Best practices for protecting against WannaCry ransomware
What is ransomware ?
Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it.
The message that flashed up on hundreds of thousands of screens infected by the WannaCry virus over the last few days demanded payment of $300 (275 euros) in Bitcoin, saying: “Ooops, your files have been encrypted!”. It warned that if payment was not made within three days the price would double, and if none was received within seven days the locked files would be deleted. “Bitcoin is digital cash. The transactions are totally anonymous and non-refundable. However, they are totally traceable. “All the transactions are stored in databases called blockchains. It’s anonymous but anyone can monitor a bitcoin address. “Bitcoin doesn’t need a bank so this monetary flow escapes any supervision and any checks. The accounts don’t have a physical address or a bank address and they are not stored centrally anonymity comes before anything else.”
9: Refrain from clicking links in email
In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you have to click on a link in email, make sure your browser uses web reputation to check the link, Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype. Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names.
Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it.
The message that flashed up on hundreds of thousands of screens infected by the WannaCry virus over the last few days demanded payment of $300 (275 euros) in Bitcoin, saying: “Ooops, your files have been encrypted!”. It warned that if payment was not made within three days the price would double, and if none was received within seven days the locked files would be deleted. “Bitcoin is digital cash. The transactions are totally anonymous and non-refundable. However, they are totally traceable. “All the transactions are stored in databases called blockchains. It’s anonymous but anyone can monitor a bitcoin address. “Bitcoin doesn’t need a bank so this monetary flow escapes any supervision and any checks. The accounts don’t have a physical address or a bank address and they are not stored centrally anonymity comes before anything else.”
What does ransomware do?
They can target any PC
users, whether it’s a home computer, endpoints in an enterprise network, or
servers used by a government agency or healthcare provider.
Ransomware can:
·
Prevent you from accessing Windows.
·
Encrypt files so you can't use them.
·
Stop certain apps from running (like your web browser).
Ransomware will demand
that you pay money (a “ransom”) to get access to your PC or files. We have also
seen them make you complete surveys.
There is no guarantee that
paying the fine or doing what the ransomware tells you will give access to your
PC or files again.
There are different
types of ransomware. There are two types of ransomware in circulation Encrypting
ransomware & Locker ransomware .
1: Encrypting ransomware
which incorporates advanced encryption algorithms. It’s
designed to block system files and demand payment to provide the victim with the
key that can decrypt the blocked content. Examples include CryptoLocker, Locky, CrytpoWall
2: Locker ransomware,
which locks the victim out of the operating system, making it impossible
to access the desktop and any apps or files. The files are not encrypted in
this case, but the attackers still ask for a ransom to unlock the infected
computer. Examples include police-themed ransomware or Winlocker.
In most instances
ransomware is automatically downloaded when you visit a malicious website or a
website that's been hacked.
3: Avoid clicking on
links or opening attachments or emails from people you don't know
or companies you don't do business with.
6: Regularly backup your
important files.
There is no known tool
to decrypt the files encrypted by CryptoLocker. One good safe computing
practice is to ensure you have accurate backups of your files. The 3-2-1
principle should be in play: three copies, two different media, one separate
location. Windows has a feature called Volume Shadow Copy that allows you to restore files to their
previous state, and is enabled by default.Cloud storage services can be a
useful part of your backup strategy.
7: Always check who the
email sender is If the email is supposedly coming from a bank, verify with your
bank if the message is legitimate. If the email came from a personal contact,
confirm if your contact sent the message. Do not rely solely on trust by
relationship, as your friend or family member may be a victim of spammers as
well. (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or
punctuation (like “iTunesCustomer Service” instead of “iTunes Customer
Service”).
8: Double-check the content
of the message
There are obvious factual errors or discrepancies that you can spot. Example, if your bank or a friend claims that they have received something from you, try to go to your recently sent items to double-check their claim. Such spammed messages can also use other social engineering lures to persuade users to open the message.
There are obvious factual errors or discrepancies that you can spot. Example, if your bank or a friend claims that they have received something from you, try to go to your recently sent items to double-check their claim. Such spammed messages can also use other social engineering lures to persuade users to open the message.
9: Refrain from clicking links in email
In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you have to click on a link in email, make sure your browser uses web reputation to check the link, Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype. Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names.
10: Disable Macros on Office Documents
Beware
of email attachments that request you to enable macros. Malicious actors can
hide macro malware in Microsoft Word or Microsoft Excel documents. These
malicious documents are sent as spam email attachments, or inside ZIP files
attached to spam emails. They use files names designed to entice you into
opening them.
11:Disable
ActiveX for Better Browser Security
Intended
as a means of mediating between Java and Flash interactions (animations,
multimedia content, etc.) on certain websites and Microsoft’s Internet
Explorer, Edge and third-party browser applications based on the Explorer
engine, ActiveX has long been a source of worry to champions of cyber-security.
In the wrong hands, ActiveX may readily provide an avenue for malicious
software to gain access to your system.
12:Install
a popup blocker
A
browser extension that blocks third-party popup ads can keep you on the safe
side as well. Such add-ons address the risk of drive-by downloads, where users
are duped into clicking something that looks harmless, but the interstitial or
in-page ad triggers an obfuscated malware download routine in the background.
13:Disable
Ports 135, 137-139, 445
a. Press Windows key + W and type Windows
Firewall.
b. Click
on Windows
Firewall.
c. Click
on Advanced
Settings on the left side.
d. In
the new window, click on New Rule, located to the top right side of the window.
e. Select Port and click on Next.
f. Specify
the port you wish to disable and click Next.
g. Select Block the Connection and follow the on-screen instructions.
Microsoft
solution for Ransomware Attack
Apply
security update immediately for Windows XP, Windows Vista,Windows Server 2003 Windows 7 32 Bit & 64 Bit ,Windows 8 32 Bit & 64 Bit.
In
March, we released a security update which addresses the vulnerability that
these attacks are exploiting. Those who have Windows Update enabled are
protected against attacks on this vulnerability. For those organizations who
have not yet applied the security update, we suggest you immediately deploy Microsoft Security
Bulletin MS17-010.
For customers using Windows
Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt.
As an additional
“defense-in-depth” measure, keep up-to-date anti-malware software installed on
your machines. Customers running anti-malware software from any number of
security companies can confirm with their provider, that they are protected. If
you turn on a system without the MS17-010 patch and TCP port 445 open, your
system can be ransomwared.
Also Watch video for WannaCry Ransomware.
