Protecting yourself against this ransomware virus

[Brendan Burgess]

I just got this email which seems like good advice. Not sure who wrote it originally. But it's good general advice anyway:

You may be aware that there has been a major global cyber-attack unfolding over the past number of days. This cyber-attack known as 'WannaCry' targets Windows systems and represents a significant risk to all organisations. All users should 'think before they click' on any email attachment or suspect content. End user vigilance is one of the key defenders in zero-day attacks such as the recent 'WannaCry' cyber-attacks.

Below is some advice on spotting potentially malicious emails and links.



1. Is the email from a trusted source?

Review the "From" address - attackers often impersonate or "spoof" staff by using incorrect spelling of names or domains (i.e. "@y0ur0rg.com") you may be familiar with or in contact with.



2. Review the subject of the mail

Attackers often try to include valid email information in the subject to trick the user into believing the email is legitimate.



3. Review the spelling and content of the mail

Attack emails often contain poor spelling and grammar.



4. Ask "Is this mail relevant to my job role and responsibilities?"

Is the nature of the email related to your job function?



5. Does a mail refer to an action you did not take?

Typically attackers will draft these mails as responses to "requests" you may have made. Is there a mail trail of you requesting this information or file? Or is the email a once off?



6. Be vigilant of attachments

Attackers will often include a malicious file as an attachment to a phishing mail.

DO NOT open or interact with any attachments in strange or suspicious emails. Verify that:

- the sender is legitimate,

- the content of the mail includes a legitimate mail history,

- the attached file is one you have requested,

- the attachment is in the correct format (e.g. is this report an xls instead of the usual PDF?)


7. Be vigilant of links

Attackers will also try to include links to malicious content or websites. DO NOT click on any links that you do not trust or are not familiar with.



8. Don't forget hyperlinks

Attackers may use URL hyperlinks in the body of an email (e.g. "Click Here").

- Typically, hovering over these hyperlinks will disclose the real destination of the link



Thank you and please 'Think before you Click'

 

[mathepac]

Seems like sound advice and I use a tool called SpamSieve on macOS to automate many of the actions described and to highlight and quarantine suspicious mail. So if potentially bad stuff makes it past the firewall, this acts as a second line of defence. The next line is a tool called ClamXav, a malware detector/killer.

There must be a Windows equivalent of SpamSieve and Clam runs on many Oses with frequent signature updates. All the tools in the world won't help if you don't behave responsibly with content you receive.

 

[ant dee]

And update your Windows people.
Many of these attacks will simply not work because microsoft patched the problem.

 

[michaelm]

please 'Think before you Click'

While that's always good advise it wouldn't have stopped Windows users being infected by WannaCry(pt). As ant dee suggests above you'd need Windows to be patched up-to-date. While WannaCry(pt) is now dead someone will probably tweak it and it will resurface and catch others who haven't patched their Windows OS.

 

[SirMille]

There are already 40K instances of V2 up and running.

 

[qwerty5]

And update your Windows people.
Many of these attacks will simply not work because microsoft patched the problem.

The patch for windows only stops the ransomware spreading if you get it.
This is important but the ops email is still valid. If your fully patched on windows you could still run it and encrypt one pc.

Although it is detected by antivirus now. But that only stops apps that they know about.

 

[Delboy]

Any links to the windows patch?

 

[michaelm]

the ops email is still valid. If your fully patched on windows you could still run it and encrypt one pc.

Absolutely. But without the patch it seems that one could get infected without lifting a finger.

Any links to the windows patch?

Just run Windows Updates. The specific patch, depending on your OS version, can be found here https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

 

[PM9999]

As well as the usual good stuff about caution with incoming mail, running AV, applying Windows patches, regular backups stored offline etc there is a prevention tool called CryptoPrevent that was developed some time ago when the original ransomware, Cryptolocker, emerged (2013 ish). I've used it without issue for a couple of years. There are paid and free versions, and the latest incarnation of CryptoPrevent is said to be effective against the latest threat, WannaCry. I can't post links (grrr!), but Google search the string "cryptoprevent wannacry" and watch the video in the first result. Navigate to the downloads section of CryptoPrevent within FoolishIT to obtain a copy.

From the video, it seems that WannaCry may only be shut down by the "honeypot" feature that appears in the paid version, but it's only USD 20 for a year's licence (or USD 15 pa if you sign up for a recurring subscription).

Paul