There are ways to protect your
business networks from cyber attacks such as the WannaCry ransomware, said a
security researcher.
Juan Andres Guerrero-Saade, a senior
security researcher in Kaspersky Lab's Global Research and Analysis Team,
pointed out the importance of having your system "patched," having
backups, and using security solutions.
"The highest absolute priority
is to patch. Patch patch patch. Please people like this is the one, biggest
thing we could do right now is to make sure the systems are patched,"said
Guerrero-Saade in a webinar.
A patch is a piece of software which
is designed to update, fix or improve a computer.
Guerrero-Saade said people should
have "offline backups" of their files and data.
"People need backups and please
we need to emphasize that they need to be offline backups. If your backups are
connected to the infected machines, then you're gonna have a problem because
they will also get encrypted," he said.
He emphasized three things:
- Shadow volumes can be deleted.
- Connected backups will be encrypted.
- Backups have to be kept disconnected.
"Once attacker has an access to
your system, they can determine essentially what they wanted to do with
it," Guerrero-Saade said.
"Implement an automated
solution for backups and also make sure that you test your backups," he
added.
He also said that it is necessary to
block incoming traffic to TCP Port 445, if possible.
Check your system for ransomware
Guerrero-Saade reminded the public
that ransomware is not a "silent killer."
"Obviously you can see
traffic... a lot of these general, essentially wide-connecting for different IP
addresses that are being generated by the infected machines. It's quite noisy
on the network level," Guerrero-Saade said.
"Ransomware makes its money by
making people know that it's there. It's something that you're gonna notice
quickly and of course you're gonna see a machine in your network or several
machines in your network that are scanning for different machines that they
might be able to infect," he said.
How WannaCry works
Cybersecurity company Kaspersky Lab
said it had detected over 45,000 cases of WannaCry attacks in at least 70
countries.
"The largest number of attacks
occurred in Russia, but Ukraine, India, and Taiwan have suffered damage from
WannaCry as well. All in all, we have discovered WannaCry in 74 countries. This
was only on the first day of the attack," it said.
Kaspersky Lab said the WannaCry
virus takes advantage of the Windows exploit "EternalBlue," which
attacks the vulnerability that Microsoft patched in security update MS17-010
last March 14.
The agency said cyber extortionists
used the exploit to gain remote access to computers and install the encryptor.
"After hacking a computer successfully, WannaCry attempts to spread itself over the local network onto other computers, in a manner of a computer worm. The encryptor scans other computers for the same vulnerability that can be exploited with the help of EternalBlue, and when WannaCry finds a vulnerable machine, it attacks and encrypts files on it," the cybersecurity firm official said. — BAP, GMA News
"After hacking a computer successfully, WannaCry attempts to spread itself over the local network onto other computers, in a manner of a computer worm. The encryptor scans other computers for the same vulnerability that can be exploited with the help of EternalBlue, and when WannaCry finds a vulnerable machine, it attacks and encrypts files on it," the cybersecurity firm official said. — BAP, GMA News
No comments:
Post a Comment