I considered the posibility but the attack began about 20 minutes after I replied to a bizzare and cryptic text to my mobile signed Ivan the terrible.
I responded and 2 months of my phones picture data was corrupted.
Then my PC began to suffer. I've always surfed a bit fast and loose, never thought I'd end up playing this game. The firewal was not doing it's job then because I hadn't set it up properly.
ActionFraud and the Police have been looking into it, but I lack the knowledge to trace the origin of these attacks.
Will BT be able to help them when/if they're contacted?
I suspect it is more likely that you have downloaded malware onto your phone/computer which has then allowed the hacker access to your home network and any device that is connected to it rather than your firewall not being configured correctly.
Firewalls on routers and Windows built in firewall do not normally require any configuration to work safely, it is usually user intervention making incorrect changes that causes problems.
Only BT will be able to answer the question about assisting and it will only be if they are provided with the correct paper work.
If it was you that changed port settings etc it would appear to be user error so I don't thing having a non BT router would have made any difference.
A sore lesson to learn but make sure that you are fully aware of why and what you are doing if you make any firewall and security changes.
I agree with gg30340, sounds like you have some malware. Best course of action is to format all your effected Devices back to factory settings. You might backup your pc’s if you use them for business, just make sure you chose a date from well before this whole thing started.
my only other question is, why would a Microsoft employee cyber attack a landscape gardener for cancelling a job during COVID-19 outbreak? That doesn’t ring true.
"A sore lesson to learn"
"Not sure what having a non-bt router would do"
A non BT router will not allow itself to be scrubbed of evidence in real time whilst a person bombards it to the point it jams wireless and other features. I need to pay for some extra protection because BT have shrugged at me down the phone and the community keep telling me alternative scenarios are a reality.
"Best course of action is to format all your effected Devices back to factory settings. You might backup your pc’s if you use them for business, just make sure you chose a date from well before this whole thing started. "
I think you wildly underestimate what I've already done in GTP formating the drives.
This is a fresh, OEM install I am running now, less than 2 weeks old.
"my only other question is, why would a Microsoft employee cyber attack a landscape gardener for cancelling a job during COVID-19 outbreak? That doesn’t ring true. "
He was an aggressive irish man with a heavily pregnant wife who wasn't happy with me saying I couldn't carry on during this outbreak and not charging him £600 for the work done so far aparently wasn't enough.
They both went on a tirade that I had to finish the job no matter what.
The Police have said this doesn't happen to random people for no reason, and that is the only motive my brain has added up.
I did not say "Not sure what having a non-bt router would do"
I said "it would appear to be user error so I don't thing having a non BT router would have made any difference" and I still say that in view of what you said. "My firewalls weren't set up safely, it was adjusted for more speed in gaming, I had a great number of custom port forwarding rules in place and safe guards I had disabled".
It was you that changed and disabled various things so it was you and not the router that allowed anything through the firewall, if indeed that is the cause of your problem, and that would be the same on any router if you alter the settings in the manner in which you say you did.
In any event there is nothing further to add that would assist you so good luck in getting to the bottom of this.
A BT router can be ‘scrubbed’ as easily as a 3rd party one. All have factory resets.
however, restarting the router or performing a factory reset will cause you to pickup a new IP address. If whoever is attacking you can move to attacking the new IP address then that points to something inside your network publishing your address out. That gives the impression that something is infected.
if you turn all devices off, including phones, iPads etc. So nothing is attached to the router. Then reboot your router, and ensure you have a new iPad address , then start up a clean machine, do you see the same attack?
I hear you, but there are routers that have their own memory to record and keep backups and let you emulate the network to monitor the attack better. I'm just butthurt that I can't seem to get the same functionality with this one.
Yes, If I lock everything off and factory reset the network it carries on as normal.
Norton is finding nothing, I used masterkey forensic to read through the drives before I formated them back to NTFS and put a clean version of windows on. This SSD is clean.
I'm going to now remove the dead the HDD and see if this stops it.
No luck. Attacks continued. However, I did see one entry from a non proxied IP 188.8.131.52
3 attempts in a row, the first ones after reset.
I managed to capture it, when I refreshed they had been removed and it was a another list of this.
|16:59:10, 13 Apr.||IN: BLOCK  Remote administration (TCP [184.108.40.206]:36276->[220.127.116.11]:22 on ppp3)|
|16:57:24, 13 Apr.||BLOCKED 2 more packets (because of Default policy)|
|16:57:23, 13 Apr.||IN: BLOCK  Default policy (TCP [18.104.22.168]:443->[22.214.171.124]:62570 on ppp3)|
|16:57:09, 13 Apr.||IN: BLOCK  Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [126.96.36.199]:443->[188.8.131.52]:62620 on ppp3)|
|16:57:03, 13 Apr.||IN: BLOCK  Default policy (TCP [184.108.40.206]:51591->[220.127.116.11]:9833 on ppp3)|
Am I correct in assuming your verdict would that my device is compromised?
I have ordered a new SSD but I feel pretty hopeless I won't shake this.