Saturday, 7 October 2017

Simple anti-ransomware tip

The most recent ransomware attacks on PC networks have been amplified by SMB 1.x. SMB is the original file sharing protocol on Windows. It actually came from MS-DOS, the previous operating system from Microsoft, and has a long history. It eventually became called CIFS (Common Internet File System) as a rebrand to dominate internet file sharing in the same way as Windows dominated the PC world.

In the recent ransomware attacks where computers are controlled by malware the old version 1 of SMB has been used to spread the malware over networks. Very few systems, except the odd printer/scanner, use SMB 1 any more. Mostly you see version 2 or version 3 on networks today. So unless you know you need version 1 it’s best to switch it off in the Windows control panel.

If you select switching on/off Windows features you see something like this.

smb-off

Basically you just switch off SMB 1 by unticking the box. Probably a good thing to do on all your PCs to make them a little safer.

For more detailed information click here.