router security after ransomware attack
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- router security after ransomware attack
router security after ransomware attack
26-09-2019 8:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I am dealing with the infection itself separately, and obviously have now closed all the ports that were forwarded on the router. my question is, has the router itself been compromised? do I need to factory reset or change the login admin credentials?
w.
Re: router security after ransomware attack
26-09-2019 8:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hey @whatsisname22,
Thanks for getting in touch.
I'm really sorry to hear your router has been attacked by this virus.
I would suggest factory resetting the router for now, I've sent an email to our products team to find out more info if your router has been compromised and what the next steps would be.
Thanks.
Re: router security after ransomware attack
26-09-2019 9:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
if I do reset, what information will I need to get up and running again? just user name and password?
Re: router security after ransomware attack
26-09-2019 9:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
No worries @whatsisname22.
It can take up to 24-48 hours sometimes for a response, but I'll chase it for you tomorrow when I get in at 13:30.
That's correct.
Thanks.
Re: router security after ransomware attack
26-09-2019 9:23 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: router security after ransomware attack
27-09-2019 1:03 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Turn off remote desktop connection.
Re: router security after ransomware attack
27-09-2019 2:07 AM - edited 27-09-2019 2:10 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I did have a port forward set up for remote desktop from outside the home lan, with a huge password created by a true random password generator. I though that was ok. clearly I was mistaken.
Re: router security after ransomware attack
27-09-2019 7:16 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Out of curiosity @whatsisname22 what length of password were you using?
Re: router security after ransomware attack
27-09-2019 8:42 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I suggest logging into the Plusnet "Member Centre" and then setting Plusnet's network level "Broadband Firewall" to the "High" setting, to stop ALL externally initiated network sessions from reaching your WAN connection - at least until you are sure that your router is safe again.
I'd also ensure in your home router configuration that "UPnP" is DISABLED to prevent anything on your LAN silently opening any port forwards on your router's firewall.
Re: router security after ransomware attack
27-09-2019 9:16 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've managed to get in touch with one of the products team internally (though, it's just my luck the only one I managed to get hold of is a Fixed Line guru, rather than Router Security wizard).
All the same, they have said that they are going to pass this across to the correct person to look into, so I would expect either someone to reply on here, or, to send me some info (in which case I will update thew thread again).
Hold tight and I'm sure we will get back in touch soon.
Thanks,
MoR
Re: router security after ransomware attack
27-09-2019 10:44 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
We have had this reply from Products:
"This customer’s router is highly unlikely to be compromised and any port forwarding/local network access the virus/malware was granted is likely to have been the result of UPnP rather than an explicit port forward.
A factory reset will wipe the memory/config and there’s no method I’m aware of that would result in anything nasty lingering after doing so.
All of this is irrelevant though if the customer still has infected machines that they plan on connecting to the router."
I hope it gives you some peace of mind - have you performed a reset as of yet?
Thanks,
MoR
Re: router security after ransomware attack
27-09-2019 11:47 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Is the Hub One default condition for uPnP the same as for the Smarthub, that is set to On after a factory reset? If so should the OP (and in my opinion, every other user unless they really need it) be advised to turn it off?
Moderator and Customer
If this helped - select the Thumb
If it fixed it, help others - select 'This Fixed My Problem'
Re: router security after ransomware attack
27-09-2019 12:03 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi @Baldrick1
I can't answer this right off the bat i'm afraid - I'll reply to products asking for clarity on whether uPnP is set to On after a reset.
Thanks,
MoR
Re: router security after ransomware attack
27-09-2019 12:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Baldrick1 - I got a reply quick sharp
"UPnP will be on by default with extended security enabled, and this is how I would recommend it is left for most customers"
Thanks,
MoR
Re: router security after ransomware attack
27-09-2019 12:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I guess that this recommendation is to make the router as simple to use as possible for the average user. I will keep mine switched Off https://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/
Moderator and Customer
If this helped - select the Thumb
If it fixed it, help others - select 'This Fixed My Problem'
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- router security after ransomware attack