How are you fighting ransomware, /g/?

File: 1366773851676.jpg (41KB, 500x500px) Image search: [Google]

41KB, 500x500px

>>60357832
By installing gentoo

Common Sense® 2017

By reading about the SMB exploit 3 months ago, disabling SMB, and blacklisting port 445.

AVG

File: 1482874244110.jpg (125KB, 1024x1024px) Image search: [Google]

125KB, 1024x1024px

>>60357832
I just deleted my Windows partition. I'm 100% Linux now, baby! Feels good.

>>60358250
AVG a shit. At least install Kaspersky.

File: 1493823254367.png (1MB, 1600x900px) Image search: [Google]

1MB, 1600x900px

>>60357832
masturbating to qt anime girls on my FREE as in free speech and free beer GNU/Linux system.

>>60357877
don't lie fag. you literally just found out about it.

>>60357832
By laughing at Windowsbabbies. Maybe they'll feel enough to shame to switch to a real OS.

>>60357847
Richard Stallman has never advocated for, nor endorsed, Gentoo Linux.

>>60358327

My OS is patched though :^)

The only other real OS out there is OSX, but I'm not a faggot so I don't use it.

File: 1492233292682.png (240KB, 662x540px) Image search: [Google]

240KB, 662x540px

>>60357832
By not using Windows shit.

>>60357832
what's the big deal? why's this shit plastered all over the front page? did newfag /g/ finally realize there's more to technology than phones and graphic cards?

>>60358285
ackshually its guhnoo slash linux

>>60358292
I love miku, and gentoo hardened.
But I won't download insecure images from the internet because I am too paranoid.

File: 1480924431406.jpg (191KB, 1680x943px) Image search: [Google]

191KB, 1680x943px

I'm not.

File: 1366773957493.png (487KB, 500x333px) Image search: [Google]

487KB, 500x333px

>>60358335
Thanks for telling me this critical piece of information

>>60357832
I've finally updated to Windows XP SP 3. Come at me hackers.

Using macOS therefore I go against >>60358345

>>60358335
GNU/Linux*

>>60357832
Don't run random executables? It's not fucking rocket science.

>>60357877
>Gimping the functionality of your Windows network because of the NSA.

You fucking pussy. There is no reason to make your users suffer because of an exploit in a protocol that should never egress past your edge router in the first place.

Do you people seriously not have VLANs setup for household filesharing? Is it summer already?

>>60357877
>The memory corruption flaw resides in the manner in which Windows handles SMB traffic that could be exploited by attackers; all they need is tricking victims to connect to a malicious SMB server, which could be easily done using clever social engineering tricks.
Well shit I use samba on Xubuntu host for filesharing across multiple devices and my VMs, none of which have user level privileges. I wonder if a windows client would be able to access the entire hard drive even if I explicitly gave it permission to access a specific directory.

also
>Without revealing the actual scope of the vulnerability and the kind of threat the exploit poses, Microsoft has just downplayed the severity of the issue, saying:
>"Windows is the only platform with a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection."
>However, the proof-of-concept exploit code, Win10.py, has already been released publicly for Windows 10 by security researcher Laurent Gaffie and does not require targets to use a browser.
smooth

>>60357832
By switching over to Linux

By not being a retard.

>>60359759
Nah, the latest shit distributes itself through the NSA SMBv1 exploit. Patch your shit.

>>60357832
I'm encrypting all of my files by hand so that the virus thinks it already encrypted them and does nothing

>>60357832
I'm cheering it on because these people are retards still running windows xp and tinfoilfags who refuse to update
this is funny to me

>>60357832
By continuing to not use Windows

>>60357877
How do I disable SMB on windows 7? Does it even do anything on a personal computer, it sounds like lan shit.

I don't get if personal computers have it by default, help out a retard.

>>60358354
Nah, it's just because the /v/-tards are afraid of losing their gaemus and saves.

>>60360410
try as admin:
(client/cmd)
sc config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc config mrxsmb10 start= disabled

(server/powershell)
Set-SmbServerConfiguration -EnableSMB1Protocol $false

I changed my password from 123 to s0m3th1ng3l53.

Also I ran a malwarebytes and avg scan. I'm ready to take on the world.

File: update.png (89KB, 1174x792px) Image search: [Google]

89KB, 1174x792px

>didn't update windows for about 2 years
>last month said "eh why not"

wew

>>60360360
It's not a simple task to deploy a new OS across an entire nations hospital systems, retard.
It's no excuse to be running unsupported systems but "hurr just install gentoo lol" is ridiculous.

Today has really shown that few people on this board have worked in IT.

>>60360771
congratulations, you blocked an exploit that you were protected from anyway.

>ransomware is only spreading via server systems using SMB
>this means common systems affected will be those, like we've seen already, the hospitals, universities, and a train station for some reason
>it's possible to only get it by connecting to an infected server
How exactly would the average person actually get the ransomware short of downloading anything suspicious?
t. never gotten ransomware

>>60361149
what did you mean by this

>>60359729
I'd just like to interject for a moment. What you're referring to as GNU/Linux, is in fact, NT/Linux, or as I've recently taken to calling it, NT plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning Windows system made useful by the NT corelibs, shell utilities and vital system components comprising a full OS as defined by Microsoft.
Many computer users run a modified version of the NT system every day, without realizing it. Through a peculiar turn of events, the version of NT which is widely used today is often called Windows, and many of its users are not aware that it is basically the NT system, developed by Microsoft.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the NT operating system: the whole system is basically NT with Linux added, or NT/Linux. All the so-called Linux distributions are really distributions of NT/Linux

>>60361320
That's what I'm wondering too, I disabled server under services which seems to have closed port 445 if "netstat -a" is a proper check, and added SMB1 in the registry and set it to 0 just in case. Idk if any of this shit is even necessary.

>>60357832
dumb nozomiposter

>>60357847
>By buying $99,999 macbook pro
ftfy

>>60357832
>mfw already installed Linux

>>60361458
not if you're alone on your lan

File: C_r_nwuXkAUguNI.jpg (33KB, 387x342px) Image search: [Google]

33KB, 387x342px

i always install every update, so would this help?

>>60357832
Do not run internet servers on private network (no incoming ports opened, local servers shall only serve local addresses).
Limit Internet access through DMZ.
Don't be dumb, social engineering is what most malware use to infect machines right now.

I have been using GNU/Linux exclusively (well, except for one machine I put OpenBSD on just for fun) for years now. I am not particularly trying to fight ransomware.

File: to be's or not to be's.png (308KB, 916x527px) Image search: [Google]

308KB, 916x527px

>>60357832
I'm installing all those windows updates I avoided for two years. Hopefully I didn't fall for a meme

>>60357856
I pirated the Enterprise Edition

>>60357832
>getting Stockholm Syndrome because of ransomware

File: hurrr.png (3KB, 698x1284px) Image search: [Google]

3KB, 698x1284px

>>60357832
By being a retard.

File: Untitled.jpg (17KB, 450x197px) Image search: [Google]

17KB, 450x197px

>>60357832
By not being a fucking retard.

All of my files are on my NAS, ransomware just means i reinstall Windows.

>>60365035
>All of my files are on my NAS
That doesn't mean shit.

>>60360320
Pure genius

>>60357832
>Anime
Hi. Go to hell.

>>60365035
WannaCry propogates WORM-style through the network thanks to the NSA. Your NAS is not safe

>>60357832
By not using Windows.
Don't you guys ever learn?
I suppose getting reamed regularly is part of your leet culture.

>>60365276
Hi. Go to reddit.

File: 1492982062075.jpg (75KB, 650x650px) Image search: [Google]

75KB, 650x650px

>people believe there aren't similar exploits for Mac/Linux out there right now

File: 1389693013612.jpg (80KB, 406x537px) Image search: [Google]

80KB, 406x537px

>>60357832
By living in an actually free and healthy country, whose president isn't a terrorist being elected by a bunch of illiterated and ignorant sheeps.

>>60357832
Linux

>>60358335
DELET

by installing a second virus scanner and firewall app. come at me fags

What do we know so far, how does Wannacry spreads?

>>60365687
EternalBlue

are you trolling?

>>60365716
I meant method for infecting, is it still simple "dl some bonzi buddy shit" or some NSA "you can get ransomware even if you do nothing" type of thing

>>60365734
Nobody knows. Probably 99% probability of the former, could still be the latter tho

So let me get this straight
The exploit only works if you have SMBv1 enabled AND a specific port exposed?
So it's completely irrelevant to anyone who has incoming traffic blocked by default on unneeded ports like they should?

>>60365276
Hi. Fuck off plebbit.

https://www.youtube.com/watch?v=uVLDIynuaL4

Install Gentoo

>>60358285
what distro/de?

>>60365219
>>60365305
Not him but if the NAS run Linux aren't you safe from it?

>>60365833
windows enables both by default

My computer isn't getting any ransomware, what am i doing right?

File: updates.png (38KB, 1200x902px) Image search: [Google]

38KB, 1200x902px

By embracing the botnet and keeping it up to date with the latest Microsoft spying technology.

Itt people not realising that ransomware is usually much more threatening to their Linux system than IT Will ever be to Windows/osx.

Only real ransomware that is possible to get is through mails in a workplace setting. Any other way and you are slow.

Ok, what update do i need to tell this ransomware to fuck off?

File: 1494682854358.jpg (89KB, 394x476px) Image search: [Google]

89KB, 394x476px

>>60357832
By not opening emails the prince of nigeria sends me.

>>60367627
ms17-010.aspx

>>60367677
>recently received shitloads of empty emails with just pdf file in it (i dun goofd at put real email when i created site and didn't put whois protection)

>i heard this ransomware is transmitter through pdf files

i dodged the bullet

>>60367717
troll or what?

>>60367729
Full retard here, someone explain to me how can a
PDF can contain executable code.

>>60357832
Not using winshit.

>>60367782
probably some java(script) scripts in it. Also some certificates

>>60367759
What, you want the full spoonfeeding?

>>60366672
>what distro/de?
Arch/Cinnamon

By updating the system like a sane person

>>60357832
Not using obsolete versions of Windows

>>60358335
I literally knew this before even starting frequenting /g/. I bet you fucks are just memers from reddit who don't even read gnu.org

>>60367835
nigga i aint clicking shit now that looks even remotely fishy, especially on /g/

Wannacry isn't a virus tards. It's a worm so it doesn't activate from clicking links/opening files, just whether or not an affected machine found your network

>>60368411
to be fair, odds are you are sitting behind a router which should have all ports closed to begin with.
the worm needs a way to access your closed network somehow.
somebody on that network is clicking on something that they shouldn't have been.

>>60357832
By keeping my files backed up and having a fresh install at the ready.

>>60357832
I configure the firewall properly not to accept any incoming connections after system is installed.

>>60368527
Each infected machine searches local networks, then generates ip ranges to go target, this is how hospital and business get hit, they have open networks with each other.

>>60368710
still needs a patient zero to infect the machines from behind the router.
you also need a network of computers all running an OS that hasn't been updated in 2 months or running an OS that hasn't been updated in 3 or 4 years.

>>60357832
By updating my fucking OS like a sane person

>>60357832
see >>60369157

By 1) keeping windows and programs entirely up to date and 2) not use pirated software or click on scam ads, the two main causes of infection, and 3) keeping backups so that I don't have to pay if I actually do get infected anyway

>>60357832
Linux box DMZ.
All the windows machines are hidden behind it. And they're updated and have their own firewalls installed.

File: 1481172483710.gif (2MB, 680x583px) Image search: [Google]

2MB, 680x583px

>>60357832
im on a mac

>>60363981
I hope you enjoy Windows 10, anon.

>>60368797
Hospitals have open wifi hotspots, all it takes is one guy (patient or staff) with an infected laptop walking in and connecting to it.

I'm the dumbest computer user ever, I have a pirate Windows 7 and I'm from Spain, where some business have been infected with this ransomware already
Am I in danger? I don't have any way to collect the 300$ in case shit happens and I have data which is very important for me.
Are personal computers threatened by this ransomware?

>>60369809
You're fucked. Update to Windows 10.

So I've been thinking: in theory could a copy-on-write filesystem be designed to thwart ransomware? The idea being it would either track every revision of a file (e.g: Apple Time Machine) or would be snapshotting at a fairly high frequency e.g: ReFS/ZFS/BTRFS.) -- If you were doing this in an automated fashion you'd want some sort of rotation or garbage collection mechanism to release old snapshots.

The thing is: these ransomware operate at the file level. They only encrypt known extensions, the reason being they want to leave the OS mostly in tact (so you can use your computer to pay the ransom.) If the CoW snapshots were not addressable via the normal filesystem (I'm thinking something like Solaris' global zone), the ransomware would have no way of traversing the snapshots. At the first sign of infection: you'd just enter maintenance mode and roll back your entire filesystem to a known good state and patch your shit.

One way to thwart this would be to encrypt the entire device at the block level; but then the ransomware runs the risk of trashing the OS before the process is finished. If the encryption is incomplete / irreversible: people would stop paying the ransoms.

>>60357832
> use anti-virus software on every computer I have interaction with
> never had an infection or ransomware in the past 15 years whatsoever

And that includes tons of normie computers who click everything.

tl;dr: anti-virus is not a meme.

by not running untrusted executables with permission to write to all my shit
aka, not being completely retarded

>>60367300
Not if an infected Windows machine has write access to the files on it.

>>60361482
>ftfy
>>>/reddit/

File: 1430160183251.png (199KB, 355x268px) Image search: [Google]

199KB, 355x268px

>>60360776
I work in IT for a regional government agency, we had an XP holocaust in 2011 and the last vista in my area was carted away in April. It was planned in advance, because Windows EoL dates are published in advance. IT gets the new software and pcs first, then they get rolled out to everyone else if the applications we support don't break. Windows patches are rolled out to everyone immediately.
These retarded faggots running the NHS, probably dipshit boarding school sodomy pals of some equally retarded faggot MP, decided to save money by not budgeting any IT maintenance at all, and these events are the inevitable consequences of that. It's not hard to roll out new software, what do you think IME is for? CIA backdoor to snag your anime? It's for remote administration, installing updates overnight whether users like them or not. They just chose not to do it. They were always paying for this, they just backloaded the cost until a catastrophic failure occurred.
Clearly if (you) work in IT your employer isn't paying enough to attract competent people.

File: _[HorribleSubs] Eromanga-sensei - 05 [1080p].mkv00:20:05.371.png (2MB, 1920x1080px) Image search: [Google]

2MB, 1920x1080px

>>60357832
I'm a sysadmin, and besides servers, I also run the internal network of the office I'm in.

My main lifesaver is the FreeNAS ZFS-based NAS. Snapshots make the thing invulnerable to not just ransomshit, but also random fuckups. I haven't dealt with ransomware yet, but the random fuckups it has been invaluable.

People do tend to screw up and lose their work, except it's in the snapshots.

File: verbatim_98912_bdxl_100gb_4x_m_disc_1193055.jpg (423KB, 2000x2000px) Image search: [Google]

423KB, 2000x2000px

M-disc

bunging all ports with clany

looks like its slowing down :(

>>60374811
It's the weekend

With my arch Linux installation
Comfy af

>>60365515
>adds a suffix to sheep to pluralize
>illeterated

Kek, your country's education system is apparently worse than murrika's m8. Enjoy being too stupid to know the entire world is shit.

>>60367782
Anything can. It's whatever opens it that's at fault for executing said code instead of throwing an error or ignoring it

I employ solid adblockers, noscript, and I don't download random shit from untrustworthy sources on the internet.

>>60364254
Still being a fucking retard.

>>60375080
I wrote "illiterated"
Go to school if you can't copy words properly