Any wannacry victims?

[z3r0aCc3Ss]

Hello everyone, it's really been a long long time I am active on this forum. I think it's a time to make a comeback. It's nice to see all the legends... cats, b_b

Anyway, on May 15th I was the victim of WannaCry attack. Don't know how it happened. I did have Windows 7 64-bit Ultimate unpatched version. I use VPN all the time. Either PureVPN or NordVPN. I have key scrambler, and Comodo firewall. Despite this, I got hit by it. I immediately found some suspicious activity on my computer, and blocked all the connections and everything was sandboxed. Fortunately, I was able to recover all my data. Thanks to b_b for all previous data recovering posts and ideas. But couldn't recover Prison Break series. I had it on BluRay 720p, with English and Russian audio and subs, 225 GB totaling 5 seasons. Also, Jetsons, Samurai Jack, Courage the cowardly dog, Captain Planet, and SwatKats were lost. But all my work files were safe.

My computer was on sharing with 2 other people. I have a strong feeling that it must have entered through their logins as sometime, Comodo and VPN not used to work on their logins.

What could be other reasons?

[ayu]

As far as I know the method of spreading was that of a pure worm.
So something on your network must have been open directly towards the Internet at some point.
That would be my guess.

How does the setup look like when it comes to router/firewall in to your network?
Are any ports open there?

[z3r0aCc3Ss]

As far as I know the method of spreading was that of a pure worm.
So something on your network must have been open directly towards the Internet at some point.
That would be my guess.

How does the setup look like when it comes to router/firewall in to your network?
Are any ports open there?

My setup is like this:

I have my main router + model (wireless) through which I receive broadband. Then there is intermediate router (wireless) on which PureVPN is installed. I had specifically bought this and installed PureVPN on a router itself (I think it's better). Then my computer has a TP-Link WiFi dongle via which I connect to the intermediate router. As far as ports are concerned, all the non-required ports are closed. Only specific ports such as 21, 22, 80, 8080, etc. are open. Even my firewall has "Block All, Allow specific" policy. But I strongly feel that TCP 443 was open.

[ayu]

Strange. But my first reaction from this is that your VPN service might have opened the door somehow.
Have you tried scanning the IP range on your VPN to make sure you can't reach other machines in the same network?
That could be a potential way in for wannacry.

[z3r0aCc3Ss]

Yea, pretty much. I do IP range scanning frequently, sometimes just for sake of timepass.
Machine access over the network is strictly prohibited.

[ayu]

Yea, pretty much. I do IP range scanning frequently, sometimes just for sake of timepass.
Machine access over the network is strictly prohibited.

Hmm yeah then it's pretty weird.
I would be worried if I were you, at least until you can find a logical explanation to how it got in your system

[Gogeta70]

I know this is a bit dated, but if i remember correctly, WannaCry spread primarily through an exploit in the Windows SMB protocol. Make sure you either disable those services on your marchine, or firewall ports TCP 445, and UDP 137, 138 and 139. Alternatively, switch to linux