Atak oprogramowania ransomware WannaCry z 12 maja – komentarz Kaspersky Lab

[ichito]

I jeszcze od Microsoft TechNet "Customer Guidance for WannaCrypt attacks"

[Aby zobaczyć linki, zarejestruj się tutaj]

---------------------------
edit:
Na BC znalazłem interesującą informację na temat drugiego odkrytego wariantu WannaCry...jego też da się zdezaktywować odpowiednią domeną, jak przy pierwszym wariancie

After researchers sinkholed the first kill switch domain, the group behind WannaCry took almost two days to release a new WannaCry version, which was first detected by French security researcher Benkow on Sunday morning.
After confirming  Benkow's findings, security researcher Matt Suiche intervened and registered this second domain — located at ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com — and pointed it at the same sinkhole server used for the first, discovered and registered by British security researcher MalwareTech on Friday.
This meant that despite computers getting infected with the second version of the WannaCry ransomware, the encryption process would not start, as long as the sinkhole server was in place, or security firms or sysadmins wouldn't block traffic to those two domains. As with the first version, the bulk of these computers — nearly half — were located in Russia.

[Aby zobaczyć linki, zarejestruj się tutaj]

Podobno atak może się udac też na linuksowych systemach, jeśli używa się Wine

2. Can I get affected by using Wine?

Short answer: Yes. Since Wine emulates almost every behavior of the Windows environment, the worm can actually try to find ways on how it can affect you.

[Aby zobaczyć linki, zarejestruj się tutaj]