Sushobhan Mukherjee


Leave a comment

“Infosec Global 2017”, International Infosec Summit in Kolkata

Preface

Winter in Kolkata has different charming flairs and “InfoSec Global” added a new feather in her cap through a mega InfoSec Summit since last year.

This year “InfoSec Global 2017”, the international InfoSec summit took place at The Park, Kolkata on 3rd November, 2017

Even though there is a lot of buzz around Cyber Security, there are many gaps as well. The areas of concerns touch everyone, our ignorance, over confidence and complacency. We keep on complaining that things are not happening the way we think it should be. However, there are many things happening as well. We need to open our minds and have a convergent thinking. It’s time to complement instead of complaining.

Govt is devising many strategies for the benefit of citizens on cyber. Law enforcement authorities are doing their work at the ground level. Enterprises taking lot of initiatives to implement tools, technologies, processes.

The challenge is how to bind these all-together, how to aggregate efforts, consolidate and converge in order to make it meaningful for the society and civilization? InfoSec Foundation is trying to drive this across the globe.

InfoSec Foundation intends to work as voice of citizen where we bring in all stakeholders together to create a more aware and responsive ecosystem. Connect and extend initiatives that have not reached the targeted audiences, find gaps and demand raise the silent voice so that it reaches the ears of policy makers and functionaries.

Summits, CIO Roundtables, Print Journals, Cyber Security Help lines, Cyber Security Curriculum for next generation – these are few envisaged areas we have already started working in India, Bangladesh, UK and Africa.

InfoSec Global 2017 is the outcome of same vision driven by Infosec Foundation.

Infosec Global 2017, Kolkata

Ignite cyber security!! That’s the mantra. And to enkindle it, Infosec Foundation had taken the important responsibility through the Iinternational InfoSec Summit. The first summit took place last year 18th November, 2016 and the same is followed by this year on 3rd November, 2017 in Kolkata. The event was important for the eastern eco system to leverage the opportunity to meet the best CYBER SECURITY EXPERTS from all across the subcontinent and gather some of the most tenacious knowledge regarding cyber security.

Theme of the Event

‘International Security in Digital India-Threat, Challenges and Opportunities’ was the theme for the 2nd International Infosec Summit in Kolkata this year. The program was designed for the leaders from the field of IT Infrastructure, Data Security, and Information Security.

Major topics were discussed in the event are cyber security issues in Bangladesh, Digital Forensics, creating new generation cyber militants, Cyber Economics, and much more.

The event was conceptualized exclusively for creating a mutual platform for all the stakeholders who are engaged in Information Security.

Speakers and Topics

The event had witnesses array of speakers across industry. Dr.Sanjay Bahl, Director General, Indian Computer Emergency Response Team (ICERT) was the Chief Guest of the program. Mr.Shyamal Datta (IPS – Retd., Former Director – IB, Former Governor of Nagaland) , Mr. Debasish Sen (Additional Chief Secretary-IT, Govt of Bengal), Mr. Vineet Goel, IPS (Addl CP I, CISO-Govt. of Bengal) and  Mr. Hari Kusumakar, IPS (Addl CP IV) joined him alongwish the Infosec Foundation Chairman in the gracious inaugural ceremony.

   

Other eminent personalities like Mr. Bratya Basu (Honourable MIC-IT, West Bengal), Ms.Rama Vedashree (DSCI-NASSCOM); Dr. B. M. Mehtre (IDRBT); Col Inderjeet Singh (Smartcity Expert, Ex-Director – Military Intelligence at Ministry of Defense); Mr. Vivek Srivastava (ReBIT – Reserve Bank); Mr. Deepak Kumar (Digital Forensic Expert), Mr. B.M.Zahid-Ul Haque (CISO-Brac Bank Bangladesh), Mr. Harish Agarwal (Partner, Ernst & Young), Mr.Somak Shome (Director, PWC) had enriched the audience with their deep insight in the domain.

   

Cyber Security Domain experts like Mr.Shrikant Shitole (FireEye), Mr.Nitin Varma (Palo Alto Networks), Mr. Sudeep Das (IBM), Mr. Manuj Kumar (Symantec), Mr.Kapil Awasthi (Checkpoint), Mr. Rishikesh Kamat (Netmgic), Mr. Subramanian Udaiyappan (Cisco Systems) Mr. Akshay Verma (Global Insurance), Mr.ParthaSarathi Das (Tata tele Services) had also added substantial valued to the content of the conference.

     

There was interesting topics like “Cyber Security Readiness for Digital India”, “Cyber Economics”, “Creating Next Generation Cyber Warriors”, “ The Cyber Security Architecture of the Future”, “Building a robust Cyber Security Architecture with Integrated Cyber Defense Platform”, “Machine Learning for Cyber Security”, “Cyber Security Challenges in West Bengal”, “Digital Forensics”, “Opportunities in Cyber Security space”, “Next Generation Cyber Security Trends”, “Cyber Thereats on Internet of Things”, “Threat intelligence strategy to strengthen cybersecurity posture for the financial sector”, “Cloud security”etc.

Audience

There were 250+ people attended the event with delegations from all leading corporates, enterprises, academia, government, law enforcement agencies, manufacturers, providers etc.

Anandabazar Patrika (ABP), Accenture, Allahabad Bank, Bandhan Bank, UCO Bank, United Bank of India(UBI), BRAC Bank-Bangladesh, Balmer Lawrie, Bridge & Roof, BSI, Capgemini, CESC, West Bengal State Electricity Transmission Company (WBSETCL), Criminal Investigation Department (CID) – West Bengal, Bidhannagar Cyber PS, Kolkata Police,  Exide, Genius, ICRA, ISACA, Jadavpur University, Jayashree Textiles, Linde Global, M.N. Dastur, MCKV Institute, Meghbela  Broadband, Meghnad Saha Institute of Technology, NASSCOM, National insurance, Neotia Group, NIA, CBI, NIC, NSHM, Onprocess Technology, Protiviti, PWC, Ernst & Young, Sahaj E-Village, Sillycon, Simplex Infra, Spencers, SREI Infrastructure Finance, Srijan Bhumi, TCG Digital, Techno India, TATA Pigments, Tractors India, TUV, Vedant Fashions, Vikram Solar, VISA Steel, Webel, ITC were few names of the key attendee organizations.

 

The audience were mainly from senior management, decision makers in the stature of MD, CEO, CIO, CFO, COO, GM etc.

There were 30+ Media Houses from print, television, radio and web platforms who were keen to spread the buzz to the mass audience.

Takeaways

The event had great deliberations in exchanging thoughts, knowledge, ideas, and case studies on cyber security among the speakers, audience, attendees, participating stakeholders. The same had not only generated great enthusiasm over networking, but also generated direct business opportunity.

The event has raised several voices, concerns from the community, extended government / policy makers’ roadmap, articulated steps on synchronization between stakeholders and surely created platform for enriched knowledge in order to have better wisdom. It was indeed a great platform for students, cyber aspirants to learn, engage and contribute.

4th Edition of InfoQuest (the dedicated print journal of Information security) got unveiled during the summit. The print journal is working as a great tool as the mouthpiece of the industry in cyber security domain.

The event strengthened the thoughts driven by Infosec Foundation with the overwhelming support from all corners and laid the foundation for more positive vibes towards upcoming Infovision(CIO Roundtable), InfoQuest (Print Journal), Infoconnect (Cyber Security helpline) and well as next years International Infosec Summit.

It was amazing to see people had joined in the breakfast (before the day event for mixing sessions with the speakers) and continued to stay with the initive till late evening (cocktail dinner with the speakers and partners).

Infosec foundation had recognized several individuals for their significant contribution in the domain and the same was was followed by instrumental music.

   

Stay tuned for many interesting things ahead. Do join the movement, contribute, engage, explore and be the part of historic movement generated from Kolkata, the city of joy.

Detailed Analysis can be fetched from the link below:

Infosec Global 2017 Report

Advertisements


Leave a comment

Beware of Sarahah App

Preface

Sarahah is a website created by the developer from Saudi Arabia Zain al-Abidin Tawfiq. Sarahah means candor and honesty. It has become very popular in very short time because it allows you to send messages anonymously. After registration, you got a link which you can share your friends or post it publicly. Any person can send anonymous messages using via the link you have shared.

The receiver cannot find who sent the message. The services started by the motive to allow employees to give feedback to the higher authority or employers without any fear of being fired. After getting a positive response, a mobile app is also launched to expand its huge mobile audience. After getting a positive response, he also launched a mobile app to expand its huge mobile audience. On June 13 of this year, both its iOS and Android versions of Sarahah was also released.

Sarahah was designed to be used in a workspace environment as an anonymous way to get a bit of constructive criticism. The website’s tag line reads “Get honest feedback from your coworkers and friends”. In addition, there is a dedicated section on the site about how Sarahah can be helpful at work.

But Sarahah is topping the download charts because of teenagers who are currently on summer vacation. Teenagers are putting up links on their Snapchats to get the word out.

How does Sarahah app work?

– You need to download this app and set up your profile with a custom url (For e.g, XYZ.sarahah.com)

– After registering, you will get four options:

  • Messages (consists details of your sent, received and favorited messages)
  • Search
  • Explore (work in progress)
  • Profile

– Once you log in, you can search other friends or users you want send messages to.

– Upon selecting, a message box appears, prompting the user to ‘leave a constructive message’.

– Those who want to comment can press the send button. Currently it allows only texts as messages and no graphics.

Features:

  • Sarahah is unique in a couple of ways. Previous anonymous apps like Yik Yak were more of social networks. Someone could post something anonymously and anyone (either close by or online) could read the post. This is why Yik Yak was ultimately used for bullying and negative remarks. However, in Sarahah, the user is actually soliciting feedback by signing up for an account and creating the link. They’re also then deciding where to share the link so that only specific people can have access to it. The combination of these two features has so far kept the interactions as mostly positive.
  • Unlike previews anonymous messaging apps, a user creates an account, produces a link and shares it with people on social media sites. Both users who are registered or not registered on Sarahah can leave a comment for the user anonymously.
  • The Sarahah not only provides all essential features for anonymous messaging but privacy features also. By default, you are set to do not appear in search and non-registered users cannot send you messages.
  • Sarahah provides more control to its users to the user to prevent misuse or cyber bullying which mostly happen with anonymous messaging services.
  • According to the website, the intention behind the app was to strengthen the areas for improvement and enhance areas of strength. It could make drastic changes and improvement to make better professional environment if implemented everywhere.

Concerns:

Sarahah was created in the Middle East as a way for co-workers to anonymously share feedback about each other, in a region where face-to-face confrontation is not socially acceptable. Protect Young Minds goes on to say that Sarahah skyrocketed in popularity due to a new SnapChat feature that allows users to share links within their snaps. Once SnapChat users started linking to Sarahah, it went from #1500 on the iTunes charts to #1 in just 12 days.

The anonymous messaging is the convertible thing from when it has begun. Most of the people use it as a medium to threaten others. This kind of apps is used by cyber-bullies or frauds. Many Sarah users have reported the inappropriate or abusive messages.

The advent of “smart” technology has made parenting for our generation more challenging than ever before. By many, they are viewed as “fun,” “normal,” and “no big deal.” Sadly, when it comes to social media that is FAR from the truth. After reading over the weekend about the newest app, that is a threat to our kids mental and social health.

We need to know about Sarahah:

  • Anonymity within apps breeds bullying and predatory behavior. Anonymity is a great enabler for those who seek to do wrong and for immature teens who do not have good impulse control.
  • The foreign app makes it very difficult for law enforcement to find and prosecute those responsible if the app is used for illegal behavior like grooming potential victims or masquerading as a teen in order to get someone to meet you in real life. Other apps like Ask.fm and Kik are foreign-owned and this has proved to be a huge challenge as well.
  • The Access can be blocked. The parents need to prevent access to the iTunes App store and Google Play to control an app like Sarahah

Think and apply your mind before being flown with the trend!


Leave a comment

Data Leakage using Social Fun App

“What was the old age?”

“Who is your favorite friend?”

“How many lovers you have?”

“Which celebrity looks alike you?”

“Who will kill you?”

Do you feel you have heard these questions several times in recent past? Yes you are right. This are the questions and answers generate by a Fun App Named “Testony” (https://en.testony.com/ ). There are few more similar fun Apps like Nametest (https://en.nametests.com/), http://en.quizzstar.com/, https://sharmin.me/ , http://meawquiz.com/ and so on. Out of these Testony seems to be more popular as facebook got flooded with the output results.

How do these Apps work? They want to get some access permissions mainly Facebook (or similar social applications) and in return they get useful datas like email, message, contacts, profile, about, date of birth etc. In some cases, you have to log in to Facebook and have to apply the application to an approved application, so your information can be seen by all those applications, so it is not impossible to know the password with backend scripts.

Did you ever think how collection or leakage of data has become a cakewalk with this revolutionary marketing intelligence. This is a Honey Trap where using social media, using funny Apps, unknowingly all information and information about the persons are getting collected with user’s consent. These kind of Apps are nothing but an algorithmic Data Collection Software with various sample sizes, segments, across the globe.

Mostly everyone have been trapped by this for only getting fun. Unintentionally, all your online information, content, email lists, phonebooks, surfing patterns, browsing history are being collected by an unknown third party and being retained in their repository. Do they have any accountability? What do we know about the millions of information that they are getting used to? There is no guarantee of spamming or hacking using this information?

It is clearly defined in “Testony” site that they can use your information in business. You might get newsletters, mails, SMS as a part of Targeted advertisement for several products. This is applicable for the countries of America and Europe though nothing explicitly defined for India and other countries.

We are laughing with the friends about it, but how we are putting ourselves to the danger zone by revealing all personal data to the hacker.

Hacking/Phishing from these informations may be a child’s play for a hacker.

Immediate Resolution

To keep yourself on a safe side follow these steps to secure yourself :

  1. Hide all the testony app posts from your timeline.
  2. If you already have used this app then you must have to change your password immediately. If your Facebook email and passwords are interrelated with any email or etc then you must change that as well.
  3. Now go to applications settings tab on your Facebook account and remove that app from your list.

  1. But as you will be able to see a note there: Testony.com may still have the data you shared with them. For details about removing this data, please contact testony.com or visit the testony.com privacy policy.

 

Way Forward

We all see daydream. Everyone would love to be compared with a Super Hero, A Politician, A sportsman, A historic character. And then you feel proud or overwhelmed while getting likes/comments in social media with emotions.

We are being flooded to enough Internet data, but we need to learn to use it, rather to avoid misuse of it.

Time has come to be careful and do not share your valuable and secret information to any third party in this manner.


Leave a comment

Terrifying Cyber Crime Through ‘Blue Whale Challenge’

Preface

Trust you have already heard about the death game named ‘Blue Whale Challenge’. The same is in news in India post the suicide incident of a Kid in Mumbai, India.

The “Suicide Game” involves 50 twisted tasks before taking your own life to “win.”

A 14-year-old Manpreet Singh, a Class IX student in Mumbai, India flung himself from the roof of a seven-story building on Saturday in order to win a terrifying game that is apparently spreading around the world.

According to the Mumbai police, the boy is India’s first reported Blue Whale Challenge casualty.

Summary of the Game

  • 130 teenagers are already victim of this online game! Most of them are aged between 14 to 18 years old.
  • There are total 50 levels in the Game before you win. Game starts with funny activities, which can easily attract and attach your mind. But as the level of the game progresses, the more the task is to be terrifying.
  • Some terrifying steps are drawing blue whale with blades in your body, watching horror movie or a murdered video at 4.30am in the morning, and At the end, the 50th task is to jump from the top roof of the house.
  • Once this gaming app is downloaded to the mobile, it cannot be deleted in any way. Moreover, the continuous mobile notifications forces the mobile user to play this game.
  • The game started in Russia. 21-year-old Philippe Vicontacte was the admin of a social media page called “Blue Whale Suicide Game”, was the prime suspect for this death game and finally police arrested him. According to Police, Philip confessed of conducting the game. Unfortunately, his philosophy was to correct the society through his game. He was proud to say that his goal was to push those who should not live in the society, to push them to death.

Insight

Drugs, games and porn are the three major addiction for teens. This addiction is a rampant and children usually begin getting obsessed at the ages of 10-12. Cellphones usually serve as the conduit. Usually when studies get difficult, children tend to gravitate towards the Web and get enticed into all the wrong stuff.

Teenagers undergo hormonal changes and hormones take over their intelligence. Even if parents are caring and available for them, they will want to do something thrilling. Also, social media has gained so much popularity that children want to become famous through social popularity. They want a lot of attention so they indulge in this popularity stunt.

Teenagers are more vulnerable because the virtual world allows them to act freely, without the restrictions prevalent in the real world.

It has been observed that some teenagers have very low self-esteem, and rely significantly on peer approval. For them, the external environment becomes a source of inspiration, which is why they are willing to do anything to (project) a certain image.

Developers of such games are well aware of the vulnerabilities of the teenagers and know that they succumb to peer pressure easily. They are also well aware of the fact that teenagers nowadays are finding themselves unhappy, directionless and lacking goals

The worse part of the games like Blue Whale is that the creators of the group do not allow participants to leave. Hence it is important that parents teach their children about safe online behavior. Users, especially teens should exercise more caution before sharing any personal information such as their address on their profile because this gives cyber criminals a chance to bully and threaten them. Also, users should be more careful before joining vague groups, as their online footsteps can be tracked.

Conclusion

The ideal way for parents to keep children away from games like Blue Whale and other hazardous temptations is to invest more time with teenagers. Always keep a close watch on what your adolescent does on their social media sites and the internet.

Are you sure your child does not get dressed up in the middle of the night or does not want to catch you in the early hours for the last time, before jumping down the empty pails from the roof?

Let’s talk with our little ones, spend time with them as friend. Let us try to mix with them through Physical Games, Stories, Sudden Trips, Week End Shopping together.

Cyber-crime is not about only losing some money in bank, loosing mail passwords, wasting some data on ransomware. Issue is more serious as it is related to our lives. Our next generations, human minds are now targeted.

It is high time to react before it crashes.


Leave a comment

Resolution for WannaCry ransomware

What has happened?

UK hospitals, Telefonica, FedEx, and other businesses were hit by a massive ransomware attack on last Friday (12-05-2017). Around 75,000 computers in 99 countries were affected by malware known as “WannaCry”, which encrypts a computer and demands a $300 ransom before unlocking it. The malware was able to spread thanks to flaws in old versions of Windows that were originally used by the NSA to hack into PCs before being made public by the Shadow Brokers group last month.

Among those infected were more than a dozen hospitals in England, a telecom in Spain, FedEx’s offices in the United Kingdom, and apparently, the Russian Interior Ministry. Within half a day, there were instances detected on six continents.

Several firms in Europe were the first to report having their mission-critical Windows systems locked, showing a ransom note. This quickly developed into one of the most widespread ransomware outbreaks currently affecting a large number of organizations around the world. Some affected organizations had to take their IT infrastructure offline, with victims in the healthcare industry experiencing delayed operations and forced to turn away patients until processes could be re-established.

Brief on WannaCry ransomware

WannaCry/Wcry ransomware is a relatively new ransomware variant which has been popped up using the file hosting service Dropbox. This comes on the heels of a Torrent Locker variant that was using abused Dropbox accounts to spread its payload.

Wcry initially spreads via an email, a malicious website, or dropped by another malware. Once the malware gains access to a user’s system, it drops its prerequisite files and components, after which it prompts the user to download files from Dropbox URLs (Dropbox has already been notified of these links, which have since been removed). These files include the TOR Browser Bundle and the executable file “!WannaDecryptor!.exe”. If the user clicks on the executable file, Wcry will display the ransom note shown below:

Who are affected?

This variant of the WannaCry ransomware attacks older Windows-based systems, and is leaving a trail of significant damage in its wake. Europe has the highest detections for the WannaCry ransomware. The Middle East, Japan, and several countries in the Asia Pacific (APAC) region showing substantial infection rates as well.

WannaCry’s infections were seen affecting various enterprises, including those in healthcare, manufacturing, energy (oil and gas), technology, food and beverage, education, media and communications, and government. Due to the widespread nature of this campaign, it does not appear to be targeting specific victims or industries.

What does WannaCry ransomware do?

WannaCry ransomware targets and encrypts 176 file types. Some of the file types WannaCry targets are database, multimedia and archive files, as well as Office documents. In its ransom note, which supports 27 languages, it initially demands US$300 worth of Bitcoins from its victims—an amount that increases incrementally after a certain time limit. The victim is also given a seven-day limit before the affected files are deleted—a commonly used fear-mongering tactic.

WannaCry leverages CVE-2017-0144, a vulnerability in Server Message Block, to infect systems. The security flaw is attacked using an exploit leaked by the Shadow Brokers group—the “EternalBlue” exploit, in particular. Microsoft’s Security Response Center (MSRC) Team addressed the vulnerability via MS17-010 released March, 2017.

What makes WannaCry’s impact pervasive is its capability to propagate. Its worm-like behavior allows WannaCry to spread across networks, infecting connected systems without user interaction. All it takes is for one user on a network to be infected to put the whole network at risk. WannaCry’s propagation capability is reminiscent of ransomware families like SAMSAM, HDDCryptor, and several variants of Cerber—all of which can infect systems and servers connected to the network.

Observations

The malware is using the MS17-010 exploit to distribute itself. This is a SMB vulnerability with remote code execution options – details: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.

With MS17-010, the attacker can use just one exploit to get remote access with system privileges to copy payload to and transfer control to it later.

By remotely gaining control over victim PC with system privileges without any user action, the attacker can spray this malware in local network by having control over one system inside this network (get control over all system which is not fixed and affected by this vulnerability) and that one system will spread the ransomware in this case all over the Windows systems vulnerable and not patched to MS17-010.

Behavior:

By using command-line commands, the Volume Shadow copies and backups are removed:

Cmd /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

File-size of the ransomware is 3.4 MB (3514368 bytes)

Authors called the ransomware “WANNACRY” – string hardcoded in samples.

Ransomware is writing itself into a random character folder in the ‘ProgramData folder with the file name of “tasksche.exe’ or in C:\Windows\ folder with the file-name ‘mssecsvc.exe’ and ‘tasksche.exe’.

Examples:

C:\ProgramData\lygekvkj256\tasksche.exe

C:\ProgramData\pepauehfflzjjtl340\tasksche.exe

C:/ProgramData/utehtftufqpkr106/tasksche.exe

c:\programdata\yeznwdibwunjq522\tasksche.exe

C:/ProgramData/uvlozcijuhd698/tasksche.exe

C:/ProgramData/pjnkzipwuf715/tasksche.exe

C:/ProgramData/qjrtialad472/tasksche.exe

c:\programdata\cpmliyxlejnh908\tasksche.exe

Ransomware is granting full access to all files by using the command:

Icacls . /grant Everyone:F /T /C /Q

Using a batch script for operations: 176641494574290.bat 

What can we do?

WannaCry highlights the real-life impact of ransomware: crippled systems, disrupted operations, marred reputations, and the financial losses resulting from being unable to perform normal business functions—not to mention the cost of incident response and clean up.

Here are some of the solutions and best practices that organizations can adopt and implement to safeguard their systems from threats like WannaCry:

Patching

  • The ransomware exploits a vulnerability in SMB server. Patching is critical for defending against attacks that exploit security flaws. A patch for this issue is available for Windows systems, including those no longer supported by Microsoft. Here is the patch details from Microsoft.
  • Additional patches for older OS’es not already included in main MS17-010 bulletin above (http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598)
  • Upgrade from obsolete Windows versions to the latest one. In case there is a concern about commercials, you may easily migrate to linux environment.
  • In case there is old hardwares (which does not support latest windows version), then better to go for desktop virtualization (thin client/zero client) so that next operation/management strategies will be better.
  • The WannaCry ransomware appears to only attack unpatched computers running Windows 10. But this doesn’t mean those whose computers run on Apple or Linux code should feel smug. They, too, should regularly update with software patches as they’re issued.

Endpoint and Gateway Security

  • Ensure Desktop/Laptop/Mobile devices are protected with antivirus, personal firewall, antimalware etc. If possible, it is better to go for total protection from an OEM, which are already internationally bench-marked.
  • Deploying firewalls and intrusion detection / prevention systems can help reduce the spread of this threat. WannaCry reportedly also uses spam as entry point. Identifying red flags on socially engineered spam emails that contain system exploits helps. IT and system administrators should deploy security mechanisms that can protect endpoints from email-based malware
  • A security system and practice must be deployed for continuous monitoring and management for proactively action on potential attacks in the network.
  • WannaCry drops several malicious components in the system to conduct its encryption routine. Application control based on a whitelist can prevent unwanted and unknown applications from executing. Behavior monitoring can block unusual modifications to the system. Ransomware uses a number of techniques to infect a system; defenders should do the same to protect their systems

Regular Backup

  • Ransomware will target the files and software in your system. So it is best to keep them backed up regularly. The best way to protect them offline using external harddisk somewhere away from the reach of the internet.
  • Incase backup is taken on cloud; the backup mechanism should run on intervals. It should not be always connected.
  • Ransomware infects at the system level. Hence complete backup of your Windows OS will also be helpful

Connectivity

  • Ransomware attacks are all through the internet. Hence it is essential to have a control on the path between your computer and the Internet.
  • WannaCry encrypts files stored on local systems and network shares. Implementing data categorization helps mitigate any damage incurred from a breach or attack by protecting critical data in case they are exposed
  • Network segmentation can also help prevent the spread of this threat internally. Good network design can help contain the spread of this infection and reduce its impact on organizations.
  • Whenever connectivity is not needed, the path should be closed or connectivity should be disconnected.
  • When you’re using public WiFi networks, make sure you tell your system that you’re on a public network (many will ask if it’s a public or home computer.) That tells your operating system that it’s functioning in a potentially threat-filled environment and it will close off some of its more vulnerable software ports to the outside.

Proactive Measures instead of Reactive

This is not end of it. Rather more destructive versions will be popping up soon. Hence remediation of present threat will not give us a resolution. Security is a journey, not a resolutions. Hence below measures should give us some breathing space:

  1. Network and Application Audit on regular intervals (vulnerability Assessment and penetration testing)
  2. 3rd Party Risk Assessment and Business Continuity Planning
  3. Information Security Process Adherence as per international bench-marking , certification, compliance and regular governance.
  4. Remediation as per GAP Analysis continuous basis
  5. Deployment of tools and technologies for proactive measures.
  6. Close harmony between people-process and tools.