Close

Results 1 to 16 of 16
  1. #1
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    19,631
    Thanks
    1,004
    Thanked:        3,002
    Karma Level
    1503

    Default Protecting yourself from WannaCry ransomware

    This may not all be accurate or the best advice but I am sharing what I have, feel free to add to it or amend as you see fit.

    The SMBv1 protocol was exploited by EternalBlue (part of the NSA leaked tools), this is enabled by default in all Windows operating systems older than Windows 10/Server 2016. Other platforms should not be affected.

    • Use decent security

    Ever since Rap recommended it so many years ago on here, Eset has been my security product of choice. Most of my clients have Eset Endpoint Security (or Smart Security in the case of home users), the response from them was this:
    ESET’s network protection module was already blocking attempts to exploit the leaked vulnerability at the network level before this particular malware was even created. ESET increased the protection level by adding detection for this specific threat as Win32/Filecoder.WannaCryptor.D; first detected in the 15404 VSDs, released May-12-2017, 13:20 CEST (UTC/GMT +02:00). Prior to that, ESET LiveGrid protected against this particular attack starting around 11:26AM CEST.
    Even if you don't want to use Eset general advice is to use a good, premium security suite. I don't know how well they coped with this particular threat but I hear Kaspersky or Bitdefender are both very good alternatives to Eset, or you can check out reports on these apparently unbiased sites:
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]

    • Keep Windows up to date

    The advice was to keep Windows up to date but in particular you need to patch Microsoft Security Bulletin MS17-010. You can find the relevant patches for operating systems as old as Windows XP here: [Only registered and activated users can see links. ]
    Be sure to select the correct architecture, and if it says SP1/SP2 make sure you have that service pack installed or it will not apply the patch. If you use another variant of OS, WHS2011 for example, look what the base OS is. In the case of WHS2011 you will need Server 2008 R2.

    Security only patches the flaw only, the rollup includes the patch and some quality updates so up to you which you install. It is worth noting that subsequent months security rollups e.g. April/May do not include previous months patches so you need to install the March patch from the link above. You should also be on at least Windows 7/Server 2008 R2 as older systems are not supported by Microsoft, these patches are one-offs given the severity of this vuln.

    • Disable SMBv1

    This should help you disable SMBv1, most people should not need it any more.
    [Only registered and activated users can see links. ]

    • Backup your data

    You should have an offsite backup of any data you can't afford to lose, preferably this would have versioning too in case your infected files are uploaded and in some cases you may want snapshots (depending what you are backing up).
    Last edited by evilsatan; 16th May 2017 at 07:28 PM.

    9 Thanks given to evilsatan

    Ashley (16th May 2017), Bald Bouncer (16th May 2017), EvilBoB (17th May 2017), Mickey (16th May 2017), muttleymacclad (16th May 2017), Over Carl (16th May 2017), piggzy (16th May 2017), WRATH OF BOD (16th May 2017) 


  2. #2
    DF PwNagE muttleymacclad's Avatar
    Join Date
    Aug 2006
    Location
    Here
    Posts
    5,649
    Thanks
    892
    Thanked:        635
    Karma Level
    639

    Default Re: Protecting yourself from WannaCry ransomware

    Regarding back ups, follow 3-2-1 procedure.
    3 copies of all your data. The original source and 2 backups on different media.
    Always keep 1 copy off site (or in the cloud).

    Sent from my D5803 using Tapatalk

    4 Thanks given to muttleymacclad

    Ashley (16th May 2017), DJ Overdose (16th May 2017), evilsatan (16th May 2017), Over Carl (16th May 2017) 


  3. #3
    DF Moderator JonEp's Avatar
    Join Date
    Oct 2007
    Location
    uk
    Posts
    2,124
    Thanks
    969
    Thanked:        730
    Karma Level
    329

    Default Re: Protecting yourself from WannaCry ransomware

    I know free server AV solutions are hard to come by. I have been running [Only registered and activated users can see links. ] free from Cisco for a while now and I noticed in the link I posted in the other thread about EternalBlue, when EternalBlue went wild Imunnet picked it up long before Kaspersky and most of the others in the virus total analysis.

    2 Thanks given to JonEp

    evilsatan (16th May 2017), Over Carl (16th May 2017) 


  4. #4
    DF Super Moderator DJ Overdose's Avatar
    Join Date
    Jul 2001
    Location
    On da decks.
    Posts
    9,733
    Thanks
    887
    Thanked:        2,018
    Karma Level
    1104

    Default Re: Protecting yourself from WannaCry ransomware

    Getting more important for 'general users' to keep an offsite backup TBH. More and more times I'm hearing horror stories.

    Every new hard drive I buy, makes a backup of its predecessor. I'm losing the plot with backups I have stashed everywhere but who gives a Tottenham, I'm covered lol


    DJ OD
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]

    2 Thanks given to DJ Overdose

    muttleymacclad (16th May 2017), Over Carl (16th May 2017) 


  5. #5
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    19,631
    Thanks
    1,004
    Thanked:        3,002
    Karma Level
    1503

    Default Re: Protecting yourself from WannaCry ransomware

    Quote Originally Posted by JonEp View Post
    I know free server AV solutions are hard to come by. I have been running [Only registered and activated users can see links. ] free from Cisco for a while now and I noticed in the link I posted in the other thread about EternalBlue, when EternalBlue went wild Imunnet picked it up long before Kaspersky and most of the others in the virus total analysis.
    Hadn't heard of that one, will give it a whirl on servers where the owners don't want to fork out for a licence.


  6. #6
    DF PwNagE muttleymacclad's Avatar
    Join Date
    Aug 2006
    Location
    Here
    Posts
    5,649
    Thanks
    892
    Thanked:        635
    Karma Level
    639

    Default Re: Protecting yourself from WannaCry ransomware

    I've got loads of customers who think backing up is storing everything on an external hard drive not copying to the external hard drive.
    The amount of people I know who've lost everything because of a hardware fault on that external hdd...

    Sent from my D5803 using Tapatalk

  7. #7
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    19,631
    Thanks
    1,004
    Thanked:        3,002
    Karma Level
    1503

    Default Re: Protecting yourself from WannaCry ransomware

    Quote Originally Posted by JonEp View Post
    I know free server AV solutions are hard to come by. I have been running [Only registered and activated users can see links. ] free from Cisco for a while now and I noticed in the link I posted in the other thread about EternalBlue, when EternalBlue went wild Imunnet picked it up long before Kaspersky and most of the others in the virus total analysis.
    Do you run this on its own or alongside another AV? It looks like it can be ran alongside another, I installed it (replacing MSE on a server) and went into the settings to manually enable ClamAV and definition updates. Just want to make sure this has decent protection, no mention of real-time in the settings but doesn't mean it doesn't have it.

    Cheers


  8. #8
    DF Moderator JonEp's Avatar
    Join Date
    Oct 2007
    Location
    uk
    Posts
    2,124
    Thanks
    969
    Thanked:        730
    Karma Level
    329

    Default Re: Protecting yourself from WannaCry ransomware

    Quote Originally Posted by evilsatan View Post
    Do you run this on its own or alongside another AV? It looks like it can be ran alongside another, I installed it (replacing MSE on a server) and went into the settings to manually enable ClamAV and definition updates. Just want to make sure this has decent protection, no mention of real-time in the settings but doesn't mean it doesn't have it.

    Cheers
    I run it on its own on my server with the default cloud settings. You can download the ClamAV definitions local to the box in the conventional AV way but that is more useful for kit off net that are likely to get hit with an infected USB key.

    It will run side by side with another AV without complaint, I have it installed on my laptop that way.

    Real time protection, just try downloading the EICAR virus test file in a browser if you want to check for yourself.

    [Only registered and activated users can see links. ]

    Thanks to JonEp

    evilsatan (17th May 2017) 


  9. #9
    DF Jedi Zippeyrude's Avatar
    Join Date
    Dec 2002
    Location
    UK
    Posts
    4,281
    Thanks
    232
    Thanked:        772
    Karma Level
    483

    Default Re: Protecting yourself from WannaCry ransomware

    Cloud is the answer

  10. #10
    DF PlaYa hoponbaby's Avatar
    Join Date
    Nov 2000
    Posts
    937
    Thanks
    135
    Thanked:        188
    Karma Level
    255

    Default Re: Protecting yourself from WannaCry ransomware

    Quote Originally Posted by Zippeyrude View Post
    Cloud is the answer
    Why?

    Cloud backups, as long as they have versioning, are a good part of a solution but just being cloud based doesn't offer any direct protection.

  11. #11
    DF VIP Member
    tombott's Avatar
    Join Date
    Oct 2002
    Location
    Hereford
    Posts
    5,683
    Thanks
    504
    Thanked:        552
    Karma Level
    701

    Default Re: Protecting yourself from WannaCry ransomware

    The best form of protection is not to use Windows, simple as.
    We have no Windows file servers at work, and never have done. We still have windows servers for 3rd party stuff that insists on using MSSQL and ActiveX shite, but all our file servers are Linux based using Open Enterprise Server for file storage and eDirectory for user accounts.

    We have no Windows machines at home, everything is Linux.
    [Only registered and activated users can see links. ] [Only registered and activated users can see links. ] [Only registered and activated users can see links. ]
    Guns don't kill people rappers do, I'm a fucking rapper and I might kill you.

  12. #12
    DF Super Moderator Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    12,947
    Thanks
    3,563
    Thanked:        1,575
    Karma Level
    1251

    Default Re: Protecting yourself from WannaCry ransomware

    I could do one better and say the best form of protection is not to use any form of computing device as this will guarantee nothing you own will ever get infected.

    However I'm guessing that would not be a suitable alternative for you, much in the way that for many people there is no practical alternative to windows.

  13. #13
    DF VIP Member
    tombott's Avatar
    Join Date
    Oct 2002
    Location
    Hereford
    Posts
    5,683
    Thanks
    504
    Thanked:        552
    Karma Level
    701

    Default Re: Protecting yourself from WannaCry ransomware

    Quote Originally Posted by Over Carl View Post
    I could do one better and say the best form of protection is not to use any form of computing device as this will guarantee nothing you own will ever get infected.

    However I'm guessing that would not be a suitable alternative for you, much in the way that for many people there is no practical alternative to windows.
    Sorry I do not buy into that. There is the Apple route to start with!
    I imagine if you look at the usage most people get out of the laptops / PC's it's too browse faceache, buy shit of ebay and amazon, post on twatter and watch pron.
    Ok chuck in a bit of basic word processing. All of this is easily achievable on Linux.

    All 3 of my kids use Linux, aged 6 to 12. None of them have a problem using it. Just like they don't have a problem using Apple OS, ipads, Windows 7, 8 and 10 at school.
    [Only registered and activated users can see links. ] [Only registered and activated users can see links. ] [Only registered and activated users can see links. ]
    Guns don't kill people rappers do, I'm a fucking rapper and I might kill you.

  14. #14
    DF Super Moderator Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    12,947
    Thanks
    3,563
    Thanked:        1,575
    Karma Level
    1251

    Default Re: Protecting yourself from WannaCry ransomware

    When no-one had Macs they weren't worth hack1ng. That has changed since the old days so we can discard Macs.

    Linux routers have been hacked, will be a matter of time I reckon until *nix virii become a real threat.

    I will admit that I don't need to use windows ALL of the time, I could use *nix for some stuff like browsing.

    However when stuff goes tits up or I want to do something complicated, I already know how to do it in Windows. You could argue I could learn Linux, and I would counter that I already spend more time than I want to with my various tinkering, and to do the same in Linux could mean I spend double the amount of time.

    I will also admit that I have set up *nix boxes for specific purposes for which I would have struggled in Windows, but more often than not I will install a preconfigured setup like the pfSense (FreeBSD) install I've been pissing around with over the last few days as opposed to setting up stuff from scratch (e.g. when I setup a couple of boxes/vm's a few years ago to run Nagios).

    I won't deny that if I had put the time and effort I have with Windows into Linux instead, I could have a totally different outlook. However many of us did our learning years ago when Windows was the only practical option, and it's not practical for many people to abandon those skills to relearn *nix. When I was a kid, I learnt how to use my Amiga then I moved to MS-DOS/Windows.

    I agree for many users just browsing, OS shouldn't be a major obstacle, but when I was young I learnt how to setup and repair my machines for example. In those days before the internet is what it is today, I doubt I would have been able to learn Apple Macs and *nix to a similar level even if I had the available equipment at the time.

    If I still was an IT Tech I suppose it would make sense for me to maybe go on courses or spend the time to skill up, but these days my interest has gone towards automotive technologies so I'm better off spending time on that.

    From what I remember, the situation I describe doesn't work out too badly for people like you who are highly skilled at *nix and can easily walk into well paid work.

    Thanks to Over Carl

    MHP (20th May 2017) 


  15. #15
    DF Jedi c0axial's Avatar
    Join Date
    Feb 2002
    Location
    M44
    Posts
    1,379
    Thanks
    103
    Thanked:        85
    Karma Level
    304

    Default Re: Protecting yourself from WannaCry ransomware

    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]

    Thanks to c0axial

    evilsatan (21st May 2017) 


  16. #16
    DF Jedi c0axial's Avatar
    Join Date
    Feb 2002
    Location
    M44
    Posts
    1,379
    Thanks
    103
    Thanked:        85
    Karma Level
    304

    Default Re: Protecting yourself from WannaCry ransomware

    [Only registered and activated users can see links. ]

    2 Thanks given to c0axial

    akimba (22nd May 2017), Over Carl (22nd May 2017) 


Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •