What is Malware

Malware is a general term used to describe all types of malicious software. Malware includes trojans, worms, viruses, adware, spyware, ransomware, and more. Each type of malware has a different function. Usually, malware will try to damage your computer or steal information.

Types of Malware

Virus

A Virus is a piece of code or a software program that is capable of copying itself. The code often has a detrimental effect such as corrupting the system or destroying data. Viruses can be even more dangerous if they are able to spread over a network or bypass security systems.

Trojans

A Trojan pretends to be something good to trick users into downloading it. Trojans sometimes pretend to be virus removal programs, or games. In reality, they run malicious programs in the background. Then hackers can steal your files, view your browsing history, or even control your pc.

Worms

A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other computers and may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause harm to the network, even if only by consuming bandwidth.

Spyware

Spyware is computer software that gets installed on a computer without user permission. It collects information about a user without the user’s informed consent. Spyware can collect many various types of personal information. It can also interfere with a users control of the computer. Spyware can install more malware and redirect browser activity. It can also change computer settings, home pages, and cause loss of Internet.

Adware

Adware is any software that displays ads to a user without permission. Usually seen by the developer as a way to make money. In some cases, it may allow the software to be free of charge or sold at a reduced price. The user may view the ads as interruptions, or annoyances. In extreme circumstances, the ads can be difficult to exit out of and may prevent the user from working.

Ransomware

Ransomware is a type of malware that prevents users from accessing their system. Modern ransomware actually encrypts files on the infected systems. Then forces users to pay a ransom through anonymous payment methods to get a decryption key. This is by far the most malicious type of malware. WannaCrypt is one example of a ransomware variant that gained notoriety in May of 2017.

Botnets

A Botnet is a type of malware that spreads across many computer systems. Botnets report back to a central ‘command and control’ server. The creator of the botnet can then use the control server to make the infected systems perform tasks. Botnets are often used for denial of service attacks, spamming, and cracking passwords.

The Solution

Physical Security

First, you should have a physical security device such as a firewall. Firewalls protect every device on your network from attack. Firewalls perform packet analysis on the data coming in and out of your network. This allows them to prevent malware from coming in and can stop malware from spreading.

Software Security

A good security suite will help defeat the majority of threats you face in the wild. Companies like Trend Micro and Malwarebytes have large databases of malware. They offer software to scan your computer systems for infections. If they detect an infection the software will alert you and attempt to remove it.

Preventative Maintenance

It is important that you keep your computer systems up-to-date. Software vendors often release security patches to fix vulnerabilities. If your software isn’t updated you could expose yourself to hackers and malware. Finally, one of the best preventative steps you can take is to have a secure backup system in place. This way if you get infected you can recover your data and get back to work with minimal downtime or loss.

The post What is Malware & How To Protect Your Business appeared first on Data-Serv Technologies.

This form of malware denies the victim access to their files by encrypting them. Then the malware prompts the victim to pay a ransom to recover their data. Most ransomware spreads via email attachments and downloads from malicious websites. Ransomware like WannaCrypt is not a new threat. Ransomware started gaining notoriety back in 2013 with the release of CryptoLocker.

What Makes WannaCrypt So Dangerous?

WannaCrypt is unique in its ability to self-spread. It does not need a user to click a link or download an email attachment. WannaCrypt leverages a Windows SMB exploit nicknamed ‘EternalBlue’. The exploit allows remote hackers to hijack computers running unpatched versions of Windows. Once infected WannaCrypt also scans for other unpatched PCs connected to the network. It also scans random hosts on the wide area network, to spread itself faster.

EternalBlue

EternalBlue is an exploit developed by the U.S. National Security Agency. It takes advantage of vulnerabilities in Microsoft Window’s Server Message Block protocol. Instead of alerting vendors of exploits, governments often stockpile vulnerabilities. This way they can use it for intelligence purposes later. Yet, the Shadow Brokers hacker group found and leaked the SMB vulnerability back in April of 2017.

Microsoft did release a patch in March of 2017 that fixed this exploit. Yet, there remained many critical systems online that never received the patch. System admins often delay patches until testing can prove that it won’t break other services. Also, many of these systems such as Windows XP were out-of-life-cycle. This means they are no longer supported by Microsoft and as such, they did not receive any patches.

The Attack

Friday, May 12 (AKA: Day 0)

The attack hit hard in Europe, infecting over 75k systems in over 99 countries. The attack took some notable victims such as Spain’s Telefonica and Russian MegaFon. The British Nation Health Service had 16 hospitals affected. The hospitals had to turn away patients and cancel scheduled operations. FedEx and the Russian Interior Ministry were also affected by the attack.

Saturday, May 13

A 22-year-old security researcher who calls himself MalwareTech discovered a ‘kill switch’. WannaCrypt would connect to a URL and if it was successful it would continue its attack. The researchers then created a sinkhole by buying the domain and setting it to display a web page. This slowed the infection rate and made it so new infections would not work.

Sunday, May 14

New variants of WannaCrypt get spotted in the wild. Some with new kill-switch domains and others with no kill-switch at all. It’s believed that a third party created the new variants and not the hackers behind the first wave. Yet, it is still unknown who is behind WannaCrypt.

How to Protect Your Systems

Data-Serv Customers

We have already ensured your security against this attack. There is no further action required by you. If you are not a customer and would like to learn more about the services we offer feel free to contact us.

Patch SMB Vulnerability

Microsoft has decided to released patch for its out-of-life-cycle products. You can download the patch for your system on the Microsoft website.

http://www.catalog.update.microsoft.com/search.aspx?q=4012598

Always Install Security Updates

If you are running any version of Windows make sure that you have automatic updates turned on.

Disable SMB

It is advisable to disable the SMBv1 protocol even if you have installed the patches.

1. Go to Windows’ Control Panel and open ‘Programs.’
2. Open ‘Features’ under Programs and click ‘Turn Windows Features on and off.’
3. Now, scroll down to find ‘SMB 1.0/CIFS File Sharing Support’ and uncheck it.
4. Then click OK, close the Control Panel and restart the computer.

Block SMB Ports on your Firewall

Always have your firewall enabled. If you need SMBv1 enabled change your firewall config to block SMB ports over the internet.

Use an Antivirus

Use a good antivirus such as Malwarebytes or Trend Micro and keep it up to date.

Be suspicious of Emails, Websites, and Apps

Most ransomware spreads through phishing emails, malicious ads, and third-party apps. You should always exercise caution when opening uninvited documents sent over email. You should never download apps from third-party sources. Also, be sure to read reviews before installing apps from official stores.

Back Up Your Files!

Backups are the best way to defend against this type of attack. Having offsite backups that are not connected to the internet is ideal. If a hacker encrypts your system you can restore your files from your backup and won’t need to pay a ransom.

The post WannaCrypt Ransomware appeared first on Data-Serv Technologies.

The post Intelligent Automation appeared first on Data-Serv Technologies.