Reply to post:

Massachusetts city tells ransomware scumbags to RYUK off, our IT staff will handle this easily

big_D Silver badge

There are enough vulnerabilities out there to escalate privileges. Malware can use unpatched buffer overflow vulnerabilities etc. to push up their rights for the local machine. If they can use an unpatched CIFS/SMB flaw, they can escalate their privileges on the remote file server as well.

Even without that, if you infect enough PCs and make it a co-ordinated attack on the network, you will get access to a vast majority of the shared user data on the network drives.

If one of the infected PCs is being used by a domain administrator, you have already lost, as it will have complete access - it can use the hidden, system level shares on the servers and other PCs to spread itself.

That is why best practice these days is never to log onto a local PC with domain level administrator rights and to have a separate PC / VM used purely for administration, with no other software on it and not used for email, data transfers or web browsing.

A home PC just isn't worth it. Most people wouldn't pay, and if they did, they wouldn't pay very much. You would be nickel and diming thousands of PCs to get the equivalent of one corporate take-down. That isn't to say that it can't/won't happen, but they aren't the primary target.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon