keeping yourself and your family safe in a tech driven world...Types of Malwares ? 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software

INFORMATION SECURITY

AWARENESSInformation Security

Education & Awareness

Team

C-DAC Hyderabad keeping yourself and your family safe in a tech driven world

www.infosecawareness.in

Cyber society

In today’s world, we depend on Internet at home, in school and at work place

How and for what purpose do you use the Internet ??

Education

Fun/Entertainment

Online Banking

Online ShoppingCommunication

E-mail

Social Networking

While using the Internet what are the primary online risks you face

Malware

Yes, the answer is

What is a malware ??

Malware in short known for malicious

software. It is software designed to infiltrate a computer system without the owner's informed

consent.

Types of Malwares ?

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

Ransomware

Ransomware




These type of malware alter the normal operation of your machine, thus barring

you to use it properly. Thereafter, these programs display warning messages

asking for money to get your device back to normal working condition.

After reading this, you might be thinking why people create Malware.

Here are some reasons which may compel a coder to write malware

codes:

• Take control of a person’s computer for personal or professional

reasons

• To get financial benefits.

• To steal confidential data.

• To prove their point regarding a security breach can be done on a

system.

• To take down an individual computer or a complete network.

Let’s Discuss about recent ransomware attack happened ?




WannaCry/WannaCrypt Ransomware ?

The WannaCry ransomware attack is an ongoing worldwide

cyberattack by the WannaCry ransomware cryptoworm,

which targets computers running the Microsoft Windows

operating system by encrypting data and demanding ransom

payments in the Bitcoin cryptocurrency.

How the WannaCry attack Spread the Countries




Cont..




• On Friday morning Spanish mobile operator Telefonica was among the first

large organizations to report infection by WannaCry

• By late morning, hospitals and clinics across the UK began reporting

problems to the national cyber incident response centre

• In Europe, French carmaker Renault was hit, in Germany,Deutsche Bahn

became another high-profile victim

• In Russia, the ministry of the interior, mobile phone provider Megafon and

Sberbank became infected

• Although WannaCry's spread had already been checked ,the US was not

entirely spared, with FedEx being the highest-profile victim




• Wannacry encrypts the files on infected Windowssystems. This ransomware spreads by using avulnerability in implementations of Server MessageBlock (SMB) in Windows systems. This exploit isnamed as ETERNALBLUE.

• The ransomware called WannaCrypt or WannaCryencrypts the computer's hard disk drive and thenspreads laterally between computers on the sameLAN. The ransomware also spreads throughmalicious attachments to emails.

• In order to prevent infection, users and organizationsare advised to apply patches to Windows systems asmentioned inMicrosoft Security Bulletin MS17-010.




The file extensions that the malware is targeting contain certain

clusters of formats including:

• Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).

• Less common and nation-specific office formats (.sxw, .odt, .hwp).

• Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)

• Emails and email databases (.eml, .msg, .ost, .pst, .edb).

• Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).

• Developers' sourcecode and project files (.php, .java, .cpp, .pas,

.asm).

• Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg,

.aes).

• Graphic designers, artists and photographers files (.vsd, .odg, .raw,

.nef, .svg, .psd).

• Virtual machine files (.vmx, .vmdk, .vdi).

Best practices to prevent ransomware attacks:




• Maintain updated Antivirus software on all systems

• Check regularly for the integrity of the information stored in the databases.




• Regularly check the contents ofbackup files of databases for anyunauthorized encrypted contentsof data records or externalelements, (backdoors /maliciousscripts.)

• Ensure integrity of the codes/scripts being used in database,authentication and sensitivesystems

Cont..




• Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.

• Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.

Cont..




•Don't open attachments in unsolicited e-mails, even if they come from people inyour contact list, and never click on a URLcontained in an unsolicited e-mail, even ifthe link seems benign. In cases of genuineURLs close out the e-mail and go to theorganization's website directly throughbrowser

•Follow safe practices when browsing theweb. Ensure the web browsers are securedenough with appropriate content controls.

Cont..




Cont..

•Network segmentation and segregationinto security zones - help protect sensitiveinformation and critical services. Separateadministrative network from businessprocesses with physical controls andVirtual Local Area Networks.

•Disable ActiveX content in MicrosoftOffice applications such as Word, Excel,etc.

•Disable remote Desktop Connections,employ least-privileged accounts.




•If not required consider disabling, PowerShell /windows script hosting.

•Restrict users' abilities (permissions) to install and run unwanted software applications.

Cont..




• Enable personal firewalls on workstations.

• Implement strict External Device (USB drive) usage policy.

• Employ data-at-rest and data-in-transit encryption.

• Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.

Cont..




• Block the attachments of file types,exe|pif|tmp|url|scr|reg|cer|cmd|pst|com|bat|dll|dat|hlp|hta|js|wsf

• Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular

Cont..

Generic Prevention Tools:




Sophos: Hitman.Pro

https://www.hitmanpro.com/en-us/surfright/alert.aspx4

Bitdefender Anti-Crypto Vaccine and Anti-Ransomware (discontinued)

https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/

Malwarebytes Anti-Ransomware(formally Crypto Monitor)

https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/

Trendmicro Ransomware Screen Unlocker tool

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105975.aspx

Microsoft Enhanced mitigation and experience toolkit(EMET)

https://www.microsoft.com/en-us/download/details.aspx?id=50766

https://www.hitmanpro.com/en-us/surfright/alert.aspx4

https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/

https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105975.aspx

https://www.microsoft.com/en-us/download/details.aspx?id=50766




Thank You

Documents

keeping yourself and your family safe in a tech driven world...Types of Malwares ? 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software