Reply to post: Use of SMBv1 for XP compat may be at the core

Forget BYOD, this is BYOVM: Ransomware tries to evade antivirus by hiding in a virtual machine on infected systems

bombastic bob Silver badge

Use of SMBv1 for XP compat may be at the core

Since the VM is (apparently) running a version of Windowx XP, I have to wonder whether or not the BLOCKING of SMBv1 would stop it dead in its tracks?

SMBv1 is known to have serious vulnerabilities due to weak encryption. In every version of windows since Vista it should be possible to turn SMBv1 compatibility OFF [and this includes any Samba servers or NAS drives]. Unless you need to run XP machines on your network with file sharing enabled, it's probably a good idea to do this anyway.

I would be interested, though, in knowing whether "disable SMBv1" is a possible mitigation for this ransomware.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020