WannaCrypt ransomware prevention

[Sanjøy]

Apologies for any egg sucking lessons.

If you want to ensure you are protected you need to run windows updates on your machine and ensure your AV is up to date. There are many reasons for this not to work and you may be exposed (if its working you would have got the patch from Microsoft back in March).

If you have problems with either please post the errors here, screen shots help and I / the team will try to advise / remote connect to fix.

S

[Corranga]

...and not run Windows XP with no updates ala NHS?

[neil]

So is this Microsofts way of forcing people to upgrade? I've got an old XP laptop that I occasionally use, I'm guessing it's wide open to this sort of attack with XP no longer being supported? Is there any way of protecting an XP machine now or is it time for it to go in the bin?

[Corranga]

I think the NHS issue that hit the news was caused by people clicking on things that they shouldn't have. We have been warned to avoid our NHS email as that is how it was spreading. As always with PCs, I suspect the answer is stick to normal parts of the internet, and you'll be ok. Start looking for something you shouldn't be, or opening attachments on emails and you'll get into trouble quicker.

Ransomware that we are talking about here encrypts your files and offers you the option to pay to retrieve them. As with any computer files, if they are important to you the best thing you can do is make sure you have a backup. My personal laptop is now basically a browsing PC. I use it to take photos and videos off my digital camera, and use it to store and access files on my home server. I appreciate this isn't the option for everyone, but my theory is simply that if I was to become ransomware infected, my files are already in a different place.

[scott_e]

Spent most of yesterday ensuring everything we have is patched.

Ref:

As always with PCs, I suspect the answer is stick to normal parts of the internet, and you'll be ok.

Not necessarily , see this apple.com example:
https://www.theguardian.com/technology/ ... ck-hackers

Was a browser bug at heart now patched but goes to show even SSL enabled websites of common names can be a risk.

[rawsco]

We put some precautionary measures in place on Friday afternoon when it started kicking off. End user education was about the best defence at the time but we breathed a sigh of relief when it was reported that it used MS17-010 our patching was almost 90% covered for that exploit. But we were sh*t ourselfs for a while.

[campbell]

I have an XP machine that's not been powered up in a year but has some bits n pieces still to be migrated. I'll make a note to self to do so with the internet unplugged

Thanks Sanj and others for insights.

Btw, the XP box is off because we now use a nice wee Synology NAS.

[graeme]

Microsoft have released a patch for older OSes, including XP.

https://goo.gl/euAMuH

[tut]

Did you read why it did not spread even further?

MalwareTech, whose name was revealed in UK media to be 22-year-old Marcus Hutchins, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.

He traced the site that it originated from, a string of zeros, found out that it had not been registered, paid $10 and bought it, then took control of it and found the "kill switch" hidden in the software.

tut

[rawsco]

Reports of a variant with no kill switch.