Security advice in the wake of WannaCry and Not(Petya)

Posted by   Martijn Grooten on   Jun 30, 2017

The recent outbreaks of WannaCry and (Not)Petya have left many users and organizations understandably confused about what to do and how to fend off such attacks. Thankfully, security experts are always happy to give advice. I decided to collect together and compile a list of the most important, and most frequently given, advice.

  • Always install software patches, especially those fixing security issues – but be aware that some 'security fixes' are fake and actually install malware, and that sometimes, as in the (Not)Petya case, update mechanisms may be compromised to serve malicious updates.
  • Only open attachments in emails from people you know – but note that cybercriminals may forge email addresses from people in your address book, or may compromise their email accounts to send malicious emails, so even if an email appears to have come from someone you know, it may not have done.
  • Never enable macros when you are asked to do so – although, to get Adobe Reader to print a PDF document you just downloaded, you will need to ignore the warning and click "Enable All Features".

adobeenableallfeatures.png

 

  • Make sure you keep regular backups to which you have easy access in case of a ransomware infection – but note that the easier it is for you to access your backups, the easier it will be for ransomware to encrypt your backups too.

  • Never pay the ransom – although be aware that, in some cases, paying the ransom may be your only chance of getting your data back.

  • Always upgrade to the latest version of the operating system you are running – although note that software that may be essential to the running of your business or organization may not be compatible with recent operating systems.

  • Follow the advice of security experts – but note that security experts are known to disagree with each other.

Security. It's complicated.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.