GarryP

As you may have seen, there is a nasty ransomware worm on the loose globally at the moment.

Massive ransomware infection hits computers in 99 countries - BBC News



This gets in and infects your Windows machine, encrypting all your key files (in about 5 mins) and then blue screens your computer to a message, demanding bitcoins for the decrypt key.

This is a worm, as well as a virus, which means it can get at your computer over the net, without you doing anything. However it appears that it is doing this via SMB shares - and if you have a decent router it should bounce these (port 445) from the outside net. However, once inside your home network, it will make a fast and complete mess .... plus they may find another way through your firewalls. Don't open anything you aren't 110% sure of.

Make sure you have an offline backup of you critical files, your antivirus is up to date, and so are your Windows updates.

This was a fault in Windows that they patched a number of weeks back, but as has been shown, many don't have update working (and WinXP no longer gets any updates anyway). It is derived from an NSA hacking tool that leaked late last year - hence why the Win updates have only been recent - the NSA kept the info to themselves.

Hopefully someone will find a way to cut this out at the net level (it has shades of the ARPANET worm), but for the next few days at least - be careful out there.

DeadVim

If you are running a machine that hasn't been updated since March you deserve everything you get.

GarryP

If you just allow microsoft, or any of the other manufacturers, to update OS and apps, you get unannounced reductions in functionality, incompatibility, forced 'upgrades' to Win10 and spying/advertising/privacy invasion. So frankly it's no surprise that people don't just allow 'patches' to install.

Frankly MS shot themselves in the foot when they used their 'patches' for nefarious ends - people stopped trusting them when win10 turned up unannounced.

And then there are people still running WinXP, because it works and why should they pay for more trouble. They are SoL.

OzTennis

The ransomware was designed to affect large organisations, individuals are less at risk. The usual caveats apply, have anti-virus (a free one like Avast will suffice) which is up to date, have a modern operating system which is up to date and don't click on any links or open attachments you aren't sure of; hover the pointer over the address of any email to check it's genuine. Sadly a lot of large organisations use out of date and unsupported operating systems.

Ironically MS has just announced that it is going to twice annual updates to Win10 in future which makes you think lots of clever, devious people will be looking for holes which appear over a 6 month period.

A simple Google search will tell you how to change the Win10 settings so you don't have your data harvested, annoying Cortana etc. (I know you know this, it's what everyone should do - check their settings and change them so Gates doesn't gather info and nag 'to improve your experience').

Beoz

Negative ghostrider. Major updates. Joyful apps. Security and patches will come in regulary

GarryP

Sure enough, a version of the ransomware without the domain kill switch that stopped to previous version is in the wild :

https://motherboard.vice.com/en_us/a...-globe-is-back

Meanwhile, mickeysoft have released the patch that repairs their hole in their older OS (eg WinXP, Win8) that were out of support

https://blogs.technet.microsoft.com/...crypt-attacks/

Charismatic

My simple guide to PC security.
Step 1: Erase Windows and install Linux.
Step 2: Have a nice cup of tea.

I'm being cruel, actually use Windows a lot myself. I was surprised by the scope of the organisations hit, not so much the NHS who have a storied and miserable past with IT, but Telefónica?

I suppose we should all thank the NSA for their work in keeping us safe. Many thanks from...oh well, you already know who we are .

GarryP

The primary nasty is the SMB worm. Once it's inside an organisation that hasn't patched, it hits EVERYWHERE - traveling over their network connections, which obviously tend to allow shares. People were kind of lucky that it hit late on a Friday - so they have had the weekend to sort things out in most cases.

And obviously, it you are a large organisation you can't just let mickeysoft screw up your installs (because you can't trust them not to screw up your installs) and so if you are slow with regression testing patches ...

A rebalance between spying on people and making sure vulnerability are patched would be nice - the NSA is right in the frame for this one. As for the "but the government is trusted to have backdoors" - that should get a hollow laugh now.

BTW looks like the kill switch less version doesn't have the SMB worm part .... yet.

DeadVim

Oh, I take your point, I was running XP for a long time without support but ultimately you are adding an unsecured machine to the mix and people should be aware of that.

The MS patching policy does suck, to be honest I do very little on the laptop these days, I prefer iOS which despite having its own array of issues does "just work".

Getting too old to be faffing with Linux ... 25+ years of commercial software development will do that to you ...