By now, it looks like there is no escape from ransomware, especially since it also targets mobile devices, threatening to lock users out of their smartphones or tablets. Remember Koler? Unfortunately, encrypted communications between attackers and elusive infection workflows make it difficult for traditional detection-based security solutions to block ransomware attacks.
How to prevent getting infected
Because of the technology limitations that prevent users from retrieving the decryption key without paying the ransom, the bestÂ way to protect against the effects of ransomware is to not get infected in the first place.
Recommendations for users
- Regularly backup your data in the cloud or using an external drive. Backups should not be stored on a different partition in your PC, but rather on an external hard-drive that is connected to the PC for the duration of the backup only.
- Keep UAC enabled. UAC notifies you when changes are going to be made to your computer that require administrator-level permission.
- Use an anti-malware solution with anti-exploit, anti-malware and anti-spam modules thatâ€™s constantly updated and able to perform active scanning. Make sure you donâ€™t override the optimal settings and that you update it regularly.
- To secure your mobile device, avoid downloading apps from unfamiliar sites — only install apps from trusted sources. Also, install a mobile security solution to mitigate mobile threats.
- Enable ad-blocking tools to reduce malicious ads.
- Use a filter to reduce the number of infected spam emails that reach your Inbox.
- When possible, virtualize or completely disable Flash, as it has been repeatedly used as an infection vector.
- Increase your online protection by adjusting your web browser security settings.
- Keep your Windows operating system and your vulnerable software- especially the browser and the browser plug-ins – up to date with the latest security patches. Exploit kits use vulnerabilities in these components to automatically install malware.
Ransomware is a growing menace for companies, and employees are sometimes a companyâ€™s weakest links, especially with the BYOD/BYOA trend. Weighing the consequences, thereâ€™s no doubt companies should take all the security measures needed. If you are a decision maker in the companyâ€™s IT team, hereâ€™s what you need to consider:
Recommendations for companies
- Educate employees in good computer practices, in identifying social engineering attempts and spear-phishing emails.
- Install, configure and maintain an advanced endpoint security solution.
- Enable software restriction policies to block programs from executing from specific locations.
- Use a firewall to block all incoming connections from the Internet to services that should not be publicly available.
- Make sure programs and users have the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
- Enable System Restore to restore previous versions of the encrypted files once the virus has been removed.
If you get infectedâ€¦
Donâ€™t rush into paying the ransom. This way, you will fund cyber-crime. Also, remember that law enforcement agencies never demand money this way, after encrypting your data.
If you suspect you are a victim of ransomware, but havenâ€™t seen the characteristic ransomware screen, disconnect yourself from the network immediately. Shutting down your device and rebooting in safe mode can prove to be a good way to stop the encryption process. Donâ€™t forget to search for the removal tools created by security companies for specific threats.
A ransomware attack hitting more than 200,000 endpoints across 150 countries over the past weekend is expected to return with double the force on Monday, experts say. Here’s everything you need to know about the WannaCry ransomware and – more importantly – how to protect against it.
- Ransomware is a type of malware that encrypts user data and demands a ransom, usually in the form of electronic currency, to decrypt the files
- WannaCry – also dubbed Wanna Decrypter 2.0, WCry, WanaCrypt and WanaCrypt0r – exploits a Windows Server Message Block (SMB) flaw that Microsoft patched almost two months ago (MS17-010 security bulletin)
- The flaw was originally discovered by the US National Security Agency
- The hackers stole this vulnerability from the NSA and released it in the wild for others to use and deploy their ransomware attacks
- Microsoft issued two consecutive patches for the malware, one in March, and another one on Friday
- As many as 200,000 computers got infected in 3 days after users failed to install the critical patches
- The malware spreads across networks with the help of a bundled worm, making it the world’s most dangerous piece of ransomware written to date; it is also the first of its kind – i.e. it leverages a wormable exploit to spread automatically
- The ransom is $300 worth of bitcoins for decrypting and restoring access to your files (ransomware attackers prefer the electronic currency as it is untraceable)
- The malware threatens to delete your files within seven days if no payment is made
- It hit several organizations across the globe, including FedEx, Telefónica, and the UK’s National Health Service (NHS)
- So far few payments have been made to the hackers, but a BBC analysis has revealed that the authors have likely amassed around $38,000 in payments
- A security researcher who wished to remain anonymous became an “accidental hero” after halting the spread of the malware by registering a domain name to track it
- The researcher warned that Monday would most likely bring a new wave of attacks, this time priced higher than $300
- Microsoft responded to news of the attack saying this should act as a wake-up call for governments storing important data on vulnerable systems, leaving the door open to hackers
- The technology giant said the attack was like allowing someone to break into the US Military and “steal Tomahawks”
- Europol chief Rob Wainwright said the attack had been reported in 150 countries, calling it “unprecedented in scale”
- Wainwright has said the Europol is working with the FBI to find those responsible but that people should brace themselves for another potential attack on Monday
How to patch Windows XP, Windows 8 and Windows Server 2003
Following Friday’s attack, Microsoft issued the following statement.
We know some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download here.
How to patch Windows 10
Simply apply your latest system updates. Go to Settings -> Update & Security -> Windows Update -> Check for updates and install the latest updates for your Windows 10 machine.
Because WannaCry exploits a remote code execution (RCE) flaw, hackers can take control of machines without having the user click on a malicious file, as it is usually the case. This means the only way to prevent the attack is to have your system up to date, or to use an anti-malware solution.
Bitdefender customers are not affected by this new family of ransomware. Bitdefender customers (regular and business users alike) are pro-actively protected against WannaCry through machine learning and memory introspection. Learn more here.