How to Stay Protected Against Ransomware

How to Stay Protected Against Ransomware
                                           How to Stay Protected Against Ransomware

 

To prevent a ransomware attack, experts say IT and information security leaders should do the following:

  1. You can’t protect what you don’t know exists:

Developing an inventory of your assets is crucial. Keep clear inventories of all of your digital assets and their locations, so cyber criminals do not attack a system you are unaware of.

Be in a position to answer the questions instantly like:

  • How many PCs from a particular manufacturer do you have in your environment?
  • Which desktops/laptops are running an operating system that its vendor recently stopped supporting?
  • Which IT assets have a particular piece of software installed?

2. Keep all software up to date, including operating systems and applications:

Updates are important. They are available for both our operating system and individual software programs. Performing these updates will deliver a multitude of revisions to your computer, such as adding new features, removing outdated features, updating drivers, delivering bug fixes, and most importantly, fixing security holes that have been discovered.

3. Use A Supported Operating System:

Just because your old computer is still running doesn’t mean that you’re going to continue to receive updates. Both Apple and Microsoft stop providing updates for older operating systems. For example, Microsoft no longer provides updates for Windows XP, and Apple does not provide updates for early versions of OS X.

If the creator is no longer providing updates for a particular operating system, then that operating system becomes more dangerous every day you continue to use it. If a new vulnerability emerges, an update to remove the vulnerability may never be released. Virus writers know this and use it to their advantage, often preying on computers that are not just behind on a few updates, but computers still running an unsupported operating system.

Therefore, it is important that you are running a maintained operating system, one that is still receiving updates.

4. Use an Antivirus Program:

An evergreen solution to prevent against most threats is to use a good antivirus software from a reputable vendor and always keep it up-to-date.

5. Regular Backup your Files:

Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked. Better safe than sorry.

3-2-1 Backup strategy is good.

3-2-1 strategy means having at least

  • 3 copies of your data
  • 2 local copies on different storage types
  • 1 backup off-site.

6. Segment the company network:

Don’t place all data on one file share accessed by everyone in the company. Separate functional areas with a firewall, e.g., the client and server networks, so systems and services can only be accessed if really necessary.

"Good network segmentation is not going to make it impossible to 
compromise your network, but it does make it more difficult."

        ~ Mat Gangwer, security operations leader, Rook Security Inc.

7. Train and re-train employees in your business:

Your users can be your weakest link if you don’t train them how to avoid booby-trapped documents and malicious emails.  As ransomware is commonly introduced through email attachments and links, arming employees with the knowledge they need to practice secure email and browsing habits can prevent many ransomware attacks from succeeding.

Train employees on how to recognize phishing attacks as well as best practices such as not opening attachments or links in emails from unknown senders, checking link URLs, and never clicking pop-up windows.

Training should be ongoing rather than a single session to ensure that employees keep up with new threats and maintain secure habits.

8. Develop a communication strategy to inform employees if a virus reaches the company network:

The speedy dissemination of information is vital in stopping an attack or the continuance of an attack. It is vital that all users on the network be made aware of an attack or attempted attack to ensure the vigilance of other users on your network. It is likely that other users have also received similar phishing emails and your quick response may prevent further damage.

9. Instruct information security teams to perform penetration testing to find any vulnerabilities:

The Penetration tests must be carried out periodically either by Third party organization specialized in Security Testing or by the specialized internal resource. Periodic assessment of its information assets, network equipment, and applications should be conducted and fixed all gaps found during the assessment.

10. Keep Your Knowledge Up-to-Date:

There’s not a single day that goes without any report on cyber-attacks and vulnerabilities in popular software and services, such as Android, iOS, Windows, Linux, and Mac Computers as well.

So, it’s high time for users of any domain to follow day-to-day happening of the cyber world, which would not only help them to keep their knowledge up-to-date but also prevent against even sophisticated cyber-attacks.

Mitigating an attack:

If your company is hacked with ransomware, you can explore the free ransomware response kit for a suite of tools that can help. Experts also recommend the following to moderate an attack:

  • Remove the infected machines from the network, so the ransomware does not use the machine to spread throughout your network.
  • Launched less than a year ago, the No More Ransom (NMR) project has started as a joint initiative by Europol, the Dutch National Police, Intel Security, and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals.

The online website not just educates computer users to protect themselves from                  ransomware, but also provides a collection of free decryption tools.

The platform is now available in 14 languages and hosts 40 free decryption tools,           supplied by a range of member organizations, which can be used by users to decrypt their files which have been locked up by given strains of ransomware.

  • Boston-based cyber security firm Cybereason has released RansomFree — a real-time ransomware detection and response software that can spot most strains of Ransomware before it starts encrypting files and alert the user to take action.

    RansomFree is a free standalone product and is compatible with PCs running Windows 7, 8 and 10, as well as Windows Server 2010 R2 and 2008 R2.

Source: The Hacker NewsTech Republicsecurity.illinois.edudigital guardian.comSophosIt.ieCybereason

Incognito mode

What is incognito mode?

Incognito mode — also known as private mode — is a browser mode that gives a user a measure of privacy among other users of the same device or account. In the incognito mode, a browser doesn’t store your Web surfing history, cookies, download history, or login credentials.

Incognito mode

What does “doesn’t store” mean?

Well, as you know, browsers normally remember everything you do online: what you searched for, what pages you visited, what videos you watched, what you shopped for on Amazon, and so on. But in incognito mode, browsers don’t save any of that information.

 

When should you use incognito mode?

The simple answer is, you should use incognito mode when you want to keep your Internet activity secret from other people who use the same computer or device. Say, for example, you want to buy a gift for your spouse. You use your home PC to search for the best deals. You close the browser and turn off the PC when you’re done.

When your spouse uses the computer, say to check e-mail or Facebook, they are likely to see what you searched for, even without looking for it — either in browser history or in targeted ads. If you use incognito mode for your shopping, however, the browser will forget that history and not inadvertently spoil the surprise.

What else does incognito mode conveniently forget?

Login credentials and other form info. In the incognito mode, a browser won’t save login name or password. That means you can log in to Facebook on someone else’s computer, and when you close the browser or even the tab, you’ll be logged out, and the credentials will not autofill when you or someone else returns to the site. So, there’s no chance another person will go to facebook.com and inadvertently (or purposely) post from your account. Also, even if that person’s regular browser is set to save the data entered in forms (such as name, address, phone number), an incognito window won’t save that information.

Download history. If you download something while incognito, it won’t appear in the browser’s download history. However, the downloaded files will be available for everyone who uses the PC, unless you delete them. So, be careful with your My Little Pony films.

Are there other reasons to use incognito mode?

Incognito browsing is mostly about, well, going incognito. That said, here are a few more considerations.

Multiple accounts. You can log in to multiple accounts on a Web service simultaneously by using multiple incognito tabs.

No add-ons. This mode also blocks add-ons by default, which comes in handy in some situations. For example, you want to read the news but the page says “Disable your ad blocker to see this story.” Simply open the link in incognito mode.

How do you activate incognito mode?

In Google Chrome: You can use a keyboard shortcut or click. Press Ctrl + Shift + N in Windows or ⌘ + Shift + N in macOS. Or click the three-dot button in the upper right corner of the browser window and then choose New Incognito window. Click here for more info.

In Mozilla Firefox: Open the menu (three horizontal bars) in the upper right corner and click New Private Window. For more info visit this page.

In Microsoft Edge: Open the menu by clicking the three dots in the upper right corner and chose New InPrivate window. You’ll find more on that here.

In Chrome or Firefox, you can also right-click on a link and choose to open the link in a new incognito or private window.

To close this mode, simply close the tab or window. That’s it!

What Incognito mode isn’t suitable for?

It is always fine to use incognito browsing. But you need to understand what it can’t do. The first, very important thing to keep in mind is that incognito mode doesn’t make your browsing anonymous. It erases local traces, but your IP address and other information remain trackable.

Among those able to see your online activities:

  • Your service provider,
  • Your boss (if you are using a work computer),
  • Websites you visit.

If there is any spying software on your computer (a keylogger, for example) it also can see what you are doing. So, don’t do anything stupid or illegal.

Second, and just as important, incognito mode doesn’t protect you from people who want to steal the data you send to and receive from the Internet. For example, using incognito mode for online banking, shopping, and so on is no safer than using normal mode in your browser. If you do any of those things on a shared or public network,  use a VPN.

Source: Kaspersky Blog

WINDOWS 10 INSIDER PREVIEW BUILD 16232 will Protect Against Ransomware Attacks

In the wake of recent devastating global ransomware outbreaks, Microsoft has released Insider Preview Build 16232 for Windows 10 operating system to protect against ransomware and other emerging threats that specifically targets its platform.

Microsoft is planning to introduce the security features in Windows 10 Creator Update (also known as RedStone 3), which is expected to release sometime between September and October 2017.

Image-2

The anti-ransomware feature, dubbed Controlled Folder Access, is part of Windows Defender that blocks unauthorized applications from making any modifications to your important files located in certain “protected” folders.

Applications on a whitelist can only access Protected folders. So, you can add or remove the apps from the list. Certain applications will be whitelisted automatically, though the company doesn’t specify which applications.

Once turned on, “Controlled folder access” will watch over files stored inside Protected folders and any attempt to access or modify a protected file by non-whitelisted apps will be blocked by Windows Defender, preventing most ransomware to encrypt your important files.

So, whenever an application tries to make changes to Protected files but is blacklisted by the feature, you will get a notification about the attempt.

How to Enable Controlled Folder Access, Whitelist Apps and Add or Remove Protected Folders:

Here’s how to enable the Controlled folder access feature:

Go to Start menu and Open the Windows Defender Security Center

Go to the Virus & Threat Protection settings section

Set the switch to On

Here’s how to allow apps that you trust is being blocked by the Controlled folder access feature to access Protected folders:

Image-3

Go to Start menu and Open the Windows Defender Security Center

Go to the Virus & Threat Protection settings section

Click ‘Allow an app through Controlled folder access’ in the Controlled folder access area

Click ‘Add an allowed app‘ and select the app you want to allow

Windows library folders like Documents, Pictures, Movies, and Desktop are designated as being compulsorily “protected” by default, which cannot be removed.

However, users can add or remove their personal folders to the list of protected folders. Here’s how to add folders to Protected folders list:

Image-4

Go to Start menu and Open the Windows Defender Security Center

Go to the Virus & Threat Protection settings section

Click ‘Protected folders’ in the Controlled folder access area

Enter the full path of the folder you want to monitor

Users can also enter network shares and mapped drives, but environment variables and wildcards are not supported at this moment.

HOW TO INSTALL INSIDER PREVIEW BUILD 16232

The new build is available for download via Windows Update, so it’ll be automatically downloaded and installed on all computers running Windows 10 Insider Preview soon.

If you want to manually download and install the new build ASAP, you can do this using following simple steps:

  1. Open Settings app from Start Menu.
  2. Click on Update and security icon.
  3. Once you open Windows Update section, it’ll automatically start checking for new builds. Otherwise, you can click on “Check for updates” button.
  4. Click on “Download now” button to start downloading the new update build of Windows 10.

After downloading the build, your computer will automatically restart to install the new update.

The download size will be around 2 or 3 GB depending upon the computer architecture (32-bit or 64-bit) and system language.

 PS: If you can’t find the new build on Windows Update, following tutorial will help you:

[Fix] New Insider Preview Builds of Windows 10 Not Showing on Windows Update

Source: The Hackernewsaskvg, Microsoft

 

Petya Ransomware

The WannaCry ransomware is not dead yet and another large-scale ransomware attack is making chaos worldwide, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding $300 in bitcoins.

Researchers found a variant of the Petya ransomware called GoldenEye attacking systems around the world is spreading rapidly with the help of same Windows SMBv1 vulnerability.

Just like Petya, GoldenEye encrypts the entire hard disk drive and denies the user access to the computer. However, unlike Petya, there is no workaround to help victims retrieve the decryption keys from the computer.

Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid.

Below given text displays on the screen:

GoldenEye Ransomware
                                                            Petya Ransomware

it is quite surprising that even after knowing about the WannaCry issue for quite a decent amount of time, big corporates and companies have not yet implemented proper security measures to defend against such threat.

Don’t Pay Ransom, You Wouldn’t Get Your Files Back 

Infected users are advised not to pay the ransom because hackers behind Petya ransomware can’t get your emails anymore.

Posteo, the German email provider, has suspended the email address i.e. wowsmith123456@posteo.net, which was behind used by the criminals to communicate with victims after getting the ransom to send the decryption keys.

How to Protect Yourself from Ransomware Attacks

What to do immediately? Go and apply those goddamn patches against EternalBlue (MS17-010) and disable the unsecured, 30-year-old SMBv1 file-sharing protocol on your Windows systems and servers.

Since GoldenEye Ransomware is also taking advantage of WMIC and PSEXEC tools to infect fully patched Windows computers, you are also advised to disable WMIC (Windows Management Instrumentation Command-line).

Kill Switch:

Researcher finds GoldenEye ransomware encrypt systems after rebooting the computer. So if your system is infected with Petya ransomware and it tries to restart, just do not power it back on.

“If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine.” ‏HackerFantastic tweeted. “Use a LiveCD or external machine to recover files”

Petya kill switch
                                                                                            Kill Switch

PT Security, a UK-based cyber security company and Amit Serper from Cybereason, have discovered a Kill-Switch for Petya ransomware. According to a tweet, the company has advised users to create a file i.e. “C:\Windows\perfc” to prevent ransomware infection.

Amit Serper

Create Perfc, Perfc.dat, Perfc.* in “C:\Windows” folder

Erhan

Regular Backup your Files:

To always have a tight grip on all your important documents and files, keep a good backup routine in place that makes their copies to an external storage device which is not always connected to your computer.

That way, if any ransomware infects you, it cannot encrypt your backups.

Moreover, make sure that you run a good and effective anti-virus security suite on your system, and keep it up-to-date. Most importantly, always browse the Internet safely.

One good thing,  this ransomware is spreading via local network and not so massive like WannaCry.

Source: Tthe Hackernewscnet,

What is the Greatest Cybersecurity Threat: Insiders or Outsiders?

In a short two years, it is safe to say that the prospect of cybercrime has suddenly shifted to be a top concern for many decision makers around the world.

It started with the explosive hacks that rocked companies like Sony, JP Morgan, Target, and other well-known brands. More recently, it was the release of thousands of hacked emails from the DNC and John Podesta, along with the allegations of Russian hacking, that has led the news cycle.

As a result, it is not surprising that much of today’s narrative on cybercrime is centered around the devastating potential of external threats to countries or businesses. The reality is, however, that there is a whole other side of things to consider.

Infographic from Digital Guardian explains the differences, methods, and typical costs associated with each kind of cybersecurity threat.

 

cybersecurity-threats-infographic
Insiders vs. Outsiders: What’s the Greater Cybersecurity Threat? 

Source: digitalguardianvisualcapitalist

 

INTERNET of EVIL THINGS (IoET)

Traditionally, InfoSec Teams had a difficult, but straightforward, job: they need to understand their assets, know what they were connecting to, and separate them from the outside world. That standard has changed, many devices introduced into the workplace by employees, visitors, partners, and other outsiders. Any device that can connect to a network, whether it is or isn’t built to be malicious, can cause disaster to both the data and networks IT Security is responsible for protecting.

So, what exactly is The Internet of Evil Things? First, we need to define evil, by which we mean malicious or harmful… purposefully or not. For the purposes of this report, we are defining a “connected device” as any device that can connect to a network or other devices via a wired or wireless signal.

IT security professionals (rightfully) expect that connected devices will be a major security headache in 2017 – but still struggle to get a grasp on how to account for, track and monitor those devices, a report from Pwnie Express found.

IOET11

IOT—LIFE AFTER MIRAI

On October 21st, 2016, a massive Distributed Denial of Service (DDOS) attack took down large portions of the Internet across the United States. It quickly became clear that the only way an attack that large could have happened was with an unprecedented number of computers. In this case, connected devices like webcams were being used as unwitting accomplices in the biggest DDoS attack in history. How were they being “recruited”? A clever malware that took advantage of unprotected, web-connected devices with weak or non-existent passwords. Like other botnets, anybody’s devices could be a part of the zombie mob.

dyn-ddos-attack-diagram_02Historically, over 60% of IoT devices are consumer devices; which is troubling considering that consumers are the group least likely to consider or improve the default security of their device. An ESET and National Cyber Security Alliance study of 15,527 consumers revealed that 43% of end users had not changed the default passwords on their home routers. Consumer IoT devices include any internet enabled device, such as webcams, printers, routers, mobile devices, etc. There is currently a quarter of a billion CCTV cameras worldwide. In many countries, including the United States, most home users who purchase television or internet access are provided with a company specific DVR or router. These IoT devices often rely on generic or default administration credentials that most end users neglect to change. Other devices have hardcoded vendor default credentials that end users cannot change.

Default credentials pose little threat when a device is not accessible from the Internet. However, when combined with other defaults, such as web interfaces or remote login services like Telnet or SSH, default credentials may pose a great risk to a device.” “In this case, default credentials can be used to “Telnet” to vulnerable devices, turning them into “bots” in a botnet.”

Attackers hacked IoT devices via SSH or Telnet account exploiting known vulnerabilities or using default passwords that were not changed by the owner of the targeted systems.

IoET

We can find out the flawed IoT devices by using Shodan search Engine 
on the internet      https://www.shodan.io/
What Is being Done To Secure The IoT?

The IoT security issue has also given rise to new alliances. A conglomeration of leading tech firms, including Vodafone, founded the Internet of Things Security Foundation, a non-profit body that will be responsible for vetting Internet-connected devices for vulnerabilities and flaws and will offer security assistance to tech providers, system adopters, and end users. IoTSF hopes to raise awareness through cross-company collaboration and encourage manufacturers to consider the security of connected devices at the hardware level.

Online Trust Alliance recommendations:
  1. Developers and manufacturers:
  • Proactively communicate to customers any security and safety advisories and recommendations.
  • Products which can no longer be patched and have known vulnerabilities should either have their connectivity disabled, the product recalled and/or the consumers notified of the risk to their personal safety, privacy and security of their data.
  • Provide disclosures, including on product packaging, stating the term of product/support beyond the product warranty
  • Update websites to provide disclosures and security advisories in clear, everyday language.
  1. Retailers / Resellers / eCommerce Sites:
  • Voluntarily withdraw from sale products being offered without unique passwords or without a vendor’s commitment to patching over their expected life
  • Apply supplementary labels or shelf-talkers advising buyers of products with exemplary security data protection and privacy policies.
  • Notify past customers of recalls, security recommendations and of potential security issues.
  1. Consumers and users have a shared responsibility. Users need to:
  • Maintain devices and stay up to date on patches.
  • Update contact information including email address for all devices.
  • Regularly review device settings and replace insecure and orphaned devices
  1. ISPs should consider the ability to place users in a “walled garden” when detecting malicious traffic patterns coming from their homes or offices. In concept, this would allow basic services such as 911 access and medical alerts, while limiting other access. Such notifications can advise consumers of the harm being incurred, and the need to make changes, replace devices or seek third party support.
  2. Government:
  • Fund outreach and education, working with trade organizations, ISPs, local grassroots organizations, media, State Agencies, and others to raise awareness of the threats and responsibilities. Focus on teachable moments such as at the time of purchase, inclusion in billing statements and emails to installed base of users and notices to ISP customers.
  • Prioritize “whole-of-government” approach to the development, implementation, and adoption of efforts and initiatives, with a global perspective. Coordinated efforts will help to ensure the industry can innovate and flourish while enhancing the safety, security, and privacy of consumers, enterprises, and the nation’s critical infrastructure.

Source: pwnieexpress,  Online Trust Alliancejoy of tech,  techcrunch,   Trend MicroProduct Hunt

What exactly is the INTERNET of THINGS (IoT)

What exactly is the Internet of Things (IoT)?

Internet of Things is an environment of smart small hosting devices (because they get attached to any device and make them smart device) which are AlwaysAnywhere and Anytime (3As of IoT) connected with each other and sending some data or information which can further be processed over cloud to generate meaningful analytic result that can help a lot or to trigger an automatic action according to the analysis. These small devices are called the “THING” of Internet of Things and this environment comprises of 3 ingredients called Device, Network and Application also known as DNA of Internet of Thing.

This particular infographics answers all your questions very well: (credit: postscapes-harbor-iot-infographics.jpg

postscapes-harbor-iot-infographics-compressor

Source: QuoraPostscapes,  harbor research