Ransomware Protection

To add comments, please log in or register
Stephen Njuki
4961
Stephen Njuki  
The developers of this virus that almost shut down UK's NHS are allegedly redeveloping and improving it to wreck more havoc!

My question is what assurance do we have that virtual servers (esp. those offered by metaquotes in lieu of VPS) will be secure going forward. 

Alok Dandekar
731
Alok Dandekar  
I just chatted with my VPS provider, and they said their servers are protected. I use one of the larger VPS providers.
Stephen Njuki
4961
Stephen Njuki  
Alok Dandekar:
I just chatted with my VPS provider, and they said their servers are protected. I use one of the larger VPS providers.
If you are using your own VPS, say with Amazon, you could reinstall the instance.

What can people who have registered metaquotes virtual servers do?
Waseem Raza
9994
Waseem Raza  
Most system's are hit because they were not updated if you using win base they update it 
Carl Schreiber
Moderator
7065
Carl Schreiber  

As far as I know infects the ransomware by emails with an executable code (e.g. click,..) and then is loads the malicious part from the internet.

What if you start an EA, script or indi, whose code you don't know, and that uses wininet.dll (InternetOpenW(),...) and shell32.dll (ShellExecuteW()) to start its 'work'?

So keep an eye on the allowed urls and the usable dlls.

Stephen Njuki
4961
Stephen Njuki  
Carl Schreiber:

As far as I know infects the ransomware by emails with an executable code (e.g. click,..) and then is loads the malicious part from the internet.

What if you start an EA, script or indi, whose code you don't know, and that uses wininet.dll (InternetOpenW(),...) and shell32.dll (ShellExecuteW()) to start its 'work'?

So keep an eye on the allowed urls and the usable dlls.

Oh!

So it is spread via email!! I guess that is a relief?...
Stephen Njuki
4961
Stephen Njuki  
My particular EAs do not call those dlls but since the virtual servers are shared does that mean we are all still at risk?
whroeder1
17949
whroeder1  
Stephen Njuki since the virtual servers are shared does that mean we are all still at risk?
Servers are shared, virtual servers are not. You could only infect your virtual server.
Stephen Njuki
4961
Stephen Njuki  
whroeder1:
Servers are shared, virtual servers are not. You could only infect your virtual server.
Okay, so you are certain Metaquotes' virtual servers are all independent images. For every registration that is a new installation?
whroeder1
17949
whroeder1  
Stephen Njuki so you are certain
  1. I'm not Metaquotes so I can't be certain of anything.
  2. But if everybody is running in the same virtual server, what's the point of using a virtual? That would be the same as everyone running on one PC. Couldn't work.
Stephen Njuki
4961
Stephen Njuki  
whroeder1:
  1. I'm not Metaquotes so I can't be certain of anything.
  2. But if everybody is running in the same virtual server, what's the point of using a virtual? That would be the same as everyone running on one PC. Couldn't work.
Fair points, noted. Thanks for that. 
I hope you're right.
12
To add comments, please log in or register