1. Home
  2. Ransomware threat: Get patched, find a firewall or upgrade fast

Ransomware threat: Get patched, find a firewall or upgrade fast

[email protected] (Agencies)
May 15, 2017

New Delhi, May 15: It was coming. On March 14 this year, Microsoft released a security update which addressed the vulnerability in the 16-year-old Windows XP operating system that the hackers behind the massive ransomware attack exploited and created havoc in 150 countries.

wannacry

The vulnerability in the Microsoft Windows software — exploited by “WannaCrypt” — crippled computers from hospitals in Britain to police stations in India, with hackers demanding hundreds of dollars from the users for them to regain control over their data.

Once Microsoft released the patch for the vulnerability — exploited by hacker group “Shadow Brokers” after stealing a software from the US National Security Agency (NSA) — some Window XP users installed the update called “Microsoft Security Bulletin MS17-010” on their desktops and laptops.

But several didn"t.

There are nearly 150 million computers running Windows XP operation system globally. Those who didn"t pay heed to the Windows XP patch are the ones who have fallen prey to the world"s biggest ransomware attack.

Microsoft which had discontiued security updates to its out-of-date software, has also provided a security update for all customers using Windows 8 and Windows Server 2003, anticipating further attacks on these earlier platforms being used by millions.

According to the company, “customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March.

“If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible,” said Phillip Misner, Principal Security Group Manager, Microsoft Security Response Centre, in a statement.

Meanwhile, “WannaCrypt” locked up machines, encrypted files and demanded approximately $600 in Bitcoin for a recovery key.

According to global cyber security firms, paying heed to updates can only save your data from being put to ransom.

“Install the official patch from Microsoft that closes the vulnerability used in the attack. Ensure that security solutions are switched on all nodes of the network. If Kaspersky Lab"s solution is used, ensure that it includes the "System Watcher", a behavioural proactive detection component and that it is switched on,” Altaf Halde, Managing Director of Kaspersky Lab (South Asia), told.

“Run the "Critical Area Scan" task in Kaspersky Lab"s solution to detect possible infection as soon as possible (otherwise it will be detected automatically, if not switched off, within 24 hours),” he added.

According to Subhendu Sahu, Acting Country Manager for India, FireEye, the ransomware poses high risks to organisations using potentially vulnerable Windows machines.

“We can certainly expect follow-on attacks. Organisations seeking to take risk management steps related to this campaign should install the latest Windows patches. They should also use the indicators of compromise which are associated with this activity. FireEye has also taken steps to help secure its customers,” Sahu told.

As investigators were working to track down those responsible for the ransomware attack, Microsoft President and Chief Legal Officer Brad Smith said the governments should treat this attack as a “wake-up call”.

The news led software security providers to ramp up anti-malware software.

“Upon learning of these incidents, McAfee quickly began working to analyse samples of the ransomware and develop mitigation guidance and detection updates for its customers. McAfee has subsequently provided DAT (that contain data in text or binary format) updates to all its customers and provided them and the public further analysis on the attacks,” Ian Yip, Chief Technology Officer, Asia Pacific, McAfee, told.

If you are a home Windows XP user, patch immediately follow up with an upgrade. If you are running a vulnerable system and cannot install the patch for some reason, try doing the following:

“Disable SMBv1 (a server component) with the steps documented at "Microsoft Knowledge Base Article 2696547" and as recommended previously. Consider adding a rule on your router or firewall to block incoming Server Message Block (SMB) traffic on port 445,” said a report in the technology website Engadget.

“This is big and set to get bigger. We haven"t seen anything like this since Conficker in 2008,” Amit Nath, Head of Asia Pacific-Corporate Business at cyber security firm F-Secure Corporation, told IANS.

The Conficker worm infected millions of computers including government, business and home computers in over 190 countries.
Always make sure your files are backed up.

“That way, if they become compromised in a ransomware attack, you can wipe your disk drive clean and restore the data from the backup. Using Cloud storage with anti-virus scanning abilities to share files will help users to mitigate any possible threats,” suggested Anand Ramamoorthy, Managing Director, South Asia, McAfee.

Remember this: “WannaCrypt” probably won"t work across the internet for PCs behind a firewall or router.

“But if a server is connected directly to the internet or a PC is on the same network as an infected computer, it can spread quickly — which is exactly what has happened,” the Engadget report added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
March 14,2020

New Delhi, Mar 14: Excise duty on petrol and diesel was on Saturday hiked by ₹3 per litre as the government looked to mop up gains arising from fall in international oil prices.

Special excise duty on petrol was hiked by ₹2 to ₹8 per litre incase of petrol and to Rs 4 incase of diesel, an official notification said.

Additionally, road cess on petrol was raised by ₹1 per litre each on petrol and diesel to ₹10.

The increase in excise duty would in normal course result in a hike in petrol and diesel prices but most of it would be adjusted against the fall in rates that would have necessitated because of slump in international oil prices.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 13,2020

New Delhi, Jul 13: The Telecom Regulatory Authority of India (TRAI) has blocked Bharti Airtel's Platinum and Vodafone Idea's RedX premium plans that offer faster data speeds and priority services to customers as both the plans were violating net neutrality norms.

The telecom watchdog has asked Bharti Airtel to explain within seven days how such a similar plan being launched does not violate the rules of net neutrality.

Vodafone Idea's RedX plan has been in the market since November 2019. They made some modifications in May 2020 and the Bharti Airtel was soon going to launch a similar plan.

According to TRAI, the higher speed for premium customers discriminate against others and violates net neutrality.

Responding to TRAI's move, Airtel spokesperson said: "We are passionate about delivering the best network and service experience to all our customers. This is why we have a relentless obsession to eliminate faults and have been consistently recognised by international agencies as the best network in terms of speed, latency and video experience."

"At the same time, we want to keep raising the bar for our post-paid customers in terms of service and responsiveness. This is an ongoing effort at our end," the spokesperson said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
June 18,2020

Beijing, Jun 18:  Besides washing hands and wearing masks, it is also important to close the toilet lid before flushing to contain the spread of COVID-19, as per a new study.

According to a new study cited by The Washington Post, scientists who simulated toilet water and airflows, have found that flushing a toilet can generate a plume of virus-containing aerosol particles that is widespread and can linger in the air long enough to be inhaled by others. The novel coronavirus has been found in the faeces of COVID-19 patients, but it remains unknown whether such clouds could contain enough virus to infect a person.

"Flushing will lift the virus up from the toilet bowl," co-author Ji-Xiang Wang, who researches fluids at Yangzhou University in Yangzhou, China, said in an email. Wang stressed that bathroom users "need to close the lid first and then trigger the flushing process" and wash hands properly if the closure is not possible. As one flushes the toilet with the lids open, bits of faecal matter swish around so violently that they can be propelled into the air, become aerosolised and then settle on the surroundings.

Experts call it the "toilet plume".Age-old studies have been made to understand the potential for airborne transmission of infectious disease via sewage, and the toilet plume's role. Scientists who have seeded toilet bowls with bacteria and viruses have found contamination of seats, flush handles, bathroom floors and nearby surfaces. This is one reason we are told to wash our hands after visiting the toilet. Public bathrooms are well known to contribute to the spread of viruses that transmit via ingestion, such as the noroviruses that haunt cruise ships. However, their role in the transmission of respiratory viruses has not been established, said Charles P Gerba, a microbiologist at the University of Arizona."The risk is not zero, but how great a risk it is, we do not know. The big unknown is how much virus is infectious in the toilet when you flush it ... and how much virus does it take to cause an infection," said Gerba, who has studied the intersection of toilets and infectious disease for 45 years.

A study published in March in the journal Gastroenterology found significant amounts of coronavirus in the stool of patients and determined that viral RNA lasted in faeces even after the virus cleared from the patients` respiratory tracts. While another study in the journal Lancet found coronavirus in faeces up to a month after the illness had passed.

Scientists around the world are now studying sewage to track the spread of the virus. According to the researchers, the presence of the virus in excrement and the gastrointestinal tract raises the prospect of transmission via toilets, because many COVID-19 patients experience diarrhoea or vomiting.

A study of air samples in two hospitals in Wuhan, China found that although coronavirus aerosols in isolation wards and ventilated patient rooms were very low, "it was higher in the toilet areas used by the patients".The Centers for Disease Control and Prevention (CDC) says it remains "unclear whether the virus found in faeces may be capable of causing COVID-19," and "there has not been any confirmed report of the virus spreading from faeces to a person".For now, the CDC characterises the risk as low based on observations from previous outbreaks of other coronaviruses such as severe acute respiratory syndrome (SARS) and the Middle East respiratory syndrome (MERS). Wang decided to use computer models to simulate toilet plumes while isolating at home, as per Chinese government orders and thinking about how a fluids researcher "could contribute to the global fight against the virus".

Published in the journal Physics of Fluids, the study found that flushing of both single-inlet toilets, which push water into the bowl from one port, and annular-inlet toilets, which pour water into the bowl from the rim's surrounding edge with even greater energy, results in "massive upward transport of virus".

Particles can reach heights of more than three feet and float in the air for more than a minute, it found. The paper recommends not just lid-closing and hand-washing, it urges manufacturers to produce toilets that close and self-clean automatically. It also suggests that toilet-users should wipe down the seat. Gerba, however, said seats should not be a major concern.

Research has found that public and household toilet seats are typically the cleanest surfaces in restrooms, he said, probably because so many people already wipe them off before using them. Also, he said of SARS-CoV-2, the virus that causes COVID-19, "I don't think it's butt-borne, so I don`t think you have to worry."Gerba, who has been studying coronavirus transmission for two decades to investigate the role of a toilet flushing in a SARS outbreak stresses "flush and run" when using a public toilet without a lid. Gerba also said that people should wash hands well post-flushing and use hand sanitiser after leaving the restroom. "Choose well-ventilated bathrooms if possible and do not hang around the restroom in any case," added Gerba.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.