Ransomware is a subset of malware in which the data on a victim’s computer is locked, typically by encrption, and payment is demanded before the ransomed data is decrypted and access is returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in a virtual currency, such as Bitcoin, so that the cyber criminal’s identity is not known.Read More
As we know, threats are increasing day by day. Our countries don’t have any master plan to defend us from this threats.
Recently, the United States and United Kingdom governments published a mutual “Technical Warning” on the threats of “Russian state-sponsored cyber actors.” While timely and targeted, this warning shouldn’t be an astonishment to anyone.Read More
Senseless are using ransomware-like tactics and infected websites to get your employees’ computers to mine cryptocurrencies. Here’s what you can do to stop it.
Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency.
Hackers do by either getting the victim to click on a malicious link in an email that loads crypto Read More
May 12th 2017 saw the monstrous ever cyber-attack in Internet historical events (yes, bigger than the Dyn DDoS). A ransomware named WannaCry charge through the web, with the damage epicenter being in Europe.
How the ransomware spread
WannaCry leveraged a vulnerability in Windows OS, determine by the NSA, and then publicly disclosed to the world by the Shadow Brokers.
In the first few hours, 0.2 millions machines were attacked. Biggest organizations such as Renault, Dacia, FedEx, Nissan, Cambrian College, and Petro China were bang and crush by the attackers. Thousands of ATMs and ticketing machines were also targeted and encrypted.
The ransomware encrypts the infected user’s files like photos and videos to documents and databases. After the user gets infected red ransomware note is then displayed, demanding approximately $300-$600 via Bitcoin payment in order to decrypt the user’s files.
Ransomware has been a rising trend for the past two years, and this is just a climax, a grand release to the whole world of just how big of a threat it is. But we’ve been writing about this for a while now.
Five Best Practices to Alleviate Risk
Though WannaCry is in the highlight today, ransomware will extend to spread, and more advanced methods will find their way into attackers’ Dictionary. So, how can an organization protect their systems against WannaCry and other types of ransomware that will definitely evolve in the future? Here are five best practices to follow to reduce risk:
Follow the Least Privilege Principle
Regular configuration of access controls of file, directory and network sharing permissions with the least privilege principle in mind. Most users do not need administrative privileges to do their required task on their corporate endpoint devices, so user access should remain at the minimal point that will allow regular functioning. With the help of a non-privileged user access will not make you immune to WannaCry ransomware, it can stop the malware from doing some certain malicious tasks, such as deleting copies of the infected system’s files.
Apply Application Control
By controlling which executables have access to your files can also help in defensive efforts. For example, if you put the word document executable in a white list as write access to your documentation files, then if a ransomware’s executable tries to encrypt and overwrite the files, it will be denied (as it is not on the “approved” whitelist). It’s important to also establish policies based on trusts that will protect these “trusted” or whitelisted applications.
Disable SMB v1 and Apply Patches
To protect against the specific WannaCry strain, immediately disable and stop the services of the outdated Microsoft SMB protocol, or simply apply the new patch MS17-010 that Microsoft released a few months ago.
Block Internet Access
The Microsoft SMB protocol helps your network, so that your network should not be open to SMB packets from the internet. Implementing port filtering to block all versions of SMB at the network boundary.
Whenever you’re attacked by a ransomware, or your hard drive of your system suddenly dies unexpectedly, backing up your important and privileged data is an essential, table-stakes best practice. But remember that with the help of backups you are not enough to protect against data loss from ransomware attacks, especially if organizations are reveling privileged credentials to attackers.
As we advised in the wake of the initial attacks, organizations should immediately implement a combination of least privilege and application control policies on endpoints and servers throughout their organizations to reduce risk. This can help prevent ransomware from encrypting files and deleting the snapshots. This is an important layer in defending against future ransomware attacks.
- Branding (2)
- Business (14)
- Cryptography (25)
- cryptojacking (22)
- Cyber Attack (84)
- Cyber Security (258)
- Defense Military (12)
- Design (2)
- General-Security (25)
- HTTP Headers (3)
- MalWare (39)
- Malware (11)
- Management (8)
- Microsoft Windows (5)
- Mobile Security (19)
- Mock Up (2)
- Uncategorized (49)
- Web Security (23)
- Why website (4)