Protecting yourself from WannaCry ransomware

This may not all be accurate or the best advice but I am sharing what I have, feel free to add to it or amend as you see fit.

The SMBv1 protocol was exploited by EternalBlue (part of the NSA leaked tools), this is enabled by default in all Windows operating systems older than Windows 10/Server 2016. Other platforms should not be affected.

• Use decent security

Ever since Rap recommended it so many years ago on here, Eset has been my security product of choice. Most of my clients have Eset Endpoint Security (or Smart Security in the case of home users), the response from them was this:

Quote:

---

ESET’s network protection module was already blocking attempts to exploit the leaked vulnerability at the network level before this particular malware was even created. ESET increased the protection level by adding detection for this specific threat as Win32/Filecoder.WannaCryptor.D; first detected in the 15404 VSDs, released May-12-2017, 13:20 CEST (UTC/GMT +02:00). Prior to that, ESET LiveGrid protected against this particular attack starting around 11:26AM CEST.

---

Even if you don't want to use Eset general advice is to use a good, premium security suite. I don't know how well they coped with this particular threat but I hear Kaspersky or Bitdefender are both very good alternatives to Eset, or you can check out reports on these apparently unbiased sites:
https://www.av-comparatives.org/
https://www.av-test.org/en/

• Keep Windows up to date

The advice was to keep Windows up to date but in particular you need to patch Microsoft Security Bulletin MS17-010. You can find the relevant patches for operating systems as old as Windows XP here: https://technet.microsoft.com/en-us/.../ms17-010.aspx
Be sure to select the correct architecture, and if it says SP1/SP2 make sure you have that service pack installed or it will not apply the patch. If you use another variant of OS, WHS2011 for example, look what the base OS is. In the case of WHS2011 you will need Server 2008 R2.

Security only patches the flaw only, the rollup includes the patch and some quality updates so up to you which you install. It is worth noting that subsequent months security rollups e.g. April/May do not include previous months patches so you need to install the March patch from the link above. You should also be on at least Windows 7/Server 2008 R2 as older systems are not supported by Microsoft, these patches are one-offs given the severity of this vuln.

• Disable SMBv1

This should help you disable SMBv1, most people should not need it any more.
https://support.microsoft.com/en-us/...ws-server-2012

• Backup your data

You should have an offsite backup of any data you can't afford to lose, preferably this would have versioning too in case your infected files are uploaded and in some cases you may want snapshots (depending what you are backing up).

Regarding back ups, follow 3-2-1 procedure.
3 copies of all your data. The original source and 2 backups on different media.
Always keep 1 copy off site (or in the cloud).

Sent from my D5803 using Tapatalk

I know free server AV solutions are hard to come by. I have been running Imunnet free from Cisco for a while now and I noticed in the link I posted in the other thread about EternalBlue, when EternalBlue went wild Imunnet picked it up long before Kaspersky and most of the others in the virus total analysis.

Getting more important for 'general users' to keep an offsite backup TBH. More and more times I'm hearing horror stories.

Every new hard drive I buy, makes a backup of its predecessor. I'm losing the plot with backups I have stashed everywhere but who gives a Tottenham, I'm covered lol


DJ OD

Quote:

---

Originally Posted by JonEp

I know free server AV solutions are hard to come by. I have been running Imunnet free from Cisco for a while now and I noticed in the link I posted in the other thread about EternalBlue, when EternalBlue went wild Imunnet picked it up long before Kaspersky and most of the others in the virus total analysis.

---

Hadn't heard of that one, will give it a whirl on servers where the owners don't want to fork out for a licence.

I've got loads of customers who think backing up is storing everything on an external hard drive not copying to the external hard drive.
The amount of people I know who've lost everything because of a hardware fault on that external hdd...

Sent from my D5803 using Tapatalk

Quote:

---

Originally Posted by JonEp

I know free server AV solutions are hard to come by. I have been running Imunnet free from Cisco for a while now and I noticed in the link I posted in the other thread about EternalBlue, when EternalBlue went wild Imunnet picked it up long before Kaspersky and most of the others in the virus total analysis.

---

Do you run this on its own or alongside another AV? It looks like it can be ran alongside another, I installed it (replacing MSE on a server) and went into the settings to manually enable ClamAV and definition updates. Just want to make sure this has decent protection, no mention of real-time in the settings but doesn't mean it doesn't have it.

Cheers

Quote:

---

Originally Posted by evilsatan

Do you run this on its own or alongside another AV? It looks like it can be ran alongside another, I installed it (replacing MSE on a server) and went into the settings to manually enable ClamAV and definition updates. Just want to make sure this has decent protection, no mention of real-time in the settings but doesn't mean it doesn't have it.

Cheers

---

I run it on its own on my server with the default cloud settings. You can download the ClamAV definitions local to the box in the conventional AV way but that is more useful for kit off net that are likely to get hit with an infected USB key.

It will run side by side with another AV without complaint, I have it installed on my laptop that way.

Real time protection, just try downloading the EICAR virus test file in a browser if you want to check for yourself.

Attachment 30736

Cloud is the answer

Quote:

---

Originally Posted by Zippeyrude

Cloud is the answer

---

Why?

Cloud backups, as long as they have versioning, are a good part of a solution but just being cloud based doesn't offer any direct protection.

The best form of protection is not to use Windows, simple as.
We have no Windows file servers at work, and never have done. We still have windows servers for 3rd party stuff that insists on using MSSQL and ActiveX shite, but all our file servers are Linux based using Open Enterprise Server for file storage and eDirectory for user accounts.

We have no Windows machines at home, everything is Linux.

I could do one better and say the best form of protection is not to use any form of computing device as this will guarantee nothing you own will ever get infected.

However I'm guessing that would not be a suitable alternative for you, much in the way that for many people there is no practical alternative to windows.

Quote:

---

Originally Posted by Over Carl

I could do one better and say the best form of protection is not to use any form of computing device as this will guarantee nothing you own will ever get infected.

However I'm guessing that would not be a suitable alternative for you, much in the way that for many people there is no practical alternative to windows.

---

Sorry I do not buy into that. There is the Apple route to start with!
I imagine if you look at the usage most people get out of the laptops / PC's it's too browse faceache, buy shit of ebay and amazon, post on twatter and watch pron.
Ok chuck in a bit of basic word processing. All of this is easily achievable on Linux.

All 3 of my kids use Linux, aged 6 to 12. None of them have a problem using it. Just like they don't have a problem using Apple OS, ipads, Windows 7, 8 and 10 at school.

When no-one had Macs they weren't worth hack1ng. That has changed since the old days so we can discard Macs.

Linux routers have been hacked, will be a matter of time I reckon until *nix virii become a real threat.

I will admit that I don't need to use windows ALL of the time, I could use *nix for some stuff like browsing.

However when stuff goes tits up or I want to do something complicated, I already know how to do it in Windows. You could argue I could learn Linux, and I would counter that I already spend more time than I want to with my various tinkering, and to do the same in Linux could mean I spend double the amount of time.

I will also admit that I have set up *nix boxes for specific purposes for which I would have struggled in Windows, but more often than not I will install a preconfigured setup like the pfSense (FreeBSD) install I've been pissing around with over the last few days as opposed to setting up stuff from scratch (e.g. when I setup a couple of boxes/vm's a few years ago to run Nagios).

I won't deny that if I had put the time and effort I have with Windows into Linux instead, I could have a totally different outlook. However many of us did our learning years ago when Windows was the only practical option, and it's not practical for many people to abandon those skills to relearn *nix. When I was a kid, I learnt how to use my Amiga then I moved to MS-DOS/Windows.

I agree for many users just browsing, OS shouldn't be a major obstacle, but when I was young I learnt how to setup and repair my machines for example. In those days before the internet is what it is today, I doubt I would have been able to learn Apple Macs and *nix to a similar level even if I had the available equipment at the time.

If I still was an IT Tech I suppose it would make sense for me to maybe go on courses or spend the time to skill up, but these days my interest has gone towards automotive technologies so I'm better off spending time on that.

From what I remember, the situation I describe doesn't work out too badly for people like you who are highly skilled at *nix and can easily walk into well paid work.

https://github.com/gentilkiwi/wanakiwi
https://github.com/aguinet/wannakey
https://github.com/odzhan/wanafork/

Attachment 30740