19th Ave New York, NY 95822, USA

INSIGHT WEEKLY SECURITY NEWS LETTER-08-Aug-2017

Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to...

WHAT IS RANSOMWARE

 

Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer’s Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.

 

WHAT IS WANNACRY RANSOMWARE

The WannaCry ransomware attack is an ongoing cyberattack of the WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) ransomware computer worm targeting the Microsoft Windows operating system. The attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries, with the software demanding ransom payments in the cryptocurrencybitcoin in 28 languages. The attack has been described by Europol as unprecedented in scale and India is the third highest affected country with this attack.

For the time being, it looks like WannaCry, or WCry, has been stopped, or at least slowed, by the discovery of the so-called “kill switch.” However, is this just the eye of the storm that misleading calm between another onslaught. The code can be easily tweaked and the ransomware unleashed again. This could happen imminently, so it’s critical to prepare now

We’ve put together some proactive actions which will help you

  • Patch Management– Ensure all Workstations and Servers have the latest Microsoft patches, especially the ones related to MS17-010.
  • Antivirus – Ensure AV signatures are updated on all assets. Identify critical assets and target them first. Block IOCs on AV solution. Get the details with regards to the name of the malware and verify if this malware has been detected in the logs for last 1 week.
  • Deploy Proactive Monitoring and Management systems to indentify security threats and carry out predictive analysis.
  • Develop Incident response and reporting framework within organisation.
  • Create Employee awareness programs

Insight Team can work with you in achieving

  • Vulnerability assessment & Penetration testing
  • Monitoring & maintaining logs
  • Incident Response and Management
  • Real time Threat Management
  • Network Security Management
  • Forensics
  • Employee awareness programs

You can leverage INSIGHT 24/7 Cyber Security Operation Centre and skilled expertise for cyber security incident response, remediation and reporting.

It is characterized by the following:

  • Secure environment isolated from existing corporate network
  • Lab for testing use cases related to different tools.
  • A plug and play environment for new products and technologies
  • Demo environment for clients.
  • Can be used across various geographies

Leave a comment