Information Security Awareness

Home , Adware, Scareware

INFORMATION SECURITY Information Security Education & Awareness AWARENESS Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world

www.infosecawareness.in Cyber society

In today’s world, we depend on Internet at home, in school and at work place How and for what purpose do you use the Internet ??

Communication Education Online Shopping E-mail

Fun/Entertainment Online Banking Social Networking While using the Internet what are the primary online risks you face Yes, the answer is Malware What is a malware ??

Malware in short known for malicious software. It is software designed to infiltrate a computer system without the owner's informed consent. Types of Malwares ?

Ransomware

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Ransomware These type of malware alter the normal operation of your machine, thus barring you to use it properly. Thereafter, these programs display warning messages asking for money to get your device back to normal working condition. After reading this, you might be thinking why people create Malware. Here are some reasons which may compel a coder to write malware codes: • Take control of a person’s computer for personal or professional reasons • To get financial benefits. • To steal confidential'Malware' data. is an umbrella term used to refer • To prove their pointto a regardingvariety of forms a security of hostile breach or intrusive can be done on a system. software including computer viruses, worms, Trojan horses, ransomware, spyware, • To take down an individualadware, scareware, computer and or other a complete malicious network. programs. Let’s Discuss about recent ransomware attack happened ?

WannaCry/WannaCrypt Ransomware ?

The WannaCry ransomware attack is an ongoing worldwide cyberattack by the WannaCry ransomware cryptoworm, which targets computers running the Microsoft Windows operating system 'Malware'by encrypting is an umbrella data term and used demanding to refer ransom to a variety of forms of hostile or intrusive payments in the softwareBitcoin including cryptocurrency. computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. How the WannaCry attack Spread the Countries

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Cont.. • On Friday morning Spanish mobile operator Telefonica was among the first large organizations to report infection by WannaCry

• By late morning, hospitals and clinics across the UK began reporting problems to the national cyber incident response centre

• In Europe, French carmaker Renault was hit, in Germany,Deutsche Bahn became another high-profile victim

• In Russia, the ministry of the interior, mobile phone provider Megafon and Sberbank became infected'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive • Although WannaCry'ssoftwarespread includinghad computeralready been viruses,checked worms, ,the US was not entirely spared, with FedExTrojanbeing horses,the ransomware,highest-profile spyware,victim adware, scareware, and other malicious programs. • Wannacry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows systems. This exploit is named as ETERNALBLUE.

• The ransomware called WannaCrypt or WannaCry encrypts the computer's hard disk drive and then spreads laterally between computers on the same LAN. The ransomware also spreads through malicious attachments to emails. 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive • In order to preventsoftware includinginfection, computerusers viruses,and worms,organizations Trojan horses, ransomware, spyware, are advised toadware,apply scareware,patches andto otherWindows malicious systems as mentioned in Microsoft Securityprograms. Bulletin MS17-010. The file extensions that the malware is targeting contain certain clusters of formats including:

• Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi). • Less common and nation-specific office formats (.sxw, .odt, .hwp). • Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv) • Emails and email databases (.eml, .msg, .ost, .pst, .edb). • Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd). • Developers' sourcecode and project files (.php, .java, .cpp, .pas, .asm). • Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes). • Graphic designers,'Malware'artists is andan umbrellaphotographers term used filesto refer(.vsd , .odg, .raw, to a variety of forms of hostile or intrusive .nef, .svg, .psd).software including computer viruses, worms, • Virtual machine filesTrojan(.vmx horses,, .vmdk ransomware,, .vdi). spyware, adware, scareware, and other malicious programs. Best practices to prevent ransomware attacks:

• Maintain updated Antivirus software on all systems

• Check regularly for the integrity of the

information'Malware' stored is anin umbrella the term used to refer databases. to a variety of forms of hostile or intrusive software including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Cont..

• Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)

• Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Cont..

• Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.

• Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from 'Malware' is an umbrella term used to refer %APPDATA% andto a %TEMP% variety of forms of hostile or intrusive paths. Ransomwaresoftware sample including computer viruses, worms, drops and executesTrojan generally horses, ransomware, spyware, from these locations.adware, scareware, and other malicious programs. Cont..

•Don't open attachments in unsolicited e- mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browser

•Follow safe practices when browsing the web. Ensure the web'Malware'browsers is an areumbrellasecured term used to refer enough with appropriateto a varietycontent of formscontrols of hostile. or intrusive software including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Cont..

•Network segmentation and segregation into security zones - help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.

•Disable ActiveX content in Microsoft Office applications such as Word, Excel, 'Malware' is an umbrella term used to refer to a variety etcof forms. of hostile or intrusive software including computer viruses, worms, Trojan horses,•Disable ransomware,remote spyware,Desktop Connections, adware, scareware,employ andleast other-privileged malicious accounts. programs. Cont..

•If not required consider disabling, PowerShell /windows script hosting.

•Restrict users' abilities (permissions) to install 'Malware' is an umbrellaand term usedrun tounwanted refer to a variety of forms of hostile or intrusive software including computersoftware viruses, worms,applications . Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Cont..

• Enable personal firewalls on workstations.

• Implement strict External Device (USB drive) usage policy.

• Employ data-at-rest and data-in-transit encryption. 'Malware' is an umbrella term used to refer to a variety of• formsConsider of hostile installing or intrusive Enhanced Mitigation software includingExperience computer viruses, Toolkit, worms, or similar host-level Trojan horses,anti ransomware,-exploitation spyware, tools. adware, scareware, and other malicious programs. Cont..

• Block the attachments of file types,exe|pif|tmp|url|scr|reg|cer|cmd |pst|com|bat|dll|dat|hlp|hta|js|wsf

• Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical 'Malware'networks/systems, is an umbrella term used especially to refer database to a variety of forms of hostile or intrusive softwareservers including from computer CERT viruses,-IN worms, empaneled Trojanauditors. horses, ransomware,Repeat audits spyware, at regular adware, scareware, and other malicious programs. Generic Prevention Tools:

Sophos: Hitman.Pro

https://www.hitmanpro.com/en-us/surfright/alert.aspx4

Bitdefender Anti-Crypto Vaccine and Anti-Ransomware (discontinued)

https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/

Malwarebytes Anti-Ransomware(formally Crypto Monitor)

https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/

Trendmicro Ransomware Screen Unlocker tool 'Malware' is an umbrella term used to refer https://esupport.trendmicro.com/ento-us/home/pages/technical a variety of forms- support/1105975.aspxof hostile or intrusive software including computer viruses, worms, Microsoft Enhanced mitigation and experienceTrojan horses, toolkit(EMET) ransomware, spyware, https://www.microsoft.com/en-us/download/details.aspx?id=50766adware, scareware, and other malicious programs. Thank You