I don't think we should really exaggerate the risk level
for this, at least for home users.

In a corporate environment, it's an issue of "scale".

1) Just the worm-like network packets sent, can slow
a network down. Even if the AV on a target machine
blocks the effects of an incoming packet, the packets
being sent use up network bandwidth. This is why some
enterprises claimed they were "disturbed" by WannaCrypt,
but not turned into a meltdown.

2) There can be a lot more machines on one LAN segment,
compared to a home user.

For a home user, the level of risk is relatively the
same between Locky, and WannaCrypt. Certain flavors of
Locky can crawl through existing file share mounts, or
mount the disk in question (if the mount does not
require the user to type a password perhaps). If you
have only two running computers on your home LAN right
now, Locky could end up encrypting most of the partitions,
while WannaCrypt could encrypt all of them.

In terms of preparedness, both require a complete home
backup strategy, for best protection.

At the current time, you still have to click on an
email attachment, to be infected, for WannaCrypt to
get inside your LAN. The typical IPV4 NAT router
protects against incoming worm-like behavior. It
takes effort for the average user, to have port-forwarded
the necessary port(s), for a Port Forwarded file share
to be an (original) infection vector.

The situation is lamentable, but the solutions
really aren't all that different than preparing
for a visit from Locky.

Now, if any of these things use an Adobe Flash exploit
as the entry vehicle (no matter which Ransomware is involved),
*then* we're in deep trouble. Popular web sites still sell
advertising space involving Flash content from unknown sources.
Whether WannaCrypt or Locky were to get in that way, it
would be a mess. No amount of patching of Adobe Flash,
seems to be enough.

Personally, I'm still worried about Locky.

Paul

"David E. Ross" <***@nowhere.invalid> wrote

| The NSA
| developed the tool used for ransomware and failed to secure its own
| computer systems against theft of that malware.

I'm imagining the NSA using the marketing
logic of the gun lobby: "If you outlaw malware
only outlaws will have malware. And we can't
have that." :)

There was even news recently that the NSA
had developed "hassleware", to cause general
disruption of 3rd-party software on target
machines:

https://www.bleepingcomputer.com/news/security/wikileaks-dump-reveals-cia-malware-that-can-sabotage-user-software/

Your tax dollars at work. I have to wonder how
much of this is adult teenagers without enough
supervision. It's hard to imagine any useful purpose
for planting malware that periodically kills Firefox
or IE processes. That's just juvenile nonsense.

Simple, on Windows 10 you are more or less forced to do your updates
while on Windows 7 you're not, plus a lot of stupid people have stopped
doing updates on Windows 7 believing that Microsoft is using updates to
force spyware and Windows 10 on them.

Booford you posting drunk again?

That's what your mom said when she coughed you out head first on
a concrete floor.