「想哭」WannaCry Ransomeware, 我都唔會講太多. 研究又好, 自救又好, 自己去睇link學啦! 今次XP 都要出patches, 真係大笨(陣)象! 其實世上有好多embedded XP , 當年做了公共設施, 好似火車站個班次顯示, 如果發電廠控制台有embedded XP 又上了網, 真係大大鍋! 多謝mike 提醒,官方答案apply MS17-010 patches (For all Windows version included XP) 個list updated @ 16 May 2017.
WannaCry勒索軟件在150多個國家感染逾20萬台電腦。根據CNBC消息稱,軟件迄今僅賺到5萬美元左右的贖金(3 個bitcoin accounts, 你都可以睇);贖金不高的原因,一是許多人不知比特幣(笑左!)為何物及如何用比特幣支付贖金;二是沒有證據表明支付贖金後就能解鎖文件。
- Wannawiki (updated on 19May2017) 可以decrypt https://github.com/gentilkiwi/wanakiwi
- 唔駛比贖金 https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d
- 微軟官方的tips https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks
- 個vulnerability 源至這個微軟的安全性弱點 https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- 微軟官方的Workaround https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
- 看花生, 全球實時的中伏 https://intel.malwaretech.com/WannaCrypt.html
- 想研究一下 呢到有Sample https://gist.github.com/pcostesi/87a04a3bbbdbc4aeb8b787f45eb21197
- 美國官方的tips https://www.us-cert.gov/ncas/alerts/TA17-132A
- Hacker News 的消息 http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html
- 綜整 Wanna Cry 勒索病毒 攻擊事件 http://tdohacker.org/posts/2017/05/14/1834038
- 如果你識玩metasploit, 有PoC, https://github.com/RiskSense-Ops/metasploit-framework
- Trendmicro 解構infection 過程 http://blog.trendmicro.com/trendlabs-security-intelligence/massive-wannacrywcry-ransomware-attack-hits-various-countries/
- 局長KO「想哭」 https://www.facebook.com/onaclearday903/videos/1386975258045123/
