Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

tips to protect yourself against ransomware

Permissions, Group Policy, IPSec, Virus, Spam, Spyware, Malware.

tips to protect yourself against ransomware

Postby guest » Fri Aug 05, 2016 3:10 pm

A common infection scenario may look like this:
• A user receives an email that comes from a seemingly plausible sender with an attached document, a parcel service with attached delivery information or an external company with an attached invoice.
• The email attachment contains an MS Word or Excel document with an embedded macro. If the recipient opens the document a macro will attempt to start automatically, executing the following actions:
o It tries to download the actual ransomware payload from a series of web addresses that only exist momentarily. If a web address cannot be reached, the next one is accessed until the payload has been downloaded successfully.
o The macro executes the ransomware.
o The ransomware contacts the command & control server of the attacker, sends information about the infected computer and downloads an individual public key for this computer.
o Files of certain types (Office documents, database files, PDFs, CAD documents, HTML, XML etc.) are then encrypted on the local computer and on all accessible network drives with this public key.
o Automatic backups of the Windows operating system (shadow copies) are often deleted to prevent this type of data recovery.
o A message then appears on the user’s desktop, explaining how a ransom (often in the form of bitcoins) can be paid within a time frame of e.g. 72 hours to ensure delivery of a suitable decryption tool with the private key that is only available in the attacker’s system.
o The ransomware will then delete itself leaving just the encrypted files and ransom notes behind.

This is just an example of how such an infection scenario may play out. While email is a popular technique to spread these threats, by no means is it the only approach. Exploit kits are also common and, for example, the Angler exploit kit has been widely used to spread CryptoWall.

New Infection scenarios:
As awareness of the dangers of booby trapped documents grows, hackers are increasingly turning to malicious JavaScript attachments to spread ransomware.
• Windows hides file extensions by default, so README.TXT.JS shows up as README. TXT, making it look mostly harmless.
• Windows uses an icon for script files that looks like a scroll of paper (because scripts are stored as text files), adding to the sense of harmlessness.
• Browser JavaScript has become much safer in recent years. As a result JavaScript is often considered safe.
• Almost all email clients have blocked JavaScript inside messages for many years.

As a result, it feels as though there should be nothing to lose in opening script files. The problem is that when you launch a JavaScript file that's been saved to disk, it can do anything that a regular application (.EXE file) can do - including downloading and running other applications, such as ransomware.

The most common way that Locky arrives is:
• You receive an email containing an attached document.
• The document looks like gobbledygook.
• The document advises you to enable macros “if the data encoding is incorrect.”
• The hackers want you to click on the 'Options' button at the top of the page.

• They use technologies to spread infections that are permitted in many companies and in which malicious code can easily be disguised (Microsoft Office macros, JavaScript, VBScript, CHM, Flash, Java).
• Once you click Options, Locky will start to execute on your computer. As soon as it is ready to ask you for the ransom, it changes your desktop wallpaper:

Here are tips to protect yourself against ransomware:

1. First and foremost, be sure to back up your most important files on a regular basis.
2. Refrain from opening attachments that look suspicious. -> Not only does this apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a banking institution.
3. Think twice before clicking. -> Dangerous hyperlinks can be received via social networks or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible.
4. The Show File Extensions feature can thwart ransomware plagues. -> This is a native Windows functionality that allows you to easily tell what types of files are being opened, so that you can keep clear of potentially harmful files. The fraudsters may also utilize a confusing technique where one file can be assigned a couple of extensions. For instance, an executable may look like an image file and have a .gif extension. Files can also look like they have two extensions – e.g., cute-dog.avi.exe or investment.xlsx.scr – so be sure to pay attention to tricks of this sort. A standalone known attack vector is through malicious macros enabled in Microsoft Word documents.
5. Patch and keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date. -> This habit can prevent compromises via exploit kits.
6. In the event a suspicious process is spotted on your computer, disconnect the Internet connection immediately. -> This is particularly efficient on an early stage of the attack because the ransomware won’t get the chance to establish a connection with its Command and Control server and thus cannot complete the encryption routine.
7. Keep the Windows Firewall turned on and properly configured at all times.
8. Scan compressed or archived files using your antivirus malware software before you open.
9. Enhance the security of your Microsoft Office components (Word, Excel, PowerPoint, Access, etc.). -> Disable macros and ActiveX.
10. Use strong passwords that cannot be brute-forced by remote criminals. -> Set unique passwords for different accounts to reduce the potential risk.
11. Turn off unused wireless connections, such as Bluetooth or infrared ports. -> There are cases when Bluetooth get exploited for stealthily compromising the machine.
Tablet and Smartphone Setup Guide

Troubleshooting Vista Wireless
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Return to Security

Your Ad Here

Who is online

Users browsing this forum: No registered users and 2 guests