Dimanche, 23 Juillet 2017
Latest news
Main » How to protect yourself against ransomware

How to protect yourself against ransomware

19 Mai 2017

The cyberextortion attack hitting dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly unsafe security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks.

Brian Krebs, an independent cybersecurity analyst who operates the Krebs on Security website, said that while e-mail is the most likely source of the infection, it may also have been spread with a "drive-by" attack. Cyber security experts say the brunt of the attacks were felt in Russian, including the country's largest mobile phone company.

Pankit Desai, co-founder and chief executive officer at cyber security start-up Sequretek, said India's unorganised sector may have escaped dire consequences so far, but the attack is ongoing.

Just one person in an organization who clicked on an infected attachment or bad link, would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response.

"Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem". Once it did, this would act as a sort of kill-switch, instructing the malware to not proceed with the encryption of files, rendering it inert. See how much work did they do to lock these up in such a way! Although Microsoft released fixes in March, the attackers counted on many organizations not getting around to applying those fixes.

The attack held users hostage by freezing their computers, popping up a red screen with the words, "Oops, your files have been encrypted!" and demanding money through online bitcoin payment - $300 at first, rising to $600 before it destroys files hours later.

The head of the European Union police agency said on Sunday the cyber assault hit 200,000 victims in at least 150 countries and that number would grow when people return to work on Monday.

Microsoft has taken the very unusual step of creating patches for Windows XP and Windows 8 as well, despite the fact that those platforms are no longer supported.

Win7 is still on "extended support", till 2020. By going online, they will open more avenues to spread the malicious software.

The good news - in addition to Microsoft's prompt patching for older OSs - is that shortly after WannaCry started making trouble on Friday, a security researcher in the United Kingdom known by the moniker MalwareTech stumbled upon a crucial piece of data in the malware's code.

Shadow Brokers came to public attention last August when it mounted an unsuccessful attempt to auction off a set of older cyber-spying tools it said were stolen from the U.S. National Security Agency. Being a worm, the ransomware has the ability to spread to different systems running on the same LAN network or even spread through emails.

Friday's attack was based on a Windows vulnerability that was purportedly identified by the U.S. National Security Agency and was later leaked to the internet. But some experts have argued this attack could have been vastly mitigated if the NSA told Microsoft sooner. "But there's clearly some culpability on the part of the USA intelligence services". Often they don't even have the awareness that there's a problem to begin with.

"That's what makes this more troubling than ransomware was a week ago", Thakur said. One of them, according to computer security experts, provided the blueprint for the latest malware. "It's a handy thing to have, but it's a risky thing to have".

Discovering a domain name hidden in WannaCry's programming - perhaps a failsafe URL embedded by the perpetrators so that they could control their creation - MalwareTech suspected it could be used to circumvent the worm.

How to protect yourself against ransomware