1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware- Wana DecryptOr - Need some help

Discussion in 'BlackHat Lounge' started by Skyebug77, May 12, 2017.

  1. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,017
    Likes Received:
    1,423
    Occupation:
    Marketing
    Location:
    Portland,Or
    One of my clients machines got hit by a malicious encryptor 'Wana DecryptOr 2.0 Anyone aware of or know a program to unlock these files?
     
  2. MisterF

    MisterF Jr. VIP Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    7,160
    Likes Received:
    5,637
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
    • Thanks Thanks x 2
  3. curiouskt

    curiouskt Regular Member

    Joined:
    Apr 5, 2017
    Messages:
    235
    Likes Received:
    133
    Spain hit badly, its gone global
     
  4. proxygo

    proxygo Jr. VIP Jr. VIP

    Joined:
    Nov 2, 2008
    Messages:
    18,485
    Likes Received:
    10,070
    Occupation:
    PROVIDING PROXIES FOR GSA SCRAPING.
    Location:
    BHW
    Home Page:
    if i dont no the email it goes straight in the bin dont even touch em.
    crazy sht people extorting for money
     
    • Thanks Thanks x 1
  5. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,017
    Likes Received:
    1,423
    Occupation:
    Marketing
    Location:
    Portland,Or
  6. Cad01

    Cad01 Regular Member

    Joined:
    Jul 24, 2010
    Messages:
    476
    Likes Received:
    155
    Yes it's global, many major companies here in Portugal have been attacked today.
     
  7. curiouskt

    curiouskt Regular Member

    Joined:
    Apr 5, 2017
    Messages:
    235
    Likes Received:
    133
    related question, if someone paid this ransom by bitcoin,
    1). what is guarantee?
    2). can the security forces trace the bitcoin reciever?
     
  8. ScottyDog

    ScottyDog Newbie

    Joined:
    May 7, 2016
    Messages:
    34
    Likes Received:
    14
    Gender:
    Male
    Location:
    United Kingdom
    I work for the NHS and this has affected our entire region, so much so that our hospital is turning away patients from our A+E department, not entirely sure if its specifically targeted the NHS but it seems like a pretty scummy form of ransomware, people involved with get serious jail time when caught though.
     
    • Thanks Thanks x 1
  9. SolveMyMaze

    SolveMyMaze Jr. VIP Jr. VIP

    Joined:
    Jun 10, 2011
    Messages:
    937
    Likes Received:
    484
    I'm with the NHS too. In the health board I work in, nothing is actually stored on the PC, its deployed from the server. I would personally let them go fuck themselves and redeploy the OS from the server.
     
    • Thanks Thanks x 1
  10. Sophie

    Sophie Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    2,077
    Likes Received:
    3,616
    Gender:
    Female
    Occupation:
       девушка
    Whoever that douchebag is... Hell now has a spot for him/her - a VIP spot.
     
    • Thanks Thanks x 1
  11. t0mmy

    t0mmy Jr. Executive VIP Jr. VIP

    Joined:
    Jun 5, 2011
    Messages:
    6,654
    Likes Received:
    14,182
    Gender:
    Male
    Location:
    Spain
    Home Page:
  12. SolveMyMaze

    SolveMyMaze Jr. VIP Jr. VIP

    Joined:
    Jun 10, 2011
    Messages:
    937
    Likes Received:
    484
    The thing that bamboozles me is that IT in the NHS is so resistant to upgrading their OS. Whilst I can appreciate first hand that a Windows update can bugger up some programs at work, it's a damn sight easier to fix a gubbed program than it is to deal with these tadgers. The PCs in my lab got updated last week and it broke a program we use daily but thankfully it was fixed pretty much right away (it was a pretty simple Access database fix).

    The thing is though, there was no internal announcement about this, but they're always sending newsletters via the internal email system about how great they are.
     
  13. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,017
    Likes Received:
    1,423
    Occupation:
    Marketing
    Location:
    Portland,Or
  14. Sophie

    Sophie Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    2,077
    Likes Received:
    3,616
    Gender:
    Female
    Occupation:
       девушка
    Hey guys, if you're using Windows you better get your Windows updated NOW.

    http://www.bbc.com/news/technology-39901382

    According to the above link, it is caused by some vulnerability issue and Microsoft did release a patch back in March to resolve it... however, it seems that many users failed to update.

    So update now, folks!
     
  15. swon

    swon Junior Member

    Joined:
    Oct 16, 2016
    Messages:
    108
    Likes Received:
    158
    Gender:
    Male
  16. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,017
    Likes Received:
    1,423
    Occupation:
    Marketing
    Location:
    Portland,Or
    • Thanks Thanks x 2
  17. swi7ch

    swi7ch Jr. VIP Jr. VIP

    Joined:
    May 13, 2012
    Messages:
    539
    Likes Received:
    144
    Last edited by a moderator: May 12, 2017
  18. Mochino

    Mochino Junior Member

    Joined:
    Jul 2, 2013
    Messages:
    115
    Likes Received:
    43
    Try googling "nomoreransom" it's a site with Most decrypting tools when your computer got infected with ransomware shit!

    Good luck
     
  19. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,017
    Likes Received:
    1,423
    Occupation:
    Marketing
    Location:
    Portland,Or

    nomoreransome.png
     
  20. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,185
    Likes Received:
    7,832
    Home Page:
    Yea but the NHS has how many computers ? 10k, 100k? Cost alone would be big enough but logistically everything has to work without fail. It's not like you can tweak some stuff on 100k machines if a program don't work with the new OS :)