Monday, May 15, 2017

The NSA’s Virus Can Still Destroy Your Data, Here Are 5 Ways to Make Sure It Won’t

(Claire Bernish) Thanks to the NSA’s apparent lust to know and see everything, agency-designed ransomware virus was unleashed on the planet yesterday, leaving anyone using a Windows system — corporations, governments, and even those who only post cat pictures online — vulnerable to exploitation for a price.

Related BREAKING: Massive Ransomware Attack Hits 99 Countries, and Growing -- "this is turning into the biggest cybersecurity incident I've ever seen"

Source - The Free Thought Project

by Claire Bernish, May 13th, 2017

That price — $300 in Bitcoin, increasing after a given time period — would theoretically have to be paid in order to rid the infected computer of the WanaCrypt ransomware, or the victim would lose everything on their system. Ransomware literally holds your data hostage until the fee asked by attackers is paid — but if you don’t pay, you lose everything.


WanaCrypt0r, alternately known as WanaCry, WanaCrypt, or WCry, is believed to have infected no less than 126,500 computers in 99 countries prior to the threat being partially abated — but not before it had wrought havoc on the U.K.’s National Health Service, FedEx, Spanish telecommunications company, Telefónica, and other systems around the globe.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” Splunk director of threat research, Rich Barger, told Reuters. Splunk is one of several firms who divined WanaCrypt0r’s origins with the National Security Agency.

Analysts say the particularly infectious worm exploited a Microsoft software flaw, and, although the company issued a patch in March after identifying WCry in February, not all users had updated their systems accordingly.

Cybersecurity experts worked at a fever pitch to stop the malicious worm, but it took what the Guardian termed an “accidental hero” to bring a tentative halt to the pandemonium. Reports the outlet, a Twitter user, “tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a ‘kill switch’ in the malicious software.”

He “halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.”

And payment of the $10.69 registration fee — temporary, though the end to the exploit may be — was all it took.

A significant risk could still be lurking — after all, the attackers used tools designed by the NSA, whose entire collection of older hacking tools were leaked online last month by an entity calling itself the Shadow Brokers, and WCry could yet mutate or be altered — but there are a few ways to stay safe and prevent having precious data and files wrested from you.

1. Update, update, update

As tech outlet, Tom’s Guide, notes, “If you’ve not installed the March, April or May Windows Update bundles, do so immediately. It’s worth shutting down your system for a few minutes if it gives you a chance to avoid this.”

Windows Vista users will be protected through the March or April update bundles, and Microsoft has since issued a patch for Windows XP and its 2003 server — while the company released information to help customers cope with the ransomware virus.

2. Don’t fall hook, line, or sinker

Although WanaCrypt exploits the aforementioned Windows vulnerability, people must be vigilant — as always — not to fall for online phishing schemes, as this malware could also have been spread randomly in hopes people would open email from an unfamiliar source.

Be exceedingly cautious when visiting websites and opening attachments — WanaCry could be ready to pounce. Use common sense — and pepper it with extraordinary discretion.

3. Back it up

Cybersecurity experts constantly harangue the rest of us to backup important data and files, and — while that directive might generate an eyeroll, and grumblings about time and energy — backing up one’s system is an imperative which now cannot be ignored.

Storing vital information in a secondary location, such as a USB storage stick or external hard drive, could save you tears and headaches in the long run — particularly if WCry or another variant takes control of your system. Cloud storage could be an option — depending on which cloud you use, as the original NSA leaker and insider, Edward Snowden, has warned — but would also leave your data vulnerable in other ways.

4. Get your defenses up

Install solid, reputable antivirus software — particularly one targeting ransomware — as a line of defense against the intrusion. Experts now say WanaCrypt appears to be “wormable,” which, Tom’s Guide explains, means it spreads “from system to system by itself as a computer worm, rather than relying on human interaction as a Trojan horse, or infecting desktop applications like a traditional computer virus.”

Since most antivirus software protects and updates in real time, even if the worm breaks through your defenses, RT points out, “chances are good that within a short while an automatic antivirus update will clear the intruder from your system. Most antivirus companies offer trial versions free of charge to test before subscribing for a paid service, which should be enough if one needs to urgently remove a stray malware.”

Forbes reports, “If you have up-to-date malware protection software from a reputable cybersecurity company such as Avast installed on your computer, you are probably protected. Check your cybersecurity company’s website to make sure you are. WanaCry is a world-wide, runaway threat. If your cybersecurity company’s website has nothing to say about it, don’t assume you are protected. Make sure you are running the current version of Windows.”

5. Keep your money

Perhaps the most basic instruction most analysts and security pros emphasize is also difficult for many to swallow. Don’t shell out the money they’re demanding — be it Bitcoin, dollars, gold, or any other iteration.

Of course, those holding your files hostage for money hope to exploit you in two insidious ways — first, by locking down your data, but second, through your emotional panic resultant from having your critical files abruptly unavailable. That alarm pumps you full of adrenaline, and could provoke a response which seems the simplest solution in the moment — forking over the funds.

If you do that, cybersecurity analysts say, no guarantee exists you’ll actually get your data back — and your willingness to do so could make you a target for future exploits — which, again, could be coming around anytime.

Related WikiLeaks: CIA Can Hack Cars to Carry Out “Undetectable Assassinations” – Just Like Michael Hastings

Considering the scope of the documents leaked by the Shadow Brokers, virtually anything could be possible now. This basic list will only help to an extent, and should not be considered comprehensive — nor should it be considered, of course, expert advice.

That said, the precautions offered are a bit better than leaving your system naked to malicious infection.

That “accidental hero” credited with truncating the worm’s virulent proliferation admonished the public to be wary and alert, because — although altered or ‘improved’ iterations of WanaCrypt have yet to appear online — “they will.”

“This is not over,” he told the Guardian. “The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable Windows update, update and then reboot.”
Stillness in the Storm Editor's note: Did you find a spelling error or grammar mistake? Do you think this article needs a correction or update? Or do you just have some feedback? Send us an email at with the error, headline and urlThank you for reading.

Question -- What is the goal of this website? Why do we share different sources of information that sometimes conflicts or might even be considered disinformation? 
Answer -- The primary goal of Stillness in the Storm is to help all people become better truth-seekers in a real-time boots-on-the-ground fashion. This is for the purpose of learning to think critically, discovering the truth from within—not just believing things blindly because it came from an "authority" or credible source. Instead of telling you what the truth is, we share information from many sources so that you can discern it for yourself. We focus on teaching you the tools to become your own authority on the truth, gaining self-mastery, sovereignty, and freedom in the process. We want each of you to become your own leaders and masters of personal discernment, and as such, all information should be vetted, analyzed and discerned at a personal level. We also encourage you to discuss your thoughts in the comments section of this site to engage in a group discernment process. 

"It is the mark of an educated mind to be able to entertain a thought without accepting it." – Aristotle

The opinions expressed in this article do not necessarily reflect the views of Stillness in the Storm, the authors who contribute to it, or those who follow it. 

View and Share our Images
Curious about Stillness in the Storm? 
See our About this blog - Contact Us page.

If it was not for the gallant support of readers, we could not devote so much energy into continuing this blog. We greatly appreciate any support you provide!

We hope you benefit from this not-for-profit site 

It takes hours of work every day to maintain, write, edit, research, illustrate and publish this blog. We have been greatly empowered by our search for the truth, and the work of other researchers. We hope our efforts 
to give back, with this website, helps others in gaining 
knowledge, liberation and empowerment.

"There are only two mistakes one can make along the road to truth; 
not going all the way, and not starting." — Buddha

If you find our work of value, consider making a Contribution.
This website is supported by readers like you. 

[Click on Image below to Contribute]

Support Stillness in the Storm