Prevention Against Ransomware
As you must be aware that prevention against ransomware has become one of the most notorious cyber threats. Once a prevention against ransomware Trojan infiltrates your system, it stealthily encrypts your files, including your valuable documents, videos and photos. This entire process runs in the background so the victim is not aware of the problem until it’s too late.
When done with its dirty business, the Trojan informs the user that their files are encrypted. If the victim wants to retrieve their files, they will have to pay a ransom, which is usually several hundreds of dollars, typically paid in bitcoins. Many victims of prevention against ransomware do not have a strong knowledge or background in technology, so the inconvenience is doubled. In case we take few precautions well in advance we can safeguard ourselves from this deadly attack.
Here are 10 simple tips to protect your data from prevention agianst ransomware which can be communicated to all users :- ( http://gisconsulting.in/Wanna-Cry-Ransomware.html )
1. Make sure that you back up your important files regularly. It is highly recommended that you create two back up copies: one to be stored in the cloud (using services like Dropbox, Google Drive, etc.) and the other recorded to a physical means of storage (portable hard drive, thumb drive, extra laptop, etc.). Once your back up copy is ready, make sure you set up certain restriction for the files: your ‘Plan B’ device should have only read/write permissions, without an opportunity to modify or delete the files. Your back up copy could save you in all kinds of circumstances, including the accidental removal of the critical file or drive failure.
2. Regularly check that your back up copy is ok. There are times when an accidental failure can inflict damage to your files.
3. Cyber criminal often distribute fake email messages mimicking email notifications from an online store or a bank, luring a user to click on a malicious link and distribute malware. This method is called phishing. With that in mind, fine-tune your anti-spam settings and never open attachments sent by an unknown sender.
4. Trust no one, literally. Malicious links can be sent by your friends on social media, your colleague or online gaming partner whose accounts have been compromised in one way or another.
5. Enable ‘Show file extensions’ option in the Windows settings. This will make it much easier to distinguish potentially malicious files. As Trojans are programs, you should be warned to stay away from file extensions like “exe”, “vbs” and “scr”.You need to keep a vigilant eye on this as many familiar file types can also be dangerous. Scammers could use several extensions to masquerade a malicious file as a video, photo, or a document (like hot-chics.avi.exe or doc.scr).
6. Regularly update your operating system, browser, antivirus, and other programs. And don’t use end of life products of operating system. Culprits tend to exploit vulnerabilities in software to compromise systems.
7. Use a robust antivirus program to protect your system from ransomware which prevents viruses from getting into your computer, or, should the virus infiltrate your system after all, protect important files using its special capability.
8. If you discover a rogue or unknown process on your machine, cut off the Internet connection immediately. If the ransomware did not manage to erase the encryption key from your computer, there’s still a chance you can restore the files. However, the new strains of this type of malware use a predefined key, so this tip, unfortunately, would not work in that case.
9. If you are unlucky to have your files encrypted, don’t pay the ransom, unless the instant access to some of your files is critical. In fact, each payment fuels this unlawful business which would prosper as long as you pay money.
10. If you have been infected by prevention against ransomeware, you should inform your IT Team which will try to find out the name of the malware: maybe it’s an older version and it is relatively simple to restore the files. Ransomware used to be less advanced in the past.
Note: If you are running Windows 10, you are not targeted by this attack.
Advisory For IT Teams
Microsoft released information what can be done to protect against WannaCry[1] which includes deploying MS17-010 if not already done (March patch release)[2], update Windows Defender (updated 12 May)[3] and if not using SMBv1 to disable it available here.
Microsoft has provided a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.
A live map of the infection is available here.
Update 1:
There is additional information including hashed, C&C sites as well as the file type it will encrypt and samples located here. US-CERT released the following information of Indicators Associated With WannaCry Ransomware here.
Update 2:
There are reports that indicate that WannaCry VERSION 2 has been released and the kill switch that had been activated by a security researcher has been removed. If you haven’t already applied MS17-010 and blocked inbound SMB traffic, you can still fall victim of this Ransomware.
[1] https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks
[2] https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
[3] https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt
[4] https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
[5] https://intel.malwaretech.com/WannaCrypt.html
[6] https://gist.github.com/pcostesi/87a04a3bbbdbc4aeb8b787f45eb21197
[7] https://www.us-cert.gov/ncas/alerts/TA17-132A
[8] http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html
In case of any further queries, please feel free to contact us anytime.
Best regards
Naveen Dham
Chief Security Officer
(B-Tech & MSc in Cyber Forensics & Information Security)
(LA /LI -ISO27001,PCI DSS,ISO9001 & ISO 20000)
Global IS Consulting
||Empowering Excellence||
479, DLF Phase-4, Sec-28, M.G.Road, Gurgaon, Haryana.
Phone +91 11-27056838 ||Mobile +91 9810956838
gisconsulting.in || Skype – naveen.dham
Checkout our more services on Information and Cyber Security.
