Protection Malware Attacks! Many recent Petya and WannaCry cyber-attacks on computer systems worldwide, including WannaCry (reported in May 2017) and Petya (reported in June 2017), belong to the category of “Malware” such as “Ransomware” and “Wiper” respectively.
Read More: The Contractor Raymond Davis Book PDF
PROTECTION MALWARE ATTACKS!
(In the light of recent Petya and WannaCry cyber-attacks)
These malware attacks generally have different objectives, such as: ‘Malware’ tricks the users into installing software that allows scammers to access user files and track what users are doing. ‘Ransomware’ would encrypt files/data and demand payment to ‘UNLOCK’ your computer or files.
In case the demanded ransom amount is paid, decryption key would be provided for decryption of files/data. ‘Wiper’ would destroy/delete files/data on the targeted system with NO possibility of restoration. ‘Petya’ Cyber-Attack (reported on June 27, 2017) is a destructive Wiper Malware, the malware once entered into a computer system, makes use of a computer’s weakness of Windows® Operating System.
Once infected, it reboots victim’s computers and encrypts the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. It takes the encrypted copy of MBR and replaces it with its own malicious code that displays a ransom note (i.e. this malware attack has been disguised as a ‘ransomware’ attack), leaving targeted computers unable to boot.
PETYA New Malware
However, this new variant of PETYA does not keep a copy of replaced MBR, mistakenly or purposely, leaving infected computers unbootable even if victims get the decryption keys. Also, after infecting one machine, the PETYA malware scans the local network and quickly infects all other machines (even fully patched) on the same network.
How Malware Attacks
An incident related to malware attacks was also reported in 2014 when attackers made use of the chaos regarding lost Malaysian Airlines Flight MH370. The victims received emails or social media messages that claim to contain links to video on the disappearance of Malaysian Airlines Flight MH370. If the victims clicked on any of the links, they were infected by different means, such as after installing software to run the video, direct installation of the malware, or by clicking some advertisement on the website that looked like the real web page with logos and branding of the legitimate site.
Points to Consider for Protection! Attackers mostly take advantage of recent chaos (as was the case with Malaysian Airlines incident mentioned above) to catch the attention of potential victims who are excited to know about the latest updates by clicking links, opening attachments and downloading software.
Attackers may also make luring offers to trick the users, such as financial gains, lottery schemes, free software installations etc. The success of malware (ransomware, wiper etc.) for attackers mostly relies on careless actions of users (potential victims) such as clicking unknown embedded links or opening attachments in emails (phishing attacks) which can lead to disaster by providing your system’s access to attackers.
Hence, the users should remain vigilant for the following points: Never download or install software from unknown or untrusted sources Never open attachments or click links in emails sent from unknown or untrusted senders Never open attachments or click links received via social media messages Make sure that you are using updated operating system that is patched with the latest security releases.
Responsibilities of System Admin
The confirmation may be sought from respective system admins. Take regular backups of your critical data and system configurations and store them at a safe place. Keep the antimalware / antivirus software updated and perform regular scans of your whole computer system.
Protection Malware Attacks
As per information security policy of the bank, untrusted emails are NOT to respond (replying, clicking links, opening attachments etc.) and spams are to be immediately deleted WITHOUT forwarding them.