Gregory Hanis gregtampa

## Wannacrypt0r-FACTSHEET.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                gregtampa
                / Wannacrypt0r-FACTSHEET.md
            
            
              Created
              May 15, 2017 17:16
                — forked from rain-1/Wannacrypt0r-FACTSHEET.md
            
          
    WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm


Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

  
## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                gregtampa
                / keybase.md
            
            
              Created
              June 2, 2015 22:37
            
          
    Keybase proof

I hereby claim:

I am gregtampa on github.
I am mobman (https://keybase.io/mobman) on keybase.
I have a public key whose fingerprint is 81CF BA64 6507 451A 261B  7CEB E66A 4C3E 194E 71AD

To claim this, I am signing this object: