URGENT Malware/Ransomware Newsletter – May 2017
As you may have heard, a new threat has emerged on the internet known as WannaCry (AKA Wcry and WannaCryptor), although the exploit is not new as far as what it does, this latest ransomware threat has already crippled companies overseas and has started to show up in the U.S. including FedEx. The threat comes in the form of a malicious email, that may have a fake invoice (PDF or Word Document) or something similar attached that sounds important (to make you want to open it). The exploit can launch once the attachment is opened. Some have also reported that simply previewing the email can launch the hidden script in the background to launch the ransomware process (but this is unverified).
Read more about this ongoing threat here : https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide -or- https://arstechnica.com/security/2017/05/wcry-is-so-mean-microsoft-issues-patch-for-3-unsupported-windows-versions
This is a serious threat because once your system is infected, you will have to pay for the decryption key or all of your photos, docs and other files will be in an unusable state. The attackers are demanding payment in Bitcoin and you don’t have very long to get them the ransom before they threaten to delete your decryption key, leaving your data forever locked. There are several ways to protect yourself (and/or your company) shown below:
1) STEP 1 : Ensure you are running your Windows Updates. This particular exploit uses a vulnerability in Microsoft Windows (all versions, including Server O/S). Those who use DNS Texas for computer management (those with their own servers in most cases) – we are deploying the hotfixes to your servers and workstations today (5/13/2017). Those on home computers should manually run Windows Update to ensure all security patches are applied. For the tech savvy, patches specifically that need to be installed (if you don’t like letting everything install) can be found here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
a. Running Windows Update On Windows 7 Tutorial : http://www.wikihow.com/Run-Windows-Update-in-Windows-7
b. Running Windows Update On Windows 10 Tutorial : http://www.thewindowsclub.com/windows-update-security-settings-windows-10
2) STEP 2 : Make sure your virus or malware protection is up-to-date! Microsoft includes Windows Defender in Windows 8.1 and higher which is a decent start, although it doesn’t catch everything, Microsoft does confirm that, if up-to-date, it will help mitigate this current threat. To add additional safety, complimenting your current antivirus solution, you can add additional protection by installing MalwareBytes. The premium (paid) version of this software can actually replace your antivirus and goes above and beyond by looking real-time at the websites you are visiting, blocking known bad sites from even displaying, protecting from ransomware, malware and rootkits, all on the fly. NOTE: On Windows VISTA and Windows 7 Microsoft Antivirus is no longer supported/updated – your system could be unprotected! MalwareBytes is a logical solution for Windows Vista and Windows 7 computers. It can also protect Windows XP. All MalwareBytes premium customers are protected from WCRY, per the company website.
a. Learn more about MalwareBytes at DNS Texas : https://www.dnstexas.com/products/malwarebytes
b. Purchase MalwareBytes for your computer(s) : https://buy.malwarebytes.com/us/?c=cb&s=44643&aid=44643&k=728x90b
3) STEP 3 : Have a current backup of your computer! You can backup your data to another hard drive, USB thumb stick or for no worries, set it and forget it type backups, you could choose to use the DNS Texas offsite backup. The DNS Texas offsite backup installs on your computer and backs your data up to our secure datacenters at the interval you choose (daily, weekly, monthly or anything in between). It runs in the background and is 100% untouchable by Malware because it’s offsite. If your machine were to get infected, you would contact your computer support personnel, reload the operating system, reinstall the backup software and restore your data. More information and pricing : https://www.dnstexas.com/products/offsite-backup-solutions – your data is 100% viewable only by you on this system. Pay only for what is used. In light of the current ransomware threats, those who wish to use the offsite backup service can do so and DNS Texas will fully assist with correct setup and get your first backup running for you at no charge. Simply [open a support request] if you would like to take advantage of this offer.
a. Side note: When backing up your data, the main folder of concern for most users is C:\USERS\ – the folders contained within here will have all of your photos, documents and data. You can also choose to backup the whole drive.
FOR OUR HOSTED E-MAIL CUSTOMERS : DNS Texas is actively monitoring inbound e-mails. Our antivirus filters at the perimeter gateway are being updated every 15 minutes. If you have a DNS Texas hosted mailbox and receive any SPAM or suspicious emails in your mailbox, you can FORWARD a copy to firstname.lastname@example.org, then delete it from your inbox. If in doubt, it’s better to not open the message or attachment. We manually review each message received to this account and will block and take appropriate actions based on the content. Please contact DNS Texas if you have any additional questions regarding services listed above or questions pertaining to the current WCRY outbreak. We are here to help! You can reach us via website [contact us] or open a [support request ticket] for further assistance.
DNS Texas works with small business and home users providing technology services as needed, including a range of hosted solutions. Visit our website for more information at : https://www.dnstexas.com