Thread: Protection against the latest virus?

I am no computer geek but I think they are only targeting businesses at this stage.

No its all windows machines.
Just make sure you have the latest updates.

Get a Mac?

Don't download files from dubious websites, such as Torrents. Do not open attachments unless they are from a trusted individual (and even then ...).

Ensure that you have a decent antivirus program with anti-malware and anti-ransomeware protection. I use Bitdefender. While I have a MacBook Pro, Macs are not safe, although very, very few have been infected. Also, Australia is not safe - while European business may have been targeted, virus' spread by contact. No one is safe.

Regards from Perth

Derek

Regards from Perth

Derek

Originally Posted by neksmerj

I have Win10, what do I have to do to protect myself from the latest virus?

I think I have Windows defender.

Ken

WannaCry virus won't/can't affect windows 10. The bug is already closed on windows 10 and on almost all versions of windows 8.1/8/7.

They mainly affect Windows XP and other legacy machines, mostly servers.

Other than not opening dubious emails, NOT browsing shared folders of any unknown computers connected to the network is helpful in avoiding the spread of this virus.

Also, always backup your data.


Sent from my Nexus 6P using Tapatalk

Originally Posted by derekcohen

Get a Mac?

Don't download files from dubious websites, such as Torrents. Do not open attachments unless they are from a trusted individual (and even then ...).

Ensure that you have a decent antivirus program with anti-malware and anti-ransomeware protection. I use Bitdefender. While I have a MacBook Pro, Macs are not safe, although very, very few have been infected. Also, Australia is not safe - while European business may have been targeted, virus' spread by contact. No one is safe.

Its debatable whether it's worth running antivirus programs on a Mac.
An up-to-date OS is just as effective as any anti-virus software because it fixes the hole that enabled access in first place. If holes are left open virus generators can often continue to use the same hole so antivirus software has to continue playing catchup..

Splitting hairs here, but technically speaking there has only ever been 2 true Mac viruses (self replicating code without user intervention) and even these were indirect virus like nasties rather than true viruses. However there are plenty of Malware, Trojan horses and social engineering type infections around exploit holes in systems that updates should take care of.

and on top of this,

Whether Macs need an antivirus is still open to debate, but increasing numbers of Mac owners feel the need to install one - so much so that in 2011 one of the biggest Mac malware infections was via a fake antivirus app called MacDefender. Another Mac antivirus company that is often thought of as unscrupulous is MacKeeper. There are various reports that suggest it is a scam or at worst malware. However, according to reports MacKeeper is not a scam, but unfortunately its aggressive advertising leads many to believe that it is, and perhaps it is unfortunately named (too similar to the fake antivirus app above). There are also complaints that it is difficult to uninstall.

Bet this won't infect my MicroBee or TRS-80

Security via obscurity! Go Apple!

I was a victim of a ransomware attack some 2 years ago. I lost a lot of files as I refused to pay the ransom. I got most of it back through my very lapsed backup regime. The encryption they used on the dark side is different to normal encryption in a few aspects.

• the objective they have is to inflict damage before they are detected. so speed is the essence. It doesn't matter to them not all the files are encrypted, just those that matter to you most
• In fact not the whole file is encrypted, sometimes only parts of it is - the part that stops you from reading it.
• In fact not all files will be affected. I found that all office files are targeted, ie, excel, doc, ppt , etc. All Pdf and pictures are targeted as well. But they didnt touch any binary files or movies. To most, those that were affected are usually the most important files on one's computer.
• They are a trojan, in other words, you invite them in as they run using your user authority, with some overriding factors to by pass detection of anti-virus software and security measures.
• After they've finished with each directory, they leaves notes to say how you can get your files back - that's the ransom.
• If you use network attached devices, it will not only affect your PC, but everything on the network attached devices that you have access to.

My advice from experience is that:

• The single most useful defense is to backup your computer files and keep it in a safe place. If you haven't done it. Do it NOW.
• Reduce your user privileges to user instead of administrator. Most computer has only one user account and it's always an administrator. So have 2 user accounts and downgrade the ones that you use to normal user.
• The ransomware's encryption operation involves a lot of disk access obviously which was what I noticed last time but I didn't know what it was and so I left it. If you noticed unusual disk activities that last for more than say 3 minutes (use task manager to check) and you are not doing a back up at the time or any task involving high disk access, then investigate or if you are cautious, turn our computer off.
• Of course have your patches up-to-date.
• Do a full scan with your anti-virus software.
• It attacks everybody as if it gets to your computer. I wouldn't trust the official line that win 10 or mac is immune. Those computers might be less vulnerable. But statistics don't mean a thing if your files are the only ones that are affected.
• I don't think many will go on deliberately a suspicious website or open an email from someone they don't know. Attacker uses tricks to make them looks like they are familiar to you. For example, they may plant it in a google ad band on a web site you visit, like this one. Just today in one of the threads with regard to ransomwares, a pop up ad showing you how to deal with ransomwares. - be very careful to click on those as they look like baits.

Originally Posted by justonething

• If you use network attached devices, it will not only affect your PC, but everything on the network attached devices that you have access to.

My advice from experience is that:

• The single most useful defense is to backup your computer files and keep it at a safe place. If you haven't done it. Do it NOW.

It is fairly simple to avoid this virus received to your computer via email, don't open any attachments form any source and do not click on any link in any email though as others have said all recent versions of Windows should be protected by now if auto updates is turned on. As a primary method of protection, establish a GMAIL address and forward your current address to that. GMAIL may be a lot of things but it does monitor spam and suspicious emails very well.

As for external drives, any drive that is mounted including cloud drives will be affected. What that means is if the drive can be accessed by clicking on a drive letter it will be attacked by the virus so simply backing up to a network drive or a cloud drive is not enough. The back up drive needs to be unmounted or physically disconnected from your computer to protect it. NC Archer tells a good story of an attack on work computers where the cloud drive was subject to an attack through a connected computer.

To add to what has already been stated:

Always installing the latest updates - even checking yourself:

Win 10 is currently at Version 1703 on mine.

I run more that one backup set (3) on different backup media and alternate them every 2 weeks - There are some very good and free OS System backup program available that require a single click to run.

People still click on email attachments or unknown emails - no matter how often I tell them not to.

Lot of infections come from friend emails whose computers have become infected.

For over 20 years (or possibly more) I have used a program called MailWasher. It sits between the Email server and the Windows Mail application. It's so fast to pull down 30 or 40 email with it, it converts all HTML data into Text and displays a small amount of the email content - so no imbedded code or attachments are initially downloaded into the PC. It allows you to verify valid content if you are unsure of an apparent legit email, one click shows embedded links and their true redirected path, another click displays server, paths and server registered info, all emails are checked against daily updated known spam servers. Suspicious Emails can be deleted from the server with a single click before running your normal email downloader.

The other thing typical users do is to download "dubious" free (or pirated) applications - I have told more than one "friend" that if they come to me with another infected PC and I find it's from their repeated stupidity, they will pay for every cent of my time or I'll refuse to fix it, seems to work when they see the cost for Virus removal charged by computer businesses.

And of course another big problem, clicking on a popup message disguised as (to typical users) a legit Windows Virus app or System error / warning.

Again it really comes down to having the latest OS security updates installed and the latest virus definition files.

In the end it is an education problem and learning through the education what measures are needed and available. Most users think that because they back up to a drive then all is safe but that isn't the case at all. In all the companies I have worked for I have never once seen anyone pass on any advise or attempt to educate the staff in what they need to do to avoid this sort of attack so I reckon they deserve all they get in spades.

Also if you happen to click on a dubious link disconnect everything from potentially infected computer immediately, such as your backups, other computers etc till you get your computer scanned

Originally Posted by Chris Parks

In all the companies I have worked for I have never once seen anyone pass on any advise or attempt to educate the staff in what they need to do to avoid this sort of attack so I reckon they deserve all they get in spades.

As a CTO in 5 companies, two of them listed, I can comprehensively tell you that educating the plebs what they /should/ do is a complete and utter waste of time, breath and effort. The only rational plan is to assume every user is out to utterly destroy any system they touch and plan around that.

When they do blow it up, just roll it back, recover off the backup or just blow away their device and reinstall.

Chris and others are right about backups and their need for removability. Back up is easy and safe. A removable drive can be made with any old hard disk and a $20 enclosure.

The key thing missed in all the above responses is that once one person does something dubious, this ransomware spreads to other PCs on the same network WITHOUT OTHER USERS DOING ANYTHING!

To *protect* yourself against infection, block ports 135 and 445 and disable SMBv1 support.

If you're interested in technical details or step by step instructions, those are the 2 key things to google.

Cheers,
Andrew

If you want to see how this current ransomware is spreading in realtime, here's the map provided by the "accidental hero" who slowed it by registering a domain name:

https://intel.malwaretech.com/WannaCrypt.html