How to prevent the latest attack "RANSOMWARE"

Recently across the globe approximately 72 countries were hit by the malware called Ransomware.

In this article I will try and tell the what happens and how you can prevent your system (if your system is still safe).

What is it:
WannaCry/WannaCrypt encrypts the files on the Windows system, it has 2 key components - a worm and a ransom package.

It spreads through malicious email attachments.

It spreads between computers on the LAN (Local Area Network) using SMB ( Server Message Block) in Windows Systems


What it does:
The ransomware targets all the major file extensions e.g. ppt, pptx, xls, xlsx, doc, docx, swf, fla, m3u, mid, vdi, sldm, dotx, dotm, docm, docb, mp4, 3gp, mkv, flv, zip, rar, tar, etc

It also appends .WCRY to the end of the filename.

It attacks all common office used extension as well as developer extensions.

The Ransomware attacks and creates/drops files in the "ProgramData" folder on your computer with the filename "tasksche.exe" as well as "C:\Windows" folder with filename "mssecsvc.exe" & "tasksche.exe".

It also creates/drops a batch-file "176641494574290.bat" using the VBScript to execute the batch script.


How does an infected computer look

 
How to Prevent the Ransomware WannaCry/WannaCrypt
In order to prevent infection users can visit the following link and can apply appropriate patches depending upon the operating system being used as mentioned in the Microsoft Security Bulletin MS17-010

https://technet.microsoft.com/library/security/ms17-010


For all those still running the outdated and unsupported operating systems by Microsoft like Windows XP, Vista, Server 2003, Server 2008, etc please visit the following link to apply the patch. 

https://www.catalog.update.microsoft.com/Search.aspx?q=kb4012598

However it is strongly recommended that you update your operating system immediately

Please also note that if the computer is encrypted by this Ransomware it is very difficult to restore the computer as we still do not have the keys and resources to do that.

It is also always advisable to keep your important data always backed up so as you can always restore the same in case of some mis-happening like this.

Please take a note that if you have applied the above mentioned patches you are protected from this particular malware.

To prevent the malware Organizations should Block UDP port 137, 138, 139 TCP port 139, 445 and Individuals should block SMBv1

Best Practices for a secure system
  • Deploy/Install an appropriate Anti-Virus
  • Block spams
  • Regular backups are always good
  • Don't open unsolicited emails containing attachments or URL's
  • Disable macros in Microsoft Office products

- Amit K Arora
Follow me on twitter (@akarora76)

Comments

Popular posts from this blog

Stock Market - Learn, Trade & Earn

Easy Hacks to Save Money

What are stocks/shares?