Trojan.Ransom.WannaCrypt (WanaCrypt0r 2.0/WannaCry, NHS Ransomware)
ฝัง
- เผยแพร่เมื่อ 13 พ.ค. 2017
- / danooct1
/ danooct1
a few links for further (and interesting) reading: www.malwaretech.com/2017/05/h...
www.theguardian.com/technolog...
major thanks to malwaretech team for stopping the ransomware in its tracks, xylitol for the hookup once again, and all of you who took the time to message me about the ransomware.
Thanks to the following $5+ patrons!
John Kizer
Numou
crymera
handsome jack
Thomas H Khoury
Joshua Mack
Mister Sparkly
Jade
squigly-kip
Matthew K
Alice J
Renaud Bedard
Blaise
Sleepy Owl
Rosenator
Robert G
Si Mellor
BluePolar Bearz - บันเทิง
You know it's serious shit when obsolete software gets patched.
Are they gonna release a patch for Windows 95?
microsoft still cares about xp, so you can still use it :)
Cam No they don't
+InfernoDukem It's pretty much a fact that Windows XP is obsolete by now...
pretty sure gas stations still run XP on pumps and ATMs may also do the same
When you hit that point in your life where it wouldn't even matter if you got hit by this because worst case scenario you just lose your memes.
But my Minecraft worlds would be gone too!!!
*_*pays 0.17 BTC_**
I actually did lose my memes to ransomeware :( It was devestating... I hate those boogerheads >:(
Drachen you lose the moddig projects
Drachen I lose all my animations and backups from 2013
true my friend
You have a girlfriend?
Me- I used to have one, but she Ransomewhere.
ItsDustyy I laughed harder than necessary at this.
ItsDustyy
LMAO
ItsDustyy
Really? Only 10 Likes? That was freaking clever and funny!
ItsDustyy I'm laughing harder than I should be 😂😂
ItsDustyy it’s true, she ran some where, and you have to pay her or else she leaves you.
Actually, there is absolutely no point to pay the ransom. It has only 3 bitcoin addresses hardcoded into program (shown randomly) and there is no way attacker could recognize the payment was from you. Meaning there was never any intention to be able to decrypt the files.
so how do you solve this problem without resort to pay them??
*you don't*
@@White_Tiger93 wait till someone writes a decryption program and/or the decryption keys leak. I believe there is already free decryption software for WannaCry out there. Sometimes the keys needed for decryption are still in the RAM of the computer, so there might be software that can get the keys, but it only works a short time after the malware was started.
@@White_Tiger93 Restore from backup. Because you have a backup, don't you?
I was wondering can u use safe mode in this situation ???
Ooops, this comment has been encrypted!
WHERE DO I SEND MY BITCOINS?!
/b/ 28282 ah shit. my ass got encrypted as well.
Austyn LeDrew How many bit coins to decrypt it...?
Here is a key to decrypt your comment:
hssianaizbwhu72!*hwnai;#!isn8#!@62;#8$;
Error: File not found
Lol, "It's rich af" in the Rich Text document.
@@potato_x69 "it's poor af"
If it works without the network connected, where is the decryption key saved?
It's so early into investigation, I would assume they didn't know.
I would imagine that it attempts to send it, fails, and continues to delete the key.
that's a really good question lmao
run it in sandboxie and check?
@thecomputerman100 ^this
Hey, props to Microsoft for actually releasing a patch for XP for this. Pretty ridiculous that some government systems are still running a 16 year-old unsupported OS though...
CWINDOWSsystem32 I guess it's cheaper for our stupid government
+QEproductions7 I hope they learned their lesson from this and actually hire some decent IT people and upgrade the systems to at least Windows 7...
CWINDOWSsystem32 I suppose they're too busy sitting back and waiting for their victory in the election to care about the country lol
The United States ran its entire nuclear missile command from 50 year old 8" floppy drives until like 6 months ago
My high school was still running windows 98 just 3 years ago lmao.
The interesting thing about the kill-switch is that it's actually a poorly implemented sandbox test.
Malware authors want to thwart security researchers for as long as possible to delay any attempt at a countermeasure, and one technique for doing so is refusing to run in any sandboxed virtual machine environment. Sandboxes for malware often give it everything they want in order to analyze it to the fullest extent possible: for instance, if something wants to access a domain, the sandbox will give it something to connect to, whether or not it exists on the real Internet. Thus, if WannaCrypt manages to connect to a domain that it thinks doesn't exist, it'll conclude that it's being monitored and self-terminate.
Normally, malware of this kind randomly generates the domains to be checked, but the author of WannaCrypt hard-coded it into the program instead, meaning that since someone registered the domain in the real world, it always mistakenly thinks that it's being run in a VM, whether or not it actually is.
thank you for this i have been wondering for hours now and its 4am and am deep down a rabbithole
that's a super clever strategy, good thing whoever made this didn't think of that
*viruses, years ago: haha i wrecked your computer, lol, you lost everything*
*viruses now: pls give me money*
NotPetya: pls give me money (wrecked your computer, lol, you lost everything anyway)
PandoTech:Hold my beer
@Floppy 6022 ???
Viruses now: MEEEEEEEMZ
@@ABC-in2le there should be a MEMZ computer epidemic
this is how the civil war started
rougeamp you mean world war 3
rougeamp which civil war
Hey Danooct1 you should have put the blog post Microsoft put on their webpage. It's almost like a middle finger to the NSA
blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0000otkst81x2dg2rb51g3fgd0f6k There's the full blog post from their site, 8th paragraph down talks about the NSA.
Then why don't you link it???
That kind of comment is the same kind of crap you see on support forums when someone goes "found the problem it's fixed now" but never posts the solution.
Link in question:
blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
Prehistoricman
I posted a reply with a link to it, but I think it get deleted as spam. The link appears on my screen right below my comment.
Can you see it?
burrito64burrito64 nope. Try adding a space in between the link and the ".com" or something
It's the new Captain Crunch cereal, "Oops, All Ransomware"
jokes on you I speak enchantment table
That's nice, Captain. But oh that time you fucked up and your cereal was just All Berries?
bro 200K views in 2 days god status
Damn
and now there is only still somehow 797,034 views.
Its been 4 years.... :p
@@itzameh2233 And its not so far from the 797 000 views!
#18 on Trending. My nigga Dan made it
I know, I felt so proud when I saw it.
+Tornexted No, but Matt is...
The memories of WannaCrypt for me are amazing! Being only a child at the time and seeing a red screen of death, I was terrified. We subsequently had a friend come over to fix this supposed virus, but I never touched that same computer again >:c
this is what happens when you don't have Norton's Smart Firewall engaged
i remember when this was the biggest threat to your computer. feels just like yesterday, even though it was 4 years ago
Don't worry, ransomware is still going strong.
Any virus that wants to get between me and my lego memes is going to get what's coming to it.
「#1 Schemer」 Megabloks FOR LIFE
lmao made my day
I actually wanna know that Mushroom Chicken recipe, if you're okay with that.
Daniel Scharn You can't have it anymore, you gotta pay 300$ in bitcoins first D:
I only got $7
Daniel Scharn how about $12?!
Daniel Scharn I'm sure they will let you have those files, that mushroom chicken recipe is needed for the greater good of humanity.
「Big Ol' Bear」 bitch coins you mean?
I just want to thank you because your computer virus highlight videos (especially on ransomwares) are the inspiration for my thesis on computer virus
They have come up with a newer version that doesn't have the killswitch. Another wave may be coming soon. Hopefully people are patched up.
Here I was, thinking of you as a retro '90s-virus connoisseur. And here you are on the bleeding edge of world news.
Albeit world news that affects people with badly out of date systems...
Anyway, you're awesome. It's really neat to get to see this stuff in a context that's not dangerous or malicious in nature.
I never knew it had a killswitch. Very good; this thing actually put cancer patients' lives in danger.
Just a tidbit on why XP was patched. It's because of companies that still use XP tend despite the vulnerabilities. They usually set up individual contracts with Microsoft for this type of thing so that they can have some kind of extended support, although usually they have some kind of endpoint based security that filters most of the uninvited stuff. Part of it is to cut costs, or because certain applications simply won't work with newer OSes (so it's not just the OS you would be changing). There have obviously been ransomware in the past, but normally the network layers of security would be sufficient for it. This is why XP got patched despite the lack of support.
Unless you're one of these organizations, don't freakin' use XP.
Biggerboot I use XP from time to time on a dedicated retro computer. I even use Windows 98SE. It's the bomb for 3dfx games. And of course both have network shares 'cause it's convenient. The key here is that there is nothing important on it and it's offline most of the time, with Wake On Lan disabled. :p
Absolutely. If you're using it in those capacities then you obviously know what you're doing. I'm just a little worried when I see comments like "DOZ THIS MEEN XPEE IZ SPPRTD AGIN?" I mean I guess it's youtube comments and it could be sarcastic, but ultimately misinforming. :P
This malware uses two critical flaws. One is MS13-010 that has been patched for every Windows since XP/2003 (because someone still has Vista for some reason). The second is the fact companies take ages to release updates on their computers. My school, for example, has hundreds of Win7 Pro computers. They all haven't been updated since November 2016 (and today I'll go look if they have MS13-010)
I hate the way that ransomware makes me feel... it's so creepy, it gives me this sort of "dark, doomed" vibe
Congrats on getting on the top video list! Thank you for showing this one
the news here in the Netherlands are just talking about this virus every time, and i was waiting for this video. now it's here. i love your content. it's really impressive and interesting to watch. keep it up
"We will decrypt your file because nobody will trust us if we cheat users" That has to be the lamest reason I've ever heard! Nobody trusts them!
yes
Hey it's memz guy, when did you start watching Danooct?
Jack He is he's number one fan. :p
danooct literally did the first video out there on memz you dingdong
Hey man
CONFURMED: teh memz guyy is the cRator off waanay cripty ransomwore
Great video, been following for about 3 years and this is hilarious
what a fun year this was at work. Having Non-windows based NAS Servers with volume level snapshots was a saving grace :D
TempleOS doesn't have this problem
too soon?
MS-DOS doesn't have this problem
templeos has the problem of being able to rewrite mbr in a line
@@potato_x69 bruh why the fuck do you hate weebs
@@potato_x69 lmao
*opens Rich Text Document and reads* "it's rich af"
that has killed me XD
Was waiting for this video, thanks :D !!!
You're on trending, my guy! Gratz.
That moment when you hack your own computer cause you want to erase your trash memes
The trash memes were still funnier than most new popular memes nowadays though. *cough cough ugandan knuckles cough cough*
so Windows 10 can get this Virus?.....
Woah, technology
Miley Fox Im pretty sure you can get in any version of Windows if youre opening a .exe file, however, but dont quote me on this, if you have Windows 10 with your firewall enabled and anti-virus running + all the recent updates from Microsoft, you can't get infected through the network.
only if you didn't update windows 10 with that March update. But if you did then you were safe
Auto Windows Updates.This is the only case where it helps.
I was looking for this video. Thanks Dan
Thank God I try to keep both of my computers updated
Feels like the 90s again with these viruses.
Explicit Tech yep
and early 2000s
What happens with the already encrypted files if it's executed again? Does it encrypt them again or leaves them alone based on the file extension? If the latter happens, very important files could be protected by changing the file extension in anticipation.
yes ive been waiting for this video! ive checked your profile every day since this came out
DANOOCT IS ON TRENDING. never thought i'd see the day my dudes
holy shit this is the earliest ive ever been to a video ever
Muddy Bear ikr
You're not late. You're on time.
There's this interesting tool called Ransomfree, cold you consider testing it at some point with this malware to see if it works? It basically places bait files all around your computer and when it detects a ransomware messing with it it will try and stop it.
Congrats on making it on trending Dan !!!
finally!
i was eagerly waiting for this!
>shows a malware that asks for money to recover your files
>outro plays a 8bit klezmer song
oy vey
you know shit gets real when an update for windows xp is released
That Atari-esque Hava Naguila is nectar to my ears!🐱
Danooct1 is back!!! So many memories :')
When I saw the headlines, I instantly thought "danoct1"
Good job NSA you provided me with the stuff to make people's lives worse. Thanks again
holy shit #20 on Trending GOOD JOB danooct!
hey bro, i love your work so much
*hears that Microsoft patched Windows XP*
Does this mean Windows XP is back? YAAAA--
*realises that's it only to prevent the ransomware and that Windows XP will never be supported ever again*
Ohhhhh. ;_;
Solution: Keep making ransomware that exploits XP. Support forever :D
Who knows, there is a possibility that one of the patches could be ported to XP again if another serious attack like this happens. There was another post EOL patch in May 2014.
NinelivesBobcat I ran windows XP pro in a virtual machine yesterday, and was soo shocked to find people actually playing the internet Microsoft games so frequently finding someone instantly. why was I shocked? so many people still use XP. even though the internet browser was buggered and wouldn't open any https links and not load others.
windows xp is the king os oses!
Dang crybabies, suck it up and update. You're missing out on basically everything.
Old days
I've been waiting for this.
This has been EVERYWHERE in Italy recently.
My dad works as a computer technic (??) at an university and he tried it out on a VM.
I'm gonna ask him if it's this one. Thanks for the video!
you know when something is serious if Microsoft updated Windows XP
for about 2 seconds when you were typing that message
you sounded like joel
Someone I knew lost very important information worth a lot of money. They had this same virus, paid the $300 in bitcoin and got everything back and the scammers were actually very friendly to work with which was odd.
You know a ransom ware is bad when Dan's video is trending
People on MSFN are saying that it is impossible for WannaCry to infect a system running from a FAT32 partition, because it relies upon NTFS to encrypt the files. Can you verify this?
Hi vvestlife
when u want kids but she not ready
O O O P S
Whoa! You're 22 on trending! Congrats!
Was waiting for this one.
Does disabling the SMB feature in Windows keeps you safe from this computer worm?
Imagine if the scammers accidentally encrypted their computers
This has actually happened allegedly, but not with this ransomware
Allegedly, the author of Rensenware, had to complete his own task (score 2 billion points on lunatic mode in TouHou) in order to decrypt his own files due to forgetting to run the program in a virtual machine.
@@ChanceOfOne344254that's partially false actually. What really happened is that he did encrypt his files, so he used cheat engine to force the score required to unlock the files. He then developed a tool which did all this automatically for those who were affected by rensenware
I've been waiting for this video
Yo dan got to the front page! Congrats dude!
greetz from @danooct1 ya boi wit da malware yoooooooooooooooooooooooooooooooooooooooooooooooooooooooo
You should've pulled a rogueamp and just posted a video of you driving in your 129° car.
"What up guys, RogueAmp here, today I heard that the worst malware attack since Conficker has finally happened. Because ransomware is totally not my specialty, I'm just gonna drive in my car and blast some E U R O B E A T"
This thing sends a chill down my spine..
as soon as I saw this in the news I knew I'd see a danooct video
my school alerted about this worm spreading and told everyone to not turn on their computer today and tomorrow, but screw it, I'm using a Mac! :p
I just realized how you don't kill your computer every time you do these videos..
virtual machine.
you're trending mang, good work
Woo i was waiting for this
Awwww i wished you'd demonstrate the 'decrypt' button. It says that you can decrypt some files for free.
That's ballsy. Running it on your own computer. Even with a VM, that's risky.
likely running it on an expendable system.
Yes I wanna crypt, thank you for asking.
I managed to share this video to some of my friends.
Finally, MS who abandon Windows XP upload the second update for Windows XPIt's seem Bill know a lot of people use Windows XP
the key is WNcry@2o17
i got infected with wannacrypt when i was younger, kind of terrifying!
Thank you for this reminder to backup my files ;P
lol i got "BEST FREE ANTIVIRUS" ad more like BEST TROYAN VIRUS amiright?
2.0 is going to be released shortly with no kill switch (Verified) The internet will be gone before the end of the year. Nokia bricks will be back in style as soon as data goes bye bye. Welcome to 1984, get comfy.
Hello from the future.
@@xbotscythe give me the overview of your world
Congrats on making it to the trending page.
WannaCrypt actually hit my local hospital, funny how it was the only one in the Greater Toronto Area to be hit.
mushroom_chicken.docx
Why did I type this comment
muchrom chickem
@@WackyH HOW
I didnt watch all the video yet but the unlock code to the virus is " WNcry@2ol7 " thumbs up to let everyone know
How did you find it?
fr? well shit lol
I'm pretty sure it's randomized for each user
It is. The key is sent from the program to an external server on execution of the payload, then removed from storage (and/or memory) on the target computer.
"WannaCryAt2017"... huh
nice job getting on trending dan!
Yay!
#21 on trending!
Good job!
we knew this would happen xD
Dont nothing to do with me kiddo
"it's rich af" xD
I was looking forward to this video
Congrats on getting on trending