Want to Cry

Speedster

Speedster

Honorary Master
Joined
May 2, 2006
Messages
32,115
Reaction score
21,443
Location
Hatfield
My home server got hit by a want_to_cry ransomware attack... It kind of sucks, but fortunately I was able to just rebuild the server without losing too much.

I'm not 100% sure how the hackers got in, but it looks like they exploited a SMB vulnerability in Home Assistant.

I've now rebuilt the server (fortunately had a clean cloud backup of Home Assistant) and gone big on security this time around. Everything is now locked down and only accessible via a wireguard tunnel - nothing on my server is public facing/exposed anymore.

Some advice from me if you have a home or cloud server - make sure your SMB is secure.


Here's some more on the ransomware: https://www.sophos.com/en-us/blog/wanttocry-ransomware-remotely-encrypts-files
 
Last edited:
how was it exposed to the internet previously? port forwarding?

sorry about this man
 
SMB was exposed to the internet?

So you had more than just the 8123 exposed and no reverse proxy in front?
 
Would highly recommend using Nginx Proxy Manager. Can run it on HA as an addon.
 
Sorry mate. Definitely , if setting up the reverse proxy is too complicated, paying for a Nabu Casa subscription makes it easier and also helps to contribute to the project.
 
TedLasso said:
Sorry mate. Definitely , if setting up the reverse proxy is too complicated, paying for a Nabu Casa subscription makes it easier and also helps to contribute to the project.
Click to expand...
What would I win with the reverse proxy that I don't have with wireguard?
 
England has not even arrived yet….. need to cry now big guy.
 
giphy.gif


Oooof this makes me shudder.

Back in the day, our office got hit with that wannacry BS.
FFS
 
W@P said:
giphy.gif


Oooof this makes me shudder.

Back in the day, our office got hit with that wannacry BS.
FFS
Click to expand...
Yeah, these things suck. The name is similar to that older attack, but it's not quite the same thing.

The waanacry one was self propagating, this one seems to be an active attack.

Anyway fortunately its all sorted now.
 
Speedster said:
What would I win with the reverse proxy that I don't have with wireguard?
Click to expand...

No need to first connect to wireguard which especially with HA and presence detention and that kind of thing is a big issue and why I don’t use it and prefer a direct connection.

You only expose 443 to the reverse proxy and nothing else.

Run DuckDNS if you don’t have a paid for domain.
 
SauRoNZA said:
No need to first connect to wireguard which especially with HA and presence detention and that kind of thing is a big issue and why I don’t use it and prefer a direct connection.

You only expose 443 to the reverse proxy and nothing else.

Run DuckDNS if you don’t have a paid for domain.
Click to expand...
I'm more than willing to run the reverse proxy, but I'm not getting the win. Wireguard means nothing is exposed publically and it takes all of 2 secs to toggle the connection from any of my devices.

Bonus is I get access to my Plex server when I'm away from home.
 
Speedster said:
My home server got hit by a want_to_cry ransomware attack... It kind of sucks, but fortunately I was able to just rebuild the server without losing too much.

I'm not 100% sure how the hackers got in, but it looks like they exploited a SMB vulnerability in Home Assistant.
Click to expand...
Compromised or weak password?
I'd never open SMB outside the LAN personally.
As for passwords, passphrases are better, particularly with spaces between words. Nice and long character wise and high entropy.
 
Speedster said:
My home server got hit by a want_to_cry ransomware attack... It kind of sucks, but fortunately I was able to just rebuild the server without losing too much.

I'm not 100% sure how the hackers got in, but it looks like they exploited a SMB vulnerability in Home Assistant.

I've now rebuilt the server (fortunately had a clean cloud backup of Home Assistant) and gone big on security this time around. Everything is now locked down and only accessible via a wireguard tunnel - nothing on my server is public facing/exposed anymore.

Some advice from me if you have a home or cloud server - make sure your SMB is secure.


Here's some more on the ransomware: https://www.sophos.com/en-us/blog/wanttocry-ransomware-remotely-encrypts-files
Click to expand...
giphy.gif
 
Speedster said:
My home server got hit by a want_to_cry ransomware attack... It kind of sucks, but fortunately I was able to just rebuild the server without losing too much.

I'm not 100% sure how the hackers got in, but it looks like they exploited a SMB vulnerability in Home Assistant.

I've now rebuilt the server (fortunately had a clean cloud backup of Home Assistant) and gone big on security this time around. Everything is now locked down and only accessible via a wireguard tunnel - nothing on my server is public facing/exposed anymore.

Some advice from me if you have a home or cloud server - make sure your SMB is secure.


Here's some more on the ransomware: https://www.sophos.com/en-us/blog/wanttocry-ransomware-remotely-encrypts-files
Click to expand...

giphy (8).gif
 
Speedster said:
I'm more than willing to run the reverse proxy, but I'm not getting the win. Wireguard means nothing is exposed publically and it takes all of 2 secs to toggle the connection from any of my devices.

Bonus is I get access to my Plex server when I'm away from home.
Click to expand...

But you get access to the your Plex server anyway??

The main issue is that those 2 seconds are generally hands free for me so it’s a huge hurdle in usability especially when it happens multiple times a day.

I want it to just work without manual intervention.

If that’s not a problem then by all means. After all you can just change it later.
 
SauRoNZA said:
But you get access to the your Plex server anyway??

The main issue is that those 2 seconds are generally hands free for me so it’s a huge hurdle in usability especially when it happens multiple times a day.

I want it to just work without manual intervention.

If that’s not a problem then by all means. After all you can just change it later.
Click to expand...
I don't think I'm able to access Plex server (on my home server) remotely, unless I'm missing something.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X