On May 14, 2017 EC3 wrote:
> If you want to share any other prevention,
protection or awareness information with us, please do not hesitate to contact
us.
Yeah! I do. Thank you.
To prevent, protect and raise awareness, it is
necessary to estimate the damage that this virus will cause and to charge this
amount from the US Government and Microsoft.
Microsoft has created a "flaw", a port for the
NSA to spy on governments and businesses around the world. When the "software",
created by the NSA, to use that port was hacked, the NSA informed Microsoft that
it released a patch to "fix the flaw". And did it quietly, not to arouse
suspicion.
This distinguished company still tried to get
high gains with the misfortune of others by selling patch to OS prior to the W7.
Until a young Englishman created a key to unlock hijacked computers. And this
patch became free.
Do you want to criminalize the hacker who is
hijacking computers? Wrong! Be grateful to him as you should be to
Snowden.
Marilson
By honest competition and true
capitalism.
Sent: Monday, May 15, 2017 8:20 AM
Subject: anti-abuse-wg Digest, Vol 66, Issue 2
Send
anti-abuse-wg mailing list submissions to
anti-abuse-wg@ripe.net
To
subscribe or unsubscribe via the World Wide Web,
visit
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
or, via email,
send a message with subject or body 'help'
to
anti-abuse-wg-request@ripe.net
You can reach the person managing
the list at
anti-abuse-wg-owner@ripe.net
When replying, please edit
your Subject line so it is more specific
than "Re: Contents of anti-abuse-wg
digest..."
Today's Topics:
1. WannaCry Ransomware
(Richard
Leaning)
----------------------------------------------------------------------
Message:
1
Date: Mon, 15 May 2017 06:57:23 +0100
From: Richard Leaning
<rleaning@ripe.net>
To: "cooperation-wg@ripe.net"
<cooperation-wg@ripe.net>,
"anti-abuse-wg@ripe.net"
<anti-abuse-wg@ripe.net>
Subject: [anti-abuse-wg] WannaCry
Ransomware
Message-ID:
<5961E790-4494-46F4-A71C-6C34B4DDA8D0@ripe.net>
Content-Type:
text/plain; charset="utf-8"
Dear Colleagues,
The European
cybercrime centre at Europol have asked us to circulate the below. I hope you
find it useful and please forward it on to anyone who you may think will benefit
from it.
Kind regards
Richard Leaning
External
Relations
RIPE NCC
> Begin forwarded message:
>
> From: "O3 - European Cybercrime Centre (EC3)"
<o3@europol.europa.eu>
> Subject: @EXT: WannaCry Ransomware
>
Date: 14 May 2017 at 19:06:20 BST
> Cc: "Amann, Philipp"
<Philipp.Amann@europol.europa.eu>, Mounier, Gr?gory
<gregory.mounier@europol.europa.eu>, "Sanchez, Maria"
<maria.sanchez@europol.europa.eu>, "O372 Advisory Groups Support"
<O372@europol.europa.eu>
>
> Dear AG members,
>
> As you are no doubt aware, we are currently experiencing an
unprecedented ransomware attack at a global scale. The malware was detected on
12 May 2017 and has the capability to spread across networks taking advantage of
a critical exploit in a popular communication protocol used by Windows
systems.
>
> Many of you have already reached out and are
actively involved in containing this threat. However, since we believe
that the infection and propagation rate may go up on Monday when people return
to their workplaces, we would like to ask you to please help us distribute
information that can help contain this threat. To this end, we have compiled a
list of recommendations and also prepared an infographic (see attachment).
Please feel free to use this information for reaching out to your network and to
complement your advice, if and where useful.
>
>
Also, the No More Ransom (NMR) initiative, actively supported by many of you
already, remains an essential source of information. Together with you and other
partners, we will continue to update the information available via the NMR
portal, so it is important to watch this space as well.
>
>
If you want to share any other prevention, protection or awareness information
with us, please do not hesitate to contact us.
>
> Thank you
again for your continued support.
>
> Kind regards,
>
EC3 Outreach & Support
>
>
--------------------------------
>
>
If you are a victim or have reason to believe that you could be a
victim
>
> This is link provides some practical advice on how
to contain the propagation of this type of ransomware:
https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance
<https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance>
>
> The most important step involves patching the Microsoft vulnerability
(MS17-010):
>
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
<https://technet.microsoft.com/en-us/library/security/ms17-010.aspx>
>
> A patch for legacy platforms is available here:
>
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks
<https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks>
>
> In instances where it is not possible to install the patch, manage the
vulnerability becomes key. One way of doing this would be to disable the SMBv1
(Server Message Block) protocol:
>
https://support.microsoft.com/en-us/help/2696547
<https://support.microsoft.com/en-us/help/2696547>
> and/or block
SMBv1 ports on network devices [UDP 137, 138 and TCP 139, 445].
>
> Another step would be to update endpoint security and AV solutions with
the relevant hashes of the ransomware (e.g. via VirusTotal).
>
> If these steps are not possible, not starting up and/or shutting down
vulnerable systems can also prevent the propagation of this
threat.
>
> How to prevent a ransomware attack?
>
> Back-up! Back-up! Back-up! Have a backup and recovery system in place
so a ransomware infection can?t destroy your personal data forever. It?s best to
create at least two back-up copies on a regular basis: one to be stored in the
cloud (remember to use a service that makes an automatic backup of your files)
and one stored locally (portable hard drive, thumb drive, etc.). Disconnect
these when you are done and store them separately from your computer. Your
back-up copies will also come in handy should you accidentally delete a critical
file or experience a hard drive failure.
> Use robust antivirus software
to protect your system from ransomware. Always use the latest virus
definition/database and do not switch off the ?heuristic? functions as these
help the solution to catch samples of ransomware (and other type of malware)
that have not yet been formally detected.
> Keep all the software on your
computer up to date. When your operating system (OS) or applications release a
new version, install it. If the software you use offers the option of automatic
updating, enable it.
> Trust no one. Literally. Any account can be
compromised and malicious links can be sent from the accounts of friends on
social media, colleagues or an online gaming
<https://blog.kaspersky.com/teslacrypt-20-ransomware/9314/> partner. Never
open attachments in emails from someone you don?t know. Similarly, don?t open
attachments in emails from somebody you know but from whom you would not expect
to receive such as message. Cybercriminals often distribute fake email messages
that look very much like email notifications from an online store, a bank, the
police, a court or a tax collection agency, luring recipients into clicking on a
malicious link and releasing the malware into their system. If in doubt, call
the sender at a trusted phone number to confirm the legitimacy of the message
received.
> Enable the ?Show file extensions? option in the Windows
settings on your computer. This will make it much easier to spot potentially
malicious files. Stay away from file extensions like ?.exe?, ?.com?, ?.vbs? or
?.scr?. Cybercriminals can use several extensions to disguise a malicious file
as a video, photo, or document (like hot-chics.avi.exe or
report.doc.scr).
> If you discover a rogue or unknown process on your
machine, disconnect it immediately from the internet or other network
connections (such as home Wi-Fi) ? this will prevent the infection from
spreading.
>
>
>
>
>
*******************
>
> DISCLAIMER : This message is sent in
confidence and is only intended for the named recipient. If you receive this
message by mistake, you may not use, copy, distribute or forward this message,
or any part of its contents or rely upon the information contained in
it.
> Please notify the sender immediately by e-mail and delete the
relevant e-mails from any computer. This message does not constitute a
commitment by Europol unless otherwise indicated.
>
>
*******************
-------------- next part --------------
An HTML
attachment was scrubbed...
URL:
<https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20170515/23f01bda/attachment.html>
--------------
next part --------------
A non-text attachment was scrubbed...
Name:
NEW_Infographic - Ransomware_Final.pdf
Type: application/pdf
Size: 1307117
bytes
Desc: not available
URL:
<https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20170515/23f01bda/attachment.pdf>
--------------
next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20170515/23f01bda/attachment-0001.html>
--------------
next part --------------
A non-text attachment was scrubbed...
Name:
smime.p7s
Type: application/pkcs7-signature
Size: 2611 bytes
Desc: not
available
URL:
<https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20170515/23f01bda/attachment.p7s>
End
of anti-abuse-wg Digest, Vol 66, Issue
2
********************************************