[CRTech] Christian Radio Tech [MSG 79900]
[Thread Prev] [-- Thread Index --] [Thread Next] [Date Prev] [-- Date Index --] [Date Next]
Re: The "Wannacry" ransomware attack
To: CRTech <crtech@crtech.org>
Subject: Re: The "Wannacry" ransomware attack
From: Mark Croom <markc@newmail.kinshipradio.org>
Date: Mon, 22 May 2017 15:45:46 +0000
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=newmail-kinshipradio-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=DojGub+fwrBXarK+Dd2a1qW/UwSyQcJeUoJljl6kYYE=; b=hh12TSy9x7/T8PQVu/FN2HQ3NSva2MwwoRSPiwDQ5VzjBd1c/KpM31uAgHO10uuV+1 +2hmJ30ax7fZ2z0b3bKkomTvmdytiymHvErh7xeQl2NQSmlW+G1DUy4iv52E4VRorKeN t2LY6ZkSoyg1usxcsuTfjZIc6pzlSPCej3Epq6an3eNJPBqUCxPe0JGZ3np0ZQA+IiX8 ro0XqLzJ4u+7O7lUYCxaVxnz3skRXiwpCZtXrifU3NMMxeaBfsVl8IHWymeYjMsICj7G HnEDuY0cTXqC03/HmRLxuMwHFxLeoTquP/JinLCfuw0RitysCvsBnfbL6XusuE89ODcu 8Bkg==
In-reply-to: <BLUPR06MB6107E8BF2DD86312D509331D1F80@BLUPR06MB610.namprd06.prod.outlook.com>
References: <CAOkhgWpEugYgB43sVPZcGpmmujQhpNTja3-roQ4NA3=FYR66RA@mail.gmail.com> <CAAkuVzNmXQ=h_2Fx7JzF3Vpjoe=GUNPOCp_bV6oso=gL-qDTCA@mail.gmail.com> <BLUPR06MB6107E8BF2DD86312D509331D1F80@BLUPR06MB610.namprd06.prod.outlook.com>
The only thing needed to stop the spread is to disconnect the network cable. So leaving the machine on to gain a chance of recovering the prime numbers hashed to create the encryption key seems a chance worth taking.

Sorry I don't have the link to the article handy at the moment but I have been to the home page of the utility that was designed for this and can confirm this is the procedure.


On Mon, May 22, 2017, 07:46 Andy Lynch <andy@myitguys.us> wrote:

Hey Stu-


Any chance you have a link for that article?  That’s the opposite of our procedure (intended to stop the spread).






From: Stu Engelke Lists [mailto:audiotoantenna@gmail.com]
Sent: Saturday, May 20, 2017 5:12 PM
To: CRTech <crtech@crtech.org>; The BROADCAST eList <broadcast@radiolists.net>

Subject: Re: [CRTech] The "Wannacry" ransomware attack


This is an external email. Please consider the risks before clicking links or opening attachments.


I read that if you get the Wanncry malware on your pc DON'T turn it off. Disconnect from the network as fast as you can.

They found that they can search memory (RAM) for the encryption key and decriypt. The utility looks for prime numbers in memory. If you turn it off that goes away.




On Mon, May 15, 2017 at 3:10 PM, Willie Barnett <wbradiolists@gmail.com> wrote:

When I discovered that MS has released a patch for XP systems, I immediately & successfully applied it to my home system! :) WHEW!!

Here is a link to the Microsoft page that makes a number of versions of their patch available...


Stu Engelke


References: The "Wannacry" ransomware attack
(Willie Barnett <wbradiolists@gmail.com>, 15 May 2017 19:11:04 -0000)
Re: The "Wannacry" ransomware attack
(Stu Engelke Lists <audiotoantenna@gmail.com>, 20 May 2017 21:12:22 -0000)
RE: The "Wannacry" ransomware attack
(Andy Lynch <andy@myitguys.us>, 22 May 2017 12:46:42 -0000)
Prev by date: RE: The "Wannacry" ransomware attack
(Andy Lynch, 22 May 2017 12:46:42 -0000)
Next by date: RE: Ntrogen Regulator
(Bill Hurne, 22 May 2017 16:17:38 -0000)
Prev by thread: RE: The "Wannacry" ransomware attack
(Andy Lynch, 22 May 2017 12:46:42 -0000)
Next by thread: Re: The "Wannacry" ransomware attack
(Stu Engelke Lists, 23 May 2017 10:07:57 -0000)