The History Of The Wanna-cry Malware Attack And What To Do [05-15-2017] WTAG-Craig Peterson
On This Episode…
Don’t cry with WannaCry. This massive cyber attack has started a scare in the internet world. But, what is this “WannaCry,” and how do we stop another cyber attack like it.
Craig joins Jim to find out more about the history of this malware attack and what to do about it.
Share This Episode
For Questions, Call or Text:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 05/15/2017
The History of the Wannacry Malware Attack and What to Do
Craig Peterson: This morning I had a good chat, of course, with Jack Heath. You might have listened to that in my podcast. I also spoke this morning with Jim Polito. And of course, we always post those here. Jim and I took a little bit of a different look at what’s been going on with this nasty, nasty piece of malware called Wannacry. How’s that for a name? And what you can do as well. Here we go.
Jim Polito: Yes, he’s usually here at Tuesdays at 8:40. And he will be here tomorrow at 8:40 but we called an audible because of what’s going on this massive cyberattack. As a matter of fact, you know at the end of Craig’s segment, Craig Peterson, our Tech Talk guru, we always give you a phone number. And then you text my name. Standard data and text rates apply. And he sends you the information we discussed plus a whole bunch of other stuff in a very simple text. Well, I was on top of this thing from the moment it hit because he did provide to people who receive his texts information. Valuable information. And he’s here now for everybody else. And maybe you want to get a pencil ready because at the end of this segment this would be a good time to get on board with Craig Peterson. Good morning sir.
Craig: Hey good morning. Yeah, I did a webinar, in fact, Friday because that’s when this thing broke open. Wow. Has it gone crazy.
Jim: Yeah. So explain to folks exactly what happened because we hear worldwide attack. What happened?
Craig: It is. Here’s what happened. Back it back a little bit. Our NSA, in their infinite wisdom, the National Security Agency decided it needs to make a software that can break into computers at will. Basically, they could get in a few different ways and there’s no way for anyone to stop it because they don’t know it’s happening.
Craig: So the NSA does that and of course being a government agency they are highly secure. There is no way any of that could ever leak out. So it leaked out and it was posted off the internet. So somebody somewhere, we’re not exactly sure yet where or who used two of these NSA hacking tools. They used some modules called Eternal Blue and Double Pulsar which is a backdoor. And they use those now to… they went out into the wild and they started infecting computers.
Craig: And we’re talking about infecting a lot of computers worldwide. Basically, every country has been infected. If you have computers, if you’re not a total third world country, your computers are vulnerable. Now, remember, two weeks ago I think it was, I warned everyone to turn off their computers for the weekend?
Craig: And I was. Mr. Peterson predicts correctly, again.
Craig: Because the stuff was leaked. We knew it was leaked. We knew how virulent it could be and how badly it could spread. So I wanted everyone to shut off their computers for the weekend. And then come Monday turn them back on and do an update. So that was two weeks ago. If you followed my advice to the letter, you were probably safe. Ok? Now there are some 200,000 or more computers that have been infected. There’s only one, I checked this morning. As of this morning, my research show there’s only one piece of antivirus software out there that actually protected against that. But if you were fully, fully patched, you’re fine. It definitely has affected businesses a lot more than home users.
Jim: Right. So that was the thing. And by the way folks, we’re talking with Craig Peterson, our Tech Talk guru. When I got up early this morning, I was reading and apparently, the Japanese had already ended business for the day on Friday. And they fired up their computers Monday morning, of course, they’re ahead of us in terms of time. And their computers were popping up and getting infected. Their business computers. People went back to work Monday morning.
Craig: Yeah. Here’s the problem. Here’s the attack vectors. First of all, we know about ransomware already. We can certainly explain it again. But what happened is you typically get an email and you open that email and you know, it’s kind of baiting you to open it somehow. You get that email and you open it up and nothing happens. Ok, well, whatever. And you go on with your day reading the Facebook and doing all the other stuff here during the day, right?
Craig: And then all of a sudden up on your screen pops this big red warning. And it covers the whole screen typically saying, “Oops. Your computer has been infected.” In fact, I have a picture of that in my homepage right now of what that looks like. And we can help you recover because we’re the good guys.
Jim: Yeah I love it. Yeah, it’s extortion.
Craig: It is. Pay us 300 bucks guys. We’ll make sure that your business doesn’t somehow catch on fire from a Molotov cocktail right?
Jim: Yeah. I mean it’s like a guy like with an auto body business goes to your driveway. Smashes your car a few times with a hammer. Then rings the doorbell and says hey, I noticed you got a problem. You want some body work done?
Craig: Yeah. It is.
Jim: Yeah. It’s exactly what it is.
Craig: So you know we’re talking about hundreds and thousands of computers here that have been infected right? And they’re asking $300 in order to get your computer unlocked if you will. Get your files unlocked. And apparently they’ve only made, I’ve heard, you know, different numbers. But it’s certainly less than $50,000. So most people aren’t paying up. Now, if you are infected by this bug, and we’ll talk in a minute too about why businesses are hit hard. If you are infected by this stuff, turn off your computer right away.
Craig: It needs to be isolated from the internet because it is going to try and spread. And then you have to restore it from backup. And then your only other option, if you can’t restore it from backup, is to, you know, forget about it. Reinstall Windows because this is a Windows only problem here. These Macs are not affected. Your iPhone’s not affected. It’s only a Windows computer. You Surface tablets, by the way, are affected. Anything with Windows. So you have to restore your computer, recreate your files or restore your files from backup. And that’s really your only option. You don’t want to pay these ransom because…
Jim: No. Right. Then they’ll say oh, by the way, you know. It’s like the mob. You know, when you borrow money from them. We’re talking with Craig Peterson, our Tech Talk guru about this big cyberattack and at the end of this segment, I’m going to give you that number again so that you can get information from him. So, Craig, the Russians. Usually, this is Eastern Europe doing this, right? That’s typically who it is.
Craig: It might be. Hey, it’s the Russian Mafia. They don’t have an Italian accent.
Craig: But it’s the same type of thing. And they are the ones that are usually attacking right?
Craig: They are not under Putin’s direction or anything else, right? In fact, this particular attack has hit Russia than anybody else. At least initially.
Craig: So it’s been very bad. Very hard on Russia. Russia expects some retribution by the way because remember who created this software that just hit Russia harder than most countries. We did.
Jim: We did.
Craig: Our National Security Agency did ok?
Craig: And then they lost it. Now businesses are getting hit hard because they have WANs, Wide Area Networks.
Jim: That’s it. Yeah.
Craig: Yeah. Exactly. So what happens is a machine gets infected. You can get infected by email. You can also get infected by two other mechanisms that have nothing to do with you doing anything other than opening up your network. So Microsoft has a protocol to allow you to remotely connect to your computer at work. That protocol has been compromised, thank you CIA, or NSA I should say. So that protocol has been compromised. So if you’re exposing that protocol to the internet, that’s one way it gets in. And then it continues to spread once it’s in your network. No matter how it got, it continues to spread via file-sharing services. So you think about a typical business. Now, I never set up my customers this way. But typical businesses do. We want a wide area network. We want to be able to go to the home office and turn on our laptops and get all our files back on the server at our office over at Timbuktu and I want to be able to get at my desktop and everything else. So they have a flat network. Once it’s got inside these networks like FedEx and Renault and many companies who won’t admit it, they got hammered. They had to shut down computers. I picked up so much business this weekend and I’m frustrated Jim to no end and so here’s what I’m doing. I had a quick webinar on Friday. This week, probably Wednesday afternoon, because I’m on jury duty. I’m not sure you know exactly when I’m going to be available. Probably Wednesday afternoon. Anyone who signs up, and I’ll tell you how to do that through my regular texting number, I’m going to walk you through how to protect yourself against these stuff. I mean I’m tired of this. I’m going to show you exactly what to do if you have Windows 7, Windows 8, Windows 10. Exactly what to do, how to do it. How to get the free software to do it. This is, I’m not charging for this. This is a public service.
Craig: And then if you are a business, I’m going to tell you what you should do. It’s only 10 bucks a month a computer. It’s cheap, ok? What to do to keep your business safe. And so we’re going to do all of that. I’ll tell you all about it. But you got to send me your email via text.
Jim: Ok. So here. Let’s do the first thing, which is get people on the Craig Peterson text list because you will get this information like on Friday, I got the thing. The webinar. They click on it and there’s the webinar. There’s Craig Peterson in the moment telling you exactly what to do. So people text my name Jim to..
Jim: One more time please Craig.
Craig: It’s 855-385-5553.
Jim: Ok. And standard data and text rates apply but he will not pester you, but he comes through when there’s a worldwide cyberattack going on. And you get a text with a link to information right away what to do and what not to do. Craig, I look forward to talking with you tomorrow and again, thank you for everything.
Craig: Alright. Thanks again Jim. Take care and I’ll let you know anyone on Jim’s list here, the insider’s list, I’ll let you know about that webinar.
Jim: Excellent. Thanks, Craig. Good information there. He is the guy. I mean, literally. I was reading news stories about it. Breaking. The breaking news and he already had put together the webinar about what to do about this. And yes, he did warn us a couple of weeks ago, I remember that.