CHANDIGARH, MAY 15
In view of the aggressive spread of WannaCry/WannaCrypt Ransomware, which spreads across networks and holds files to ransom, the National Informatics Centre, Haryana has issued an advisory listing best practices to prevent ransomware attacks.
The advisory also states that individuals or organisations should not pay the ransom, as this does not guarantee that files would be released. Such instances of fraud should be reported to Indian Computer Emergency Response Team (CERT-In) and law enforcement agencies.
While stating this here today, an official spokesman said that WannaCry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementation of Server Message Block (SMB) in Windows systems. This exploit is named as ETERNALBLUE.
In order to prevent infection, users and organisations should apply patches to Windows systems as mentioned in Microsoft Security Bulletin MS17-010 (https://technet.microsoft.com /library/security/MS17-010). They could also obtain further details on the Indian Computer Emergency Response Team website at http://cert-in.org.in/s2cMa inServlet?pageid=PUBADV01& CACODE=CICA-2017-2509.
He said that to prevent ransomware attacks, people should maintain updated antivirus software on all systems. They should check regularly the integrity of the information stored in the databases and also check the contents of backup files of databases for any unauthorised encrypted contents of data records or external elements, such as backdoors or malicious scripts.
The advisory also states that individuals or organisations should not pay the ransom, as this does not guarantee that files would be released. Such instances of fraud should be reported to Indian Computer Emergency Response Team (CERT-In) and law enforcement agencies.
While stating this here today, an official spokesman said that WannaCry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementation of Server Message Block (SMB) in Windows systems. This exploit is named as ETERNALBLUE.
In order to prevent infection, users and organisations should apply patches to Windows systems as mentioned in Microsoft Security Bulletin MS17-010 (https://technet.microsoft.com
He said that to prevent ransomware attacks, people should maintain updated antivirus software on all systems. They should check regularly the integrity of the information stored in the databases and also check the contents of backup files of databases for any unauthorised encrypted contents of data records or external elements, such as backdoors or malicious scripts.
He said that people should keep the operating system third-party applications such as MS Office, browsers and browser plugins up-to-date with the latest patches. They should also carry out application whitelisting and strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths as ransomware sample drops and executes generally from these locations.
They should also perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
The advisory cautions against opening attachments in unsolicited e-mails, even if they come from people in their contact list. “People should never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs, close the e-mail and go to the organisation’s website directly through browser,” the spokesman added.
They should also perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
The advisory cautions against opening attachments in unsolicited e-mails, even if they come from people in their contact list. “People should never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs, close the e-mail and go to the organisation’s website directly through browser,” the spokesman added.
People should follow safe practices when browsing the web and ensure that the web browsers are secured with appropriate content controls. They should also disable ActiveX content in Microsoft Office applications such as Word and Excel, disable remote desktop connections and employ least-privileged accounts. They should consider disabling PowerShell and windows script hosting if not required.
They should also restrict users' abilities (permissions) to install and run unwanted software applications, and should enable personal firewalls on workstations. Strict External Device (USB drive) usage policy should be implemented and Enhanced Mitigation Experience Toolkit or similar host-level anti-exploitation tools should be installed.
He said that attachments of file types .exe, .pif, .tmp, url, .vb, .vbe, .scr, .reg, .cer, .pst, .cmd, .com, .bat, .dll, .dat, .hlp, .hta, .js and .wsf should be blocked and Vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks and systems should be carried out regularly.
They should also restrict users' abilities (permissions) to install and run unwanted software applications, and should enable personal firewalls on workstations. Strict External Device (USB drive) usage policy should be implemented and Enhanced Mitigation Experience Toolkit or similar host-level anti-exploitation tools should be installed.
He said that attachments of file types .exe, .pif, .tmp, url, .vb, .vbe, .scr, .reg, .cer, .pst, .cmd, .com, .bat, .dll, .dat, .hlp, .hta, .js and .wsf should be blocked and Vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks and systems should be carried out regularly.
----balbirsingh227@gmail.com
No comments:
Post a Comment