router security after ransomware attack

whatsisname22 · ‎26-09-2019

@Anonymous I'd have to go and check, but it was in the region of 20, created by a true random password generator. I thought this was perfectly safe. I was wrong. I'll no longer have external access to rdp, which is inconvenient, but I've lost terabytes of data, so not risking that again. it's a real eye opener just how destructive recent crypto virus can be and how pernicious they are at getting in. I believe mine was a manual attack once in past the brute force entry.

whatsisname22 · ‎26-09-2019

@Anonymous that's interesting I didn't even know that firewall was there. so that's at the plusnet servers end, blocking traffic before it even gets to my router? I looked at my account setting and it was set to off.

whatsisname22 · ‎26-09-2019

@MasterOfReality so a factory reset is advised?

will this restore it to how it was when I received it ie with login details already in place or will I need to manually enter some stuff?

whatsisname22 · ‎26-09-2019

with regards Upnp, I will be turning mine off. I don't need it and didn't realise up till now that it was such a high security risk.

MasterOfReality · ‎26-03-2018

@whatsisname22

Yeah a reset has been advised by our products team 👌

@Baldrick1 - each to their own, at the end of the days it's down to preference really

Thanks,

MoR

MasterOfReality · ‎26-03-2018

@@whatsisname22 - resetting the router shouldn't make the auth credentials fall away, if it does then its just your username+@plusdsl.net and your password to force it back online.

Thanks,

MoR

Anonymous · ‎27-09-2019

@whatsisname22 wrote:
... I didn't even know that firewall was there. so that's at the plusnet servers end, blocking traffic before it even gets to my router?

Yes, it blocks unsolicited attempts from external sources from ever reaching your router.

You can test whether any router service ports are visible externally by running a port scan test.

I tend to use GRC ShieldsUP! to check my system.

Go to the GRC website - https://www.grc.com/

Select "ShieldsUP!" from the drop down [Services] tab.

Click on the [Proceed] button

Click on the [All Service Ports] button (near the centre of the page)

Let the test run for about 70 seconds

Then read what the recommendations are if you don't get a perfect result like this -

whatsisname22 · ‎26-09-2019

@Anonymous thanks for the advice I'll check that out.

with regards the phobos virus itself, does anyone know whether it can compromise the actual MBR of the hard disk that the infected OS is on? or can it only infiltrate the OS?
I am about to restore a safe acronis backup image of the system partition but that doesn't necessarily replace the MBR I think? the MBR exists outside the OS partition right?

whatsisname22 · ‎26-09-2019

@Anonymous I tried the Shields Up test and got a perfect score. this was after activating High on the Plusnet end firewall. didn't test it beforehand when it was off. thanks for the tip.

router security after ransomware attack

Re: router security after ransomware attack

Re: router security after ransomware attack

Re: router security after ransomware attack

Re: router security after ransomware attack

Re: router security after ransomware attack

Re: router security after ransomware attack

Re: router security after ransomware attack

Re: router security after ransomware attack

Re: router security after ransomware attack