Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a new project which involves demonstrating exactly how ransomware works. I need to set up a virtual machine with some sample data and some variant of ransomware. I need to run a live demonstration which shows what happens on a PC from the initial point of infection all the way to the point where the ransom notice is displayed. Obviously I know this is dangerous and the correct precautions will be in place to ensure that the VM is completely network isolated. Does anyone know how I can do something like this?
Just wondering what is the best way to check windows servers to make sure the WannaCry updates are installed?
Here's a list of patches I need to install. they're listed as important patches.
What would be the ideal sequence to install them?
hi! i wanna ask. where can i get crypto ransomware sample for my final year project? and how to used it? my project about to analyze the ransomware attack using digital forensic tools. can you help me?
Hi guys

We've been patching our servers for the Wanna Cry ransomware issue that occurred. However, I wanted to ask whether SMB also needs to be disabled across VPN links?

The following article from Microsoft mentioned disabling SMB v 1. Is this if you have not installed the patch?

And if you have installed the patch on all servers, let's say you need to access file shares from one site to another. Does disabling SMB, prevent you from being able to access network shares?


In regards to the wannacrypt lateral movement, how does it jump from subnet "x" that the victim is on to subnet "y" and subnet "z"?
I read that it enumerates smb connections from the victims local subnet but no mention about how it jumps to other subnets.
Assuming victims on subnet X, Y, Z do not have ANY mapped drives, can it be assumed that there is no way for this malware to propagate out of the subnet that the initial victim is on?
I don't want to load enhancements or improvements.  Just security patches to avoid any malware, etc.
I was told that https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
is the one that's most currently important.
How can I selectively install these and not the other stuff?
Does anyone know where I can obtain samples of the wannacry ransomware? I want to test in my lab.
What are the best practices to protect a Veeam Cloud Backup Repository from Ransomware?
Ransomware infects not only the server, but also the local Veeam Backup repository AS WELL AS the offsite replicated backup repository.

The whole point of an offsite backup is that the data is recoverable in the event the local backups have been compromised.
Please advise.
Hi experts
I am planning to purchase malwarebytes on my company I purchase license for all pcs and servers
My question is
Some servers running windows server 2003
1- can i use malwarebytes on these servers
2- any advice to protect these old server from ransomeware
Hi to All of you,
during the last days, while we were all concentrated on the Wannacry ransomware, Wikileaks released more information/files on the VAult7 arsenal.
I've been asked to check and find samples and/or MD5 hashes on the following CIA's tools and frameworks in order to see if our network and clients have been compromised or not.
The tools are :

to be homest I'm not sure these tools are already available but asking doesn't cost.
Thank you
Hello Experts is there any software,
or procedure to prevent or reduce the attack by ransomware?
So with this new ransomware, i want see if the appropriate hotfixes are installed so i have this script to check that I found for PA server monitor...takes too long to setup for just one use.
# KB4012598 KB4018466- Windows Server 2008
# KB4012217 KB4015551 KB4019216 - Windows Server 2012
# KB4012216 KB4015550 KB4019215 - Windows Server 2012 R2
# KB4013429 KB4019472 KB4015217 KB4015438 KB4016635 - Windows Server 2016

# List of all HotFixes containing the patch
$hotfixes = "KB4012598", "KB4018466", "KB4012217", "KB4015551", "KB4019216", "KB4012216", "KB4015550", "KB4019215", "KB4013429", "KB4019472", "KB4015217", "KB4015438", "KB4016635"

# Search for the HotFixes
$hotfix = Get-HotFix -ComputerName $mon.ComputerName | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"

# See if the HotFix was found
if ($hotfix) {
    $mon.FireActions = $false
    $mon.Details = "Found HotFix: " + $hotfix.HotFixID
    # a blank value removes the property 
    $mon.SetComputerCustomPropByID(0, "NEEDS-MS17-010-FIX", "")
} else {
    $mon.FireActions = $true
    $mon.Details = "Didn't Find HotFix"
    $mon.SetComputerCustomPropByID(0, "NEEDS-MS17-010-FIX", "YES")

Open in new window

I was wondering how i can run it on every machine recursive from root OU and report back the ones that don't have it.  Can someone help me tidy this up so that it works as such?

Thanks in advance
Does anyone know where i can find the MS Patch for SBS2011 to patch against WananCry Ransomware?

I know SBS2011 is based on Server 2008R2, tried those but it tells me its not for this system

Many Thanks
Yesterday I ran Windows updates on a Server 2008 R2 SP2 64-bit system. I then wanted to verify that the necessary KB was installed to protect against Wannacry. Here's where I need help! My steps are as follows:

1. Install Updates & Reboot
2. From here I checked which KB had the fix for ms17-010 - https://technet.microsoft.com/en-us/library/security/ms17-010.aspx  and looks like it's KB4012598 (for Server 2008 SP2 64-bit)
3. Next I checked the Microsoft update catalog against KB4012598 for Server 2008 64-bit, and under packages it shows that  this update was replaced by KB4018466 - https://www.catalog.update.microsoft.com/Search.aspx?q=4012598
4. Back on the server broswed through the updates but couldn't see either KB.  I even ran "systeminfo" from CMD and saved to a text file then I searched for both KB4018466 and KB4012598 but it's not finding any results.

Where am I going wrong here?  Is the update in another KB?
Dear Experts,

According to your personal experience would you suggest Malwarebytes Endpoint Protection or Panda Adaptive Defense 360 in order to add an extra layer of protection for such attacks?
What is the impact for business if failed to update the latest patch?
Please I have antivirus in all the company machines,
what else more to do??
i heard this on the news, WannaCry ransomware

how can i check whether myself or anyone in my network domain users are infected with this ransomware?
Anybody know if there is a update for the 2008 and 2012 MS servers for the "Wannacry" virus? If so what are the KB #'s?
The user has a HP server running Microsoft Server 2003 that they only use for internal file sharing and running FileMaker Server 6.
They occasionally use Firefox to go to a website.  Office 2007 is on it, but Outlook isn't configured as email.
All the Windows updates that can be found have been installed.

MalwareBytes 2 is installed, along with the stand-alone MalwareBytes Anti-Exploit for Business.  MalwareBytes 3 didn't upgrade properly.

This is a 3-computer office (with the server)

Anything else that I can do?


In response to the ransomware threat,I see that we should:

      Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied.
      In accordance with known best practices, any organization who has SMB publically accessible via the internet (ports 139, 445) should immediately block inbound traffic.

First point is sorted.  2nd were not so sure on: we run managed cisco asa firewalls.  We asked if the ports were open or not and confirmed that they are open. Should we block the ports on the ASA will this affect any other services?  Could the managed co actually be misguiding us, as they have confirmed they need to ADD a rule to block these ports..?

I heard that the ransomware that screwed up the british health system and many others.... that was because they were running win xp machines?

or is it more than that?

Any tips on protection?

I saw this page:


that talks of turning off smb 1 protocol for file sharing.

What's the downside / what problems would that cause if we do that on each machine?

Those powershell commands are for win 8 and above.

running those commands on win 7 gets error messages about that command not found.

are there comparable commands to run on win 7?   it's not safe by default / nothing to worry about?

one of the suggestion was to disable SMB traffic to ensure that the new ransomware has a minimal effect. I was just wanting to know the full extent of issues we might get by disabling SMB protocol on our window 7 computers. What precaution I need to take to roll this out in an orderly fashion and is there any easier way of doing it through group policy to disable globally?
Even though we have fully patched all our servers, i thought if this not disrupt too many thing I might as well roll it out in a phased manner to ensure it is completely disabled.
1. What are the effects of doing this?
2. How important to retain this for certain functionalities?

My file server is still on Windows 2003 and i am sure Microsoft stopped its security updates back in 2015 . Due to the amount of user data i have taken a downtime to migrate to windows 2012  server during next July .
But , I am bit concerted about the WanaCryptor / WannaCry cyberattack.
We use  Vipre AV installed on our network and is  up to date. Please suggest at this stage  is there any thing i can do to to protect from this attack.

Any suggestions much appreciated.






Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.