Logic
Bobby Billionaire
- Feb 8, 2012
- 748
- 207
Hello,
As most of you have heard, there is a new ransomware windows exploit that has been abused and used infecting 70,000+ computers worldwide and also taking down the UK NHS and Telefonica. During this infection, its been noticed that it abuses Windows 7, Windows Server 2008, Windows Server 2012 via the SMBv1 server. A lot of desktop computers and servers around the world have been and are currently being infected at the moment, including my personal server.
First and foremost, if you run on the above operating systems, it's highly recommended to run Windows Updates and then the following within Windows PowerShell.
This should protect you against this malicious software/attack.
What is Ransomware?
Ransomware is a very dangerous type of malware that stops you from using your PC. It holds your PC or files for "ransom". There are different types of Ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something like pay money (a “ransom”) to get access to your PC or files. They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
Ransomware can:
* If you're currently infected like my server is, I'm not sure how to remove the infection. However, it's advised you follow the steps above to prevent the attack. Please also keep updated with this thread in regards to it:
As most of you have heard, there is a new ransomware windows exploit that has been abused and used infecting 70,000+ computers worldwide and also taking down the UK NHS and Telefonica. During this infection, its been noticed that it abuses Windows 7, Windows Server 2008, Windows Server 2012 via the SMBv1 server. A lot of desktop computers and servers around the world have been and are currently being infected at the moment, including my personal server.
First and foremost, if you run on the above operating systems, it's highly recommended to run Windows Updates and then the following within Windows PowerShell.
Code:
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -ForceThis should protect you against this malicious software/attack.
What is Ransomware?
Ransomware is a very dangerous type of malware that stops you from using your PC. It holds your PC or files for "ransom". There are different types of Ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something like pay money (a “ransom”) to get access to your PC or files. They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
Ransomware can:
- Prevent you from accessing Windows.
- Encrypt files so you can't use them.
- Stop certain apps from running (like your web browser).
You must be registered for see links
* If you're currently infected like my server is, I'm not sure how to remove the infection. However, it's advised you follow the steps above to prevent the attack. Please also keep updated with this thread in regards to it:
You must be registered for see links
Last edited:
