Windows 10: New global ransomware attack hits East Europe and spreading

Who are you kidding, IX???? Where did you get this list of "rules"????

And someone who doesn't know all your rules"deserves it as they are idiots"!!!!

Absolutely no one deserves to be hit by this attack, not even you.

 

I made the rules up. According to a link earlier in this thread 90% of UK police use XP as does their latest aircraft carrier

Now there are only 2 reasons for still making yourself vulnerable to this attack.

Take your pick. It is a political question which is against the rules to discuss but the only reason you would be at this point suffer is because of lack of money (to fix it) or lack of knowledge (to even know).

 

You still don't get it . . . lack of sense!?!?

 

Yup. I get it.

I didn't install any updates for any Ukrainian accounting software. Or any software come to that.

Why are you having a go at me? Should I install some random update to prove I have no sense as well? Or open all my ports (which are closed by default on Windows) or run as an Administrator? Just to prove you don't have to be an idiot to get malware?

Sure anyone can get malware but there are obvious things you can do to ameliorate the risk.

 

The Admin account, or with Admin privileges? Not a silly question, just want to know.

 

That story about the carrier is rubbish. There may be XP computers in some sub-systems but they are not connected to the internet.

 

I think so too. It sounded a bit improbable.

However it is true that some organizations can't upgrade or make simple fixes as they don't have the money (or competence) to do so.

The same article about the MET police in London showed a job offer for the PM to undertake the whole upgrade from Windows XP to Windows 8 with a salary of GBP 30k. 30k is a joke.

I'm sorry but GBP 30k will not get you a project manager who can even tie their shoe-laces. Perhaps you don't like it but (having worked for many IT Project Managers, none who earned less than double that) it is alas true. You would earn more being the manager of the local Tesco supermarket.

 

Install an AntiVirus, that would prevent you from getting the ransomware in the first place, as most Antivirus solutions can easily detect that stuff. Most viruses are immediately detected by Antivirus programs. Good AV programs I recommend are either Avast, AVG, Malwarebytes Antimalware or SuperAntiSpyware, I'd recommend using Avast, AVG or Malwarebytes, because they detect any malicious programs quickest.

 

AVs are just one half of the story here. Everyone have its own favorite, but if you're putting up the list, put there at least Kaspersky, Avira, Bitdefender, Eset etc.

They would detect this one, but not every possible infection out there. And more, they would detect original malware, but not surely attack from compromised local computer (that one would have administrator rights and there ar possibilities to disable AV). So, all that crooks need is one irresponsible individual with admin rights in local network...

There are some good antiransom solutions out there, but not yet 100%.

 

MBAM and SAS are not AV; they are AM (anti-malware) and SAS is really a cleaner. (Although MBAM like to think they are a full-blown AV, but they're not quite there yet.) Have to be careful how you term these things, as some uninformed person could install SAS and think they are protected, when they are not.

*Ditto*Thumbs

 

Not a silly question at all. You* should run as a standard user not as a user that is part of the administrators group (this is nothing to do with the built in Administrator account).

It is trivial to bypass UAC and get administrator token if you are running as part of administrators group which most people do as it the default for the first account made when you install Windows.

This (for example) shows how easy it is and why everyone should run as standard user: UAC Bypass Using eventvwr.exe and Registry Hijacking | enigma0x3

What it means is if you run as standard user you have to validate UAC prompt for such malware. If your user is part of administrators group (as is default) it can bypass it without you knowing - you will not even be asked.

Of course if you are prompted and say "OK - do as you wish" to every UAC prompt or turn UAC off then nothing will help you.



EDIT[*] to be honest though even though I know I should, I don't. If I get malware I therefore expect zero sympathy *Wink Luckily I have a backup....

 

Thanks, that's a good clean answer. And the "*" *Wink. I don't, either, but I try to keep the best junk yard dogs I can find parked at the front door.

 

Thanks to you both for honest answer about running as admin. Admit, I do the same on my home PC, but not on my work one, where I'm resisting it for several years now. It can be pain in the *** sometimes thou.

 

My work PC is a VM that I connect via Cisco VPN. At the moment I have access through port 23 (only) to one specific server and that is it. I can't see their network let alone the internet.

I asked to ftp a txt file program I'd written over once and they almost laughed at me before saying "Er, no, we don't allow that". Conversely I have QSECOFR authority so could shut it down.

It is a funny thing security - based on human trust and hope more than sense really.

 

I guess it just makes me angry that you would say someone deserves to be attacked because they lack the knowledge to prevent it. And lack of sense is really a very derogatory term, while lack of knowledge isn't.

Have you ever heard the term, "He doesn't have sense enough to pour p**s out of a boot with the directions written on the heel?" When you say someone lacks sense, that's exactly what it means to me.

Again, yes, there are obvious things you can do to ameliorate the risk, but think about what you're saying . . . Is it really so obvious to the little old grandmother (I are one) or the little old grandfather who mostly use their computer for emailing and skyping with their friends and family? Or what about the ten-year-old who is using his/her mother's computer?

Think . . . Engage brain before putting fingers to the keyboard! Don't put yourself above those with less knowledge than yourself by using such derogatory terms to describe them. One of these days, you're might find someone who thinks you don't have any sense or deserve what you get just because you didn't know how to protect yourself.