Basic Awareness on Ransomware
This post can help you to understand the Basic Awareness on Ransomware. Since Jan 2017 “Ransomware” has been taking the top position in the world’s technology security concern list. When it comes to hacking it’s a different story but this “Ransomware” can make an immediate effect on your business. After the recent malicious “WannaCrypt” software attack customers have been asking the question “Are we ready to handle Ransomware?” This is a just to provide basic awareness on “Ransomware” attack especially for the Database people.
Q. What is Ransomware?
Ans:
Highly speaking, Ransomware is malicious software that locks (Locker-ransomware) or encrypts (Crypto-ransomware) your data and demand money to get your data back (decrypt).
Q. How it actually attacks your machine?
Ans:
Hackers sending suspicious emails with attaching a file and the moment you try to open the attachment then it starts attacking your machine and may encrypt the data. Attachments might be:
- Microsoft word document and enabling macros
- Java script files
- Windows Script files
- DLL
The other way is when you open a compromised website then it can release an exploit kit automatically.
Once the Ransomware is attacked your machine:
- It can encrypt data from local drives
- Also encrypts data from all network shares even when it’s not mapped
- Deletes all dump / backup files from all possible locations so we can’t have an option of restoring
Q. How to decrypt these encrypted files?
Ans:
As of now there is no software available as a single solution for Ransomware attack. Sometimes there are few third-party software is working but not for all. Files are getting encrypted with the different extensions ex: .zepto, .odin, .thor, and .osiris .wallet and there is no direct way to decrypt these files without paying the Ransom.
Q. What Ransom Demands?
Ans:
Once encryption is completed a ransom or lock screen is displayed by saying that you need to pay XXX amount to decrypt your data. Below is the sample images from the recent Wanacrypt / wanacry attack:
Q. Does installing and updating the latest Anti-Virus can stop the Ransomware attacks?
Ans:
Absolutely No! In a recent survey on Ransomware victims it was 100% victims were using the latest Anti-Virus software at the time of Ransomware attacked their systems.
Q. How to prevent Ransomware attacks?
Ans:
We can’t control attackers from sending the Ransomware emails but we can tight the security. There are few basic things that every technology professional should aware:
- Do not open any suspicious emails and web links
- By default enable the Ad-Blocker
- Update your OS with the latest patch
- Invest Time and Money to educate your team on “Security Awareness”
- Always Backup data to offsite
- Disable direct internet access from application and database servers
- Use a separate domain for your servers which is isolated from the corporate user network
- Use a single root / admin account and do not use Admin privileges for all users
- Use the strongest passwords for all Login accounts
- Block emails when contains attachments with certain extensions. Ex: .exe, .dll etc.
- Disable Microsoft Office Macros in Group Policy
- Install and patch the latest Anti-Virus software
Q. What is the impact on SQL Server systems?
Ans:
In February 2017 hundreds of MySQL systems were targeted by Ransomware. But for SQL Server I heard there was an incident where Wallet Ransomware attacked, stopped the SQL Services and encrypted the .MDF and .LDF files. They could be able to decrypt the files using the third party tool “SysTools SQL Recovery”
Q. What Microsoft is saying on recent WannaCrypt Ransomware attack?
Ans:
As always Microsoft is saying to update your systems and that’s true. To my surprise some of the customers are still using SQL Server 2000 on Windows Server 2003 and Windows XP on client systems. Microsoft is strongly recommending that to apply a service patch on Windows Vista, 7, 8.1 & 10. Here are the important links “WannaCrypt Attack” and “Customer Guidance” from Microsoft blog.
These are few basics that can help in understanding the term “Ransomware”, its impact and prevention. Here is the complete guide for Ransomware Protection and Prevention