WannaCry

1) Why are you using Windows????

2) Hi :)

i laughed when i heard it only targets windows and was sent via attachment. it gets more serious when people think it’s a good idea to run windows on equipment needed for surgery and connect it to the internet like in UK. i’ll take tin foil for 200 and the question is “when will we get better monitoring to prevent it from happening again?”. i like how microsoft blames the three letter agencies for keeping the exploit to themselves, making the happening possible in the first place.

Can someone post a link or something were explains how does this ramsomware encrypt the data?

Two encryption algorithms may be used for this specific ransomware infection. One of those is known as AES (Advanced Encryption Standard) and may be used in 128-bit of strength. It is one of the strongest ciphers and cannot be decrypted unless the criminals make a mistake in the encryption code. It may generate a symmetric key, called FEK key after encryption. This key may be the only method to decrypt the files because with it the process can be reversed.

In addition to this, another cipher known as Rivers-Shamir-Adleman or RSA is also used in combination with the AES cipher in order to generate unique public and private keys for each of the files. This makes the decryption of each file separate and very difficult and unique process.

source: sensorstechforum.com ( first DuckDuckGo hit for “wanna cry encryption method” )

Thanks!!
I’m actually learning something about cryptography and I was curious about the algorithm this malware used.
I have another question:
I as difficult as the text says to crack that key?
Can someone explain briefly how does AES encrypt the files?

It probableu uses AES256 or something like that to encrypt tje files, but what is way more interesting is of course the smb exploit it used to spread of LANs. The system administrator of my schoolhas been running all the day installing Windows updates on any computer he could find. They were probably running fresh copies of Windows 7 without any security patch installed.

AES stands for Advanced Encryption Standard, this is a symmetric cipher, which means that the key to encrypt is the same key to decrypt (as opposed with asymetric ciphers, like RSA mentionned above, that have a public key to encrypt a message and a private key to decrypt the message).

The algorithm behind AES is called Rijndael-128, which is the Rinjdael algorithm with a block size of 128 bits (I have not mentionned, but there are two types of symmetric ciphers, stream ciphers and block ciphers, AES is a block cipher). It takes in parameter a 128 bits or a 192 bits or a 256 bits key. Depending on the input it will make different operations, for example, for 192 bits and 256 bits keys, it will need a key schedule to match the 128 bits size of each block, which introduces theoretical vulnerabilities. These vulnerabilities are counterbalanced by the fact that using a biggest key will make them less vulnerable (in clear it’s still recommended to use a 256 bits key).

What AES does is that it takes a 128 bits chunk, then it applies his algorithm on this chunk to output the cipher text. To perform the encryption of something bigger than 128 bits, we can use different modes of operations (those modes of operations are not specific to AES but are generic for the block ciphers), among the most known, there are ECB, which is the baddest and should never be used (I won’t enter in the details in this post), CBC which is widely used and a very good mode of operation, CTR that’s also a very good mode of operation and GCM that’s based on CTR but adds authenticity to the message being encrypted, so it’s very used in SSL.

I hope I’ve been clear in my explanations, if you want more details, feel free to ask :)

Guys, if you still have not patched your Windows, you should do this now. The WannaCry ransomware is still active. New variant of WannaCry ransomware is able to infect 3,600 computers per hour - https://malwareless.com/new-variant-wannacry-ransomware-able-infect-3600-computers-per-hour/. If your computer is infected with this virus, don’t pay the ransom - many people who have paid Bitcoins don’t receive the decryptor. All top security companies are currently working to develop a decryption solution

i’ll take tin foil for 200 and the question is “when will we get better monitoring to prevent it from happening again?”.

i just won 200 points i guess.here in germany they already want a new, better government trojan than the last one while loosening the requirements by law ( right now lifes have to be at stake etc. ) to use it. the current draft of the law would allow government spy software in around 38 cases, now even including small crimes ( german only, but holy moly ):

https://netzpolitik.org/2017/wir-veroeffentlichen-den-gesetzentwurf-der-grossen-koalition-zum-massenhaften-einsatz-von-staatstrojanern/

You can See the Whole Details Related to Ransomware WannaCry & Also How to Remove & Get Your Encrypted Files Back Completely- www.geeksportal.in/2017/05/How-to-Remove-WannaCry-Ransomware-Completely-from-pc.html

New variant of WannaCry discovered!!!
This variant exploits the same security flaw, but stays quiet and uses your pc resources for mining crypto coins, making your device much more slower.
At least you don’t lose your photos with this… xD

As you said, it exploits the same vulnerability, but it’s not a new variant of WannaCry. This malware has existed before WannaCry and has made the PCs infected not vulnerable to WannaCry because it disables SMBv1 when it is installed so the vulnerability no longer exists on these computers.