Dear Mr. Hisham Ibrahim Thank you very much for your important information.
Best regards; Harith On Mon, May 15, 2017 at 12:42 AM, Hisham Ibrahim <[email protected]> wrote: > Dear All, > As you are no doubt aware, we are currently experiencing an unprecedented > ransomware attack at a global scale. The malware was detected on 12 May > 2017 and has the capability to spread across networks taking advantage of a > critical exploit in a popular communication protocol used by Windows > systems. > Many of you have already reached out and are actively involved in > containing this threat. It is believed that the infection and propagation > rate may go up on Monday when people return to their workplaces. > Below is the Europol warning / update about the current ransomware threat. > If you think this would be useful to anyone in our community, please > forward it on. > A list of tips and advice on how to prevent ransomware from infecting your > electronic devices can be found at: > https://www.europol.europa.eu/sites/default/files/images/ > editor/ransomware-01.jpg > Regards, > Hisham > > Begin forwarded message: > > *If you are a victim or have reason to believe that you could be a victim* > > This is link provides some practical advice on how to contain the > propagation of this type of ransomware: > *https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance* > <https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance> > > The most important step involves patching the Microsoft vulnerability > (MS17-010): > *https://technet.microsoft.com/en-us/library/security/ms17-010.aspx* > <https://technet.microsoft.com/en-us/library/security/ms17-010.aspx> > > A patch for legacy platforms is available here: > > *https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks* > <https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks> > > In instances where it is not possible to install the patch, manage the > vulnerability becomes key. One way of doing this would be to disable the > SMBv1 (Server Message Block) protocol: > *https://support.microsoft.com/en-us/help/2696547* > <https://support.microsoft.com/en-us/help/2696547> > and/or block SMBv1 ports on network devices [UDP 137, 138 and TCP 139, > 445]. > > Another step would be to update endpoint security and AV solutions with > the relevant hashes of the ransomware (e.g. via VirusTotal). > > If these steps are not possible, not starting up and/or shutting down > vulnerable systems can also prevent the propagation of this threat. > > *How to prevent a ransomware attack?* > > > 1. *Back-up! Back-up! Back-up!* Have a backup and recovery system in > place so a ransomware infection can’t destroy your personal data forever. > It’s best to create at least two back-up copies on a regular basis: one to > be stored in the cloud (remember to use a service that makes an automatic > backup of your files) and one stored locally (portable hard drive, thumb > drive, etc.). Disconnect these when you are done and store them separately > from your computer. Your back-up copies will also come in handy should you > accidentally delete a critical file or experience a hard drive failure. > 2. *Use robust antivirus software* to protect your system from > ransomware. Always use the latest virus definition/database and do not > switch off the ‘heuristic’ functions as these help the solution to catch > samples of ransomware (and other type of malware) that have not yet been > formally detected. > 3. *Keep all the software on your computer up to date.* When your > operating system (OS) or applications release a new version, install it. If > the software you use offers the option of automatic updating, enable it. > 4. *Trust no one. Literally.* Any account can be compromised and > malicious links can be sent from the accounts of friends on social media, > colleagues or an *online gaming* > <https://blog.kaspersky.com/teslacrypt-20-ransomware/9314/> partner. > Never open attachments in emails from someone you don’t know. Similarly, > don’t open attachments in emails from somebody you know but from whom you > would not expect to receive such as message. Cybercriminals often > distribute fake email messages that look very much like email notifications > from an online store, a bank, the police, a court or a tax collection > agency, luring recipients into clicking on a malicious link and releasing > the malware into their system. If in doubt, call the sender at a trusted > phone number to confirm the legitimacy of the message received. > 5. *Enable the ‘Show file extensions’ option in the Windows settings > on your computer.* This will make it much easier to spot potentially > malicious files. Stay away from file extensions like ‘.exe’, ‘.com’, ‘.vbs’ > or ‘.scr’. Cybercriminals can use several extensions to disguise a > malicious file as a video, photo, or document (like hot-chics.avi.exe or > report.doc.scr). > 6. If you discover a rogue or unknown process on your machine, *disconnect > it immediately from the internet or other network connections (such as home > Wi-Fi)* — this will prevent the infection from spreading. > > > > > _______________________________________________ > Menog mailing list > [email protected] > http://lists.menog.org/mailman/listinfo/menog > >
_______________________________________________ Menog mailing list [email protected] http://lists.menog.org/mailman/listinfo/menog
