A ransomware attack crippled hundreds of computer networks across the globe. The systems were shut down and rendered useless until the attackers received the “ransom” through money transfer on Bitcoin. The ransomware essentially encrypts the files on the target microsoft windows system and makes them inaccessible to users. The initial transfer demanded by the ransomware is USD 300 which may later increase to USD 600.

 

After a host of different ransomware attacks that hit enterprises across the globe, security researchers have now identified a new strain of malware "EternalRocks" that is more dangerous than WannaCry and is potentially tougher to fight.

"EternalRocks" exploits the same vulnerability in Windows that helped WannaCry spread to computers. It also uses tool known as "EternalBlue" for propagation. EternalBlue also uses a 24-hour activation delay to try to frustrate efforts.  

( Read More : Incident Response : How To Classify Incidents Based On Its Severity ? )


In its current form, "EternalRocks" does not have any malicious elements -- it does not lock or corrupt files, or use compromised machines to build a botnet -- but leaves infected computers vulnerable to remote commands that could execute infection at any time.

8669818462?profile=original

There are two types of Ransomware – Lockscreen Ransomware and Encryption Ransomware.

1.    Lockscreen ransomware shows a full-screen message that prevents you from accessing your PC or files. It says you have to pay money (a “ransom”) to get access to your PC again.

2.    Encryption ransomware changes your files so you can’t open them. It does this by encrypting the files. 

Ransomware can get on your PC from many source that any other malware (including viruses) can come from. This includes:

  • Visiting unsafe, suspicious, or fake websites.
  • Infected unauthorized software’s 
  • A lot of ransomware is distributed in Office documents that trick users into enabling macros.
  • Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
  • Infected USB Storage devices
  • Clicking on malicious or bad links in emails, Dropbox , Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.

It can be very difficult to restore your PC after a ransomware attack – especially if it’s infected by encryption ransomware.

Tips :

  • Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
  • Do not open any files attached to an email unless you know what it is, even if it appears to come from a friend or someone you know. Some viruses can replicate themselves and spread through email. Confirm that your contact really sent an attachment.
  • Do not open any files attached to an email if the subject line is questionable or unexpected.
  • Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam - unsolicited, intrusive messages that clog up the inboxes and networks.
  • Do not download any files from strangers.
  • Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one.  
  • Update your anti-virus updates regularly.  
  • Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
  • When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these warnings. Check with your operating system and antivirus definition is up-to-date.

Download The Complete Plan :

Need to download the detailed Incident Management Plan ? You can download it here

8669802284?profile=original

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)