1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware- Wana DecryptOr - Need some help

Discussion in 'BlackHat Lounge' started by Skyebug77, May 12, 2017.

  1. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    1,930
    Likes Received:
    1,354
    Occupation:
    Marketing
    Location:
    Portland,Or
    One of my clients machines got hit by a malicious encryptor 'Wana DecryptOr 2.0 Anyone aware of or know a program to unlock these files?
     
  2. MisterF

    MisterF Jr. VIP Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    6,263
    Likes Received:
    4,768
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
    • Thanks Thanks x 2
  3. curiouskt

    curiouskt Regular Member

    Joined:
    Apr 5, 2017
    Messages:
    235
    Likes Received:
    123
    Spain hit badly, its gone global
     
  4. proxygo

    proxygo Jr. VIP Jr. VIP

    Joined:
    Nov 2, 2008
    Messages:
    15,675
    Likes Received:
    9,588
    Occupation:
    PROVIDING PROXIES FOR GSA SCRAPING.
    Location:
    BHW
    Home Page:
    if i dont no the email it goes straight in the bin dont even touch em.
    crazy sht people extorting for money
     
    • Thanks Thanks x 1
  5. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    1,930
    Likes Received:
    1,354
    Occupation:
    Marketing
    Location:
    Portland,Or
  6. Cad01

    Cad01 Regular Member

    Joined:
    Jul 24, 2010
    Messages:
    476
    Likes Received:
    155
    Yes it's global, many major companies here in Portugal have been attacked today.
     
  7. curiouskt

    curiouskt Regular Member

    Joined:
    Apr 5, 2017
    Messages:
    235
    Likes Received:
    123
    related question, if someone paid this ransom by bitcoin,
    1). what is guarantee?
    2). can the security forces trace the bitcoin reciever?
     
  8. ScottyDog

    ScottyDog Newbie

    Joined:
    May 7, 2016
    Messages:
    28
    Likes Received:
    14
    Gender:
    Male
    Location:
    United Kingdom
    I work for the NHS and this has affected our entire region, so much so that our hospital is turning away patients from our A+E department, not entirely sure if its specifically targeted the NHS but it seems like a pretty scummy form of ransomware, people involved with get serious jail time when caught though.
     
    • Thanks Thanks x 1
  9. SolveMyMaze

    SolveMyMaze Jr. VIP Jr. VIP

    Joined:
    Jun 10, 2011
    Messages:
    820
    Likes Received:
    430
    I'm with the NHS too. In the health board I work in, nothing is actually stored on the PC, its deployed from the server. I would personally let them go fuck themselves and redeploy the OS from the server.
     
    • Thanks Thanks x 1
  10. Sophie

    Sophie Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    2,073
    Likes Received:
    3,609
    Gender:
    Female
    Occupation:
       девушка
    Whoever that douchebag is... Hell now has a spot for him/her - a VIP spot.
     
    • Thanks Thanks x 1
  11. t0mmy

    t0mmy Jr. Executive VIP Jr. VIP

    Joined:
    Jun 5, 2011
    Messages:
    6,565
    Likes Received:
    13,898
    Gender:
    Male
    Location:
    Spain
    Home Page:
  12. SolveMyMaze

    SolveMyMaze Jr. VIP Jr. VIP

    Joined:
    Jun 10, 2011
    Messages:
    820
    Likes Received:
    430
    The thing that bamboozles me is that IT in the NHS is so resistant to upgrading their OS. Whilst I can appreciate first hand that a Windows update can bugger up some programs at work, it's a damn sight easier to fix a gubbed program than it is to deal with these tadgers. The PCs in my lab got updated last week and it broke a program we use daily but thankfully it was fixed pretty much right away (it was a pretty simple Access database fix).

    The thing is though, there was no internal announcement about this, but they're always sending newsletters via the internal email system about how great they are.
     
  13. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    1,930
    Likes Received:
    1,354
    Occupation:
    Marketing
    Location:
    Portland,Or
  14. Sophie

    Sophie Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    2,073
    Likes Received:
    3,609
    Gender:
    Female
    Occupation:
       девушка
    Hey guys, if you're using Windows you better get your Windows updated NOW.

    http://www.bbc.com/news/technology-39901382

    According to the above link, it is caused by some vulnerability issue and Microsoft did release a patch back in March to resolve it... however, it seems that many users failed to update.

    So update now, folks!
     
  15. swon

    swon Junior Member

    Joined:
    Oct 16, 2016
    Messages:
    108
    Likes Received:
    157
    Gender:
    Male
  16. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    1,930
    Likes Received:
    1,354
    Occupation:
    Marketing
    Location:
    Portland,Or
    • Thanks Thanks x 2
  17. tb303

    tb303 Power Member

    Joined:
    Dec 18, 2011
    Messages:
    734
    Likes Received:
    388
    Last edited: May 12, 2017
  18. Mochino

    Mochino Junior Member

    Joined:
    Jul 2, 2013
    Messages:
    114
    Likes Received:
    41
    Try googling "nomoreransom" it's a site with Most decrypting tools when your computer got infected with ransomware shit!

    Good luck
     
  19. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    1,930
    Likes Received:
    1,354
    Occupation:
    Marketing
    Location:
    Portland,Or

    nomoreransome.png
     
  20. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    9,831
    Likes Received:
    7,436
    Home Page:
    Yea but the NHS has how many computers ? 10k, 100k? Cost alone would be big enough but logistically everything has to work without fail. It's not like you can tweak some stuff on 100k machines if a program don't work with the new OS :)