Jump to content

Microsoft patches Windows XP to fight 'WannaCry' attacks


Jody Thornton

Recommended Posts


14 hours ago, FranceBB said:

Easeus partition master (the software I use to make partitions in XP) is also able to decrypt Wannacrypt encrypted files.

Hmmm. :dubbio:

Have you actually tested it?

Or actually READ what the actual authors wrote?

http://www.easeus.com/data-recovery/recover-decrypt-wannacrypt-encrypted-files.html

Quote


Yes, it's proven to be possible to recover WannaCrypt encrypted files, only make it clear that we're not talking about the 'encrypted' but 'original' files that were deleted by the ransomware after it finished the encryption.
 

And later:

Quote

We've explained how EaseUS Data Recovery Wizard works and rescues the files that were encrypted by WannaCrypt ransomware virus, and you must notice that deleted files recovery is simple, easy and fast, however, not including the situation in which new data has overwritten the deleted items.

Let's pray your deleted files has not been overwritten yet, so EaseUS recovery tool will do it best to help you make through the hardtime, and maximumly reduce your pain and loss.

In plain English:

Easeus software DOES NOT DECRYPT ANYTHING.

IF (and only IF) the original files, deleted after a new corresponding encrypted file was created by the malware, were NOT OVERWRITTEN, then MAYBE the software (just like ANY other deleted files recovery software) can recover the original file.


 

Obviously on a filled to the brim filesystem chances of this recovery are 0% or very near to 0%, while on an almost empty filesystem they may reach something relevant (my guess would be something like 15%, maybe 25% I doubt more than that), and clearly if you have (like it is normally on windows 7) an automatic/scheduled defrag and it has run in the meantime your chances are again tending to very low (unless - maybe - all the files were contiguous before the encryption and you can use direct carving with success, but losing paths and filenames).

jaclaz


 

Link to comment
Share on other sites

  • 2 months later...

SMB 1 vulnerability isn't a threat if u have a firewall that blocks that port.  I think the basic firewall that comes with XP blocks it and any decent router should by default.  It's a non issue.

Link to comment
Share on other sites

  • 5 months later...
1 hour ago, Sampei.Nihira said:

I have disabled the SMB1 protocol.

Others do what's best for them.

 

Good :) (both for you and for the others).

What I was missing (and still miss :dubbio:) is any connection(s) with the WannaCry/Wannacrypt patch Microsoft issued for XP wihich this thread is about :unsure:.

Most probably there is one (or more than one), but I failed to understand what this/these is/are.

jaclaz

Link to comment
Share on other sites

18 hours ago, jaclaz said:

Good :) (both for you and for the others).

What I was missing (and still miss :dubbio:) is any connection(s) with the WannaCry/Wannacrypt patch Microsoft issued for XP wihich this thread is about :unsure:.

Most probably there is one (or more than one), but I failed to understand what this/these is/are.

jaclaz

WannaCry uses the EternalBlue exploit.

https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue

Link to comment
Share on other sites

Actually, I do not understand why an old barrel is reopened. For this problem, there were even official updates for Windows XP sp3 (users who received the updates for POSReady 2009, got updates a little earlier)! 

Currently KB4012598 has been replaced by KB4041995 from 10/05/2017!

:)

Link to comment
Share on other sites

2 hours ago, heinoganda said:

Actually, I do not understand why an old barrel is reopened.

Well, that's because some users are actualy supermegaueberultraparanoid... :yes:
And, to those users I'd like to inform that tin hats have been deprecated for almost 20 years, already: cutting-edge tech is velostat, now.

Link to comment
Share on other sites

1 hour ago, dencorso said:

Well, that's because some users are actualy supermegaueberultraparanoid... :yes:

Well, I'm worried because so many old barrels can also have an unpleasant content. The following example shows fish specialty from Sweden.

:yes:

Edited by heinoganda
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...