Ransomware - Wannacry/wcry and everything else ...
Ransomware in general is something none of us wish to deal with. The latest Wannacry problem is worse. This is not because of what it is but rather of the extent to which it has affected our users. There have been a plethora of great suggestions all over this site. I would add to those with the following suggestions:
• Completely check your system for viruses with a reputable virus checker
• Check any suspected files and or links at virustotal.com
• Make sure you have a tested versioning backup system
• Do a complete scan of your system
• Updates
o Make sure all your programs and your operating system is up to date (even old Windows OS’s now
have updates, like windows XP – check the Microsoft website and do a windows update)
o If you are unable to do updates on your own machine due to company policy, make sure that your IT
department is doing the updates.
• Do not, click on an attachment in your email, even if it is from someone you know – call them up and check
that they sent it – they’ll understand.
Whenever I touch a system I do a “ransomware check” which involves the following:
• Create a blank text file called myapp.txt in the root drive (c:\) and rename it to myapp.exe
• Run FoolishIT’s Cryptoprevent
• Install an anti-ransomware tool such as BD Antiransomware, MBAM Antiransomware, Kaspersky
Antiransomware for business, etc.
• Run SpyBHORemover and SpyDLLRemover from securityxploded.com
• Run a full scan
• Disable Autorun and Autoplay
The rest of what I do involves anti virus procedures. It is important to do all of this at the very least to protect your systems. I highly recommend using tools/software such as Cylance, SentinelOne, MBAM, Kaspersky, etc.
Ransomware in general is something none of us wish to deal with. The latest Wannacry problem is worse. This is not because of what it is but rather of the extent to which it has affected our users. There have been a plethora of great suggestions all over this site. I would add to those with the following suggestions:
• Completely check your system for viruses with a reputable virus checker
• Check any suspected files and or links at virustotal.com
• Make sure you have a tested versioning backup system
• Do a complete scan of your system
• Updates
o Make sure all your programs and your operating system is up to date (even old Windows OS’s now
have updates, like windows XP – check the Microsoft website and do a windows update)
o If you are unable to do updates on your own machine due to company policy, make sure that your IT
department is doing the updates.
• Do not, click on an attachment in your email, even if it is from someone you know – call them up and check
that they sent it – they’ll understand.
Whenever I touch a system I do a “ransomware check” which involves the following:
• Create a blank text file called myapp.txt in the root drive (c:\) and rename it to myapp.exe
• Run FoolishIT’s Cryptoprevent
• Install an anti-ransomware tool such as BD Antiransomware, MBAM Antiransomware, Kaspersky
Antiransomware for business, etc.
• Run SpyBHORemover and SpyDLLRemover from securityxploded.com
• Run a full scan
• Disable Autorun and Autoplay
The rest of what I do involves anti virus procedures. It is important to do all of this at the very least to protect your systems. I highly recommend using tools/software such as Cylance, SentinelOne, MBAM, Kaspersky, etc.
8 Comments
Active 6 days ago
Yes that is the problem. News says this release of wannacry was probably a mistake.
Active today
In India, the following msg is being circulated over social media...
Please do not open any email which has attachments with tasksche.exe file
Active today
Well most of these are re-hashes of something previously released. cut and pasted code, so the killswitch was probably left over code from before...
Personally I see ransomware issues as just another threat like other types of malware (Viruses /worms,etc), but the only way that differs in dealing with it is by being proactive, not reactive, through proper patching of all the company's Operating system and software ,as well as Antivirus products (Preferably managed Trusted ones),, raising user awareness about "fishy" mails or "suspicious websites " that could act as a dropper for malware , either through IS training or enforcing web browsing security policy using a proxy Preferably both ways together .
in case of mass exploits like this that cause outbreaks , keeping the DEP feature of windows does help against remote code execution exploits.,
also ensuring users are operating using the least privilege needed, someone who does data entry or type reports Does Not need Admin rights.
There is also a role for the system admin to keep researching such threats and apply best practices as they come out.
Also we keep advising clients of constant backups preferably stored off site or at the very least backup to a personal cloud or removable media all critical files ,because most ransomware infections are fatal, let us be realistic here , nobody is paying and nobody is getting a decryption key .in some cases security researchers either in AV companies or Experts of Cryptology provide a solution, but the chances of recovering Everything is practically Null , Data Loss and corruption is bound to happen ,This is where constant incremental backups come in.
this is is how I see it , hope it helps.
in case of mass exploits like this that cause outbreaks , keeping the DEP feature of windows does help against remote code execution exploits.,
also ensuring users are operating using the least privilege needed, someone who does data entry or type reports Does Not need Admin rights.
There is also a role for the system admin to keep researching such threats and apply best practices as they come out.
Also we keep advising clients of constant backups preferably stored off site or at the very least backup to a personal cloud or removable media all critical files ,because most ransomware infections are fatal, let us be realistic here , nobody is paying and nobody is getting a decryption key .in some cases security researchers either in AV companies or Experts of Cryptology provide a solution, but the chances of recovering Everything is practically Null , Data Loss and corruption is bound to happen ,This is where constant incremental backups come in.
this is is how I see it , hope it helps.
Active today
The overall advice to keep automatic updates on to keep updates current, keep Antivirus up to date and firewalls up to date is something we have said many times in here (sometimes to deaf ears).
Two really important points. Stop the excuses and dump all desktop operating system earlier than Windows 7 and all server operating systems earlier that Server 2008.
Second: get top notch spam filters. That is how this malware gets in.
Two really important points. Stop the excuses and dump all desktop operating system earlier than Windows 7 and all server operating systems earlier that Server 2008.
Second: get top notch spam filters. That is how this malware gets in.
Recommended Posts
MAC vs Windows
I've been using my MacBook Air laptop on and off for a couple of weeks now and I must say I'm suitably impressed with the Mac OS. It's turning out to be a surprisingly no-nonsense little workhorse. Though an avid Windows user for many years, I'm now finding myself wanting to reach for my MAC laptop far more often than my Windows laptop whenever I just want to just get some work done. The only thing I dislike about it is the built-in keyboard. A standard USB PC mouse (as opposed to an overpriced Apple mouse) seems to work fine for my limited needs as well.
It's not the first time I've used a MAC, but it's the first time I've actually seriously tried to use one productively. Frankly, I don't what the fuss is about with people who dislike this OS.
I've been using my MacBook Air laptop on and off for a couple of weeks now and I must say I'm suitably impressed with the Mac OS. It's turning out to be a surprisingly no-nonsense little workhorse. Though an avid Windows user for many years, I'm now finding myself wanting to reach for my MAC laptop far more often than my Windows laptop whenever I just want to just get some work done. The only thing I dislike about it is the built-in keyboard. A standard USB PC mouse (as opposed to an overpriced Apple mouse) seems to work fine for my limited needs as well.
It's not the first time I've used a MAC, but it's the first time I've actually seriously tried to use one productively. Frankly, I don't what the fuss is about with people who dislike this OS.
Active 1 day ago
software is relatively easy to install and manageI've noticed that too. Rather than having to concern yourself with how many files are dropped here and there, to remove a program is just dragging the thing to the bin and you're done. I've yet to need to restart the machine unless I've applied an OS update.
Coming from Windows, installations I didn't find particularly intuitive and it was a small learning curve to figure out when a program was actually installed as opposed to installing or sitting on my desktop ready to be installed, but the system prompts helped overcome that until I did a little googling and the penny dropped. The process is certainly different, but compared to Windows, I would have to say considerably easier as well.
The cons tend to show themselves anytime you want to do something that Apple doesn't want you to do.Indeed. That's something I've definitely noticed. I'm used to being able to configure everything to my own personal tastes and have struck walls a couple of times. As I always suspected, an Apple OS is an "our way or the highway" type of deal, which as a power user I don't particularly like, but I suspect that is one of the core reasons the OS seems to be so stable too.
I doubt I'll ever move away from Windows completely and I'm typing this on one of my Windows boxes right now, but anyone who can't acknowledge the value of the Apple OS for giving you a platform which allows you to do most things with a minimum of fuss, is in my view, and as "serialband" mentioned earlier, overly biased and simply not willing to give it a serious go.
On the flip side, I've been an Apple iPhone user since way back and always shied away from Android devices. Fed up with not being able to get decent apps to do what I wanted to do, I eventually tried an Android device with the Samsung Galaxy S9+ phone and am now able to do things like effortlessly record my phone calls, something I'd been trying to do on my iPhones for years without success. App support seems to be so much better.
Different strokes for different folks - but my recent experiences with both the Apple OSX and iPhone vs Android supports that it always pays to keep an open mind :-)
Active 1 day ago
Think I may have just found the solution to my keyboard issues on my MacBook Air. Anyone using a Windows keyboard with a MAC?
https://9to5mac.com/2016/03/17/how-to-remap-windows-keyboard-buttons-match-mac-layout/
The above article shows how to remap the modifier keys only. What are some other good resources you know about?
https://9to5mac.com/2016/03/17/how-to-remap-windows-keyboard-buttons-match-mac-layout/
The above article shows how to remap the modifier keys only. What are some other good resources you know about?
How to re-read database for record with a key passed as an argument?
I have two forms: one a list of Products; and second, an edit page of additional Product information. I have an event on On Dbl_Click on the List page with the following code:
DoCmd.OpenForm "Product_Edit", acNormal, , , acFormEdit, acDialog, Product_Nbr.Value
While I am able to see the Product_Nbr Argument being passed into the Product_Edit form, I'm not able to have this second form display this particular record. It only displays the first record in the Product table.
How to I tell Access to re-read the product table based on the Product_Nbr being passed into it?
Thanks....
Andre.
I have two forms: one a list of Products; and second, an edit page of additional Product information. I have an event on On Dbl_Click on the List page with the following code:
DoCmd.OpenForm "Product_Edit", acNormal, , , acFormEdit, acDialog, Product_Nbr.Value
While I am able to see the Product_Nbr Argument being passed into the Product_Edit form, I'm not able to have this second form display this particular record. It only displays the first record in the Product table.
How to I tell Access to re-read the product table based on the Product_Nbr being passed into it?
Thanks....
Andre.
