Tuesday, 16 May 2017

Don't Wanna Cry? Read this

By this time, everyone would be aware of the unprecedented malware "WannaCry" that infected the cyber sector last week. "Shadow Brokers", the group that spread out the ransom-ware, crept in to the Hospital, Automobile, Telecom, Transport, Education and Banking sectors. 



“WannaCry” is a scary Trojan virus which in effect holds the infected computer hostage and demands the victim to pay a ransom to regain the access. These ransom-wares work by encrypting most or even all the files on a user's computer. Later, software demands that a ransom be paid in bitcoins to have the files decrypted.
"Eternal Blue" exploit, discovered by NSA keeping under wraps to use later for own intelligence gathering purposes was made public by Shadow Brokers. These attacks are not over yet. The attack largely infected networks that used out-of-date software, such as Windows XP, which Microsoft no longer offers technical support for.

Prevention is better than cure and here are the steps you should take to prevent yourself against ransom-ware:

1. Update Antivirus Solution(such as Microsoft Security Essentials)
It is always suggested to use updated anti-virus to prevent most threats. Almost all antivirus vendors have already added detection capability to block WannaCry, as well as to prevent the secret installations from malicious applications in the background.

2. Update Operating System
Update your windows version with SMB protocol enabled. Ensure that your computer always receive updates automatically from Microsoft.

3. Avoid clicking on links or opening attachments or emails
Most of the ransom-ware spread through the phishing mails and malicious adverts on the websites and third party apps. It is a better option to stay away from opening uninvited documents sent over an email and links unless verifying the source to safeguard against infective ransom-wares.
Also, never download any app from third-party sources, and read reviews even before installing apps from official stores.

4. Enable Firewall (in browsers)
Always keep your firewall enabled, and if you need to keep SMBv1 enabled, then just modify your firewall configurations to block access to SMB ports over the Internet. Always keep the firewall turned on, which helps identify reported phishing and malware websites and helps you make informed decisions about downloads.

5. Disable SMB
Even if you have installed the patches, you are advised to disable Server Message Block version 1 (SMBv1) protocol, which is enabled by default on Windows, to prevent against WannaCry ransom-ware attacks.

Here's the list of simple steps you can follow to disable SMBv1:

  • Go to Windows' Control Panel and open 'Programs.
  • Open 'Features' under Programs and click 'Turn Windows Features on and off.
  • Now, scroll down to find 'SMB 1.0/CIFS File Sharing Support' and uncheck it.
  • Then click OK, close the control Panel and restart the computer.
6. Backup
Secure all your important documents and files by keeping a good backup to an external storage device which is not always connected to your computer. In case, if ransom-ware infects you, your backup can’t be encrypted.

If your systems or files are encrypted by WannaCry, there is no known way to recover, don't panic. Start by removing the network connection (either remove the network cable or shut down your computer's wireless function) from your computer to prevent the spread of WannaCry. Try rebuilding your affected computer before patching it with the recommended patch. Restoring your system from the backups made previously would be a better way to stay protected.

Hopefully affected users have backups for the data because there is no other option to fix WannaCry now. Read here more about data breach in development and testing of software. Thanks for stopping by. 

NagaTeja Rupavataram
Technical Writer
General Enquiries
:
info@psibertech.com.sg
Sales Enquiries
:
sales@psibertech.com.sg
Telephone
:
+65 62689551
Fax
:
+65 62689858
Related Posts Plugin for WordPress, Blogger...

Share Buttons