India’s cyber security agency Computer Emergency Response Team (CERT) has issued a red alert regarding the WannaCry attack and has warned people to not pay the ransom.

Banks, government departments and corporate houses have issued messages of caution and reinforced online security. However, organisations were mostly unaffected as markets and offices opened on Monday after a weekend during which ripple effects of the malware were witnessed across the globe.

Ransomware is a type of malware that has the ability to encrypt your important files, without your knowledge and consent, before demanding money for their return. The infections seem to be deployed via a worm – a program that spreads by itself between computers. Mostly, there is also a time limit given for the money. It’s vital to jot down that there’s no surety that your important files will be decrypted once you have made the payment. Ransomware attacks have been steadily elevating, since its inception in 2013. Since then, it has infected countless personal and business computers.

A typical way to spread this malware is through infected Email attachments and links in these Emails. Once this infected file is opened, your system could be easily infected. It is very hard to find these files as the malware is mostly hidden. The file extension could be changed and the malicious code is compressed to a zip file.

Example of Ransomware email text:
You will need at least a few years to decrypt these files without our software. All your private information for the last 3 months was collected and sent to us. To decrypt your files you need to buy our software. This price is $300. To buy our software please contact us at ____________and provide us your personal code_____________. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system.

Check this link from BBC News to understand the threat of your precious data being stolen :http://www.bbc.com/news/technology-39901382

Check how your screen may appear after Ransomeware Attack:

ransomware_1024x774

Infection can also occur through many other ways. Some common ways to attack your system are as follows:

1) When you receive an email that is sent from a possible sender with an attached document of any kind, this email attachment may contain an MS Word or Excel document with an embedded macro. If you open this attachment a macro will attempt to automatically infect your system.

2) Infection can also occur through the installation of applications from untrusted or unknown publishers, as these may also contain Ransomware through javascript files.

Microsoft released patches last month to fix a vulnerability that allowed the worm to spread across networks.

It seems like this danger is here to stay, so it’s essential for businesses to take factual steps to defend themselves.

Keeping these things in mind, here are a few key tips to safeguard your precious data from being stolen through Ransomware.

  1. Do not open any document in email unless you know its completely safe.
  2. For sharing business documents within company, put all document in a password protected zip. Make a common password to send in separate mail.
  3. Do not open any test file by double click, it may be a JS file, instead use ‘Open with’ option in menu to open it with text file.
  4. Always keep backup of your important files on some external location or in password protected zip files.
  5. Never enable macros in document downloaded from email, or be cautious while enabling macros.
  6. You can install Microsoft office viewers for opening the documents. Use office only when editing is required.
  7. Uncheck option ‘Hide extensions for known file types’ in folder options to always show extensions of all files
  8. Do not download any document from you personal email account(yahoo, gmail etc.)
  9. Keep your antivirus up-to date.
  10. Do not install any software on your machine without approval from Department Head.

“Cyber security company Symantec predicted infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks.”

Preventive measures implemented by LOGIC ERP to make our software secure from this threat are as listed below:

  • Implemented an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat of ransomware and how it is delivered.
  • Enabled strong spam filters to prevent phishing emails from reaching the end users and authenticated inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and Domain Keys Identified Mail (DKIM) to prevent email spoofing.
  • We make sure that all incoming and outgoing emails are detected to threats and filter executable files from reaching end users.
  • Configured firewalls to block access to known malicious IP addresses.
  • Patched operating systems, software, and firmware on devices.
  • Using anti-virus and anti-malware programs to conduct regular scans automatically.
  • Managed the use of privileged accounts based on the principle of least privilege: no user is assigned administrative access unless absolutely needed; and those with a need for administrator accounts are using them only when necessary.
  • Configured access controls—including file, directory, and network share permissions— with least privilege in mind.
  • Disabled macro scripts from office files transmitted via email.
  • Implemented Software Restriction Policies (SRP) to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.
  • Prefer disabling Remote Desktop protocol (RDP) if it is not being used.
  • Using application whitelisting, which only allows systems to execute programs known and permitted by security policy.
  • Executed operating system environments in a virtualized environment.
  • Categorized data based on organizational value and implemented physical and logical separation of networks and data for different organizational units.

 

Ransomware is a dangerous Internet threat which will likely reappear in many forms in the upcoming years. Remember to get a comprehensive anti-virus program, keep it updated regularly and back up your data often. These are important steps to take in the battle against any new spyware.