[menog] WannaCry Ransomware

Harith Dawood alwathiq2007 at gmail.com
Sat May 20 14:32:52 UTC 2017

Dear Mr. Hisham Ibrahim

Thank you very much for your important information.

Best regards;

On Mon, May 15, 2017 at 12:42 AM, Hisham Ibrahim <hmi at ripe.net> wrote:

> Dear All,
> As you are no doubt aware, we are currently experiencing an unprecedented
> ransomware attack at a global scale. The malware was detected on 12 May
> 2017 and has the capability to spread across networks taking advantage of a
> critical exploit in a popular communication protocol used by Windows
> systems.
> Many of you have already reached out and are actively involved in
> containing this threat. It is believed that the infection and propagation
> rate may go up on Monday when people return to their workplaces.
> Below is the Europol warning / update about the current ransomware threat.
> If you think this would be useful to anyone in our community, please
> forward it on.
> A list of tips and advice on how to prevent ransomware from infecting your
> electronic devices can be found at:
> https://www.europol.europa.eu/sites/default/files/images/
> editor/ransomware-01.jpg
> Regards,
> Hisham
> Begin forwarded message:
> *If you are a victim or have reason to believe that you could be a victim*
> This is link provides some practical advice on how to contain the
> propagation of this type of ransomware:
> *https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance*
> <https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance>
> The most important step involves patching the Microsoft vulnerability
> (MS17-010):
> *https://technet.microsoft.com/en-us/library/security/ms17-010.aspx*
> <https://technet.microsoft.com/en-us/library/security/ms17-010.aspx>
> A patch for legacy platforms is available here:
> *https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks*
> <https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks>
> In instances where it is not possible to install the patch, manage the
> vulnerability becomes key. One way of doing this would be to disable the
> SMBv1 (Server Message Block) protocol:
> *https://support.microsoft.com/en-us/help/2696547*
> <https://support.microsoft.com/en-us/help/2696547>
> and/or block SMBv1 ports on network devices [UDP 137, 138 and TCP 139,
> 445].
> Another step would be to update endpoint security and AV solutions with
> the relevant hashes of the ransomware (e.g. via VirusTotal).
> If these steps are not possible, not starting up and/or shutting down
> vulnerable systems can also prevent the propagation of this threat.
> *How to prevent a ransomware attack?*
>    1. *Back-up! Back-up! Back-up!* Have a backup and recovery system in
>    place so a ransomware infection can’t destroy your personal data forever.
>    It’s best to create at least two back-up copies on a regular basis: one to
>    be stored in the cloud (remember to use a service that makes an automatic
>    backup of your files) and one stored locally (portable hard drive, thumb
>    drive, etc.). Disconnect these when you are done and store them separately
>    from your computer. Your back-up copies will also come in handy should you
>    accidentally delete a critical file or experience a hard drive failure.
>    2. *Use robust antivirus software* to protect your system from
>    ransomware. Always use the latest virus definition/database and do not
>    switch off the ‘heuristic’ functions as these help the solution to catch
>    samples of ransomware (and other type of malware) that have not yet been
>    formally detected.
>    3. *Keep all the software on your computer up to date.* When your
>    operating system (OS) or applications release a new version, install it. If
>    the software you use offers the option of automatic updating, enable it.
>    4. *Trust no one. Literally.* Any account can be compromised and
>    malicious links can be sent from the accounts of friends on social media,
>    colleagues or an *online gaming*
>    <https://blog.kaspersky.com/teslacrypt-20-ransomware/9314/> partner.
>    Never open attachments in emails from someone you don’t know. Similarly,
>    don’t open attachments in emails from somebody you know but from whom you
>    would not expect to receive such as message. Cybercriminals often
>    distribute fake email messages that look very much like email notifications
>    from an online store, a bank, the police, a court or a tax collection
>    agency, luring recipients into clicking on a malicious link and releasing
>    the malware into their system. If in doubt, call the sender at a trusted
>    phone number to confirm the legitimacy of the message received.
>    5. *Enable the ‘Show file extensions’ option in the Windows settings
>    on your computer.* This will make it much easier to spot potentially
>    malicious files. Stay away from file extensions like ‘.exe’, ‘.com’, ‘.vbs’
>    or ‘.scr’. Cybercriminals can use several extensions to disguise a
>    malicious file as a video, photo, or document (like hot-chics.avi.exe or
>    report.doc.scr).
>    6. If you discover a rogue or unknown process on your machine, *disconnect
>    it immediately from the internet or other network connections (such as home
>    Wi-Fi)* — this will prevent the infection from spreading.
> _______________________________________________
> Menog mailing list
> Menog at lists.menog.org
> http://lists.menog.org/mailman/listinfo/menog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.menog.org/pipermail/menog/attachments/20170520/7fd1fc56/attachment.html 

More information about the Menog mailing list