FranceBB Posted May 20, 2017 Posted May 20, 2017 Easeus partition master (the software I use to make partitions in XP) is also able to decrypt Wannacrypt encrypted files.
jaclaz Posted May 21, 2017 Posted May 21, 2017 14 hours ago, FranceBB said: Easeus partition master (the software I use to make partitions in XP) is also able to decrypt Wannacrypt encrypted files. Hmmm. Have you actually tested it? Or actually READ what the actual authors wrote? http://www.easeus.com/data-recovery/recover-decrypt-wannacrypt-encrypted-files.html Quote Yes, it's proven to be possible to recover WannaCrypt encrypted files, only make it clear that we're not talking about the 'encrypted' but 'original' files that were deleted by the ransomware after it finished the encryption. And later: Quote We've explained how EaseUS Data Recovery Wizard works and rescues the files that were encrypted by WannaCrypt ransomware virus, and you must notice that deleted files recovery is simple, easy and fast, however, not including the situation in which new data has overwritten the deleted items. Let's pray your deleted files has not been overwritten yet, so EaseUS recovery tool will do it best to help you make through the hardtime, and maximumly reduce your pain and loss. In plain English: Easeus software DOES NOT DECRYPT ANYTHING. IF (and only IF) the original files, deleted after a new corresponding encrypted file was created by the malware, were NOT OVERWRITTEN, then MAYBE the software (just like ANY other deleted files recovery software) can recover the original file. Obviously on a filled to the brim filesystem chances of this recovery are 0% or very near to 0%, while on an almost empty filesystem they may reach something relevant (my guess would be something like 15%, maybe 25% I doubt more than that), and clearly if you have (like it is normally on windows 7) an automatic/scheduled defrag and it has run in the meantime your chances are again tending to very low (unless - maybe - all the files were contiguous before the encryption and you can use direct carving with success, but losing paths and filenames). jaclaz
pointertovoid Posted August 2, 2017 Posted August 2, 2017 In the very few past hours, eBay and Paypal show the same symptoms of bad operation as during the two last attacks by Wannacrypt and its successor. Just in case a new wide attack has started, take your precautions!
Destro Posted August 6, 2017 Posted August 6, 2017 SMB 1 vulnerability isn't a threat if u have a firewall that blocks that port. I think the basic firewall that comes with XP blocks it and any decent router should by default. It's a non issue.
Guest Posted February 5, 2018 Posted February 5, 2018 https://www.bleepingcomputer.com/news/security/nsa-exploits-ported-to-work-on-all-windows-versions-released-since-windows-2000/
jaclaz Posted February 5, 2018 Posted February 5, 2018 25 minutes ago, Sampei.Nihira said: https://www.bleepingcomputer.com/news/security/nsa-exploits-ported-to-work-on-all-windows-versions-released-since-windows-2000/ And? jaclaz
Guest Posted February 7, 2018 Posted February 7, 2018 (edited) I have disabled the SMB1 protocol. Others do what's best for them. Edited February 7, 2018 by Sampei.Nihira
jaclaz Posted February 7, 2018 Posted February 7, 2018 1 hour ago, Sampei.Nihira said: I have disabled the SMB1 protocol. Others do what's best for them. Good (both for you and for the others). What I was missing (and still miss ) is any connection(s) with the WannaCry/Wannacrypt patch Microsoft issued for XP wihich this thread is about . Most probably there is one (or more than one), but I failed to understand what this/these is/are. jaclaz 1
Destro Posted February 7, 2018 Posted February 7, 2018 The biggest threat to a computer are not its vulnerabilities, it's the person using it. Unfortunately there's no way to patch human beings.
Tripredacus Posted February 8, 2018 Posted February 8, 2018 18 hours ago, jaclaz said: Good (both for you and for the others). What I was missing (and still miss ) is any connection(s) with the WannaCry/Wannacrypt patch Microsoft issued for XP wihich this thread is about . Most probably there is one (or more than one), but I failed to understand what this/these is/are. jaclaz WannaCry uses the EternalBlue exploit. https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue
heinoganda Posted February 8, 2018 Posted February 8, 2018 Actually, I do not understand why an old barrel is reopened. For this problem, there were even official updates for Windows XP sp3 (users who received the updates for POSReady 2009, got updates a little earlier)! Currently KB4012598 has been replaced by KB4041995 from 10/05/2017!
dencorso Posted February 8, 2018 Posted February 8, 2018 2 hours ago, heinoganda said: Actually, I do not understand why an old barrel is reopened. Well, that's because some users are actualy supermegaueberultraparanoid... And, to those users I'd like to inform that tin hats have been deprecated for almost 20 years, already: cutting-edge tech is velostat, now.
heinoganda Posted February 8, 2018 Posted February 8, 2018 (edited) 1 hour ago, dencorso said: Well, that's because some users are actualy supermegaueberultraparanoid... Well, I'm worried because so many old barrels can also have an unpleasant content. The following example shows fish specialty from Sweden. Edited February 8, 2018 by heinoganda 1
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now