Trojan.Ransom.WannaCrypt (WanaCrypt0r 2.0/WannaCry, NHS Ransomware)
ฝัง
- เผยแพร่เมื่อ 8 ก.พ. 2025
- / danooct1
/ danooct1
a few links for further (and interesting) reading: www.malwaretec...
www.theguardia...
major thanks to malwaretech team for stopping the ransomware in its tracks, xylitol for the hookup once again, and all of you who took the time to message me about the ransomware.
Thanks to the following $5+ patrons!
John Kizer
Numou
crymera
handsome jack
Thomas H Khoury
Joshua Mack
Mister Sparkly
Jade
squigly-kip
Matthew K
Alice J
Renaud Bedard
Blaise
Sleepy Owl
Rosenator
Robert G
Si Mellor
BluePolar Bearz
You know it's serious shit when obsolete software gets patched.
Are they gonna release a patch for Windows 95?
microsoft still cares about xp, so you can still use it :)
Cam No they don't
+InfernoDukem It's pretty much a fact that Windows XP is obsolete by now...
pretty sure gas stations still run XP on pumps and ATMs may also do the same
When you hit that point in your life where it wouldn't even matter if you got hit by this because worst case scenario you just lose your memes.
But my Minecraft worlds would be gone too!!!
*_*pays 0.17 BTC_**
I actually did lose my memes to ransomeware :( It was devestating... I hate those boogerheads >:(
Drachen you lose the moddig projects
Drachen I lose all my animations and backups from 2013
true my friend
You have a girlfriend?
Me- I used to have one, but she Ransomewhere.
ItsDustyy I laughed harder than necessary at this.
ItsDustyy
LMAO
ItsDustyy
Really? Only 10 Likes? That was freaking clever and funny!
ItsDustyy I'm laughing harder than I should be 😂😂
ItsDustyy it’s true, she ran some where, and you have to pay her or else she leaves you.
The interesting thing about the kill-switch is that it's actually a poorly implemented sandbox test.
Malware authors want to thwart security researchers for as long as possible to delay any attempt at a countermeasure, and one technique for doing so is refusing to run in any sandboxed virtual machine environment. Sandboxes for malware often give it everything they want in order to analyze it to the fullest extent possible: for instance, if something wants to access a domain, the sandbox will give it something to connect to, whether or not it exists on the real Internet. Thus, if WannaCrypt manages to connect to a domain that it thinks doesn't exist, it'll conclude that it's being monitored and self-terminate.
Normally, malware of this kind randomly generates the domains to be checked, but the author of WannaCrypt hard-coded it into the program instead, meaning that since someone registered the domain in the real world, it always mistakenly thinks that it's being run in a VM, whether or not it actually is.
thank you for this i have been wondering for hours now and its 4am and am deep down a rabbithole
that's a super clever strategy, good thing whoever made this didn't think of that
Actually, there is absolutely no point to pay the ransom. It has only 3 bitcoin addresses hardcoded into program (shown randomly) and there is no way attacker could recognize the payment was from you. Meaning there was never any intention to be able to decrypt the files.
so how do you solve this problem without resort to pay them??
*you don't*
@@White_Tiger93 wait till someone writes a decryption program and/or the decryption keys leak. I believe there is already free decryption software for WannaCry out there. Sometimes the keys needed for decryption are still in the RAM of the computer, so there might be software that can get the keys, but it only works a short time after the malware was started.
@@White_Tiger93 Restore from backup. Because you have a backup, don't you?
I was wondering can u use safe mode in this situation ???
Ooops, this comment has been encrypted!
WHERE DO I SEND MY BITCOINS?!
/b/ 28282 ah shit. my ass got encrypted as well.
Austyn LeDrew How many bit coins to decrypt it...?
Here is a key to decrypt your comment:
hssianaizbwhu72!*hwnai;#!isn8#!@62;#8$;
Error: File not found
*viruses, years ago: haha i wrecked your computer, lol, you lost everything*
*viruses now: pls give me money*
NotPetya: pls give me money (wrecked your computer, lol, you lost everything anyway)
PandoTech:Hold my beer
@Floppy 6022 ???
Viruses now: MEEEEEEEMZ
@@ABC-in2le there should be a MEMZ computer epidemic
Lol, "It's rich af" in the Rich Text document.
@@potato_x69 "it's poor af"
Hey, props to Microsoft for actually releasing a patch for XP for this. Pretty ridiculous that some government systems are still running a 16 year-old unsupported OS though...
CWINDOWSsystem32 I guess it's cheaper for our stupid government
+QEproductions7 I hope they learned their lesson from this and actually hire some decent IT people and upgrade the systems to at least Windows 7...
CWINDOWSsystem32 I suppose they're too busy sitting back and waiting for their victory in the election to care about the country lol
The United States ran its entire nuclear missile command from 50 year old 8" floppy drives until like 6 months ago
My high school was still running windows 98 just 3 years ago lmao.
I just want to thank you because your computer virus highlight videos (especially on ransomwares) are the inspiration for my thesis on computer virus
Here I was, thinking of you as a retro '90s-virus connoisseur. And here you are on the bleeding edge of world news.
Albeit world news that affects people with badly out of date systems...
Anyway, you're awesome. It's really neat to get to see this stuff in a context that's not dangerous or malicious in nature.
this is how the civil war started
rougeamp you mean world war 3
rougeamp which civil war
If it works without the network connected, where is the decryption key saved?
It's so early into investigation, I would assume they didn't know.
I would imagine that it attempts to send it, fails, and continues to delete the key.
that's a really good question lmao
run it in sandboxie and check?
@thecomputerman100 ^this
The memories of WannaCrypt for me are amazing! Being only a child at the time and seeing a red screen of death, I was terrified. We subsequently had a friend come over to fix this supposed virus, but I never touched that same computer again >:c
this is what happens when you don't have Norton's Smart Firewall engaged
i remember when this was the biggest threat to your computer. feels just like yesterday, even though it was 4 years ago
Don't worry, ransomware is still going strong.
Any virus that wants to get between me and my lego memes is going to get what's coming to it.
「#1 Schemer」 Megabloks FOR LIFE
lmao made my day
It's the new Captain Crunch cereal, "Oops, All Ransomware"
jokes on you I speak enchantment table
That's nice, Captain. But oh that time you fucked up and your cereal was just All Berries?
bro 200K views in 2 days god status
Damn
and now there is only still somehow 797,034 views.
Its been 4 years.... :p
@@itzameh2233 And its not so far from the 797 000 views!
Hey Danooct1 you should have put the blog post Microsoft put on their webpage. It's almost like a middle finger to the NSA
blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0000otkst81x2dg2rb51g3fgd0f6k There's the full blog post from their site, 8th paragraph down talks about the NSA.
Then why don't you link it???
That kind of comment is the same kind of crap you see on support forums when someone goes "found the problem it's fixed now" but never posts the solution.
Link in question:
blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
Prehistoricman
I posted a reply with a link to it, but I think it get deleted as spam. The link appears on my screen right below my comment.
Can you see it?
burrito64burrito64 nope. Try adding a space in between the link and the ".com" or something
They have come up with a newer version that doesn't have the killswitch. Another wave may be coming soon. Hopefully people are patched up.
7 years later lol
Just a tidbit on why XP was patched. It's because of companies that still use XP tend despite the vulnerabilities. They usually set up individual contracts with Microsoft for this type of thing so that they can have some kind of extended support, although usually they have some kind of endpoint based security that filters most of the uninvited stuff. Part of it is to cut costs, or because certain applications simply won't work with newer OSes (so it's not just the OS you would be changing). There have obviously been ransomware in the past, but normally the network layers of security would be sufficient for it. This is why XP got patched despite the lack of support.
Unless you're one of these organizations, don't freakin' use XP.
Biggerboot I use XP from time to time on a dedicated retro computer. I even use Windows 98SE. It's the bomb for 3dfx games. And of course both have network shares 'cause it's convenient. The key here is that there is nothing important on it and it's offline most of the time, with Wake On Lan disabled. :p
Absolutely. If you're using it in those capacities then you obviously know what you're doing. I'm just a little worried when I see comments like "DOZ THIS MEEN XPEE IZ SPPRTD AGIN?" I mean I guess it's youtube comments and it could be sarcastic, but ultimately misinforming. :P
I never knew it had a killswitch. Very good; this thing actually put cancer patients' lives in danger.
I actually wanna know that Mushroom Chicken recipe, if you're okay with that.
Daniel Scharn You can't have it anymore, you gotta pay 300$ in bitcoins first D:
I only got $7
Daniel Scharn how about $12?!
Daniel Scharn I'm sure they will let you have those files, that mushroom chicken recipe is needed for the greater good of humanity.
「Big Ol' Bear」 bitch coins you mean?
I hate the way that ransomware makes me feel... it's so creepy, it gives me this sort of "dark, doomed" vibe
yes
Hey it's memz guy, when did you start watching Danooct?
Jack He is he's number one fan. :p
danooct literally did the first video out there on memz you dingdong
Hey man
CONFURMED: teh memz guyy is the cRator off waanay cripty ransomwore
This malware uses two critical flaws. One is MS13-010 that has been patched for every Windows since XP/2003 (because someone still has Vista for some reason). The second is the fact companies take ages to release updates on their computers. My school, for example, has hundreds of Win7 Pro computers. They all haven't been updated since November 2016 (and today I'll go look if they have MS13-010)
That moment when you hack your own computer cause you want to erase your trash memes
The trash memes were still funnier than most new popular memes nowadays though. *cough cough ugandan knuckles cough cough*
*opens Rich Text Document and reads* "it's rich af"
that has killed me XD
Someone I knew lost very important information worth a lot of money. They had this same virus, paid the $300 in bitcoin and got everything back and the scammers were actually very friendly to work with which was odd.
TempleOS doesn't have this problem
too soon?
MS-DOS doesn't have this problem
templeos has the problem of being able to rewrite mbr in a line
@@potato_x69 bruh why the fuck do you hate weebs
@@potato_x69 lmao
WannaCrypt actually hit my local hospital, funny how it was the only one in the Greater Toronto Area to be hit.
#18 on Trending. My nigga Dan made it
I know, I felt so proud when I saw it.
+Tornexted No, but Matt is...
i got infected with wannacrypt when i was younger, kind of terrifying!
Were you using virtual machine?
@@melonstuff9creative no. real infection
so Windows 10 can get this Virus?.....
Woah, technology
Miley Fox Im pretty sure you can get in any version of Windows if youre opening a .exe file, however, but dont quote me on this, if you have Windows 10 with your firewall enabled and anti-virus running + all the recent updates from Microsoft, you can't get infected through the network.
only if you didn't update windows 10 with that March update. But if you did then you were safe
Auto Windows Updates.This is the only case where it helps.
"We will decrypt your file because nobody will trust us if we cheat users" That has to be the lamest reason I've ever heard! Nobody trusts them!
DANOOCT IS ON TRENDING. never thought i'd see the day my dudes
holy shit this is the earliest ive ever been to a video ever
Muddy Bear ikr
You're not late. You're on time.
what a fun year this was at work. Having Non-windows based NAS Servers with volume level snapshots was a saving grace :D
Feels like the 90s again with these viruses.
Explicit Tech yep
and early 2000s
the news here in the Netherlands are just talking about this virus every time, and i was waiting for this video. now it's here. i love your content. it's really impressive and interesting to watch. keep it up
Old days
Great video, been following for about 3 years and this is hilarious
you know shit gets real when an update for windows xp is released
Was waiting for this video, thanks :D !!!
There's this interesting tool called Ransomfree, cold you consider testing it at some point with this malware to see if it works? It basically places bait files all around your computer and when it detects a ransomware messing with it it will try and stop it.
You know a ransom ware is bad when Dan's video is trending
When I saw the headlines, I instantly thought "danoct1"
I was looking for this video. Thanks Dan
you know when something is serious if Microsoft updated Windows XP
That Atari-esque Hava Naguila is nectar to my ears!🐱
>shows a malware that asks for money to recover your files
>outro plays a 8bit klezmer song
oy vey
yes ive been waiting for this video! ive checked your profile every day since this came out
People on MSFN are saying that it is impossible for WannaCry to infect a system running from a FAT32 partition, because it relies upon NTFS to encrypt the files. Can you verify this?
Hi vvestlife
Danooct1 is back!!! So many memories :')
for about 2 seconds when you were typing that message
you sounded like joel
You're on trending, my guy! Gratz.
*hears that Microsoft patched Windows XP*
Does this mean Windows XP is back? YAAAA--
*realises that's it only to prevent the ransomware and that Windows XP will never be supported ever again*
Ohhhhh. ;_;
Solution: Keep making ransomware that exploits XP. Support forever :D
Who knows, there is a possibility that one of the patches could be ported to XP again if another serious attack like this happens. There was another post EOL patch in May 2014.
NinelivesBobcat I ran windows XP pro in a virtual machine yesterday, and was soo shocked to find people actually playing the internet Microsoft games so frequently finding someone instantly. why was I shocked? so many people still use XP. even though the internet browser was buggered and wouldn't open any https links and not load others.
windows xp is the king os oses!
Dang crybabies, suck it up and update. You're missing out on basically everything.
Yes I wanna crypt, thank you for asking.
You should've pulled a rogueamp and just posted a video of you driving in your 129° car.
"What up guys, RogueAmp here, today I heard that the worst malware attack since Conficker has finally happened. Because ransomware is totally not my specialty, I'm just gonna drive in my car and blast some E U R O B E A T"
Hell yea, danooct got trending.
What happens with the already encrypted files if it's executed again? Does it encrypt them again or leaves them alone based on the file extension? If the latter happens, very important files could be protected by changing the file extension in anticipation.
Congrats on getting on the top video list! Thank you for showing this one
Good job NSA you provided me with the stuff to make people's lives worse. Thanks again
Using THAT song for this malware video was absolutely genious.
my school alerted about this worm spreading and told everyone to not turn on their computer today and tomorrow, but screw it, I'm using a Mac! :p
holy shit #20 on Trending GOOD JOB danooct!
Imagine if the scammers accidentally encrypted their computers
This has actually happened allegedly, but not with this ransomware
Allegedly, the author of Rensenware, had to complete his own task (score 2 billion points on lunatic mode in TouHou) in order to decrypt his own files due to forgetting to run the program in a virtual machine.
@@ChanceOfOne344254that's partially false actually. What really happened is that he did encrypt his files, so he used cheat engine to force the score required to unlock the files. He then developed a tool which did all this automatically for those who were affected by rensenware
Thank God I try to keep both of my computers updated
when u want kids but she not ready
O O O P S
Hello there Dan (this will [or could possibly] be a text wall so you are warned, i dunno how to paragraph my sentences out):
There is another big name that got nailed by WannaCrypt as well and that is FedEx. I remember hearing about parts of their servers got encrypted by WannaCrypt as well so they lost some of their shipping data. So it wasn't just the N.H.S. in Canada that was the only big company that got nailed in the attack. It was those 2 and one more I cant think of right now and the biggest thing about this is that the USA and 76 (that is not a typo) other countries that got nailed with this ransomware making it the biggest malware attack BY A LONG-SHOT. I am unsure of who is in second place but I think it is either Sasser, ILoveYou or Melissa. Could be either of those three or I could be wrong as well (if you could tell me that would be great). and maybe make a follow-up video to this one with some ways your viewers can protect themselves from this worm and keeping their PCs safe from this worm and any other worms that may pop up in the future.
I just realized how you don't kill your computer every time you do these videos..
virtual machine.
finally!
i was eagerly waiting for this!
greetz from @danooct1 ya boi wit da malware yoooooooooooooooooooooooooooooooooooooooooooooooooooooooo
It hit companies that hard, that the Deutsche Bahn couldn't display any train information on the digital signages for a couple of days...
Awwww i wished you'd demonstrate the 'decrypt' button. It says that you can decrypt some files for free.
I've been waiting for this.
the key is WNcry@2o17
This has been EVERYWHERE in Italy recently.
My dad works as a computer technic (??) at an university and he tried it out on a VM.
I'm gonna ask him if it's this one. Thanks for the video!
Does disabling the SMB feature in Windows keeps you safe from this computer worm?
Legend says he found out one more thing about the virus
I didnt watch all the video yet but the unlock code to the virus is " WNcry@2ol7 " thumbs up to let everyone know
How did you find it?
fr? well shit lol
I'm pretty sure it's randomized for each user
It is. The key is sent from the program to an external server on execution of the payload, then removed from storage (and/or memory) on the target computer.
"WannaCryAt2017"... huh
1:16 - subtle girlfriend shoutout! haha, seriously though, good video, been waiting for this! :)
lol subtle as a brick through a window isnt it?? ;)
mushroom_chicken.docx
Why did I type this comment
muchrom chickem
@@WackyH HOW
you know its bad when an OS from fricking 2001 dropped in 2014 gets a 2016 patch for a virus that hasn't been around that long
2.0 is going to be released shortly with no kill switch (Verified) The internet will be gone before the end of the year. Nokia bricks will be back in style as soon as data goes bye bye. Welcome to 1984, get comfy.
Hello from the future.
@@xbotscythe give me the overview of your world
My heart went-
Oops! Your files have been encrypted!🤫
lol i got "BEST FREE ANTIVIRUS" ad more like BEST TROYAN VIRUS amiright?
Thank you for this reminder to backup my files ;P
That's ballsy. Running it on your own computer. Even with a VM, that's risky.
likely running it on an expendable system.
as soon as I saw this in the news I knew I'd see a danooct video
Finally, MS who abandon Windows XP upload the second update for Windows XPIt's seem Bill know a lot of people use Windows XP
Woah!! Danooct you're trending! #21 ftw
Oops! This comment has been encrypted! Send a 3 replies and I will edit this comment so you can see what I wanna say.
FRED FRED124 decryptor.exe
FRED FRED124 backupdecrypt.exe
FRED FRED124 Anti-Encryptor.exe
Congrats on making it on trending Dan !!!
It's a 3 and a half meg file for god's sake. How could anyone mistake it for some stupid Word document about Mrs Noggins' gynaecology results or whatever?
My computing reports are Word documents that can get over 10 MB in size frequently.
Well if you do insist on embedding that many images...
Word processors were never meant to be used as they are today. It's frankly an insult to the early software that they're so "abused" nowadays. Correct layout procedures and vector graphics only should be how it's done but will people listen to me? Will they heck. #oldpedant
this malware spreads not just by clicking an exe, also via networks. it is possible that a user did not have to peform any action and get hit with this.
MagikGimp r/iamverysmart
I managed to share this video to some of my friends.
It's still active. Also even though it got halted by a 21 year old in Britan people say all the hackers have to do is rewrite the code and it can hit again.
Most likely we will see more of wannacry or more ransomeware in general because of this, not to mention both microsoft and the NSA are now fighting each other because wannacry was the NSA's cyber weapon pet and now it's gone rogue.
Who's to blame for this really? Who knows some say it's both Microsoft and the NAS's fault others are one sided and a few of my friends are saying "well shit happens, no one is impenetrable to getting hacked. They can have the best defense and protection but if one weakness is found and it wasn't notice..well to bad, hackers win.
We will never know who will be blamed and what will happen to prevent something like this from happening again, only time will tell.
I saw the exact same Ransomware on TV literally 2 days ago (Saturday)
12:50 AM notification squad what up
at home
There was a government minister on BBC Breakfast this morning who recommended not paying the ransom and I was sort of "yeah, only if you don't have anything scrambled that you that you can't get back!" which considering this ransomware affected any Windows version that wasn't Windows 10 (ie XP, 7 and 8.x) meant that even I reckoned it could have affected anything stored on OneDrive which is installable on Windows 7 and built in to Windows 8.
I didn't know it seeked out computers over the LAN. That makes it worse.
Also, the BBC didn't mention that the malware infected computers through a flaw known as Eternal Blue which apparently has been used by the NSA to attack systems, the British media was too busy saying how shit the NHS was for still using Windows XP, which of course prompted every political party to promise to spend billions on the NHS, what with the NHS being a branch of the government and us having an election this June.
Yeah, a flaw that has been there since XP which was only just patched this March... are you really telling me that Windows 10 didn't have this flaw? Are you also telling me that Windows 10 (which wasn't targetted) also wasn't patched? It's way too easy to go all conspiracy theorist on this shit.
Wasn’t that flaw discovered in a controlled environment to merely test systems for weakness?