We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Ransomware defense.
Options
Comments
-
A sandbox is helpfull.
Reboot-restore-rx, or commodo time machine do have a place, especially if you do not save files to your pc or keep installing stuff - just a surfer.
In windows, make sure you can see all file extensions.
Ideally for the average user, a clean system which never sees the internet, on it install virtualbox and put your os into that and do daily snapshots, consolidating every 7 days
Also dont be in the wrong place at the wrong time... a bit like saying buy next weeks winning lotto and you will be rich - there is no crystal ball in IT.0 -
Sandboxes are all very well but realistically most people won't want to faff around with them. I still believe applying common sense is good, as it's amazing the number of people who will go through all the rigmarole of driving a car - seatbelt, mirror, signal, manoeuvre, don't run somebody over, etc - yet become "thick" when sitting in front of a computer and take everything it says as gospel.0
-
It looks like the malware affecting the NHS can spread itself over the network from computer to computer.
So regardless of which emails the user opened or which websites they browsed, if the computer was connected to the same network as an infected computer, and didn't have the March patch, it caught the ransomware.0 -
Jivesinger wrote: »It looks like the malware affecting the NHS can spread itself over the network from computer to computer.
So regardless of which emails the user opened or which websites they browsed, if the computer was connected to the same network as an infected computer, and didn't have the March patch, it caught the ransomware.
If it is not this version or ransomware, it will be another version, this will not be the last time either. Its often a game of whack-a-mole. Traditional av products don't work if they have no signature to go on. Best you can do is attempt to mitigate for an unknown event, but this is very hit and miss.
As Neil Jones said "realistically most people won't want to faff around", and he is right. Possible solutions are often extreme, and not second nature to many people.
All of the data will be on servers, and mostlikely can be restored. The hard bit is if the virus has spread to individual PCs, to go either around and disinfect them, or just turning batches on so they get the new av pattern and auto disinfect0 -
All of the data will be on servers, and mostlikely can be restored.
Except the data on the servers accessible as automatically mounted shares by the infected client PC which will be also encrypted.This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com0 -
MS have released a patch for W8 & XP:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/Stompa0 -
If you run Kaspersky Total Security, you can check what threats are around at any time, providing the databses are updated. Put the Kas dashboard onscreen, click "Database Update" and look for the circled "World Virus Activity Review". Click "Threats" and see that Kaspersky and Microsoft have already dealt with the WannaCry threat. The problem faced by the NHS and lots of other worldwide organisations, is self-harm: Microsoft issued a patch on March 14 and too many organisations did not take it up. The NHS has been mainly (and madly!) using Windows XP, totally unsupported by Microsoft of course. Some NHS places are using Windows 2000! Others, Windows 98! It's mad.
[IMG]http://c/users/Bob/my pictures/Kaz UpD.jpg[/IMG]I think this job really needs
a much bigger hammer.
0 -
Except the data on the servers accessible as automatically mounted shares by the infected client PC which will be also encrypted.
If it is a directly accessible share, as in \\2008_server\ware_windows_share\ or \\2008_server\e\ware\ the most ransomware will try and encrypt everything on \\2008\ . The trick is not to do it that way, so there are no direct shares to \\2008\. I would suspect these people did not do that either http://www.bbc.co.uk/news/uk-england-lincolnshire-35443434
The corrupt data will have to be deleted first, but sorting that stuff out is often not a big issue, but bringing back just the deleted/ex-infected ones takes longer though.0 -
Jivesinger wrote: »It looks like the malware affecting the NHS can spread itself over the network from computer to computer.
All variations of this going back to the early Cryptolock days can do this as they go off looking on the computer, then go off after connected drives (external drives, USB drives etc) and then the network connected drives - those that appear as Drive Z ("Docs on Server\Share" for example) and encrypt the entire lot.
Some can go after the unmapped network shares as well ("\\server\docs" for example) and if that is the case nothing is safe if its in a shared folder on a network with a computer under ransomware.0 -
whattochoose wrote: »In view of the NHS ransomware attacks today, which I believe have also affected many other organisations in the world, can members recommend the best defense when guarding one's own PC?
I have Kaspersky Internet Security and use Malwarebytes (free version) randomly, but is this enough?
Thank you.
Just run Windows update and DO NOT install any Language packs after.that.
Disable network discovery (I never use it anyway)
On the Start menu, point to Settings, and then click Network and Dial-up Connections. ...
Select the Client for Microsoft Networks check box, and then click Uninstall.
Follow the uninstall steps.
Select File and Printer Sharing for Microsoft Networks, and then click Uninstall.
Follow the uninstall steps.Thanks, don't you just hate people with sigs !0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards