Ransomware defense.

were

A sandbox is helpfull.

Reboot-restore-rx, or commodo time machine do have a place, especially if you do not save files to your pc or keep installing stuff - just a surfer.

In windows, make sure you can see all file extensions.

Ideally for the average user, a clean system which never sees the internet, on it install virtualbox and put your os into that and do daily snapshots, consolidating every 7 days

Also dont be in the wrong place at the wrong time... a bit like saying buy next weeks winning lotto and you will be rich - there is no crystal ball in IT.

Neil_Jones

Sandboxes are all very well but realistically most people won't want to faff around with them. I still believe applying common sense is good, as it's amazing the number of people who will go through all the rigmarole of driving a car - seatbelt, mirror, signal, manoeuvre, don't run somebody over, etc - yet become "thick" when sitting in front of a computer and take everything it says as gospel.

Jivesinger

It looks like the malware affecting the NHS can spread itself over the network from computer to computer.

So regardless of which emails the user opened or which websites they browsed, if the computer was connected to the same network as an infected computer, and didn't have the March patch, it caught the ransomware.

were

Jivesinger wrote: »

It looks like the malware affecting the NHS can spread itself over the network from computer to computer.

So regardless of which emails the user opened or which websites they browsed, if the computer was connected to the same network as an infected computer, and didn't have the March patch, it caught the ransomware.

If it is not this version or ransomware, it will be another version, this will not be the last time either. Its often a game of whack-a-mole. Traditional av products don't work if they have no signature to go on. Best you can do is attempt to mitigate for an unknown event, but this is very hit and miss.

As Neil Jones said "realistically most people won't want to faff around", and he is right. Possible solutions are often extreme, and not second nature to many people.

All of the data will be on servers, and mostlikely can be restored. The hard bit is if the virus has spread to individual PCs, to go either around and disinfect them, or just turning batches on so they get the new av pattern and auto disinfect

System

were wrote: »

All of the data will be on servers, and mostlikely can be restored.

Except the data on the servers accessible as automatically mounted shares by the infected client PC which will be also encrypted.

Stompa

MS have released a patch for W8 & XP:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Robisere

If you run Kaspersky Total Security, you can check what threats are around at any time, providing the databses are updated. Put the Kas dashboard onscreen, click "Database Update" and look for the circled "World Virus Activity Review". Click "Threats" and see that Kaspersky and Microsoft have already dealt with the WannaCry threat. The problem faced by the NHS and lots of other worldwide organisations, is self-harm: Microsoft issued a patch on March 14 and too many organisations did not take it up. The NHS has been mainly (and madly!) using Windows XP, totally unsupported by Microsoft of course. Some NHS places are using Windows 2000! Others, Windows 98! It's mad.

[IMG]http://c/users/Bob/my pictures/Kaz UpD.jpg[/IMG]

were

Tarambor wrote: »

Except the data on the servers accessible as automatically mounted shares by the infected client PC which will be also encrypted.

That should come back too. There should be system in place that could get his back in minutes, if all the data is infected, and the server team set it up correctly. Often up to a days work is lost, if someone reports it quick enough and does not leave it for days..

If it is a directly accessible share, as in \\2008_server\ware_windows_share\ or \\2008_server\e\ware\ the most ransomware will try and encrypt everything on \\2008\ . The trick is not to do it that way, so there are no direct shares to \\2008\. I would suspect these people did not do that either http://www.bbc.co.uk/news/uk-england-lincolnshire-35443434

The corrupt data will have to be deleted first, but sorting that stuff out is often not a big issue, but bringing back just the deleted/ex-infected ones takes longer though.

Neil_Jones

Jivesinger wrote: »

It looks like the malware affecting the NHS can spread itself over the network from computer to computer.

All variations of this going back to the early Cryptolock days can do this as they go off looking on the computer, then go off after connected drives (external drives, USB drives etc) and then the network connected drives - those that appear as Drive Z ("Docs on Server\Share" for example) and encrypt the entire lot.

Some can go after the unmapped network shares as well ("\\server\docs" for example) and if that is the case nothing is safe if its in a shared folder on a network with a computer under ransomware.

DavidP24

whattochoose wrote: »

In view of the NHS ransomware attacks today, which I believe have also affected many other organisations in the world, can members recommend the best defense when guarding one's own PC?
I have Kaspersky Internet Security and use Malwarebytes (free version) randomly, but is this enough?
Thank you.

Just run Windows update and DO NOT install any Language packs after.that.

Disable network discovery (I never use it anyway)

On the Start menu, point to Settings, and then click Network and Dial-up Connections. ...
Select the Client for Microsoft Networks check box, and then click Uninstall.
Follow the uninstall steps.
Select File and Printer Sharing for Microsoft Networks, and then click Uninstall.
Follow the uninstall steps.