting) reading: www.malwaretech.com/2017/05/h...
www.theguardian.com/technolog...
major thanks to malwaretech team for stopping the ransomware in its tracks, xylitol for the hookup once again, and all of you who took the time to message me about the ransomware.
Thanks to the following $5+ patrons!
John Kizer
Numou
crymera
handsome jack
Thomas H Khoury
Joshua Mack
Mister Sparkly
Jade
squigly-kip
Matthew K
Alice J
Renaud Bedard
Blaise
Sleepy Owl
Rosenator
Robert G
Si Mellor
BluePolar Bearz - Zábava
You know it's serious shit when obsolete software gets patched.
Are they gonna release a patch for Windows 95?
microsoft still cares about xp, so you can still use it :)
Cam No they don't
+InfernoDukem It's pretty much a fact that Windows XP is obsolete by now...
pretty sure gas stations still run XP on pumps and ATMs may also do the same
If it works without the network connected, where is the decryption key saved?
It's so early into investigation, I would assume they didn't know.
I would imagine that it attempts to send it, fails, and continues to delete the key.
that's a really good question lmao
run it in sandboxie and check?
@thecomputerman100 ^this
When you hit that point in your life where it wouldn't even matter if you got hit by this because worst case scenario you just lose your memes.
But my Minecraft worlds would be gone too!!!
*_*pays 0.17 BTC_**
I actually did lose my memes to ransomeware :( It was devestating... I hate those boogerheads >:(
Drachen you lose the moddig projects
Drachen I lose all my animations and backups from 2013
true my friend
Actually, there is absolutely no point to pay the ransom. It has only 3 bitcoin addresses hardcoded into program (shown randomly) and there is no way attacker could recognize the payment was from you. Meaning there was never any intention to be able to decrypt the files.
so how do you solve this problem without resort to pay them??
*you don't*
@@White_Tiger93 wait till someone writes a decryption program and/or the decryption keys leak. I believe there is already free decryption software for WannaCry out there. Sometimes the keys needed for decryption are still in the RAM of the computer, so there might be software that can get the keys, but it only works a short time after the malware was started.
@@White_Tiger93 Restore from backup. Because you have a backup, don't you?
I was wondering can u use safe mode in this situation ???
You have a girlfriend?
Me- I used to have one, but she Ransomewhere.
ItsDustyy I laughed harder than necessary at this.
ItsDustyy
LMAO
ItsDustyy
Really? Only 10 Likes? That was freaking clever and funny!
ItsDustyy I'm laughing harder than I should be 😂😂
ItsDustyy it’s true, she ran some where, and you have to pay her or else she leaves you.
Ooops, this comment has been encrypted!
WHERE DO I SEND MY BITCOINS?!
/b/ 28282 ah shit. my ass got encrypted as well.
Austyn LeDrew How many bit coins to decrypt it...?
Here is a key to decrypt your comment:
hssianaizbwhu72!*hwnai;#!isn8#!@62;#8$;
Error: File not found
Lol, "It's rich af" in the Rich Text document.
@@potato_x69 "it's poor af"
The interesting thing about the kill-switch is that it's actually a poorly implemented sandbox test.
Malware authors want to thwart security researchers for as long as possible to delay any attempt at a countermeasure, and one technique for doing so is refusing to run in any sandboxed virtual machine environment. Sandboxes for malware often give it everything they want in order to analyze it to the fullest extent possible: for instance, if something wants to access a domain, the sandbox will give it something to connect to, whether or not it exists on the real Internet. Thus, if WannaCrypt manages to connect to a domain that it thinks doesn't exist, it'll conclude that it's being monitored and self-terminate.
Normally, malware of this kind randomly generates the domains to be checked, but the author of WannaCrypt hard-coded it into the program instead, meaning that since someone registered the domain in the real world, it always mistakenly thinks that it's being run in a VM, whether or not it actually is.
thank you for this i have been wondering for hours now and its 4am and am deep down a rabbithole
that's a super clever strategy, good thing whoever made this didn't think of that
Hey, props to Microsoft for actually releasing a patch for XP for this. Pretty ridiculous that some government systems are still running a 16 year-old unsupported OS though...
CWINDOWSsystem32 I guess it's cheaper for our stupid government
+QEproductions7 I hope they learned their lesson from this and actually hire some decent IT people and upgrade the systems to at least Windows 7...
CWINDOWSsystem32 I suppose they're too busy sitting back and waiting for their victory in the election to care about the country lol
The United States ran its entire nuclear missile command from 50 year old 8" floppy drives until like 6 months ago
My high school was still running windows 98 just 3 years ago lmao.
this is how the civil war started
rougeamp you mean world war 3
rougeamp which civil war
i remember when this was the biggest threat to your computer. feels just like yesterday, even though it was 4 years ago
Don't worry, ransomware is still going strong.
*viruses, years ago: haha i wrecked your computer, lol, you lost everything*
*viruses now: pls give me money*
NotPetya: pls give me money (wrecked your computer, lol, you lost everything anyway)
PandoTech:Hold my beer
@Floppy 6022 ???
Viruses now: MEEEEEEEMZ
@@ABC-in2le there should be a MEMZ computer epidemic
It's the new Captain Crunch cereal, "Oops, All Ransomware"
jokes on you I speak enchantment table
That's nice, Captain. But oh that time you fucked up and your cereal was just All Berries?
People on MSFN are saying that it is impossible for WannaCry to infect a system running from a FAT32 partition, because it relies upon NTFS to encrypt the files. Can you verify this?
Hi vvestlife
Here I was, thinking of you as a retro '90s-virus connoisseur. And here you are on the bleeding edge of world news.
Albeit world news that affects people with badly out of date systems...
Anyway, you're awesome. It's really neat to get to see this stuff in a context that's not dangerous or malicious in nature.
I just want to thank you because your computer virus highlight videos (especially on ransomwares) are the inspiration for my thesis on computer virus
Hey Danooct1 you should have put the blog post Microsoft put on their webpage. It's almost like a middle finger to the NSA
blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0000otkst81x2dg2rb51g3fgd0f6k There's the full blog post from their site, 8th paragraph down talks about the NSA.
Then why don't you link it???
That kind of comment is the same kind of crap you see on support forums when someone goes "found the problem it's fixed now" but never posts the solution.
Link in question:
blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
Prehistoricman
I posted a reply with a link to it, but I think it get deleted as spam. The link appears on my screen right below my comment.
Can you see it?
burrito64burrito64 nope. Try adding a space in between the link and the ".com" or something
They have come up with a newer version that doesn't have the killswitch. Another wave may be coming soon. Hopefully people are patched up.
#18 on Trending. My nigga Dan made it
I know, I felt so proud when I saw it.
+Tornexted No, but Matt is...
I never knew it had a killswitch. Very good; this thing actually put cancer patients' lives in danger.
The memories of WannaCrypt for me are amazing! Being only a child at the time and seeing a red screen of death, I was terrified. We subsequently had a friend come over to fix this supposed virus, but I never touched that same computer again >:c
this is what happens when you don't have Norton's Smart Firewall engaged
I hate the way that ransomware makes me feel... it's so creepy, it gives me this sort of "dark, doomed" vibe
I actually wanna know that Mushroom Chicken recipe, if you're okay with that.
Daniel Scharn You can't have it anymore, you gotta pay 300$ in bitcoins first D:
I only got $7
Daniel Scharn how about $12?!
Daniel Scharn I'm sure they will let you have those files, that mushroom chicken recipe is needed for the greater good of humanity.
「Big Ol' Bear」 bitch coins you mean?
Any virus that wants to get between me and my lego memes is going to get what's coming to it.
「#1 Schemer」 Megabloks FOR LIFE
lmao made my day
yes
Hey it's memz guy, when did you start watching Danooct?
Jack He is he's number one fan. :p
danooct literally did the first video out there on memz you dingdong
Hey man
CONFURMED: teh memz guyy is the cRator off waanay cripty ransomwore
bro 200K views in 2 days god status
Damn
and now there is only still somehow 797,034 views.
Its been 4 years.... :p
@@itzameh2233 And its not so far from the 797 000 views!
Great video, been following for about 3 years and this is hilarious
TempleOS doesn't have this problem
too soon?
MS-DOS doesn't have this problem
templeos has the problem of being able to rewrite mbr in a line
@@potato_x69 bruh why the fuck do you hate weebs
@@potato_x69 lmao
*opens Rich Text Document and reads* "it's rich af"
that has killed me XD
What happens with the already encrypted files if it's executed again? Does it encrypt them again or leaves them alone based on the file extension? If the latter happens, very important files could be protected by changing the file extension in anticipation.
the news here in the Netherlands are just talking about this virus every time, and i was waiting for this video. now it's here. i love your content. it's really impressive and interesting to watch. keep it up
Congrats on getting on the top video list! Thank you for showing this one
"We will decrypt your file because nobody will trust us if we cheat users" That has to be the lamest reason I've ever heard! Nobody trusts them!
Just a tidbit on why XP was patched. It's because of companies that still use XP tend despite the vulnerabilities. They usually set up individual contracts with Microsoft for this type of thing so that they can have some kind of extended support, although usually they have some kind of endpoint based security that filters most of the uninvited stuff. Part of it is to cut costs, or because certain applications simply won't work with newer OSes (so it's not just the OS you would be changing). There have obviously been ransomware in the past, but normally the network layers of security would be sufficient for it. This is why XP got patched despite the lack of support.
Unless you're one of these organizations, don't freakin' use XP.
Biggerboot I use XP from time to time on a dedicated retro computer. I even use Windows 98SE. It's the bomb for 3dfx games. And of course both have network shares 'cause it's convenient. The key here is that there is nothing important on it and it's offline most of the time, with Wake On Lan disabled. :p
Absolutely. If you're using it in those capacities then you obviously know what you're doing. I'm just a little worried when I see comments like "DOZ THIS MEEN XPEE IZ SPPRTD AGIN?" I mean I guess it's youtube comments and it could be sarcastic, but ultimately misinforming. :P
Was waiting for this video, thanks :D !!!
what a fun year this was at work. Having Non-windows based NAS Servers with volume level snapshots was a saving grace :D
This malware uses two critical flaws. One is MS13-010 that has been patched for every Windows since XP/2003 (because someone still has Vista for some reason). The second is the fact companies take ages to release updates on their computers. My school, for example, has hundreds of Win7 Pro computers. They all haven't been updated since November 2016 (and today I'll go look if they have MS13-010)
That moment when you hack your own computer cause you want to erase your trash memes
The trash memes were still funnier than most new popular memes nowadays though. *cough cough ugandan knuckles cough cough*
i wonder if you set the time to a week ahead if it would actually delete the files
Congrats on making it on trending Dan !!!
i got infected with wannacrypt when i was younger, kind of terrifying!
so Windows 10 can get this Virus?.....
Woah, technology
Miley Fox Im pretty sure you can get in any version of Windows if youre opening a .exe file, however, but dont quote me on this, if you have Windows 10 with your firewall enabled and anti-virus running + all the recent updates from Microsoft, you can't get infected through the network.
only if you didn't update windows 10 with that March update. But if you did then you were safe
Auto Windows Updates.This is the only case where it helps.
finally!
i was eagerly waiting for this!
yes ive been waiting for this video! ive checked your profile every day since this came out
When I saw the headlines, I instantly thought "danoct1"
you know shit gets real when an update for windows xp is released
I was looking for this video. Thanks Dan
DANOOCT IS ON TRENDING. never thought i'd see the day my dudes
Old days
Feels like the 90s again with these viruses.
Explicit Tech yep
and early 2000s
You know a ransom ware is bad when Dan's video is trending
You're on trending, my guy! Gratz.
Does disabling the SMB feature in Windows keeps you safe from this computer worm?
you know when something is serious if Microsoft updated Windows XP
I've been waiting for this.
holy shit #20 on Trending GOOD JOB danooct!
*hears that Microsoft patched Windows XP*
Does this mean Windows XP is back? YAAAA--
*realises that's it only to prevent the ransomware and that Windows XP will never be supported ever again*
Ohhhhh. ;_;
Solution: Keep making ransomware that exploits XP. Support forever :D
Who knows, there is a possibility that one of the patches could be ported to XP again if another serious attack like this happens. There was another post EOL patch in May 2014.
NinelivesBobcat I ran windows XP pro in a virtual machine yesterday, and was soo shocked to find people actually playing the internet Microsoft games so frequently finding someone instantly. why was I shocked? so many people still use XP. even though the internet browser was buggered and wouldn't open any https links and not load others.
windows xp is the king os oses!
Dang crybabies, suck it up and update. You're missing out on basically everything.
There's this interesting tool called Ransomfree, cold you consider testing it at some point with this malware to see if it works? It basically places bait files all around your computer and when it detects a ransomware messing with it it will try and stop it.
I've been waiting for this video
Danooct1 is back!!! So many memories :')
Good job NSA you provided me with the stuff to make people's lives worse. Thanks again
when u want kids but she not ready
O O O P S
Was waiting for this one.
Woo i was waiting for this
greetz from @danooct1 ya boi wit da malware yoooooooooooooooooooooooooooooooooooooooooooooooooooooooo
for about 2 seconds when you were typing that message
you sounded like joel
That Atari-esque Hava Naguila is nectar to my ears!🐱
hey bro, i love your work so much
holy shit this is the earliest ive ever been to a video ever
Muddy Bear ikr
You're not late. You're on time.
>shows a malware that asks for money to recover your files
>outro plays a 8bit klezmer song
oy vey
as soon as I saw this in the news I knew I'd see a danooct video
I managed to share this video to some of my friends.
Imagine if the scammers accidentally encrypted their computers
This has actually happened allegedly, but not with this ransomware
Allegedly, the author of Rensenware, had to complete his own task (score 2 billion points on lunatic mode in TouHou) in order to decrypt his own files due to forgetting to run the program in a virtual machine.
@@ChanceOfOne344254that's partially false actually. What really happened is that he did encrypt his files, so he used cheat engine to force the score required to unlock the files. He then developed a tool which did all this automatically for those who were affected by rensenware
I just realized how you don't kill your computer every time you do these videos..
virtual machine.
I was waiting for this
I was looking forward to this video
Awwww i wished you'd demonstrate the 'decrypt' button. It says that you can decrypt some files for free.
You should've pulled a rogueamp and just posted a video of you driving in your 129° car.
"What up guys, RogueAmp here, today I heard that the worst malware attack since Conficker has finally happened. Because ransomware is totally not my specialty, I'm just gonna drive in my car and blast some E U R O B E A T"
This thing sends a chill down my spine..
Hey @danooct1
I am, interested in getting into malware analysis. How do you have your lab setup and how do you get samples to play with like this?
my school alerted about this worm spreading and told everyone to not turn on their computer today and tomorrow, but screw it, I'm using a Mac! :p
Finally, MS who abandon Windows XP upload the second update for Windows XPIt's seem Bill know a lot of people use Windows XP
was waiting for this.
gracias por la demostración de este ransomware
the key is WNcry@2o17
lol i got "BEST FREE ANTIVIRUS" ad more like BEST TROYAN VIRUS amiright?
Yo dan got to the front page! Congrats dude!
Whoa! You're 22 on trending! Congrats!
mushroom_chicken.docx
Why did I type this comment
muchrom chickem
@@WackyH HOW
I didnt watch all the video yet but the unlock code to the virus is " WNcry@2ol7 " thumbs up to let everyone know
How did you find it?
fr? well shit lol
I'm pretty sure it's randomized for each user
It is. The key is sent from the program to an external server on execution of the payload, then removed from storage (and/or memory) on the target computer.
"WannaCryAt2017"... huh
This has been EVERYWHERE in Italy recently.
My dad works as a computer technic (??) at an university and he tried it out on a VM.
I'm gonna ask him if it's this one. Thanks for the video!
Yes I wanna crypt, thank you for asking.
we knew this would happen xD
Dont nothing to do with me kiddo
"it's rich af" xD
Thank you for this reminder to backup my files ;P
Just curious, where did you download the executable file, I can't find this anywhere.
2.0 is going to be released shortly with no kill switch (Verified) The internet will be gone before the end of the year. Nokia bricks will be back in style as soon as data goes bye bye. Welcome to 1984, get comfy.
Hello from the future.
@@xbotscythe give me the overview of your world
Viruses back then: I'm a flying plane, catch me if you can!
Viruses now: I encrypted ur filez lollololololol, if you want ur crap back gimme your moolah!
Hell yea, danooct got trending.
Someone I knew lost very important information worth a lot of money. They had this same virus, paid the $300 in bitcoin and got everything back and the scammers were actually very friendly to work with which was odd.