Securing your Windows systems from WannaCry Ransomware

499979-ransomware-feature

It was on May 12th, 2017 that the World saw the biggest ever cyber attack, the WannaCry, in the history of Internet.

 

What is Ransomware?

A cyber attack that involves hackers gaining control of a computer system, tablet or smartphone and then demands a ransom to unlock it.

To gain access to the system, the cyber criminal needs to download a type of malicious software onto a device within the network, which is often done by getting a victim to click on a link or download it by mistake. Once the software evades the computer, it encrypts the files and shows a pop up with a countdown and instructions on how to pay the ransom to decrypt and get back the original files.

Payment is only accepted in Bitcoin. The hacker demands a payment of around $300 in Bitcoin within three days or $600 within seven days. If not paid, the hacker threatens the user of the system to wipe off all his data forever.

The Classes

Encryptors, making use of advanced encryption algorithms, block system files and demand payment for the decryption key for decrypting the blocked content, namely Crypto Locker, Locky, CrytpoWall.

Lockers, in turn locks the operating environment of the victim thus making it impossible to access the desktop and any apps or files, The files are actually not encrypted in this case but the invaders demand ransoms for unblocking of the compromised system, namely Winlocker.

How do ransomware infections happen?

Though the infection phases differs on each ransomware attack, the important stages are of the following:

The victim may receive an email containing a malicious URL. It is also possible for the infection to originate from a defamatory website. When the victims click/download the link and open the attachment, a downloader gets placed on the system. This employs a list of domains or C&C servers, administered by cyber criminals to download the ransomware bug on to the machine. This malware encrypts the entire hard drive contents, personal documents as well as any sensitive information that includes data stored in Cloud accounts synced on your system. It also encrypts data on other machines within the local network.

A warning then pops up with the necessary information on how to decrypt the files.

ransomware_wannacry

The Wannacry Attack

On Friday, May 12, 2017, a Ransomware attack was initiated spreading WannaCry around the world. It took the advantage of a vulnerability in Microsoft’s Windows that allowed it to infect system’s without the victims taking any action. It was estimated that until May 24, 2017, the infection has affected over 200,000 systems in over 150 countries and it keeps on going.

The program which was deployed naming “WannaCry”, which asks for a minimum price about $300 but the more late you are to pay, the more the price increases. This took advantage of a loophole in Windows, which was unearthed by the U.S. National Security Agency(NSA) & later exposed to the world by hackers.

Who’s most vulnerable?

WannaCry ransomware targets Microsoft’s widely used Windows operating systems. PC’s with Windows OS that are not running updated software are the most at risk. All versions of Windows before Windows 10 are vulnerable to this attack if not patched for MS-17-010.

Ransomware gets into your computer, either by clicking or downloading malicious files. The malware then spreads quickly through file-sharing systems. It is also able to spread itself in a network by making use of a vulnerability in the Windows Server Message Block(SMB).

How does WannaCry work?

Wannacry makes use of ETERNALBLUE exploit, that takes advantage of the loophole in Microsoft’s Server Message Block protocol, it will spread onto any connected systems that has not been updated to guard against ETERNALBLUE. Once it gets infected, it encrypts image, database, office, email files and movies, and demands a ransom. It also installs DoublePulsar, a backdoor implant tool.

How to be safe?

The first and foremost thing is to make your Windows system up-to-date. For that, go to Start menu > type “Windows update” into the text prompt > select Windows Update from the results. Then, follow the instructions provided on the screen to get the system updated.

For disinfection, Microsoft has already released patches for Windows XP and Windows 8 operating systems. You just need to choose the correct link for your version of Windows XP or Windows 8. If you are unsure about this, go to Start menu >> Control Panel >> System. Then page will appear showing the details of your machine and its Operating System.

Preventive Steps

Steps to get secured from upcoming Ransomware attacks:

Locally, on the PC:

1. Do not store important data only on your PC.

2. Having 2 backups of data: one on an external hard drive and one in the Cloud.

3. Do not turn on applications like OneDrive, Dropbox, Google Drive etc on your system by default. Open them only once a day for data syncing and close as soon as this is done.

4. Update the operating system and the software, including the latest security updates.

5. Do not use the administrator account on the computer, instead use a guest account with limited privileges.

6. SMB will be enabled by default on Windows systems. Disable this service on the system from Settings >> uncheck the settings >> Click OK

7. Install a good anti-ransomware software on your machine for better security.

The Wannacry attack was put to cease by an information-security professional while analyzing the web address in the code. It was unearthed that the address used to send the message was unregistered which upon registering suddenly stopped infecting machines.

Online behavior

– Ignore open spam emails or emails from unknown senders.

– Do not download attachments from spam or suspicious emails.

– Do not click on the links in spam emails.

Anti-ransomware security tools

  • Making use of a reliable, antivirus program that features an automatic update module and a real-time scanner.
  • Understand the importance of having a traffic-filtering solution that provides proactive anti-ransomware protection.

Now we know that there is a handful of easy to do things that we can do to avoid Wannacry ransomware.

 

Cyber criminals have a strong impact over your data and security as you give them. So stay safe and don’t forget, the best preventive measure is always a backup!!

EasyApache 3 to EasyApache 4 Migration Process

thing2

EasyApache 3 to EasyApache 4 Migration Process

===============

Easy Apache version 4 introduced by cPanel version 11.52. EasyApache web-based Graphical User Interface helps to configure all the back-end activities. Easy Apache Graphic tool allows you to enable multiple PHP extensions and multi-processing modules. The new user interface allows you to change Apache handlers for the installed PHP versions. We can install a default version of PHP in the server and per host basis.

Continue reading…

How AI and Cognitive Systems Will Impact Your Business and Your Cloud

feb17-15-157640301

It’s time to take a quick look into the not-so-distant future. New technologies around cognitive systems and artificial intelligence (AI) are already impacting organizations in a variety of industries. According to IDC, widespread adoption of cognitive systems and AI across a broad range of industries will drive worldwide revenues from nearly $8.0 billion in 2016 to more than $47 billion in 2020.

“Software developers and end user organizations have already begun the process of embedding and deploying cognitive/artificial intelligence into almost every kind of enterprise application or process,” David Schubmehl, research director, Cognitive Systems and Content Analytics at IDC said in a statement. “Recent announcements by several large technology vendors and the booming venture capital market for AI startups illustrate the need for organizations to be planning and undertaking strategies that incorporate these wide-ranging technologies. Identifying, understanding, and acting on the use cases, technologies, and growth opportunities for cognitive/AI systems will be a differentiating factor for most enterprises and the digital disruption caused by these technologies will be significant.” Continue reading…

Super Computing with Block-chain Technology

top_slider_bg

The constantly increasing need for computing power is driven by the creation, development, and deployment of various processor intensive tasks. In most cases, individuals, businesses, and even academia find it hard to harness increased computing power without making a significant investment in the infrastructure, which could include supercomputers. SONM, a blockchain powered distributed computing platform has a solution that might solve the issue for many.

SONM is a universal fog supercomputer that allows people who are part of the network to contribute unused processing power on their devices and help those who need it. The peer-to-peer network can be used for a range of applications including video, CGI rendering, DNA analysis, complex scientific calculations and even to host websites. Like any other blockchain system, SONM also rewards the community with its namesake crypto tokens for sharing their processing power. Continue reading…