We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Ransomware defense.

Options
12346

Comments

  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Fifth Anniversary 1,000 Posts Name Dropper Photogenic
    wingates wrote: »
    <snip> Any advice?


    Ditch Vista
  • psychic_teabag
    psychic_teabag Posts: 2,865 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    Tarambor wrote: »
    Unfortunately the kernel is the least of your worries. More of a problem is the graphical server and the desktop manager, other packages which your application may rely on which have been regressed and configuration file relocations in newer versions of Linux distros. Even some CLI bash commands commonly used a few years ago can no longer be found in some distros. An example would be ifconfig which is one I recently came across in Arch Linux that no longer exists because the distro dropped it as a default part of the distribution quite some time ago.

    That was entirely my point : you can upgrade the kernel to fix security flaws at that level without touching the usermode stuff at all. Because of the backwards compatilbitly of the kernel interfaces, all the old user-mode software should (ideally) continue to run just fine.

    yes, there can also be flaws in the user-mode stuff, but they *tend* not to be able to do systemic damage.
  • psychic_teabag
    psychic_teabag Posts: 2,865 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    esuhl wrote: »
    If the NHS were going to use GNU/Linux, they'd develop their own custom distro. So it would be up to them if they wanted to stick with one package or migrate to another.

    Hmm - I had heard that one of the big problems is "the NHS" is now just a loose collection of independent trusts who do their own thing. Each was now responsible for making its own arrangements with MS for XP support, for example.

    Is there still a central bit of NHS that could make their own linux distro. (With the trusts as clients all with different demands - some demanding that nothing change, others wanting the latest and greatest of everything.)

    EDIT: this should probably be in the specific NHS security thread, rather generic thread about ransomware.
  • 50Twuncle
    50Twuncle Posts: 10,763 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    Does this ENCRYPTION software, make your HDD a placemat (ie is it non-recoverable - by formatting and reinstalling Windows) ? Nope !!
    THEN BACK UP REGULARLY !!
    If you are hit - it should be a simple job to recover your data
    Or try a VIRTUALBOX virtual disk - if that gets hit - your main partition is safe - you simply delete the Virtual Disk and start again !
  • Jivesinger
    Jivesinger Posts: 1,221 Forumite
    Ninth Anniversary Combo Breaker
    50Twuncle wrote: »
    Or try a VIRTUALBOX virtual disk - if that gets hit - your main partition is safe - you simply delete the Virtual Disk and start again !
    I wouldn't bank on it - you can access the IP address of the host computer from within a VirtualBox session, and the worm which caused the fuss this week uses IP addresses to spread itself to any networked computer without the patch.

    Once a computer on the network is infected, any networked computer can be infected - no-one needs to click on an infected email or link or similar.

    It's possible that VirtualBox has some technology to stop this sort of SMB1 traffic, but as I said, I wouldn't bank on it.
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Fifth Anniversary 1,000 Posts Name Dropper Photogenic
    It is trivial to disable SMBv1 with a 2 line batch file
  • novirus
    novirus Posts: 2 Newbie
    this is not for you home PC
    In a company setting you need to get rid of everyone group, enable restore points, enable dfs and publish all your shares to DFS, never use the share name, but use the dfs name. Yes it may not catch everything

    for you home PC
    On a very separate PCs, one being virtual and one could be linux. no network connection between the two. every day do a snapshot on the vm
  • jshm2
    jshm2 Posts: 477 Forumite
    Ninth Anniversary 100 Posts Name Dropper Combo Breaker
    The quickest way to stop 90% of ransomware/malware is to have group policy setup to stop programs running in your working app directories.

    This way, nothing runs in "drive by" or in attachments until you actually save it elsewhere and load it. There are many people dumb enough to click attachments and links they don't know. At least this way no code runs with them doing so.

    The NHS (like most multi site corporate networks) has the end users as "admins" by default on the machines and no group policies setup. Hence an infection on one is going to spread pretty quick. Rather ironic than it would happen to an organisation which should know a lot about infection vectors and containment.
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Fifth Anniversary 1,000 Posts Name Dropper Photogenic
    jshm2 wrote: »
    The NHS (like most multi site corporate networks) has the end users as "admins" by default on the machines and no group policies setup. Hence an infection on one is going to spread pretty quick.


    No, no they dont . Not atall. Not one little bit.
    Neither the NHS or ANY multisite corperate network !!


    You may get the odd remote VPN worker set up as admin but thats it ..



    No group policy ???? What networks have you been looking at ? that is crazy
    Where on earth did you get that from ??


    FYI this ransomware didnt need the user to be admin to spread, it exploited a flaw in SMBv1.
    Sheesh
  • DoaM
    DoaM Posts: 11,863 Forumite
    10,000 Posts Fifth Anniversary Name Dropper Photogenic
    JackBo wrote: »
    :spam: ???

    Would that be useful advice that promotes your own blog?
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.8K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.