1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware- Wana DecryptOr - Need some help

Discussion in 'BlackHat Lounge' started by Skyebug77, May 12, 2017.

  1. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,339
    Likes Received:
    1,705
    Occupation:
    Marketing
    Location:
    Portland,Or
    One of my clients machines got hit by a malicious encryptor 'Wana DecryptOr 2.0 Anyone aware of or know a program to unlock these files?
     
  2. MisterF

    MisterF Jr. VIP Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    8,207
    Likes Received:
    6,902
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
    • Thanks Thanks x 2
  3. curiouskt

    curiouskt Regular Member

    Joined:
    Apr 5, 2017
    Messages:
    235
    Likes Received:
    133
    Spain hit badly, its gone global
     
  4. proxygo

    proxygo Jr. VIP Jr. VIP

    Joined:
    Nov 2, 2008
    Messages:
    21,063
    Likes Received:
    10,570
    Gender:
    Male
    Occupation:
    PROXIES .
    Location:
    UK - ALWAYS ON BHW
    Home Page:
    if i dont no the email it goes straight in the bin dont even touch em.
    crazy sht people extorting for money
     
    • Thanks Thanks x 1
  5. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,339
    Likes Received:
    1,705
    Occupation:
    Marketing
    Location:
    Portland,Or
  6. Cad01

    Cad01 Regular Member

    Joined:
    Jul 24, 2010
    Messages:
    476
    Likes Received:
    155
    Yes it's global, many major companies here in Portugal have been attacked today.
     
  7. curiouskt

    curiouskt Regular Member

    Joined:
    Apr 5, 2017
    Messages:
    235
    Likes Received:
    133
    related question, if someone paid this ransom by bitcoin,
    1). what is guarantee?
    2). can the security forces trace the bitcoin reciever?
     
  8. ScottyDog

    ScottyDog Newbie

    Joined:
    May 7, 2016
    Messages:
    41
    Likes Received:
    15
    Gender:
    Male
    Location:
    United Kingdom
    I work for the NHS and this has affected our entire region, so much so that our hospital is turning away patients from our A+E department, not entirely sure if its specifically targeted the NHS but it seems like a pretty scummy form of ransomware, people involved with get serious jail time when caught though.
     
    • Thanks Thanks x 1
  9. Ozzyzig

    Ozzyzig Jr. VIP Jr. VIP

    Joined:
    Jun 10, 2011
    Messages:
    1,011
    Likes Received:
    531
    Occupation:
    All round cool guy
    I'm with the NHS too. In the health board I work in, nothing is actually stored on the PC, its deployed from the server. I would personally let them go fuck themselves and redeploy the OS from the server.
     
    • Thanks Thanks x 1
  10. Sophie

    Sophie Elite Member Premium Member

    Joined:
    Mar 5, 2009
    Messages:
    2,174
    Likes Received:
    3,814
    Gender:
    Female
    Occupation:
       девушка
    Whoever that douchebag is... Hell now has a spot for him/her - a VIP spot.
     
    • Thanks Thanks x 1
  11. t0mmy

    t0mmy Executive VIP Jr. VIP

    Joined:
    Jun 5, 2011
    Messages:
    6,795
    Likes Received:
    14,572
    Gender:
    Male
    Location:
    Spain
    Home Page:
  12. Ozzyzig

    Ozzyzig Jr. VIP Jr. VIP

    Joined:
    Jun 10, 2011
    Messages:
    1,011
    Likes Received:
    531
    Occupation:
    All round cool guy
    The thing that bamboozles me is that IT in the NHS is so resistant to upgrading their OS. Whilst I can appreciate first hand that a Windows update can bugger up some programs at work, it's a damn sight easier to fix a gubbed program than it is to deal with these tadgers. The PCs in my lab got updated last week and it broke a program we use daily but thankfully it was fixed pretty much right away (it was a pretty simple Access database fix).

    The thing is though, there was no internal announcement about this, but they're always sending newsletters via the internal email system about how great they are.
     
  13. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,339
    Likes Received:
    1,705
    Occupation:
    Marketing
    Location:
    Portland,Or
  14. Sophie

    Sophie Elite Member Premium Member

    Joined:
    Mar 5, 2009
    Messages:
    2,174
    Likes Received:
    3,814
    Gender:
    Female
    Occupation:
       девушка
    Hey guys, if you're using Windows you better get your Windows updated NOW.

    http://www.bbc.com/news/technology-39901382

    According to the above link, it is caused by some vulnerability issue and Microsoft did release a patch back in March to resolve it... however, it seems that many users failed to update.

    So update now, folks!
     
  15. swon

    swon Junior Member

    Joined:
    Oct 16, 2016
    Messages:
    108
    Likes Received:
    159
    Gender:
    Male
  16. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,339
    Likes Received:
    1,705
    Occupation:
    Marketing
    Location:
    Portland,Or
    • Thanks Thanks x 2
  17. swi7ch

    swi7ch Jr. VIP Jr. VIP

    Joined:
    May 13, 2012
    Messages:
    554
    Likes Received:
    145
    Last edited by a moderator: May 12, 2017
  18. Mochino

    Mochino Junior Member

    Joined:
    Jul 2, 2013
    Messages:
    118
    Likes Received:
    45
    Try googling "nomoreransom" it's a site with Most decrypting tools when your computer got infected with ransomware shit!

    Good luck
     
  19. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,339
    Likes Received:
    1,705
    Occupation:
    Marketing
    Location:
    Portland,Or

    nomoreransome.png
     
  20. davids355

    davids355 Moderator-In-Training Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,800
    Likes Received:
    8,558
    Location:
    Scotland
    Home Page:
    Yea but the NHS has how many computers ? 10k, 100k? Cost alone would be big enough but logistically everything has to work without fail. It's not like you can tweak some stuff on 100k machines if a program don't work with the new OS :)