Wanna Cry Ransome Cyber Attack

[BhargavJ]

I've read that the ransomware had this thing which checked whether or not it was running in a virtual environment, and if it was, it stopped working (infecting). Suppose a person was using a copy of Windows installed in VMWare, would it be possible for the host machine to get infected if the ransomware successfully infected the virtual machine, or would it be possible for the infection to skip the virtual machine entirely and jump directly to the host machine?

My Win 10 key is in the hardware itself, the UEFI BIOS or whatever it is called. Suppose I create a virtual machine and install Win 10 in it, will I need another license for that? If I use the same license, will there be a clash wherein Microsoft would detect two copies of the same license, one in the main host machine and another in the virtual one, and cancel my license?

 

[whitestar_999]

And what exactly is the practical utility of above with regard to ransomware.If one is running a VM then it needs to have internet access to get infected by ransomware but then if a virtual machine can be infected by a ransomware over internet then real system also has the same risk of getting ransomware infection because it is also using same net connection unless one intentionally wants to infect a VM to observe ransomware behaviour while keeping main host system secure by deploying various security measures.

All windows editions will require a new license for running in a VM.Also every VM has its own virtual BIOS/UEFI(depending on software & option) so one can not use same genuine embedded win key in host system to activate windows in any VM anyway.

P.S. Keep your windows & AV updated & don't click/open any attachments(even if it came from known sources) in emails without scanning it with AV first.

 

[Sarvesh]

The systems mainly affected were using older unsupported Oses such as Windows XP, 2003 & Windows 8 etc.

The mainstream Windows such as Windows 10, Windows 8.1 etc. already got the security update in March to fix the security exploit. So any current system with latest updates is already secured against Wanna Cry Ransomware.

 

[BhargavJ]

And what exactly is the practical utility of above with regard to ransomware.

The question was simply about whether or not virtualization is effective in stopping ransomware, since if the ransomware detects virtualization and stops doing its work, then virtualization has proved effective.

I'm not trying to test any malware in a virtual environment; I was just thinking of virtualization as a second layer of protection. I keep Windows and the AV updated, and I never click on unsafe links. I also use Sandboxie. If virtualization can add another layer, all the better. But it seems even virtualization is not a 100% foolproof method.

 

[whitestar_999]

It may or may not be effective depending on how complex your networking setup is hence the reply.You seem to have an impression that merely running windows in a VM is enough to stop ransomware which is not true.

 

[Zangetsu]

I'm not trying to test any malware in a virtual environment; I was just thinking of virtualization as a second layer of protection. I keep Windows and the AV updated, and I never click on unsafe links. I also use Sandboxie. If virtualization can add another layer, all the better. But it seems even virtualization is not a 100% foolproof method.

Since, u use SB..i have a query

Does the AV detects virus/worms which pops up in SB environment ?

 

[BhargavJ]

I very rarely get a virus notification from the AV. Most of the time, Kaspersky blocks suspected pages in the browser itself. The AV does scan inside the Sandboxie folder. I remember a time when I was getting a false positive for a small app from inside the Sandboxie folder, and I had to add the Sandboxie folder to the exclusions list of the AV. So yes, the AV does detect viruses in the Sandboxie folder. I'd recommend you start using it. I've read that viruses can break out of sandboxes, but most of the time, you're probably safe. You get peace of mind knowing that all your internet activity is limited to inside a box, and only stuff you permit leaves the box.

 

[kg11sgbg]

The systems mainly affected were using older unsupported Oses such as Windows XP, 2003 & Windows 8 etc.

The mainstream Windows such as Windows 10, Windows 8.1 etc. already got the security update in March to fix the security exploit. So any current system with latest updates is already secured against Wanna Cry Ransomware.

Agreed with you...@Sarvesh.
No need for worrying,to those members ,those of whom are having and running,Genuine Windows OS(7,Vista,8,8.1,10) with latest security updates + patches.