Skip to main content

MORE ABOUT RANSOMWARES. PART 3

Before we proceed, here is a quick catch-up, in case you've missed the first two articles describing what ransomware is and how it works:  Part I and Part II.

By now, it looks like there's no escape from ransomware, especially since it also targets mobile devices, threatening to lock users out of their smartphones or tablets. Remember Koler?Unfortunately, encrypted communications between attackers and elusive infection workflows make it difficult for traditional detection-based security solutions to block ransomware attacks.

How to prevent getting infected

Because of the technology limitations that prevent users from retrieving the decryption key without paying the ransom, the best way to protect against the effects of ransomware is to not get infected in the first place.

article-3c

Recommendations for users:

1. Regularly backup your data in the cloud or using an external drive. Backups should not be stored on a different partition in your PC, but rather on an external hard-drive that is connected to the PC for the duration of the backup only.

article-3b2. Keep UAC enabled. UAC notifies you when changes are going to be made to your computer that require administrator-level permission.

article-3a

3. Use an anti-malware solution with anti-exploit, anti-malware and anti-spam modules that’s constantly updated and able to perform active scanning. Make sure you don't override the optimal settings and that you update it regularly.

4. To secure your mobile device, avoid downloading apps from unfamiliar sites — only install apps from trusted sources. Also, install a mobile security solution to mitigate mobile threats.

5. Follow good internet practices; avoid questionable websites, link or attachments in emails from uncertain sources. Alternatively, you might want to consider a browser extension that blocks JavaScript (such as NoScript).

6. Enable ad-blocking tools to reduce malicious ads.

7. Use a filter to reduce the number of infected spam emails that reach your inbox.

8. When possible, virtualize or completely disable Flash, as it has been repeatedly used as an infection vector.

9. Increase your online protection by adjusting your web browser security settings.

10. Keep your Windows operating system and your vulnerable software- especially the browser and the browser plug-ins – up to date with the latest security patches. Exploit kits use vulnerabilities in these components to automatically install malware.

Ransomware is a growing menace for companies, and employees are sometimes a company's weakest links, especially with the BYOD/BYOA trend. Weighing the consequences, there's no doubt companies should take all the security measures needed. If you are a decision maker in the company's IT team, here's what you need to consider:

Recommendations for companies:

1. Educate employees in good computer practices, in identifying social engineering attempts and spear-phishing emails.

2. Install, configure and maintain an advanced endpoint security solution.

3. Enable software restriction policies to block programs from executing from specific locations.

4. Use a firewall to block all incoming connections from the Internet to services that should not be publicly available.

5. Make sure programs and users have the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate applications.

6. Enable System Restore to restore previous versions of the encrypted files once the virus has been removed.

If you get infected:

Don't rush into paying the ransom. This way, you will fund cyber-crime. Also, remember that law enforcement agencies never demand money this way, after encrypting your data.

If you suspect you are a victim of ransomware, but haven't seen the characteristic ransomware screen, disconnect yourself from the network immediately. Shutting down your device and rebooting in safe mode can prove to be a good way to stop the encryption process. Don't forget to search for the removal tools created by security companies for specific threats.

Labels:

Comments

Post a Comment

Popular posts from this blog

SNIFF GSM USING HACKRFX

​TOOLS  USED: •  ha ckrf_kali • brategnuradio-companion • gr-gsmgqrx • wireshark INSTALL REQUIREMENTS: First thing, you want to make sure you have all the required software installed, you can install most of them and their dependencies using your distribution package manager. Let’s start with the libraries and tools for the hackrf itself, on a Debian/Ubuntu distro you’ll install them like so: sudo  apt-get install  hackrf   libhackrf -dev libhackrf0 Once these libraries are installed, you can plug your hackrf into one of your USB ports and execute the  hackrf_info  command, at this point you should see something like the following: # hackrf_info Found  HackRF  board. Board ID Number: 2 ( HackRF  One) Firmware Version: 2014.08.1 Part ID Number: 0x00574746 0x00574746 Serial Number: 0x00000000 0x00000000 0x14d463dc 0x2f4339e1 You will now install  gnuradio  which is the software we’ll use to decode the RF signals,...
Post a Comment
Read more

MORE ABOUT RANSOMWARES. PART 1

 Not long ago, a man committed suicide after an automatically generated notice from a computer virus threatened him with jail unless he paid a ransom thousands of dollars. The year was 2014. As incredible as the story seems, it marked the first known time a computer virus actually killed somebody. The next generations stole cash from users around the globe, and Cryptolocker raised the stakes – holding data of hundreds of thousands of users hostage. Despite successive short-lived take downs, the malware has made a comeback as CTB (Curve-Tor-Bitcoin) Locker. This challenging breed of malware is continuously improving, reaching new levels of complexity as smartphones and tablets are increasingly used to store crucial personal and enterprise-level documents. Bitdefender, the anti-malware solutions provider, zooms in on the subject to show how this type of virus works and to tell users how to prevent being locked out and extorted. What is ransomware? Ransomware is a type of malware th...
Post a Comment
Read more

SQL INJECTION

​ SQL  in Web Pages In the previous chapters, you have learned to retrieve (and update) database data, using SQL. When SQL is used to display data on a web page, it is common to let web users input their own search values. Since SQL statements are text only, it is easy, with a little piece of computer code, to dynamically change SQL statements to provide the user with selected data: Server Code txtUserId  =  getRequestString (" UserId "); txtSQL  = "SELECT * FROM Users WHERE  UserId = " +  txtUserId ; The example above, creates a select statement by adding a variable (txtUserId) to a select string. The variable is fetched from the user input (Request) to the page. The rest of this chapter describes the potential dangers of using user input in SQL statements. SQL Injection SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and com...
Post a Comment
Read more