In recent months you may have come across articles depicting the chaos that ransomware is causing to businesses and individuals alike across the globe. You may ask what is ransomware? In short it is a malicious software that encrypts your computer system so you are unable to access your data. The reason for this is that the distributor of this software is a criminal and they want you to pay them a fee to release your files. Now the fact that they are a criminal you should not pay but in some cases such as hospitals and other critical services where not paying may have a worse knock on effect then sometimes business and individuals are left with little choice but to cough up the dough. In recent month's however a number of companies and state bodies have started to crack different strains of ransomware and release the keys so if you get infected have a look to see if your key is out there you might get lucky. For the rest of you I have compiled a list if useful precautions to take.
Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
Don’t enable macros in document attachments received via email. Many ransomware attacks arrive in documents, and rely on persuading you to enable macros (embedded document scripts). Don’t do it: Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure.
Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake!
Be cautious about unsolicited attachments. Crooks who send malware in documents are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.
Don’t give yourself more login power than you need. Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.
Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.
UPDATE:
In the past week I came across a case of the .Locky strain of ransomware which seems to be particularly nasty. In researching this strain I came across the below article and it is very much worth a read. You can find the original article here.
-------------------------------------------------------------------------------------------------------------------------
How Just Opening an MS Word Doc Can Hijack Every File On Your System
If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it.
Doing so could cripple your system and could lead to a catastrophic destruction.
Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed "Locky," into their systems.
So if you find .locky extension files on your network shares, Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom.
Locky ransomware is spreading at the rate of 4000 new infections per hour, which means approximately 100,000 new infections per day.
Microsoft MACROS are Back
It is hard to digest the fact that, in this 2016, even a single MS Word document could compromise your system by enabling 'Macros.'
This is where the point to appreciate hacker's sheer brilliance of tactics.
Locky ransomware is being distributed via Microsoft 365 or Outlook in the form of an Invoice email attachment (Word File that embeds vicious macro functions).
The concept of macros dates back to 1990s. You must be familiar with this message: "Warning: This document contains macros."
Now macros are back, as cyber criminals discover a new way to get internet users to open Microsoft Office documents, especially Word files that allow macros to run automatically.
How Does Locky Work?
Once
a user opens a malicious Word document, the doc file gets downloaded to
its system. However, danger comes in when the user opens the file and
found the content scrambled and a popup that states "enable macros".Here comes the bad part:
- Once the victim enables the macro (malicious), he/she would download an executable from a remote server and run it.
- This executable is nothing but the Locky Ransomware that, when started, will begin to encrypt all the files on your computer as well as network.
Once encrypted, the ransomware malware displays a message that instructs infected victims to download TOR and visit the attacker's website for further instructions and payments.
Locky ransomware asks victims to pay between 0.5 and 2 Bitcoins ($208 to $800) in order to get the decryption key.
One of the interesting note on Locky is that it is being translated into many languages, which heighten its attack beyond English boundaries to maximize the digital casualties.
Locky Encrypts Even Your Network-Based Backup Files
The new ransomware also has the capability to encrypt your network-based backup files. So it's time for you to keep you sensitive and important files in a third party storage as a backup plan in order to evade future-ransomware infections.
A researcher named Kevin Beaumont along with Larry Abrahms of BleepingComputer initiallydiscovered the existence of Locky encrypted virus.
To check the impact of Locky, Kevin successfully intercepted the Locky traffic yesterday and realized that the cryptovirus is spreading out rapidly in the wild.
"I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of Million PCs will be infected," Kevin said in a blog post.
One hour of infection Statistics:
Among the highly impacted countries include Germany, Netherlands, United States, Croatia, Mali, Saudi Arabia, Mexico, Poland, Argentina and Serbia
No comments:
Post a Comment