What is Ransomware?
Well from wikipedia we learnt that Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and display a message requesting payment to unlock it. more of this you can read it throught here.
Where did ransomware originate?
The first documented case appearead in 2005 in the US, but quickly spread around the world
How does it affect a computer?
the software is normally contained within an attachment to an email that masquerades as something innocent. Once we opened it, it encrypts the hard drive, making it impossible to access or retrieve anything stored on there - such as work document, photographs, music, etc.
What are the steps to prevent the ransomware from attacking your computers?
1. enable automatic update in windows
2. create a backup of your important files
3. install a good antivirus software
4. install anti-ransomware products
How to prevent wannacry ransomware?
1. install the windows security patch MS170-010
2. disable SMB v1
3. do blocking for ports 139/445 and 3389
Is there any preventive monitoring software so we can detect ransomware?
Yes, there is.
products such as ExtraHop would be one of the one products that can detect ransomware since 2013 (if i'm not mistaken).
quote from ExtraHop website:
"WannaCry is propagating quickly around the globe ExtraHop customers should download the update ransomware bundle"
ExtraHop provide many Solution Bundles, on of the solution bundle is to detect ransomware; This bundle was updated on may 12, 2017 to detect Wannacrypt0r, wanna decryptor malware.
it will detect the *.WNCRY file extension and @Please_ReadMe@.txt ransom note. not only that the updated bundles also looks for unusual CIFS/SMB write activity indicative of any ransomware strain.
there are forums in ExtraHop community that provides this solutions
for other security preventive measurements; ExtraHop has "wire data for security"
youtube link for extrahop regarding ransomware and security:
https://www.youtube.com/watch?v=HnDoBq22dTs&t=87s
https://www.youtube.com/watch?v=VSM3DKGH82E&t=28s
that's all for now, hopes this helps
thanks to information provided by:
- en.wikipedia.com
- www.detik.com
- www.trishtech.com
- www.telegraph.co.uk
- www.extrahop.com
- www.youtube.com
Well from wikipedia we learnt that Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and display a message requesting payment to unlock it. more of this you can read it throught here.
Where did ransomware originate?
The first documented case appearead in 2005 in the US, but quickly spread around the world
How does it affect a computer?
the software is normally contained within an attachment to an email that masquerades as something innocent. Once we opened it, it encrypts the hard drive, making it impossible to access or retrieve anything stored on there - such as work document, photographs, music, etc.
What are the steps to prevent the ransomware from attacking your computers?
1. enable automatic update in windows
2. create a backup of your important files
3. install a good antivirus software
4. install anti-ransomware products
How to prevent wannacry ransomware?
1. install the windows security patch MS170-010
2. disable SMB v1
3. do blocking for ports 139/445 and 3389
Is there any preventive monitoring software so we can detect ransomware?
Yes, there is.
products such as ExtraHop would be one of the one products that can detect ransomware since 2013 (if i'm not mistaken).
quote from ExtraHop website:
"WannaCry is propagating quickly around the globe ExtraHop customers should download the update ransomware bundle"
ExtraHop provide many Solution Bundles, on of the solution bundle is to detect ransomware; This bundle was updated on may 12, 2017 to detect Wannacrypt0r, wanna decryptor malware.
it will detect the *.WNCRY file extension and @Please_ReadMe@.txt ransom note. not only that the updated bundles also looks for unusual CIFS/SMB write activity indicative of any ransomware strain.
there are forums in ExtraHop community that provides this solutions
for other security preventive measurements; ExtraHop has "wire data for security"
youtube link for extrahop regarding ransomware and security:
https://www.youtube.com/watch?v=HnDoBq22dTs&t=87s
https://www.youtube.com/watch?v=VSM3DKGH82E&t=28s
that's all for now, hopes this helps
thanks to information provided by:
- en.wikipedia.com
- www.detik.com
- www.trishtech.com
- www.telegraph.co.uk
- www.extrahop.com
- www.youtube.com
Comments