CIS608 - Week9 - WannaCry - Ransomeware

WannaCry - Ransomware
On May 12, 2017, IT world witnessed new ransomware called WannaCry and it impacted 300,000 immediately. This ransomware exploits the vulnerabilities in the Windows file-sharing protocol. The infiltration of this threat is through and point devices such as Windows devices that allowed inbound SMB communications on firewall ports 139 or 445 and had not been updated with the latest Microsoft security patch. Once a device had been exploited, the malware would scan for other vulnerable devices and spread over.

The way Ransomware works is - once it infects, it encrypts, scrambles the data and then it demands to payout in cryptocurrency. The clients will always think whether to pay out for removing the ransom or replacing the system affected depending on the value of the data being attacked and replacement costs. It is not always true that the hijacked data can be retrieved, reinstalled and never be exported when payments are made. Depending on the variant of the malware it can be restored fully, partially or none. The moment ransomware affects a computer network, it holds the data it finds there to ransom - threatening to delete it without payment. It can find many different routes to infect a computer or cell phone/gadget. The standard way is for it to be sent in an email. In the email, there may be a link the reader is directed to click on or an attachment that needs to be opened. In most cases, the software infects computers through links or attachments in malicious messages known as phishing emails. The ransomware encrypts data on the computer using an encryption key that only the attacker knows. If the ransom isn't paid, the data is often lost forever.
How do we protect our systems -
We should increase the security measures to protect the data.
·        Make sure all the software are up to date.
·        Do not click on any links or attachments unless you know and trust who created it.
·        Password protection policy should be strong and acceptable system usage policy
·        Blacklist unknown portals, with a bad reputation.
·        Exe file downloads should be blocked.
·        Users with administrative privileges should be re-evaluated and minimize these privileges
·        Security patching should be up to date and should not be ignored.
·        Create a robust alert system in the event of incidents
·        Data backup activity should be periodical so that recovery can be done in case of incidents.
·        Log file analysis and reporting should be done to establish patterns.
·        Monitoring systems should be in place to take preventive measures.
·        Data centers should be protected with the highest possible security systems
·        Regular training and workshops are essential to bring awareness about the latest trends in ransomware techniques.
·        Using strong and up to date security software help in preventing ransomware attacks.
Individuals play an important role in keeping network and systems safe from ransomware and other malware attacks. Responsibility not only lies with the IT team or security team to protect the organizations' data and networks from intrusions.


11.     Security Research > Wanna cry Ransomware. URL: https://www.zscaler.com/security-research/wannacry-ransomware?network=g&_bk=&_bt=285339245882&_bm=b&_bn=g&gclid=CjwKCAjwwJrbBRAoEiwAGA1B_aiIxxkiAA8sHeVBMRNrnDxYfwWc4XbA6-h463Qgfdcq95kmKM7N6RoCqEEQAvD_BwE

22.   https://www.cnet.com/news/wannacry-wannacrypt-uiwix-ransomware-everything-you-need-to-know/

Comments

Post a Comment

Popular posts from this blog

CIS608 - Week5 - Enhancing Cyber Security with Artificial Intelligence

Cyber attackers are using more and more sophisticated technologies and automated tools to launch their attacks on the targets. As soon as they find a vulnerability in network, application, or simply anywhere, within minutes to hours, they intrude, compromise and steal the data. With this scenario, responding to attacks and time to remediation is essential for the organizations. This kind of quick response may not be possible with traditional methods. It may take several days for the IT/Security teams to collate the data, analyze traffic trends and to establish the type of data breach context.  According to a research conducted in IT industry, suggests it take 146 days for them to react to any Cybersecurity threats. For this reason, to address this time-critical challenge, IT industry is exploring Artificial Intelligence option. Using AI may be the best bet for organizations, especially for the companies deal with consumer data to protect their networks from Cyber attacks. AI and ma
Read more

CIS608 - Week4 - New trends in Financial Services

Image
Mobile and computer literacy is on the rise continuously. Smartphones play a vital role in everyone's daily life.  Mobile applications are trending topic among consumers, especially in youth,  daily. Consumers are able to get their services and goods with a push of a button via mobile phones. Mobile phones are shaping up all the industries one way or the other. Financial services are no exception. It has a strong influence of mobile phone on it. Banks are striving more to make the mobile banking services more frictionless, enhanced services and biometric validated applications services. In that context, a Canadian based startup called - Zoompass has developed a mobile phone-based platform that enables consumers can obtain financial services on the mobile phone. Zoompass mainly focuses on e-Payments. It has a strong partnership with Banks and other credit card institutions such as Visa and MasterCard. Along with these, it has the Candian government agency - First Global Data
Read more

CIS608 - Week8 - IDS Vs IPS Vs Firewall

Image
Intrusion Detection System (IDS) vs Intrusion Prevention System (IPS) vs Firewall IDS, IPS, and Firewall talk about providing security to network and are described as principal components of a Network especially Data Center Network.  Firewall : Firewall is a network security device that filters incoming and outgoing network traffic based on pre-determined security rules. Main working nature of firewall is it filters traffic based on IP address and port numbers. It is configured in layer3 mode or transparent mode. It would be placed inline at the perimeter of the network. Traffic patterns of Firewall are not analyzed. Firewall blocks the detected unauthorized traffic on the network. In brief, Firewall is a device or application that analyzes packet headers and enforces policy based on protocol type, source address, destination address, source port, and/or destination port. Packets that do not match policy are rejected. Intrusion Detection System (IDS) – It is a softwar
Read more