IS USING INTERNET SAFE?

The ransomware attack on major companies continues to be the headline news in digital security. And we cannot say that we were not warned.
All reports indicate that cybercriminals
are targeting the business segment as noted in the quarterly threat report by Malwarebytes,
where it found that the detection of ransomware attacks in companies increased
by 200%. In addition, if until now Ransomware used to have exclusively economic
motivations producing high profits for attackers, lately it is expanding its
objectives as a preferred method of introducing malware, as we saw with the
NotPetya ransomware.
And there is no operating
system, platform or device that is safe, because Ransomware uses any type of
vulnerability, type of malware or attack to hijack computers.
How to Prevent Ransomware
A typical Ransomware infects a
personal computer or mobile device, blocks the operation and / or access to
part or all of the equipment, seizing the files with strong encryption and
demanding a “ransom” amount from the user to release them.
Once infected we can do
little, since in most cases there is no way to recover encrypted files and at
the customer level there is no other solution than to format the computer with
the consequent loss of time and data and files if we do not have copies of
security.
Most infections occur because
the user opens a malicious application or program that can come from any
source, especially the usual ones such as a web browser (adware deployment,
redirection to a malicious website), email (instead if attached, there is a link
to Mega, Google Drive or Dropbox that leads to malware) or messaging services
in the case of increasingly widespread mobile attacks.
Deception plays a fundamental
role, which is why it is common to see it combined with phishing attacks,
another great threat. Therefore, if prevention is the best advice in
cybersecurity, in the case of Ransomware it is essential to stop it. In
addition to common sense, we remind you of some of the tips or measures to
adopt to try to prevent it:
Backup: Backing up important
data as a regular maintenance task is the most effective measure to minimize
damage in case of infection. The backup must be located on an external medium
other than the computer to be able to recover the files from a
"clean" place and not have to pay the "ransom" demanded by
these cybercriminals.
System and application update: Keeping the operating system updated with the latest
security patches and all the applications that we have installed is the best
starting point. The aforementioned WanaCryptor took advantage of a
vulnerability in Windows systems and in the present case against Spanish
companies, everything points to vulnerabilities that had been patched, but
whose updates had not been applied.
Defense line: An antivirus solution
should be installed and maintained, including a properly configured firewall to
allow exclusive access to the necessary applications and services.
Anti-Ransom tool: It
is a specific tool against this type of attack, which will try to block the
encryption process of a ransomware (monitoring "honey files"). It
will perform a memory dump of the malicious code at the time of its execution,
in which hopefully we will find the symmetric encryption key that was being
used.
JavaScript blockers:
Applications such as Privacy Manager block the execution of any JavaScript code
suspected of damaging the user's computer. This helps to minimize the chances
of getting infected through web browsing.
Privileged accounts: Do
not use accounts with administrator privileges. 86% of threats against Windows
can be dodged by using a common user instead of an administrator. That is why
it is important to use a common user for common tasks and only leave the
administrator for when a series of tasks related to manipulating the system are
to be carried out.
File extensions:
Showing extensions for known file types is good practice to identify possible
executable files that want to masquerade as another file type. It is not
uncommon to see an .exe file with the icon of a Word document. If the extension
is not seen, the user may not be able to distinguish whether it is a Word
document or a malicious executable, although it is also good to remember that a
Microsoft Office document can also contain malware.
Virtual machines:
Using virtual machines to isolate the main system is another effective
technique. In a virtualized environment, the action of ransomware does not
usually materialize.
Comments
Post a Comment