We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Ransomware defense.
Options
Comments
-
Unfortunately the kernel is the least of your worries. More of a problem is the graphical server and the desktop manager, other packages which your application may rely on which have been regressed and configuration file relocations in newer versions of Linux distros. Even some CLI bash commands commonly used a few years ago can no longer be found in some distros. An example would be ifconfig which is one I recently came across in Arch Linux that no longer exists because the distro dropped it as a default part of the distribution quite some time ago.
That was entirely my point : you can upgrade the kernel to fix security flaws at that level without touching the usermode stuff at all. Because of the backwards compatilbitly of the kernel interfaces, all the old user-mode software should (ideally) continue to run just fine.
yes, there can also be flaws in the user-mode stuff, but they *tend* not to be able to do systemic damage.0 -
If the NHS were going to use GNU/Linux, they'd develop their own custom distro. So it would be up to them if they wanted to stick with one package or migrate to another.
Hmm - I had heard that one of the big problems is "the NHS" is now just a loose collection of independent trusts who do their own thing. Each was now responsible for making its own arrangements with MS for XP support, for example.
Is there still a central bit of NHS that could make their own linux distro. (With the trusts as clients all with different demands - some demanding that nothing change, others wanting the latest and greatest of everything.)
EDIT: this should probably be in the specific NHS security thread, rather generic thread about ransomware.0 -
Does this ENCRYPTION software, make your HDD a placemat (ie is it non-recoverable - by formatting and reinstalling Windows) ? Nope !!
THEN BACK UP REGULARLY !!
If you are hit - it should be a simple job to recover your data
Or try a VIRTUALBOX virtual disk - if that gets hit - your main partition is safe - you simply delete the Virtual Disk and start again !0 -
Or try a VIRTUALBOX virtual disk - if that gets hit - your main partition is safe - you simply delete the Virtual Disk and start again !
Once a computer on the network is infected, any networked computer can be infected - no-one needs to click on an infected email or link or similar.
It's possible that VirtualBox has some technology to stop this sort of SMB1 traffic, but as I said, I wouldn't bank on it.0 -
It is trivial to disable SMBv1 with a 2 line batch file0
-
this is not for you home PC
In a company setting you need to get rid of everyone group, enable restore points, enable dfs and publish all your shares to DFS, never use the share name, but use the dfs name. Yes it may not catch everything
for you home PC
On a very separate PCs, one being virtual and one could be linux. no network connection between the two. every day do a snapshot on the vm0 -
The quickest way to stop 90% of ransomware/malware is to have group policy setup to stop programs running in your working app directories.
This way, nothing runs in "drive by" or in attachments until you actually save it elsewhere and load it. There are many people dumb enough to click attachments and links they don't know. At least this way no code runs with them doing so.
The NHS (like most multi site corporate networks) has the end users as "admins" by default on the machines and no group policies setup. Hence an infection on one is going to spread pretty quick. Rather ironic than it would happen to an organisation which should know a lot about infection vectors and containment.0 -
The NHS (like most multi site corporate networks) has the end users as "admins" by default on the machines and no group policies setup. Hence an infection on one is going to spread pretty quick.
No, no they dont . Not atall. Not one little bit.
Neither the NHS or ANY multisite corperate network !!
You may get the odd remote VPN worker set up as admin but thats it ..
No group policy ???? What networks have you been looking at ? that is crazy
Where on earth did you get that from ??
FYI this ransomware didnt need the user to be admin to spread, it exploited a flaw in SMBv1.
Sheesh0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards