What To Do When Ransomware WannaCry or Peyta Attacks?

[The attacks are likely to recur. Bookmark this page or download the PDF version from http://www.eurionconstellation.com/free-downloads.html]

WannaCry ransomware requires the users to pay certain amount (~$300) in bitcoins to “unlock” the encrypted files and threatens to double the ransom in two days. If the demands are not met, the malware threatens to delete the files. Several users have already remitted thousands of dollars. While all fingers point at the U.S. security agency NSA, that debate is better left for later. This advisory post from Eurion Constellation is for individual users, as well as, home/office networks.

Who is at risk?

The following factors in isolation or in combination, increase the risk of the WannaCry ransomware attacks on Windows computers and server systems:

How to protect yourself?

Whether you are a Home or Office Network user or use a standalone device, follow the instructions below:
“There are many types of restrictions, such as the restriction from accessing application data, and even some that are prebuilt as a Group Policy Object (GPO).
1. Disable files running from the AppData and LocalAppData folders.
2. Block execution from the Temp subdirectory (part of the AppData tree by default).
3. Block executable files running from the working directories of various decompression utilities (for example, WinZip or 7-Zip).”
All major anti-virus software manufacturers have published information on using the security features embedded in their software to in the wake of this cyber attack. You must refer to the documentation from your manufacturer on priority.

What are the warning signs?

The network administrators should keep an eye on certain developments:
This is an inclusive list. Continue employing the other network monitoring tools.

What to do if you are attacked?

Before taking any action, please refer to the following:

For additional information, refer latest statement from National Cyber Security Center and US-CERT (Computer Emergency Readiness Team).

Get more technical details from CERT-IN (Indian Computer Agency Response Team) and Symantec.

Will the attacks recur?

Most likely. While “Accidental Hero” has temporarily killed the spread of WannaCry, he has warned the attacks may recur perhaps in a modified form, which will not contain the "kill switch" that stopped the first wave. Therefore, we advise all our customers, associates and public in general to follow the safety measures mentioned earlier and reduce vulnerability of their critical data.

Labels: , , , ,