Windows 10 Remote Access "Ransomware" Vulnerabilities.

edited October 25 in Chit chat
Someone I know had their Windows 10 PC computer hacked recently . They were using the Windows 10 "Remote Access" facilities . And they also had a bad habit of leaving the computer on unattended . I think this particular bot churns its way through the files on a PC , encrypts them so they are not longer accessible and then sends a demand for cash.

I do not know much about this but maybe I need to learn more . What are the things that can be done to avoid this?

Post edited by harriusherbartio on

Comments

  • If you use a search engine (for example duckduckgo) to check how to activate Remote Access, you'll find that there are many steps needed even for that being activated.

    The easiest way is to follow those and learn what you need to do to turn it on or off, so that when someone asks you to do it, you can ignore them, or reverse it.

    But the best way is to ignore people from "Microsoft" or unsuspicious emails, or ask someone in person to check your computer for this every other month, for example.

    Also make sure you have backups of things that you deem important, because it probably will happen some day anyway.
    Thanked by 1harriusherbartio

  • I have been told that the problem with Windows Remote Desktop Access can be avoided by using a Windows Password . I never have bothered with that but am considering whether to do so now.
  • And having a modern configurable router is vital I am told for setting up the ports so they are not OPEN . I think that Windows Desktop remote Access has the router ports (or simllar) set to OPEN by default and this can create a security vulnerabilty that the AUTO BOTS can exploit to gain access.

    Zx1 on another thread suggested the use of MALWARE BYtes for this kind of security issue . I used it for years till my "free trial" had expired . Because I do not pay I found it to be a bit of a temporay solution but a good one nevertheless.

    So I am getting use to the idea of the router as a sort of firewall . My expertise on Firewalls though is very limited . At one time they were stand alone products but now there seem to be 2 main type 1) Using the router as firewall 2) The Built in Windows Firewall . I need to "up my game" a bit in these areas..
  • And having a modern configurable router is vital I am told for setting up the ports so they are not OPEN . I think that Windows Desktop remote Access has the router ports (or simllar) set to OPEN by default and this can create a security vulnerabilty that the AUTO BOTS can exploit to gain access.

    Zx1 on another thread suggested the use of MALWARE BYtes for this kind of security issue . I used it for years till my "free trial" had expired . Because I do not pay I found it to be a bit of a temporay solution but a good one nevertheless.

    So I am getting use to the idea of the router as a sort of firewall . My expertise on Firewalls though is very limited . At one time they were stand alone products but now there seem to be 2 main type 1) Using the router as firewall 2) The Built in Windows Firewall . I need to "up my game" a bit in these areas..

    My advice would be to install and configure a Hardware Firewall.


  • You don't want to think about it as using the router as a firewall OR using Windows Firewall, you definitely want to do both. That way if something on your internal network is compromised (say an exploit of the router itself) there is still additional protection in place. There really is no good reason not to have Windows Firewall turned on in this day and age.

    As for things like Remote Access, they're inevitably harder to secure. Personally I'd advocate using a cloud based service like Gdrive, OneDrive or DropBox to keep copies of files you might need to access remotely. That way you aren't directly exposing your own devices and the companies behind these services are going to be much better at protecting you against ransomware etc.

    And, as a last resort, always make sure you have offline backups of anything really, really important to you. A bunch of backup files saved on a hard drive that isn't plugged into anything are not going to get compromised by a hacker who encrypts your whole machine.
  • edited October 28
    I have been told that the problem with Windows Remote Desktop Access can be avoided by using a Windows Password . I never have bothered with that but am considering whether to do so now.

    Are you saying that you don't log into Windows with a password/passcode? Or...
    Your friend set up Remote Desktop without requiring a password to login?

    Either way - stop doing this. Immediately. As in yesterday.

    If it's yourself, what if your computer is stolen? Someone has access to everything simply by turning it on.

    If it's your friend then, Christ, he's basically done numero uno on "don't do" for remote access. There are people out there who are literally hammering IP addresses on Port 3389 (which is RDP's port) and that hacker must have thought Christmas came early when he got in. At the absolute minimum a password is a requirement.
    Post edited by Vampyre on
    Thanked by 1harriusherbartio
  • edited October 28
    Windows, since XP at least, doesn't allow remote connections with user accounts that don't have a password set. So, counter-intuitively, it can actually be more secure to run with no password as opposed to a very weak one. That may not apply to Remote Desktop connections though, it's been a while since I looked into it.

    On Windows 10 you're better off setting a much more complex password and then using a Pin, Picture Password or Hello to sign in so you don't have to remember a more complex one each time.
    Post edited by AndyC on
    Thanked by 1harriusherbartio

  • Normally I don't have to bother as someone else is the "secuity expert" . Trouble with that is I dont learn anyrhing about it till it goes wrong: effectively I am deskilled in this area .Having "one expert" is good until there is a problem We got away with it this time . I suppose the learning points are:-

    1) Remote access does need "looking after" and has specific security weaknesses
    2) Norton does not "do everything" as not "everyone" will necessarily use it ( I do)
    3) Windows Passwords are worth a second look
    4) I now know about Port 3389 the RDP port (on the router??)
    5) The Windows Defender software firewall is worth a look
    6) I think "Hardware Firewall" means setting up the Router ports correctly

    Areas that need more work:-
    1) The relationship between Window's Defender Firewall and the Hardware (Router Based) Firewall
Sign In or Register to comment.