Trojan.Ransom.WannaCrypt (WanaCrypt0r 2.0/WannaCry, NHS Ransomware)
Вставка
- Опубліковано 7 лис 2024
- / danooct1
/ danooct1
a few links for further (and interesting) reading: www.malwaretec...
www.theguardia...
major thanks to malwaretech team for stopping the ransomware in its tracks, xylitol for the hookup once again, and all of you who took the time to message me about the ransomware.
Thanks to the following $5+ patrons!
John Kizer
Numou
crymera
handsome jack
Thomas H Khoury
Joshua Mack
Mister Sparkly
Jade
squigly-kip
Matthew K
Alice J
Renaud Bedard
Blaise
Sleepy Owl
Rosenator
Robert G
Si Mellor
BluePolar Bearz
You know it's serious shit when obsolete software gets patched.
Are they gonna release a patch for Windows 95?
microsoft still cares about xp, so you can still use it :)
Cam No they don't
+InfernoDukem It's pretty much a fact that Windows XP is obsolete by now...
pretty sure gas stations still run XP on pumps and ATMs may also do the same
When you hit that point in your life where it wouldn't even matter if you got hit by this because worst case scenario you just lose your memes.
But my Minecraft worlds would be gone too!!!
*_*pays 0.17 BTC_**
I actually did lose my memes to ransomeware :( It was devestating... I hate those boogerheads >:(
Drachen you lose the moddig projects
Drachen I lose all my animations and backups from 2013
true my friend
If it works without the network connected, where is the decryption key saved?
It's so early into investigation, I would assume they didn't know.
I would imagine that it attempts to send it, fails, and continues to delete the key.
that's a really good question lmao
run it in sandboxie and check?
@thecomputerman100 ^this
You have a girlfriend?
Me- I used to have one, but she Ransomewhere.
ItsDustyy I laughed harder than necessary at this.
ItsDustyy
LMAO
ItsDustyy
Really? Only 10 Likes? That was freaking clever and funny!
ItsDustyy I'm laughing harder than I should be 😂😂
ItsDustyy it’s true, she ran some where, and you have to pay her or else she leaves you.
Actually, there is absolutely no point to pay the ransom. It has only 3 bitcoin addresses hardcoded into program (shown randomly) and there is no way attacker could recognize the payment was from you. Meaning there was never any intention to be able to decrypt the files.
so how do you solve this problem without resort to pay them??
*you don't*
@@White_Tiger93 wait till someone writes a decryption program and/or the decryption keys leak. I believe there is already free decryption software for WannaCry out there. Sometimes the keys needed for decryption are still in the RAM of the computer, so there might be software that can get the keys, but it only works a short time after the malware was started.
@@White_Tiger93 Restore from backup. Because you have a backup, don't you?
I was wondering can u use safe mode in this situation ???
Ooops, this comment has been encrypted!
WHERE DO I SEND MY BITCOINS?!
/b/ 28282 ah shit. my ass got encrypted as well.
Austyn LeDrew How many bit coins to decrypt it...?
Here is a key to decrypt your comment:
hssianaizbwhu72!*hwnai;#!isn8#!@62;#8$;
Error: File not found
The interesting thing about the kill-switch is that it's actually a poorly implemented sandbox test.
Malware authors want to thwart security researchers for as long as possible to delay any attempt at a countermeasure, and one technique for doing so is refusing to run in any sandboxed virtual machine environment. Sandboxes for malware often give it everything they want in order to analyze it to the fullest extent possible: for instance, if something wants to access a domain, the sandbox will give it something to connect to, whether or not it exists on the real Internet. Thus, if WannaCrypt manages to connect to a domain that it thinks doesn't exist, it'll conclude that it's being monitored and self-terminate.
Normally, malware of this kind randomly generates the domains to be checked, but the author of WannaCrypt hard-coded it into the program instead, meaning that since someone registered the domain in the real world, it always mistakenly thinks that it's being run in a VM, whether or not it actually is.
thank you for this i have been wondering for hours now and its 4am and am deep down a rabbithole
that's a super clever strategy, good thing whoever made this didn't think of that
Hey, props to Microsoft for actually releasing a patch for XP for this. Pretty ridiculous that some government systems are still running a 16 year-old unsupported OS though...
CWINDOWSsystem32 I guess it's cheaper for our stupid government
+QEproductions7 I hope they learned their lesson from this and actually hire some decent IT people and upgrade the systems to at least Windows 7...
CWINDOWSsystem32 I suppose they're too busy sitting back and waiting for their victory in the election to care about the country lol
The United States ran its entire nuclear missile command from 50 year old 8" floppy drives until like 6 months ago
My high school was still running windows 98 just 3 years ago lmao.
Lol, "It's rich af" in the Rich Text document.
@@potato_x69 "it's poor af"
this is how the civil war started
rougeamp you mean world war 3
rougeamp which civil war
The memories of WannaCrypt for me are amazing! Being only a child at the time and seeing a red screen of death, I was terrified. We subsequently had a friend come over to fix this supposed virus, but I never touched that same computer again >:c
this is what happens when you don't have Norton's Smart Firewall engaged
Here I was, thinking of you as a retro '90s-virus connoisseur. And here you are on the bleeding edge of world news.
Albeit world news that affects people with badly out of date systems...
Anyway, you're awesome. It's really neat to get to see this stuff in a context that's not dangerous or malicious in nature.
*viruses, years ago: haha i wrecked your computer, lol, you lost everything*
*viruses now: pls give me money*
NotPetya: pls give me money (wrecked your computer, lol, you lost everything anyway)
PandoTech:Hold my beer
@Floppy 6022 ???
Viruses now: MEEEEEEEMZ
@@ABC-in2le there should be a MEMZ computer epidemic
bro 200K views in 2 days god status
Damn
and now there is only still somehow 797,034 views.
Its been 4 years.... :p
@@itzameh2233 And its not so far from the 797 000 views!
They have come up with a newer version that doesn't have the killswitch. Another wave may be coming soon. Hopefully people are patched up.
7 years later lol
i remember when this was the biggest threat to your computer. feels just like yesterday, even though it was 4 years ago
Don't worry, ransomware is still going strong.
I just want to thank you because your computer virus highlight videos (especially on ransomwares) are the inspiration for my thesis on computer virus
Hey Danooct1 you should have put the blog post Microsoft put on their webpage. It's almost like a middle finger to the NSA
blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0000otkst81x2dg2rb51g3fgd0f6k There's the full blog post from their site, 8th paragraph down talks about the NSA.
Then why don't you link it???
That kind of comment is the same kind of crap you see on support forums when someone goes "found the problem it's fixed now" but never posts the solution.
Link in question:
blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
Prehistoricman
I posted a reply with a link to it, but I think it get deleted as spam. The link appears on my screen right below my comment.
Can you see it?
burrito64burrito64 nope. Try adding a space in between the link and the ".com" or something
TempleOS doesn't have this problem
too soon?
MS-DOS doesn't have this problem
templeos has the problem of being able to rewrite mbr in a line
@@potato_x69 bruh why the fuck do you hate weebs
@@potato_x69 lmao
Just a tidbit on why XP was patched. It's because of companies that still use XP tend despite the vulnerabilities. They usually set up individual contracts with Microsoft for this type of thing so that they can have some kind of extended support, although usually they have some kind of endpoint based security that filters most of the uninvited stuff. Part of it is to cut costs, or because certain applications simply won't work with newer OSes (so it's not just the OS you would be changing). There have obviously been ransomware in the past, but normally the network layers of security would be sufficient for it. This is why XP got patched despite the lack of support.
Unless you're one of these organizations, don't freakin' use XP.
Biggerboot I use XP from time to time on a dedicated retro computer. I even use Windows 98SE. It's the bomb for 3dfx games. And of course both have network shares 'cause it's convenient. The key here is that there is nothing important on it and it's offline most of the time, with Wake On Lan disabled. :p
Absolutely. If you're using it in those capacities then you obviously know what you're doing. I'm just a little worried when I see comments like "DOZ THIS MEEN XPEE IZ SPPRTD AGIN?" I mean I guess it's youtube comments and it could be sarcastic, but ultimately misinforming. :P
I actually wanna know that Mushroom Chicken recipe, if you're okay with that.
Daniel Scharn You can't have it anymore, you gotta pay 300$ in bitcoins first D:
I only got $7
Daniel Scharn how about $12?!
Daniel Scharn I'm sure they will let you have those files, that mushroom chicken recipe is needed for the greater good of humanity.
「Big Ol' Bear」 bitch coins you mean?
It's the new Captain Crunch cereal, "Oops, All Ransomware"
jokes on you I speak enchantment table
That's nice, Captain. But oh that time you fucked up and your cereal was just All Berries?
I never knew it had a killswitch. Very good; this thing actually put cancer patients' lives in danger.
Any virus that wants to get between me and my lego memes is going to get what's coming to it.
「#1 Schemer」 Megabloks FOR LIFE
lmao made my day
People on MSFN are saying that it is impossible for WannaCry to infect a system running from a FAT32 partition, because it relies upon NTFS to encrypt the files. Can you verify this?
Hi vvestlife
yes
Hey it's memz guy, when did you start watching Danooct?
Jack He is he's number one fan. :p
danooct literally did the first video out there on memz you dingdong
Hey man
CONFURMED: teh memz guyy is the cRator off waanay cripty ransomwore
#18 on Trending. My nigga Dan made it
I know, I felt so proud when I saw it.
+Tornexted No, but Matt is...
I hate the way that ransomware makes me feel... it's so creepy, it gives me this sort of "dark, doomed" vibe
This malware uses two critical flaws. One is MS13-010 that has been patched for every Windows since XP/2003 (because someone still has Vista for some reason). The second is the fact companies take ages to release updates on their computers. My school, for example, has hundreds of Win7 Pro computers. They all haven't been updated since November 2016 (and today I'll go look if they have MS13-010)
"We will decrypt your file because nobody will trust us if we cheat users" That has to be the lamest reason I've ever heard! Nobody trusts them!
That moment when you hack your own computer cause you want to erase your trash memes
The trash memes were still funnier than most new popular memes nowadays though. *cough cough ugandan knuckles cough cough*
so Windows 10 can get this Virus?.....
Woah, technology
Miley Fox Im pretty sure you can get in any version of Windows if youre opening a .exe file, however, but dont quote me on this, if you have Windows 10 with your firewall enabled and anti-virus running + all the recent updates from Microsoft, you can't get infected through the network.
only if you didn't update windows 10 with that March update. But if you did then you were safe
Auto Windows Updates.This is the only case where it helps.
*opens Rich Text Document and reads* "it's rich af"
that has killed me XD
holy shit this is the earliest ive ever been to a video ever
Muddy Bear ikr
You're not late. You're on time.
What happens with the already encrypted files if it's executed again? Does it encrypt them again or leaves them alone based on the file extension? If the latter happens, very important files could be protected by changing the file extension in anticipation.
Feels like the 90s again with these viruses.
Explicit Tech yep
and early 2000s
Someone I knew lost very important information worth a lot of money. They had this same virus, paid the $300 in bitcoin and got everything back and the scammers were actually very friendly to work with which was odd.
Was waiting for this video, thanks :D !!!
Old days
what a fun year this was at work. Having Non-windows based NAS Servers with volume level snapshots was a saving grace :D
*hears that Microsoft patched Windows XP*
Does this mean Windows XP is back? YAAAA--
*realises that's it only to prevent the ransomware and that Windows XP will never be supported ever again*
Ohhhhh. ;_;
Solution: Keep making ransomware that exploits XP. Support forever :D
Who knows, there is a possibility that one of the patches could be ported to XP again if another serious attack like this happens. There was another post EOL patch in May 2014.
NinelivesBobcat I ran windows XP pro in a virtual machine yesterday, and was soo shocked to find people actually playing the internet Microsoft games so frequently finding someone instantly. why was I shocked? so many people still use XP. even though the internet browser was buggered and wouldn't open any https links and not load others.
windows xp is the king os oses!
Dang crybabies, suck it up and update. You're missing out on basically everything.
DANOOCT IS ON TRENDING. never thought i'd see the day my dudes
you know when something is serious if Microsoft updated Windows XP
the news here in the Netherlands are just talking about this virus every time, and i was waiting for this video. now it's here. i love your content. it's really impressive and interesting to watch. keep it up
WannaCrypt actually hit my local hospital, funny how it was the only one in the Greater Toronto Area to be hit.
You know a ransom ware is bad when Dan's video is trending
i got infected with wannacrypt when i was younger, kind of terrifying!
Were you using virtual machine?
@@melonstuff9creative no. real infection
Great video, been following for about 3 years and this is hilarious
When I saw the headlines, I instantly thought "danoct1"
Danooct1 is back!!! So many memories :')
Good job NSA you provided me with the stuff to make people's lives worse. Thanks again
That Atari-esque Hava Naguila is nectar to my ears!🐱
There's this interesting tool called Ransomfree, cold you consider testing it at some point with this malware to see if it works? It basically places bait files all around your computer and when it detects a ransomware messing with it it will try and stop it.
I was looking for this video. Thanks Dan
you know shit gets real when an update for windows xp is released
I've been waiting for this.
>shows a malware that asks for money to recover your files
>outro plays a 8bit klezmer song
oy vey
You're on trending, my guy! Gratz.
mushroom_chicken.docx
Why did I type this comment
muchrom chickem
@@WackyH HOW
Congrats on making it on trending Dan !!!
greetz from @danooct1 ya boi wit da malware yoooooooooooooooooooooooooooooooooooooooooooooooooooooooo
finally!
i was eagerly waiting for this!
You should've pulled a rogueamp and just posted a video of you driving in your 129° car.
"What up guys, RogueAmp here, today I heard that the worst malware attack since Conficker has finally happened. Because ransomware is totally not my specialty, I'm just gonna drive in my car and blast some E U R O B E A T"
yes ive been waiting for this video! ive checked your profile every day since this came out
when u want kids but she not ready
O O O P S
holy shit #20 on Trending GOOD JOB danooct!
my school alerted about this worm spreading and told everyone to not turn on their computer today and tomorrow, but screw it, I'm using a Mac! :p
Congrats on getting on the top video list! Thank you for showing this one
I just realized how you don't kill your computer every time you do these videos..
virtual machine.
Yes I wanna crypt, thank you for asking.
Imagine if the scammers accidentally encrypted their computers
This has actually happened allegedly, but not with this ransomware
Allegedly, the author of Rensenware, had to complete his own task (score 2 billion points on lunatic mode in TouHou) in order to decrypt his own files due to forgetting to run the program in a virtual machine.
@@ChanceOfOne344254that's partially false actually. What really happened is that he did encrypt his files, so he used cheat engine to force the score required to unlock the files. He then developed a tool which did all this automatically for those who were affected by rensenware
My heart went-
Oops! Your files have been encrypted!🤫
for about 2 seconds when you were typing that message
you sounded like joel
I managed to share this video to some of my friends.
Finally, MS who abandon Windows XP upload the second update for Windows XPIt's seem Bill know a lot of people use Windows XP
as soon as I saw this in the news I knew I'd see a danooct video
the key is WNcry@2o17
Hell yea, danooct got trending.
Does disabling the SMB feature in Windows keeps you safe from this computer worm?
I've been waiting for this video
2.0 is going to be released shortly with no kill switch (Verified) The internet will be gone before the end of the year. Nokia bricks will be back in style as soon as data goes bye bye. Welcome to 1984, get comfy.
Hello from the future.
@@xbotscythe give me the overview of your world
Thank God I try to keep both of my computers updated
I didnt watch all the video yet but the unlock code to the virus is " WNcry@2ol7 " thumbs up to let everyone know
How did you find it?
fr? well shit lol
I'm pretty sure it's randomized for each user
It is. The key is sent from the program to an external server on execution of the payload, then removed from storage (and/or memory) on the target computer.
"WannaCryAt2017"... huh
This thing sends a chill down my spine..
Awwww i wished you'd demonstrate the 'decrypt' button. It says that you can decrypt some files for free.
Was waiting for this one.
lol i got "BEST FREE ANTIVIRUS" ad more like BEST TROYAN VIRUS amiright?
Hello there Dan (this will [or could possibly] be a text wall so you are warned, i dunno how to paragraph my sentences out):
There is another big name that got nailed by WannaCrypt as well and that is FedEx. I remember hearing about parts of their servers got encrypted by WannaCrypt as well so they lost some of their shipping data. So it wasn't just the N.H.S. in Canada that was the only big company that got nailed in the attack. It was those 2 and one more I cant think of right now and the biggest thing about this is that the USA and 76 (that is not a typo) other countries that got nailed with this ransomware making it the biggest malware attack BY A LONG-SHOT. I am unsure of who is in second place but I think it is either Sasser, ILoveYou or Melissa. Could be either of those three or I could be wrong as well (if you could tell me that would be great). and maybe make a follow-up video to this one with some ways your viewers can protect themselves from this worm and keeping their PCs safe from this worm and any other worms that may pop up in the future.
It's still active. Also even though it got halted by a 21 year old in Britan people say all the hackers have to do is rewrite the code and it can hit again.
Most likely we will see more of wannacry or more ransomeware in general because of this, not to mention both microsoft and the NSA are now fighting each other because wannacry was the NSA's cyber weapon pet and now it's gone rogue.
Who's to blame for this really? Who knows some say it's both Microsoft and the NAS's fault others are one sided and a few of my friends are saying "well shit happens, no one is impenetrable to getting hacked. They can have the best defense and protection but if one weakness is found and it wasn't notice..well to bad, hackers win.
We will never know who will be blamed and what will happen to prevent something like this from happening again, only time will tell.
Woah!! Danooct you're trending! #21 ftw
That's ballsy. Running it on your own computer. Even with a VM, that's risky.
likely running it on an expendable system.
Woo i was waiting for this
Oops! This comment has been encrypted! Send a 3 replies and I will edit this comment so you can see what I wanna say.
FRED FRED124 decryptor.exe
FRED FRED124 backupdecrypt.exe
FRED FRED124 Anti-Encryptor.exe
Even though what these hackers did was an asshole thing it's still amazing to see how a group of unidentified people sitting somewhere unknown, maybe even naked in their basements managed to hack 200k computers across 150 countries
12:50 AM notification squad what up
at home
Congrats on making it to the trending page.
good to know that danooct1 has a gf 1:14
lol yup thats me =)
PsychoFizz no daz me
no sir.
SKILLZ SKILLZ she didn't ransomware
HOLY SHIT YOU'RE TRENDING AAA
we knew this would happen xD
Dont nothing to do with me kiddo
Legend says he found out one more thing about the virus