
Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware - oferzelig
https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware/
======
nv-vn
What I still haven't had answered is how does the infection actually spread?
The bottom of this article says not to open email attachments, but also
mentions closing certain ports. Is this being activated accidentally by the
users or is it spreading by some exploit?

~~~
medmunds
"The malware spread via SMB... used by Windows machines to communicate with
file systems over a network. An infected machine would then propagate the
infection to other at-risk boxes [that have] not received the critical
MS-17-010 security patch from Microsoft which was issued on the 14th of March
... In other words, you had to be almost 2 months behind in your patch cycle
in order to get hit with this. Windows 10 machines were not subject to the
vulnerability..."

More details starting about a quarter of the way into the article.

~~~
iamcreasy
I am running Windows 10 1607 with build 14393.1198. My system update history
says the latest update was "2017-05 Cumulative Update for Windows 10 Version
1607 for x64-based Systems (KB4019472)".

How to I verify if I have MS17-010 update installed? Do I need to upgrade my
windows 10 1703(Creator's update) to get this patch automatically?

~~~
iamcreasy
If anyone is wondering these are instructions[1] to check if you have MS17-010
update, and how to stop the attack vector[2].

[1] : [https://superuser.com/questions/1208741/how-to-check-if-a-
sp...](https://superuser.com/questions/1208741/how-to-check-if-a-specific-
windows-security-update-is-installed/1208772#1208772)

[2] : [http://stackoverflow.com/questions/43952057/how-to-
protect-f...](http://stackoverflow.com/questions/43952057/how-to-protect-from-
wcrypt-wanna-cry)

------
maerF0x0
Is it possible to just refuse the bitcoins that have this wallet in the
ledger? That way they cannot spend the BTC they ransomed?

------
dreish
The article points out that the phone-home domains this ransomware uses were
generated by keyboard-mashing. Can we tell what keyboard layout was used?

~~~
oferzelig
Not really

------
rattray
It's still unclear to me why this spread so much wider & faster than other
exploits.

~~~
Omnius
As soon as one machine is infected it will use windows shares to infect any
other machine on the network that is vulnerable, without those users needing
to do anything wrong. If you're un-patched anyone on the network gets infected
you are infected.

HTH

~~~
rattray
Yes, that helped – thanks!

I had assumed that such a behavior would be common among worms; I guess
Windows security must be generally better than I'd thought.

------
gbajson
The title of this post is just annoying. "Everything you need to know...".

Really? Everything? Will anything wrong happen if I will be a bit more curious
than The Author?

