Protect from ransomware
Thread poster: Philippe Locquet
Philippe Locquet
Philippe Locquet  Identity Verified
Portugal
Local time: 16:43
English to French
+ ...
May 19, 2017

Hello to all

There's been much talk about the Wannacry Ransomware.
I though it would be helpful to put healthful reminders here.

_The Wannacry ransomware affects only Windows Operating Systems.
_It's stealthy (no click required to install).
_If you're infecting, paying the ransom doesn't do anything.
_Highly contagious.

Best protective measures:
_Update, update, update!!!! Microsoft has prepared updates that prevent this Ransom
... See more
Hello to all

There's been much talk about the Wannacry Ransomware.
I though it would be helpful to put healthful reminders here.

_The Wannacry ransomware affects only Windows Operating Systems.
_It's stealthy (no click required to install).
_If you're infecting, paying the ransom doesn't do anything.
_Highly contagious.

Best protective measures:
_Update, update, update!!!! Microsoft has prepared updates that prevent this Ransomare to exploit your system. That's the first and best thing to do: check you have the latest system updates, if unsure perform a manual search for updates.
_Be behind a strong firewall (like enterprise networks for example).
_Other protective measures are secondary or pertain to general good safety practice, but will not necessarily be specific to this attack.

Work safely 😊

My bests to all

Balanced informative video here: https://youtu.be/88jkB1V6N9w
Collapse


 
neilmac
neilmac
Spain
Local time: 17:43
Spanish to English
+ ...
Request for further information May 19, 2017

Does this malware only affect large organisations and businesses, or are individual users (such as freelancers) also open to attack?
Are there any preventive measures other than the irritating and unwieldy Windows updates?


 
Philippe Locquet
Philippe Locquet  Identity Verified
Portugal
Local time: 16:43
English to French
+ ...
TOPIC STARTER
Yes and No May 19, 2017

neilmac wrote:

Does this malware only affect large organisations and businesses, or are individual users (such as freelancers) also open to attack?
Are there any preventive measures other than the irritating and unwieldy Windows updates?


Hello Neilmac,

Yes individual users can get it.

No, update is the best and only way: this specific ransomware exploits a particular weakness in Windows operating systems (starting from XP). The Windows update protects you against it.

Hope this helps.

My bests


 
Tom in London
Tom in London
United Kingdom
Local time: 16:43
Member (2008)
Italian to English
A word of warning May 19, 2017

The best way of avoiding these attacks is to be careful about clicking on links in emails that try to attract your attention with seductive offers, or that seem to be from people you know.

Never click on any link in an email unless you are 100% sure that it really is from a trusted source.

It only takes one click to cause major damage.


 
Philippe Locquet
Philippe Locquet  Identity Verified
Portugal
Local time: 16:43
English to French
+ ...
TOPIC STARTER
True May 19, 2017

Tom in London wrote:

The best way of avoiding these attacks is to be careful about clicking on links in emails that try to attract your attention with seductive offers, or that seem to be from people you know.

Never click on any link in an email unless you are 100% sure that it really is from a trusted source.

It only takes one click to cause major damage.


Absolutely!
We definitely need to slow down and be careful.
Some mails are better dealt with from within our e-mail provider website depending on the e-mail client used (some download everything on your machine).

In the case of the Wannacry, it appears that this one doesn't require clicking. It can spread from an infected computer via legitimate e-mail to a new recipient, crazy!

Thanks for these reminders, being wise is a must!


 
DZiW (X)
DZiW (X)
Ukraine
English to Russian
+ ...
#WannaCry the virus of 2017 May 19, 2017

Tom, unfortunately, you are mistaken: it's a modular EternalBlue exploit, which abuses almost 16-year-old (!!!) system vulnerability via SMB ports 139/445 without any user interaction at all. That's right, it uses a hidden remote access feature via system services, which is "wonderfully" implemented with a purpose since about 2002.

Countermeasures:
- BACKUP! BACKUP! BACKUP! (by the way, if shadow copy was enabled, it still can restore previous file version, yet it's mor
... See more
Tom, unfortunately, you are mistaken: it's a modular EternalBlue exploit, which abuses almost 16-year-old (!!!) system vulnerability via SMB ports 139/445 without any user interaction at all. That's right, it uses a hidden remote access feature via system services, which is "wonderfully" implemented with a purpose since about 2002.

Countermeasures:
- BACKUP! BACKUP! BACKUP! (by the way, if shadow copy was enabled, it still can restore previous file version, yet it's more convenient to use ShadowExplorer)
- using a decent HIPS (proactive protection);
- closing/monitoring suspicious ports;
- some reactive (after the incident) patches from MS et al.

There's much info, including wiki and http://blog.talosintelligence.com/2017/05/wannacry.html
Collapse


 
Tomás Cano Binder, BA, CT
Tomás Cano Binder, BA, CT  Identity Verified
Spain
Local time: 17:43
Member (2005)
English to Spanish
+ ...
A good antivirus May 19, 2017

Last week, the makers of the antivirus we use in our office here (ESET) specifically reported that their antivirus detects ransomware based upon WannaCryptor, which is the kind that attacked several major Spanish companies last week. Hence, I reckon it also pays to check with your antivirus developer whether they block such software.

Thank you so much for a very pertinent post!


 
Tomás Cano Binder, BA, CT
Tomás Cano Binder, BA, CT  Identity Verified
Spain
Local time: 17:43
Member (2005)
English to Spanish
+ ...
Mailwasher May 19, 2017

Tom in London wrote:
The best way of avoiding these attacks is to be careful about clicking on links in emails that try to attract your attention with seductive offers, or that seem to be from people you know.

Indeed. Maybe I am kind of old-fashioned, but I download email to my machine and read it with an email client.

Before any email lands in my computer, it is qualified as spam or legitimate by Firetrust Mailwasher, which downloads the headers and text from the email server, analyzes it all with heuristic methods and blacklist providers, and shows me a clear list allowing me to delete anything that is not legitimate, easily report spam to SpamCop, and let good email go through. Thanks to this, I have saved myself a lot of trouble for many years.

If we add that I get a nice notification tone when new email comes in, without having to remember to check, I definitely recommend this approach to anyone using client-based, downloaded email.


 
Philippe Locquet
Philippe Locquet  Identity Verified
Portugal
Local time: 16:43
English to French
+ ...
TOPIC STARTER
Absolutely! May 19, 2017

Tomás Cano Binder, CT wrote:
If we add that I get a nice notification tone when new email comes in, without having to remember to check, I definitely recommend this approach to anyone using client-based, downloaded email.


I agree, even some modern mail clients have onboard filters that prevent execution of mail content.
On a "ring a bell" note, if you leave opened an outlook or hotmail mail account in the Edge browser in Windows 10 you'll get a bell and a notification in your notification panel. This could be handy and safe for those that don't use an e-mail client and still want to get adequate notifications.

My bests


 
Neil Coffey
Neil Coffey  Identity Verified
United Kingdom
Local time: 16:43
French to English
+ ...
Who it affects... May 19, 2017

neilmac wrote:
Does this malware only affect large organisations and businesses, or are individual users (such as freelancers) also open to attack?
Are there any preventive measures other than the irritating and unwieldy Windows updates?


The answer to this is complex. It doesn't only affect large organisations, but the specific organisations that have been most affected will tend to have particular characteristics:

- they have a large base of machines that run obsolete, unsupported versions of Windows (Windows XP appears to be the particular offender here)
- for more modern, supported versions, their organisational complexity makes it difficult for them to roll out updates swiftly
- they have particular software that means they have to use obsolete networking protocols (I believe an obsolete version of the SMB protocol was the route by which the virus spread in this particular case)
- they need (or at least have) networks with large numbers of machines on them using those protocols, so one infection can in turn spread to a large number of machines instantly
- they don't have "out of the box" consumer infrastructure with built-in protection (such as a broadband firewall that filters out unusual networking protocols)
- they don't have the technical expertise available to minimise the risks of the above effectively
...

So it really depends on how the balance of these types of factor play out in your particular case. Most freelancers probably have a low risk in the case of the first 5 of these factors -- they have one or two machines that they are in control of, with modern operating systems that they can update easily and no specific requirement to run an out-of-date system to cater for a 15-year-old million-pound piece of hospital kit. On the other hand, they probably have low technical expertise to manage the risk that they do face.


 
Philippe Locquet
Philippe Locquet  Identity Verified
Portugal
Local time: 16:43
English to French
+ ...
TOPIC STARTER
Thanks May 19, 2017

Neil Coffey wrote:

So it really depends on how the balance of these types of factor play out in your particular case. Most freelancers probably have a low risk in the case of the first 5 of these factors -- they have one or two machines that they are in control of, with modern operating systems that they can update easily and no specific requirement to run an out-of-date system to cater for a 15-year-old million-pound piece of hospital kit. On the other hand, they probably have low technical expertise to manage the risk that they do face.


Couldn't agree with you more!


 
Tom in London
Tom in London
United Kingdom
Local time: 16:43
Member (2008)
Italian to English
...and while we're on the subject of security... May 20, 2017

Beware of the Cloud. If you have left anything there you could lose it - forever.

https://www.macobserver.com/columns-opinions/devils-advocate/the-cloud-is-a-lie/


 
neilmac
neilmac
Spain
Local time: 17:43
Spanish to English
+ ...
Thanks for the explanation May 20, 2017

Neil Coffey wrote:

So it really depends on how the balance of these types of factor play out in your particular case. Most freelancers probably have a low risk in the case of the first 5 of these factors -- they have one or two machines that they are in control of, with modern operating systems that they can update easily and no specific requirement to run an out-of-date system to cater for a 15-year-old million-pound piece of hospital kit. On the other hand, they probably have low technical expertise to manage the risk that they do face.


That's a relief! So far I've managed to scrape by on my low technical expertise. In fact, I'm so reluctant to rely on Windows updates that I actually prefer to keep my working documents backed up and simply reinstall the OS if my PC gets infected.


 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Protect from ransomware






Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »
TM-Town
Manage your TMs and Terms ... and boost your translation business

Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.

More info »