Security advice in the wake of WannaCry and Not(Petya)

Posted by   Martijn Grooten on   Jun 30, 2017

The recent outbreaks of WannaCry and (Not)Petya have left many users and organizations understandably confused about what to do and how to fend off such attacks. Thankfully, security experts are always happy to give advice. I decided to collect together and compile a list of the most important, and most frequently given, advice.

  • Always install software patches, especially those fixing security issues – but be aware that some 'security fixes' are fake and actually install malware, and that sometimes, as in the (Not)Petya case, update mechanisms may be compromised to serve malicious updates.
  • Only open attachments in emails from people you know – but note that cybercriminals may forge email addresses from people in your address book, or may compromise their email accounts to send malicious emails, so even if an email appears to have come from someone you know, it may not have done.
  • Never enable macros when you are asked to do so – although, to get Adobe Reader to print a PDF document you just downloaded, you will need to ignore the warning and click "Enable All Features".

adobeenableallfeatures.png

 

  • Make sure you keep regular backups to which you have easy access in case of a ransomware infection – but note that the easier it is for you to access your backups, the easier it will be for ransomware to encrypt your backups too.

  • Never pay the ransom – although be aware that, in some cases, paying the ransom may be your only chance of getting your data back.

  • Always upgrade to the latest version of the operating system you are running – although note that software that may be essential to the running of your business or organization may not be compatible with recent operating systems.

  • Follow the advice of security experts – but note that security experts are known to disagree with each other.

Security. It's complicated.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.