HomeОбразованиеRelated VideosMore From: Computerphile

Wana Decrypt0r (Wanacry Ransomware) - Computerphile

19716 ratings | 912458 views
$300 or your files are toast: Dr Pound takes a look at the latest ransomware to be doing the rounds. How Wana Decrypt0r encrypts files: https://youtu.be/pLluFxHrc30 Microsoft Blog: http://bit.ly/Computerphile-Wana_MS Professor Ross Anderson's blog: http://bit.ly/Computerphile-Wana_Ross MalwareTech's blog: http://bit.ly/Computerphile-Wana_Mal End to End Encryption: https://youtu.be/jkV1KEJGKRA Internet of Things Problems: https://youtu.be/PLiE0Nr8VOE http://www.facebook.com/computerphile https://twitter.com/computer_phile This video was filmed and edited by Sean Riley. Computer Science at the University of Nottingham: http://bit.ly/nottscomputer Computerphile is a sister project to Brady Haran's Numberphile. More at http://www.bradyharan.com
Html code for embedding videos on your blog
Text Comments (1941)
Bence Balog (3 hours ago)
Windows XP Embedded POSready is providing updates until 2019 April Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] „Installed“=dword:00000001
ANTI ASMR (1 day ago)
that shirt gave me migraine attack:(
Edward Deaney (2 days ago)
“If you’re running XP, the first thing you should do is turn off your computer because you have no business running XP” - amazing!
Evanski (8 days ago)
Why is it not called "Wanna UnCry" ? Also why is it that when ever the NSA becomes awear of a data breach or Some one tells them a huge security risk The do the opposite of there job and ignore it
cant turn off updates in windows 10???? . . are you sure about that?? *INSTALLS KALI LINUX AND TURNS OFF ALL COMPUTERS ON INTERNET*
Leon Kowarschick (18 days ago)
Laughs in templeOS
steven gaming (19 days ago)
are you dantdm
Fried Mule (27 days ago)
Just some info, it's fairly easy to block windows 10 update, so check if your pc is blocked for some types of update! The way that update are blocked do not warn you in any way, you'll think that everything is perfect. And no I won't tell how to block update! :-)
Sarainia Angelsong (27 days ago)
Windows XP was soo many years ago for me maybe 6 to 10 ish years maybe as a guess :)
CattleRustler (30 days ago)
It propogates on port 445 Close port 445
TheEndTrend (1 month ago)
6:52 As a "lone wolf" SysAdmin, this kept me up at night back in 2017...honestly pretty terrifying, the thought of ransomware worm ripping through the corporate LAN you manage! Luckily I was able to react quickly enough and get everything patched.
Aaron Judge (1 month ago)
who remembers the homemade lag-switches for mw2andalike games with a switch and cat5 cable, thats how you stop wanna cry from propagating,
Topher J (1 month ago)
I had to google what a “sandbox” or “virtual machine” was (to examine how code is being executed in a protected environment) so I really don’t know why I watch some of this stuff but holy hell I learn a lot. Thanks!
Leon Kunstek (1 month ago)
And that's why everyone shuld run MS-DOS on their pc so you can then tell the virus to go f**k himself.
MotorHead74808 (1 month ago)
I'm still rockin my Windows Vista machine. I just have a bunch of antivirus software and Opera (the last big web browser that supports Vista) to stay 'safe' online. Sadly though I'm in the process of switching to linux since my luck will run out eventually.
Addmix (1 month ago)
Imagine how surprised the guy who made wanacry when everyone everywhere was talking about it and thousands of people were paying them obscene amounts of money
Thanks for the videos... What is it about constantly setting up a left shoulder to be more up or expanded comparing to the right ...in other videos as well...:)))
Angelo Idisi (1 month ago)
America needs an NHS!
Zigr (1 month ago)
love it! awesome job with the interview mate :)
snippletrap (2 months ago)
He’s being awfully charitable to the CIA and NSA. I wonder what the odds are that Intel has installed backdoors in its microcode...for purposes of national security of course.
Martin S (2 months ago)
If I made a program which could remove this virus could I charge people for it?
Zawakawaka (2 months ago)
You can turn off windows updates(the automatic ones) simply by editing your registry. FYI Simple to do takes about 2 mins even for the computer illiterate.
Happy Man (2 months ago)
Hi everybody!Who can share references with me that will teach me how to create different kinds of viruses...because I am a "freshman" ...appreciate any anwser <3
TheReal_ist (29 days ago)
lol cute......
Chris Dannemiller (2 months ago)
One place where the cost of this can add up is in emulators. Hosting say a little Endian machine on a big Endian processor.
gooddrink7 (2 months ago)
This is me
Joel Devlin (2 months ago)
is that a walkman on your belt in 2017 because if so you are a god
Frits Rits (3 months ago)
Where does Wanacry store the private keys?
TheLT (3 months ago)
Guy still runs a Microsoft Intellimouse Explorer. :)
Fiks Anzo™ (3 months ago)
Ransomeware? Since when is the word "ransome" a thing?
Paul Morrey (3 months ago)
Great Video Thanks
Connor King (3 months ago)
12:20 ... Except TeX.
nadrojiskool (3 months ago)
Hm... Nah, I'm sure I'm still fine. If I wanted to waste my time with a new OS, I'd use something worthwhile.. like Linux. ..Computer's still running fine, though, so maybe tomorrow, 'kay? I mean, I'm definitely on Windows 10 (I see you there, Anon, don't hack me pls, ok ty).
obscenityib (3 months ago)
14:48 yes you can, and i have, so annoying
Shomz (3 months ago)
I wonder how someone didn't find a way to sue NSA for all the damage their malware had indirectly caused.
kazakh mustang (3 months ago)
computer viruses have so much in common with the actual biological viruses
Mohd Bouras (4 months ago)
Who else is annoyed by the camera position? shouldn't be in an eye level 🤔
Tony Nameless (4 months ago)
Lefty punched this guy's nose.
William J. (4 months ago)
I live in a small town, with a small hospital. The machine they use to do heart stress tests, runs on Windows 2000. SMH....
SkinnyCow (4 months ago)
Someone hacked the NSA and stole their backdoor exploits. Damn, those dudes must have a seriously large set of balls.
Elmo Victor (4 months ago)
I couldn't understand the part of the explanation about the unregistered web site, can someone explain it to me? Thank you!
EXcentriX (4 months ago)
Thats why the network stack and SMB shouldn't run with permissions, which allows them to write to the file system, nor being able to execute unsigned code. On Windows XP, the network runs under SYSTEM, which is basically sudo/root on Linux.It is above Administrator and cannot be restricted by policies. Microsoft did restrict that later down to a special user.
Fox (4 months ago)
It is possible to disable Windows Update in Windows 10. You have only to muck about with the Services (Open Services command, disable several of them)
Zanith50 (4 months ago)
Fast forward to now when a new win10 update deletes your files anyways........
The Ridgway Kids (4 months ago)
Wow. An unsolved mirror cube on your shelf. That’s a sin for cubers
Seraph (5 months ago)
If windows didn't aggressively force you to reset after an update then people wouldn't turn the updates off...
MakerInMotion (5 months ago)
So the people who paid got their data back?
David Bermudez (6 months ago)
In every website there are vulnerabilities for every Hacker’s Paradise none of safe
MICHEAL CENA (6 months ago)
Do wannacry 2.0
Monika (6 months ago)
I get WanaCry and I wanna cry
Nordic Husky (6 months ago)
I'll admit, I have disabled Windows 10 updates trough a 'bug' in Windows 10. Simply you can make it run the Windows Update service as a Guest user, preventing it from being able to run at all. The reason I did this, was about 4 months ago Microsoft force pushed a update onto my machine, which installed without my knowledge. After the update was installed, it had broken Windows entirely to the point of Windows Recovery not able to run properly as it was missing Administrator Rights. I contacted Microsoft about it, and it turned out the update was incompatible with my motherboard. As such I've lost faith in the automatic updates and rather stay vigilant on what I press / download on my computer.
Harper Chisari (6 months ago)
Nice shot kid that was one in a million
BloomSTRAD (6 months ago)
What do you mean "you have no business using Windows XP"? Many industries depend on the reliability of their programs running and at the rate Microsoft keeps dropping support for many of those essential tools they won't be able to keep up. There are also countless pieces of software we have all bought throughout the years that no longer work with newer versions of Windows.
Daniel Livingston (7 months ago)
Joe Williams (7 months ago)
How do you feel about the kernel level data mining that is built into the Windows OS?
Nordryd (7 months ago)
I want Dr. Pound to teach me Computer Science. I wish I had him when I was in college
Kevin 27 (7 months ago)
The only times i have issues with my pc when i update. So when i install windows 7 i install every update, then turn off updates. And i keep important data on an external drive.
Atif Khan (7 months ago)
compterphile ..i cant thank you enough....
Dan H (7 months ago)
Love the channel, very informative. However I disagree with the opinions stated in regards to windows 10. It is spyware plain and simple. I am aware of the vulnerabilities with using an older OS and am much more willing to be open to them instead of using the over intrusive mess that is Win10. With an older OS there is a CHANCE you could be open to an attack. With Windows 10 you are under attack from the get go.
Tony Colle (8 months ago)
It always scares me when someone says, "I'm from the government. I'm here to help. Trust me."
T. Hill (8 months ago)
I like your analogies very much.
CHRIS BRAND (8 months ago)
I still use Xp windows 2000/me /98 /NT /95 /3.1 haha 😂
jolena auvuya (8 months ago)
Mike is nefarious, you can see it in his eyes, gotta be careful of this one ^-^
berke erayabakan (8 months ago)
Dude, one of your nostril is bigger than the other one.You should see a doctor. Thumbs up btw appreciate all the work !!!
Dan Kelly (8 months ago)
Format hard drive=problem solved.
Mk (9 months ago)
"not having a recent backup" biggest mistake since 1980s. if you have no backup, you deserve getting your data wrecked at some point in your life
Pixel Plays Team (9 months ago)
I call it WannaCry, since it makes you want to cry
911gp (9 months ago)
Companies also use updates as a way for your device to become obsolete. Where should we draw the line between cheat and security ? Who gets the more profit out of the constant updates ?
richard vaughn (9 months ago)
I dont recommend having automatic updates enabled. I would rather manually do it because there have been many instances where the updates crash the system. I wait on others to find the broken updates and then install the stable updates only.
TheExileFox (9 months ago)
At the end of the video there is something that needs to be taken with a MAJOR grain of salt. you need to find the sweetspot, otherwise you will encounter issues that might actually be worse than a generic ransomware, provided you have a backup of your important data. What is the point of updating windows if there is a bug in this new flashy update that causes, lets say the WIFI card on your laptop to no longer be operational? I have already experienced this myself and got attacked verbally just because ASUS wasn't pushing driver anymore (they did for a while). But the actual chip manufacturer DO still provide a driver which is silently rejected by windows 10.
Larry Gall (9 months ago)
Has anyone seen, or does anyone know if this will look at secondary drives? (Please, no "you shouldn't chance it" replies).. I'm asking from a research point of view. Is it looking at set locations, like libraries, or is it doing a full drive scan for these file types.. If there was a .jpg file in a user defined folder in the root of C, or on a second drive (either SATA or USB), would it find and act on them? I think at this stage there should be enough info, since the video is 11 months old.
In the Pines (9 months ago)
This actually happened to me on one of my laptops. Fortunately, the info that was encrypted wasn't that important. I'm actually surprised that it isn't more common amongst other hackers as they haven't actually found a way to decrypt them afterwards, at least that I've heard of.
Marinus Bokslag (10 months ago)
You actually can turn off windows updates in windows 10, just not so easily an average user could manage.
Baldeep Birak (10 months ago)
Great insight into WCry.
TheEpiCool (10 months ago)
FrStProductions (10 months ago)
I do not believe it is ever just for the CIA to knowingly use exploits in systems without notifying the software developer. It has too many dangerous implications.
Bullwinkle Moose (10 months ago)
Microsoft Spyware Platform 10 is the one that is backdoored, not XP! I can block all the Microsoft backdoors in Windows XP but not in Windows 7/8.1 or 10 I was using XP-SP2 online without ANY MS security updates at all when wannacry hit and was not the least bit worried The antivirus expired 2 years ago and I still get ZERO persistent threats regardless of how many malware sites I visit I study malware with this machine all the time and simply block everything except firefox from getting Internet access using an aftermarket firewall Banning Flash, Java scripts, Net Framework, Silverlight & Adobe Reader will prevent the vast majority of malware blocking vulnerable ports & disabling SMB helps Use the portable "safe-XP" app to cover much of the remaining problems I Never use XP for Banking, personal information or sensitive passwords so no need to worry about exfiltration of data and I install Driveshield to make XP Read Only.... This allows me to test the effects of any malware and then simply reboot to get back to a clean machine Windows XP is safe "IF" you know what you are doing and what the limitations are However, You cannot block Government access to your computer with Spyware Platform 10 and you cannot close the backdoors It was designed as a Government Spyware Platform from the very beginning
Bullwinkle Moose (10 months ago)
The list of security tweaks I use when setting up XP is longer than what I describe here, but these are very important The thing to remember is, if you miss ANYTHING, you are completely screwed, but once it is set up correctly, it is far safer than Spyware Platform 10
Umer Raja (10 months ago)
Have the nsa taken credit for this ? Or did the media try to blame North Korea?
TheVergile (11 months ago)
ill turn off my Win XP and Win 7 installations the moment Microsoft puts out a good OS again. Had both 8 and 10 on work networks and personally I won't touch them with a 10 inch stick.
Ev3ryDay1sL3gDay (11 months ago)
when you talk about the 'old ford' analogy, you're forgetting the fact that being closed source, windows is by design vulnerable, since security research cannot be done effectively without the source. Also, when you look at old foss software, they will be the most reliable.
Ev3ryDay1sL3gDay (11 months ago)
bruh just use gnu/linux
Make N Joy (11 months ago)
Turning off windows 10 updates means choosing between ransomware or spyware.
demed13 (11 months ago)
Nice ghost cube.
Tom Misson (11 months ago)
*just wanna test* -does this work- _thanks guys_
Ravi Bhojwani (11 months ago)
well HackSOc ...Buses ....got stitched...
A personal Identifier (11 months ago)
only idiots get computer viruses, i don't even have an antivirus, because its so annoying, when you want to create a gaudox or beta bot stub and try encrypting it, your av uploads it to cloud, so guys dont use av and build your stubs then use a polymorphic encryption algorithm to get success with your net, if you need help feel free to pm me or reply so i can contact you.
DaVince21 (1 year ago)
"Ransomeware", huh? ;)
Evil Trapezium (1 year ago)
How to waste a ransomers time (or maybe not because I don't know how the process works) 1: Have back ups of your files first and before you get the ransomware 2: Get the Bitcoin 3: Email the hackers that you got the money 4: Ask for the decryption key first 5: If they say something like "We hold the cards here" reveal that you have back ups of your files already. 6: Extremely pissed off hackers and you are filthy rich. Congratulations.
Greentank11 (1 year ago)
every video I watch on chemistry or computing is from the UNI of Nottingham my home town WHY
Bob (10 months ago)
youtube's algorithm to recommend you first the videos nearby where you are based on your IP most likely
Cody Hunt (1 year ago)
11:49 yum
wolterh (1 year ago)
how come Unix-like systems were not mentioned in this video? As far as I can tell, this whole problem stems from Windows' lack of a solid filesystem permission system
Kenichi Mori (1 year ago)
slinkytreekreeper (1 year ago)
Does it take down all connected drives or just encrypt the C drive?
Joe Chief (1 year ago)
On the one hand Windows only allowing brief delays in updating is useful for security purposes to keep the system up to date. On the other hand they've made the entire update system a magic black box so that when it breaks it's near impossible to fix. One of my systems keeps just saying "Updates weren't installed, click here to fix" and clicking on the prompt just goes to the setting to configure when to do updates (which aren't working).
Connecting Windows to a network is more dangerous than @[email protected]
sonic meerkat (1 year ago)
i honestly find it hilarious that the government facilities got hacked leading to it, whatever excuse they want to use the fact still remains the damage got done and even then it's a lack of investigators that can't possibly investigate every single reported terrorist that leads to attacks happening, detection isn't the issue so the excuse falls flat.
Felix Merz (1 year ago)
I feel like it should be stressed that keeping an exploit secret is a problem not only when this exploit get leaked, but because it can be discovered at any second by someone else with malicious intent. The NSA is wronging us all in making our systems deliberately attackable to anyone who is finding the same exploits than they have.
Lambert Brother (1 year ago)
2:58 Is ransomware a worm?
Amateur Programmer (1 year ago)
Solution: ask Microsoft politely to patch it out, and include a backdoor only accepting information encrypted with their private key. If someone has access to THAT, then the NSA has bigger problems. If Microsoft says no, well then, no one is vulnerable to a piece of malware that someone was inevitably going to create were that vulerability not patched. I understand wanting to use it for legitimate purposes but hey. What idiot criminal is going to be stupid enough to run Windows? (Google "tails" to see what they _would_ use. No wait don't - that might get you on a watch list.)
Dwight House (1 year ago)
Windows 10 forcefully restarting to do updates has destroyed almost as much work and data as malware.
Mickelodian Surname (1 year ago)
There s a case here for a consumer firewall having a raid server installed. That'd screw up ransomware nicely. Although it would also annoy users as they would have to wait for the image to be redeployed after they were infected. But better annoyed at waiting around than annoyed due to encrypted files.

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.