Redlance Computer Consulting, Inc. Ransomware Attacks – Redlance Computer Consulting, Inc

Ransomware Attacks

As you’re probably heard, ransomware is on the rise.   This is where somebody infects your computer with an encryption worm, all of your data gets encrypted, then held for “ransom” until you pay somebody on the Internet in BitCoin (usually).     If you don’t pay, the attacker destroys the encryption keys, and your data is lost forever.   If you do pay, there’s no guarantee that you’ll get the encryption keys.  It’s a terrible position to be in.

Ways to protect yourself:

  1. Make sure Windows is up to date with the latest patches.
  2. Keep up to date any 3rd party software like Java, Adobe products, Microsoft Office, and anything else installed on your computer.
  3. Don’t click on any links in emails- ever, even if they look “good”.
  4. Be certain when you’re doing web searches that the link you’re about to click on looks legitimate.
  5. Make sure you have security software installed with a current subscription.
  6. Make sure you have a backup plan and that the backups are working.
  • Backups that are off-line (not always connected to the computer) are best for this kind of situation.
  • Backups connected to your computer all the time are good for daily recovery of files that may have been deleted.
  • On-line or web-based backups are not recommended, but are better than nothing at all and are “ok” as a 3rd layer of backing up if you’re got the first 2 layers in place already and if you’re OK with the risks of storing your information in the cloud.

As always, we can assist with all of the above.  If you’re concerned or have any questions, let us know so we can check out your individual situation.

If you’re running BitDefender, you’re protected from this weekend’s WannaCry as per an email we received over the weekend:

Bitdefender’s next gen machine learning provides zero day protection from WannaCry ransomware attacks

#DontNeedtoCry – On May 12th, the WannaCryptor (WannaCry) ransomware family infected thousands of computers across the world. In just 24 hours, the number of infections has spiked to 185,000 machines in more than 100 countries.

The attack is particularly dangerous for businesses because it takes just one employee to become infected for the attack to spread in the entire network, and sometimes even across countries to other subsidiaries, without any user interaction. This happens because the ransomware has a worm component that leverages a recently discovered vulnerability, affecting a wide range of Windows operating systems, including 2008, 2008 R2, 7, 7 SP1.

The attacks have caused major disruption to hospitals, telecom companies or gas and utilities plants. Among the organizations that took the worst hits is the National Health Service (NHS) in the UK.

Why is this attack particularly dangerous among traditional ransomware attacks?

WannaCry automated the exploitation of a vulnerability which is present in most versions of Windows allowing a remote attacker to run code on the vulnerable computer and use that code to plant ransomware without any human and local action. This never before seen behavior makes it the perfect tool to attack specific environments or infrastructures, such as servers running a vulnerable version of the Server Message Block (SMB protocol).

Customers running Bitdefender are not affected by this attack wave.

Our next-generation machine-learning and memory introspection technologies ensure that our customers have always been safe from WannaCry, the world’s most aggressive piece of ransomware, AND will be similarly protected from the next such attack.

Endpoints running Bitdefender GravityZone are protected from hour zero against this attack wave and they  are not affected by this new family of ransomware as our products detect and intercept both the delivery mechanism and all variations of the WannaCry ransomware known to date. Bitdefender Machine Learning models, available in all editions of Bitdefender GravityZone, are designed specifically to catch never before seen attacks at pre-execution stage.

Moreover, Bitdefender’s newly introduced Hypervisor Introspection solution was able to prevent exploits of the EternalBlue vulnerability from hour zero as well, before it was patched by Microsoft. The solution is capable of detecting memory violations in the raw memory stack, without knowing the vulnerability beforehand, and can therefore effectively prevent the attack.

We encourage you to stay tuned and test our new technologies and innovations like Hypervisor Introspection. We are constantly innovating to keep our customers safe!

Thank you for trusting and promoting Bitdefender solutions!

Bitdefender Team