Showing posts with label Ransomware. Show all posts
Showing posts with label Ransomware. Show all posts

Saturday, 15 April 2017

What is Ransomware and how to protect your computer against the ransomware attack

Massive Ransomeware attack...More than 75 countries affected...Please do not open any email which has attachments with *"tasksche.exe"* file. Expecting more havoc in this week ....Share this to everyone within your network please.....
Friday’s ransomware outbreak, which used recently revealed weaknesses in Microsoft’s Windows operating system to spread further and faster than any before, has prompted the Redmond-based developer to break its own rules on software maintenance in an effort to keep users safe.
The ransomware, also known as “WanaCrypt0r”, “WeCry”, “WanaCrypt” or “WeCrypt0r”, used a vulnerability in a Windows Server component to spread within corporate networks. The weakness was first revealed to the world as part of a massive dump of software vulnerabilities discovered by the NSA and then stolen by a group of hackers calling themselves “Shadow Brokers”.
Microsoft fixed the flaw shortly before the stolen data was published, leading many to conclude it had been surreptitiously tipped-off by the security agency about the existence of the flaw.
If your computer’s running on Microsoft Windows, you need to take these steps—right away.
Here’s why: in case you haven’t heard, hackers exploited a vulnerability in older Microsoft Windows servers to execute a large-scale global cyberattack on Friday using ransomware — a malicious software that holds your computer hostage for ransom — and a hacking tool stolen from the U.S. National Security Agency (NSA). The massive attack left victims locked out of their PCs with a promise of restored access if $300 was paid in digital currency Bitcoin—and a threat of destroyed files if the ransom is not met.
If your computer’s running on Microsoft Windows, you need to take these steps—right away.
Here’s why: in case you haven’t heard, hackers exploited a vulnerability in older Microsoft Windows servers to execute a large-scale global cyberattack on Friday using ransomware — a malicious software that holds your computer hostage for ransom — and a hacking tool stolen from the U.S. National Security Agency (NSA). The massive attack left victims locked out of their PCs with a promise of restored access if $300 was paid in digital currency Bitcoin—and a threat of destroyed files if the ransom is not met.
Ransomware does not typically work this quickly. But thanks to a stolen NSA cyber-weapon called EternalBlue, which was made public last month by a hacking group known as the “Shadow Brokers,” the malware spread rapidly by exploiting a security flaw in Microsoft Windows servers.

What users need to do

Simply put: make sure your Microsoft Windows server is up to date. Microsoft issued a patch in mid-March to fix the hole in Windows 7 and other supported versions of Windows: Vista, Server 2008, Server 2008 R2, 8.1, Server 2012, RT 8.1, 10, Server 2012 R2, and Server 2016. But those who did not apply the software update were—and still are—left exposed to the hack.
In light of the attack, Microsoft rolled out patches to protect older versions of Windows that “no longer receive mainstream support” from the company like Windows XP, Windows 8, and Windows Server 2003. Those running on Windows 10 are fine, as their software is not vulnerable to this particular cyberattack. Devices that are potentially susceptible are Windows 7 and Windows Server 2008, and earlier operating systems.
Microsoft recommends users upgrade to Windows 10 and install the security update MS17-010. With the 1.243.297.0 update, Windows Defender Antivirus detects the malware as Ransom:Win32/WannaCrypt. The company also recommends Device Guard for businesses and Office 365 Advanced Threat Protection for blocking emails carrying malware.

What happens if you don’t take protective measures?

Even if you don’t actively download the file from a phishing email, your device could be at risk—the ransomware also spreads through file-sharing systems on networks. Microsoft explains that the worm-like functionalities of the ransomware infects “unpatched Windows machines in the local network” and “executes massive scanning on Internet IP addresses to find and infect other vulnerable computers.”

Infected devices will find the desktop background image replaced with a message, calling for the user to follow instructions until they reach the ransom screen. Here, there are two timers—one showing the amount of time left until files will be deleted and a second displaying time until the ransom will increase from $300.
At this point, people have two choices: pay up and hope their device is restored, or part ways with the contents of their computer. The U.S. government recommends not paying ransoms, as shelling out money does not certify the data will be recovered and succumbing to cybercriminals may encourage future attacks. But that’s easier said than done, when it’s your own files that have been hijacked.

How common is ransomware?

More common than you’d think. NPR reports that 40 percent of spam emails last year contained ransomware attachments. And the ransomware-related extortion industry is growing. In 2015, ransomware victims reported $24 million in total annual costs (e.g. ransom, tech support, security software), Reuters reported last year. In just the first three months of 2016, the reported expenses were already at $209 million.
General, good-sense advice: remotely back up your files on a regular basis. This way you’ll never have to give in to a ransomware request if and when your device is compromised. And, of course, always stay up-to-date with your computer’s software.
Have you checked out the patches released by Microsoft in March? Here’s the link, if it helps:
( Courtesy: Susmitha B)