Protecting yourself against this ransomware virus

Discussion in 'I.T.,Cameras and MP 3 players' started by Brendan Burgess, May 15, 2017.

  1. Brendan Burgess

    Brendan Burgess Founder

    Posts:
    32,823
    I just got this email which seems like good advice. Not sure who wrote it originally. But it's good general advice anyway:

    You may be aware that there has been a major global cyber-attack unfolding over the past number of days. This cyber-attack known as 'WannaCry' targets Windows systems and represents a significant risk to all organisations. All users should 'think before they click' on any email attachment or suspect content. End user vigilance is one of the key defenders in zero-day attacks such as the recent 'WannaCry' cyber-attacks.

    Below is some advice on spotting potentially malicious emails and links.



    1. Is the email from a trusted source?

    Review the "From" address - attackers often impersonate or "spoof" staff by using incorrect spelling of names or domains (i.e. "@y0ur0rg.com") you may be familiar with or in contact with.



    2. Review the subject of the mail

    Attackers often try to include valid email information in the subject to trick the user into believing the email is legitimate.



    3. Review the spelling and content of the mail

    Attack emails often contain poor spelling and grammar.



    4. Ask "Is this mail relevant to my job role and responsibilities?"

    Is the nature of the email related to your job function?



    5. Does a mail refer to an action you did not take?

    Typically attackers will draft these mails as responses to "requests" you may have made. Is there a mail trail of you requesting this information or file? Or is the email a once off?



    6. Be vigilant of attachments

    Attackers will often include a malicious file as an attachment to a phishing mail.

    DO NOT open or interact with any attachments in strange or suspicious emails. Verify that:

    - the sender is legitimate,

    - the content of the mail includes a legitimate mail history,

    - the attached file is one you have requested,

    - the attachment is in the correct format (e.g. is this report an xls instead of the usual PDF?)


    7. Be vigilant of links

    Attackers will also try to include links to malicious content or websites. DO NOT click on any links that you do not trust or are not familiar with.



    8. Don't forget hyperlinks

    Attackers may use URL hyperlinks in the body of an email (e.g. "Click Here").

    - Typically, hovering over these hyperlinks will disclose the real destination of the link



    Thank you and please 'Think before you Click'
     
  2. mathepac

    mathepac Frequent Poster

    Posts:
    6,327
    Last edited: May 16, 2017
    Seems like sound advice and I use a tool called SpamSieve on macOS to automate many of the actions described and to highlight and quarantine suspicious mail. So if potentially bad stuff makes it past the firewall, this acts as a second line of defence. The next line is a tool called ClamXav, a malware detector/killer.

    There must be a Windows equivalent of SpamSieve and Clam runs on many Oses with frequent signature updates. All the tools in the world won't help if you don't behave responsibly with content you receive.
     
    Last edited: May 16, 2017
  3. ant dee

    ant dee Frequent Poster

    Posts:
    95
    And update your Windows people.
    Many of these attacks will simply not work because microsoft patched the problem.
     
  4. michaelm

    michaelm Frequent Poster

    Posts:
    1,475
    Last edited: May 16, 2017
    While that's always good advise it wouldn't have stopped Windows users being infected by WannaCry(pt). As ant dee suggests above you'd need Windows to be patched up-to-date. While WannaCry(pt) is now dead someone will probably tweak it and it will resurface and catch others who haven't patched their Windows OS.
     
    Last edited: May 16, 2017
  5. SirMille

    SirMille Frequent Poster

    Posts:
    170
    There are already 40K instances of V2 up and running.
     
  6. qwerty5

    qwerty5 Frequent Poster

    Posts:
    148
    The patch for windows only stops the ransomware spreading if you get it.
    This is important but the ops email is still valid. If your fully patched on windows you could still run it and encrypt one pc.

    Although it is detected by antivirus now. But that only stops apps that they know about.
     
  7. Delboy

    Delboy Frequent Poster

    Posts:
    1,319
    Any links to the windows patch?
     
  8. michaelm

    michaelm Frequent Poster

    Posts:
    1,475
    Last edited: May 17, 2017
    Absolutely. But without the patch it seems that one could get infected without lifting a finger.
    Just run Windows Updates. The specific patch, depending on your OS version, can be found here https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
     
    Last edited: May 17, 2017
    Delboy likes this.
  9. PM9999

    PM9999 Registered User

    Posts:
    14
    As well as the usual good stuff about caution with incoming mail, running AV, applying Windows patches, regular backups stored offline etc there is a prevention tool called CryptoPrevent that was developed some time ago when the original ransomware, Cryptolocker, emerged (2013 ish). I've used it without issue for a couple of years. There are paid and free versions, and the latest incarnation of CryptoPrevent is said to be effective against the latest threat, WannaCry. I can't post links (grrr!), but Google search the string "cryptoprevent wannacry" and watch the video in the first result. Navigate to the downloads section of CryptoPrevent within FoolishIT to obtain a copy.

    From the video, it seems that WannaCry may only be shut down by the "honeypot" feature that appears in the paid version, but it's only USD 20 for a year's licence (or USD 15 pa if you sign up for a recurring subscription).

    Paul