Protect from ransomware
Thread poster: Fi2 n Co

Fi2 n Co  Identity Verified
Portugal
Local time: 05:33
Member (2013)
English to French
+ ...
May 19

Hello to all

There's been much talk about the Wannacry Ransomware.
I though it would be helpful to put healthful reminders here.

_The Wannacry ransomware affects only Windows Operating Systems.
_It's stealthy (no click required to install).
_If you're infecting, paying the ransom doesn't do anything.
_Highly contagious.

Best protective measures:
_Update, update, update!!!! Microsoft has prepared updates that prevent this Ransomare to exploit your system. That's the first and best thing to do: check you have the latest system updates, if unsure perform a manual search for updates.
_Be behind a strong firewall (like enterprise networks for example).
_Other protective measures are secondary or pertain to general good safety practice, but will not necessarily be specific to this attack.

Work safely 😊

My bests to all

Balanced informative video here: https://youtu.be/88jkB1V6N9w


Direct link Reply with quote
 

neilmac  Identity Verified
Spain
Local time: 06:33
Spanish to English
+ ...
Request for further information May 19

Does this malware only affect large organisations and businesses, or are individual users (such as freelancers) also open to attack?
Are there any preventive measures other than the irritating and unwieldy Windows updates?


Direct link Reply with quote
 

Fi2 n Co  Identity Verified
Portugal
Local time: 05:33
Member (2013)
English to French
+ ...
TOPIC STARTER
Yes and No May 19

neilmac wrote:

Does this malware only affect large organisations and businesses, or are individual users (such as freelancers) also open to attack?
Are there any preventive measures other than the irritating and unwieldy Windows updates?


Hello Neilmac,

Yes individual users can get it.

No, update is the best and only way: this specific ransomware exploits a particular weakness in Windows operating systems (starting from XP). The Windows update protects you against it.

Hope this helps.

My bests


Direct link Reply with quote
 

Tom in London
United Kingdom
Local time: 05:33
Member (2008)
Italian to English
A word of warning May 19

The best way of avoiding these attacks is to be careful about clicking on links in emails that try to attract your attention with seductive offers, or that seem to be from people you know.

Never click on any link in an email unless you are 100% sure that it really is from a trusted source.

It only takes one click to cause major damage.


Direct link Reply with quote
 

Fi2 n Co  Identity Verified
Portugal
Local time: 05:33
Member (2013)
English to French
+ ...
TOPIC STARTER
True May 19

Tom in London wrote:

The best way of avoiding these attacks is to be careful about clicking on links in emails that try to attract your attention with seductive offers, or that seem to be from people you know.

Never click on any link in an email unless you are 100% sure that it really is from a trusted source.

It only takes one click to cause major damage.


Absolutely!
We definitely need to slow down and be careful.
Some mails are better dealt with from within our e-mail provider website depending on the e-mail client used (some download everything on your machine).

In the case of the Wannacry, it appears that this one doesn't require clicking. It can spread from an infected computer via legitimate e-mail to a new recipient, crazy!

Thanks for these reminders, being wise is a must!


Direct link Reply with quote
 

DZiW
Ukraine
English to Russian
+ ...
#WannaCry the virus of 2017 May 19

Tom, unfortunately, you are mistaken: it's a modular EternalBlue exploit, which abuses almost 16-year-old (!!!) system vulnerability via SMB ports 139/445 without any user interaction at all. That's right, it uses a hidden remote access feature via system services, which is "wonderfully" implemented with a purpose since about 2002.

Countermeasures:
- BACKUP! BACKUP! BACKUP! (by the way, if shadow copy was enabled, it still can restore previous file version, yet it's more convenient to use ShadowExplorer)
- using a decent HIPS (proactive protection);
- closing/monitoring suspicious ports;
- some reactive (after the incident) patches from MS et al.

There's much info, including wiki and http://blog.talosintelligence.com/2017/05/wannacry.html


Direct link Reply with quote
 

Tomás Cano Binder, BA, CT  Identity Verified
Spain
Local time: 06:33
Member (2005)
English to Spanish
+ ...
A good antivirus May 19

Last week, the makers of the antivirus we use in our office here (ESET) specifically reported that their antivirus detects ransomware based upon WannaCryptor, which is the kind that attacked several major Spanish companies last week. Hence, I reckon it also pays to check with your antivirus developer whether they block such software.

Thank you so much for a very pertinent post!


Direct link Reply with quote
 

Tomás Cano Binder, BA, CT  Identity Verified
Spain
Local time: 06:33
Member (2005)
English to Spanish
+ ...
Mailwasher May 19

Tom in London wrote:
The best way of avoiding these attacks is to be careful about clicking on links in emails that try to attract your attention with seductive offers, or that seem to be from people you know.

Indeed. Maybe I am kind of old-fashioned, but I download email to my machine and read it with an email client.

Before any email lands in my computer, it is qualified as spam or legitimate by Firetrust Mailwasher, which downloads the headers and text from the email server, analyzes it all with heuristic methods and blacklist providers, and shows me a clear list allowing me to delete anything that is not legitimate, easily report spam to SpamCop, and let good email go through. Thanks to this, I have saved myself a lot of trouble for many years.

If we add that I get a nice notification tone when new email comes in, without having to remember to check, I definitely recommend this approach to anyone using client-based, downloaded email.


Direct link Reply with quote
 

Fi2 n Co  Identity Verified
Portugal
Local time: 05:33
Member (2013)
English to French
+ ...
TOPIC STARTER
Absolutely! May 19

Tomás Cano Binder, CT wrote:
If we add that I get a nice notification tone when new email comes in, without having to remember to check, I definitely recommend this approach to anyone using client-based, downloaded email.


I agree, even some modern mail clients have onboard filters that prevent execution of mail content.
On a "ring a bell" note, if you leave opened an outlook or hotmail mail account in the Edge browser in Windows 10 you'll get a bell and a notification in your notification panel. This could be handy and safe for those that don't use an e-mail client and still want to get adequate notifications.

My bests


Direct link Reply with quote
 

Neil Coffey  Identity Verified
United Kingdom
Local time: 05:33
French to English
+ ...
Who it affects... May 19

neilmac wrote:
Does this malware only affect large organisations and businesses, or are individual users (such as freelancers) also open to attack?
Are there any preventive measures other than the irritating and unwieldy Windows updates?


The answer to this is complex. It doesn't only affect large organisations, but the specific organisations that have been most affected will tend to have particular characteristics:

- they have a large base of machines that run obsolete, unsupported versions of Windows (Windows XP appears to be the particular offender here)
- for more modern, supported versions, their organisational complexity makes it difficult for them to roll out updates swiftly
- they have particular software that means they have to use obsolete networking protocols (I believe an obsolete version of the SMB protocol was the route by which the virus spread in this particular case)
- they need (or at least have) networks with large numbers of machines on them using those protocols, so one infection can in turn spread to a large number of machines instantly
- they don't have "out of the box" consumer infrastructure with built-in protection (such as a broadband firewall that filters out unusual networking protocols)
- they don't have the technical expertise available to minimise the risks of the above effectively
...

So it really depends on how the balance of these types of factor play out in your particular case. Most freelancers probably have a low risk in the case of the first 5 of these factors -- they have one or two machines that they are in control of, with modern operating systems that they can update easily and no specific requirement to run an out-of-date system to cater for a 15-year-old million-pound piece of hospital kit. On the other hand, they probably have low technical expertise to manage the risk that they do face.


Direct link Reply with quote
 

Fi2 n Co  Identity Verified
Portugal
Local time: 05:33
Member (2013)
English to French
+ ...
TOPIC STARTER
Thanks May 19

Neil Coffey wrote:

So it really depends on how the balance of these types of factor play out in your particular case. Most freelancers probably have a low risk in the case of the first 5 of these factors -- they have one or two machines that they are in control of, with modern operating systems that they can update easily and no specific requirement to run an out-of-date system to cater for a 15-year-old million-pound piece of hospital kit. On the other hand, they probably have low technical expertise to manage the risk that they do face.


Couldn't agree with you more!


Direct link Reply with quote
 

Tom in London
United Kingdom
Local time: 05:33
Member (2008)
Italian to English
...and while we're on the subject of security... May 20

Beware of the Cloud. If you have left anything there you could lose it - forever.

https://www.macobserver.com/columns-opinions/devils-advocate/the-cloud-is-a-lie/


Direct link Reply with quote
 

neilmac  Identity Verified
Spain
Local time: 06:33
Spanish to English
+ ...
Thanks for the explanation May 20

Neil Coffey wrote:

So it really depends on how the balance of these types of factor play out in your particular case. Most freelancers probably have a low risk in the case of the first 5 of these factors -- they have one or two machines that they are in control of, with modern operating systems that they can update easily and no specific requirement to run an out-of-date system to cater for a 15-year-old million-pound piece of hospital kit. On the other hand, they probably have low technical expertise to manage the risk that they do face.


That's a relief! So far I've managed to scrape by on my low technical expertise. In fact, I'm so reluctant to rely on Windows updates that I actually prefer to keep my working documents backed up and simply reinstall the OS if my PC gets infected.


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Protect from ransomware

Advanced search






Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

More info »
Déjà Vu X3
Try it, Love it

Find out why Déjà Vu is today the most flexible, customizable and user-friendly tool on the market. See the brand new features in action: *Completely redesigned user interface *Live Preview *Inline spell checking *Inline

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search