PDA

View Full Version : current ransom attacks affect macs???



kali89
05-15-2017, 06:24 PM
hi,

so are these ransom attacks happening right now affecting macs?

b/c in the news you only hear about how Windows security flaws made this possible... I've not heard anything about macs whatsoever....

(I've been backing up my data files every day.... do they only encrypt data files or installed programs also?)

thank you...

kali89
05-15-2017, 06:26 PM
and if I were attacked, and can ignore it b/c I have my data files backed up, how do I "dismiss" them???? ;~))

thank you......

Raz0rEdge
05-15-2017, 06:34 PM
The "WannaCry" ransomware is specifically designed to target Windows computers and uses exploits developed by the NSA (go figure) to spread itself. It also exploits a network protocol problem on Windows servers as well which Microsoft has fixed with a patch. As to the nature of what is encrypted, it's everything and unless you pay the ransom, the data is likely blown away or left in an encrypted state that can't be circumvented..

Propagation of these types of malware is harder on Macs but not impossible with very sophisticated phishing schemes. Additionally, recently hackers have started compromising popular apps like the Handbrake (video encoder) installer and as such users unknowingly download a legitimate package from a Handbrake mirror that has been compromised. When installing Handbrake, you enter your password thinking it a good application, and while Handbrake is being installed, any number of malware/keyloggers and other malicious software could also be installed..

You've gotta be EXTRA vigilant these things to protect your data..

chscag
05-15-2017, 06:35 PM
Right now, as far as we know, it's a Windows only malicious attack. And of course keeping your backups up to date is always a wise move. ;D

Raz0rEdge
05-15-2017, 06:35 PM
and if I were attacked, and can ignore it b/c I have my data files backed up, how do I "dismiss" them???? ;~))

thank you......

The only recourse in this case to dismiss them is to wipe and re-install your OS and restore your backup..

kali89
05-15-2017, 07:02 PM
The only recourse in this case to dismiss them is to wipe and re-install your OS and restore your backup..

oh brother.............

(re-install OS, but not format HD, then?)

thank you... good to know this one is made just for Windows, but it's good to know these things just in case...

kali89
05-15-2017, 07:03 PM
"it's everything"

you mean installed programs also? (so installed progrs would have to be re-installed?)

thank you.......

pm-r
05-15-2017, 09:36 PM
oh brother.............

(re-install OS, but not format HD, then?)

thank you... good to know this one is made just for Windows, but it's good to know these things just in case...



I don't believe it was being suggested that you need to do any OS reinstalling at this point. And I'd doubt very much if you've been attacked if you're just running Mac OS X.

Patrick
=====

Slydude
05-15-2017, 09:47 PM
@kali89 If I were running Windows I would format the drive and reinstall the OS. That would be followed immediately by installing the most recent updates. I read that Microsoft has released patches for Windows versions all the way back to XP Server. See here (https://www.reddit.com/r/pcmasterrace/comments/6atu62/psa_massive_ransomware_campaign_wcry_is_currently/).

This seems not to be an issue for OS X right now. It could be an issue for folks who run Windows under Bootcamp, probably virtual machines as well, if they have not updated Windows.

MacInWin
05-15-2017, 10:07 PM
I've read that it only attacked XP, Vista and 8, plus the Server version. 7 and 10 are not affected. And MS had already issued updates to block it, so the victims are the ones who did NOT stay up on the updates from MS. The catalog of updates from MS at this site (http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598) only addresses 8, XP(SP3), Vista and Server (Both 2008 and 2003). MS did updates in March and again Saturday the 13th.

McBie
05-17-2017, 12:35 PM
Do current ransom attacks affect Macs ? ( Thread title )

If that is the question than the answer is yes.
If you run a Mac with Bootcamp'ed windows, your Mac might get hit.
If you run a Mac with Windows virtual machines, your Mac might get hit.

I can easily see BootCamp'ers doiing a clean install of their hacked Windows and mess up their Mac.

If the question is, will OS X / MacOs be affected, then the answer is " not that we know of currently. "

Just saying.

Cheers ... McBie

Raz0rEdge
05-17-2017, 12:46 PM
I've read that it only attacked XP, Vista and 8, plus the Server version. 7 and 10 are not affected. And MS had already issued updates to block it, so the victims are the ones who did NOT stay up on the updates from MS. The catalog of updates from MS at this site (http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598) only addresses 8, XP(SP3), Vista and Server (Both 2008 and 2003). MS did updates in March and again Saturday the 13th.

That is correct, Microsoft patched this issues a few weeks back, but with the frequency of updates, most people don't do the update. Worse yet, most companies block the auto-update from doing its work and as such those machines were all vulnerable. This has been a big problem for Microsoft for a long time, they just can't seem to get their updating strategy right.

IMO, they should released quarterly service packs (SPs) that contain a lot of fixes and provide VERY important fixes as a HOTFIX that people will give the right importance to and do the update.

I have the MS Office suite installed on my Mac and I don't use it everyday, a few times a month and I'm almost certain that EVERY time I've launched Word, Excel or PowerPoint, the auto updater has run and told me that I need to download updates for all the apps at about 150MB each. That level of frequency is just annoying..

Cr00zng
05-17-2017, 07:14 PM
@kali89 If I were running Windows I would format the drive and reinstall the OS. That would be followed immediately by installing the most recent updates. I read that Microsoft has released patches for Windows versions all the way back to XP Server. See here (https://www.reddit.com/r/pcmasterrace/comments/6atu62/psa_massive_ransomware_campaign_wcry_is_currently/).

Good advice...

Like most malware, especially on the Windows side, it starts with privileged escalation to the admin account. While reinstalling everything is in order in most cases, it takes long time. I make image backup on a daily basis and retain 4-5 days of this back up. Should there be any malware taking over the system, just restore the previous days image, takes 20-30 minutes depending on the system in question. It's not worth for hunting for and removing the malware, it's just wasted time.

Fringe benefit of image backup, it protects against hardware failure as well and recovering is quick. One would "only" loose one days data, that may or may not be acceptable...

I just wish MacOS has similar, free image backup that could be scheduled on a daily basis and restore the image, if and when needed. There are some, but nowhere as easy to use as the ones on the Windows side...


This seems not to be an issue for OS X right now. It could be an issue for folks who run Windows under Bootcamp, probably virtual machines as well, if they have not updated Windows.

I's not even an issue for Samba, the *NIX version of Microsoft SMB protocol, it only impacts MS SMB v1 and v2. You are correct that the virtual machine in MacOS running Windows is impacted. It isn't actually the MacOS, rather, the VM folder that shares the data between the Mac and Windows. Should the Windows OS be infected by a cryptoware, WannaCry or others, the content of the shared VM folder will be encrypted.