How do you prevent a malware or ransomware infection?

06.06.2017

Recent events with the WannaCry ransomware made it painfully clear how dependent society has become on the data on our computers and how important it is everyone puts good security hygiene measures in place. What do you need to watch out for?

Ransomware WannaCry: what happened?

Ransomware is a specific, very dangerous form of malware. As soon as ransomware has infected a computer, usually because the victim has opened a specially prepared mail, all the data on this computer is encrypted. To get the key to undo this encryption, the victim has to pay a ransom.

In the beginning of May, WannaCry ransomware rapidly and massively spread on different computer systems. The consequences of this attack were huge. Various hospitals were hit and surgeons had to postpone operations because they had no access to patient data. In France, Sweden and Slovenia the production of cars was halted. Stations in Germany were unable to provide any travel information. More information about WannaCry is available from the Centre for Cyber Security Belgium (NL / FR).

Juicy detail: a security expert discovered that the code referred to a particular domain name the malware had to contact. It turned out this domain name had not yet been registered and the scientist immediately took the initiative to do this. Thanks to this he (temporarily) stopped the spread of the malware.

Lessons to be drawn from the WannaCry attack

This large-scale attack is even more proof that companies and organisations are entirely dependent on their computers and data. Important lessons that can be drawn from this case:

  • One infected computer was enough to render all the data on the entire network useless. The infection probably occurred when an employee opened an mail with an attachment.
  • The malware was able to spread quickly via a worm using a security leak in older Windows computers. And it is a generally known fact that companies postpone (security) updates because they fear their customised software will be affected by the update.

What is good security hygiene?

You can take the following measures to prevent a massive infection:

1. Activate automatic updates

This applies both to your operating system, your virus scanner and your firewall. In fact, the last new versions of the Windows OS don't allow you to postpone updates.
Don't forget that when your paying antivirus software contract expires, the protection is also gone. If necessary install free Security software such as Panda or AVG.

Immediately install the latest updates for the software on your computer as well. E.g. your browser (Chrome, Firefox, Edge, etc.) and the add-ons such as Flash, as well as programs such as Adobe Acrobat Reader, etc.

2. Be careful with mails

A mail of a person you don't know will probably trigger an alarm, but when you know the sender you also have to be careful. After all, a mail address can be very easily spoofed - creating an extra account with sender thequeenofengland@Skynet.be in your mail program is child's play. The send address is not checked when a mail is sent.

Moreover, mail addresses can be hacked: hackers are able to get hold of lists with mail accounts and passwords and misuse them. haveibeenpwnd.com allows you to check whether a specific address has been compromised. Tip: do this regularly for your mail address.

With attachments especially you need to be extra careful:

  • In your mail program activate the option that attachments are not shown in the mail itself, but as a separate attachment you need to click first to view or open it.
  • Make sure your operating system always shows the extensions of a file. Smart hackers will send a file to your mailbox with the name family.jpg, but actually it is family.jpg.exe. Recent Windows versions always show the extension.
  • Never click on an executable file such as an .exe.
  • When you receive an Office document (Word or Excel), the program warns you to be careful and to only show the document in Protected View. Never close this warning and stay in Protected View mode.
3. Familiarise yourself with the structure of domain names

Phishing or malware mails often take advantage of the fact that the user does not analyse the name of a domain sufficiently. A mail, seemingly from the bank, will refer to a link which mentions ‘kbc’, so that the user clicks it. But always remember that http://accountinformatie.kbc.be.scammers.com/uwnaam has nothing to do with KBC at all.

The domain name above is made up of: subdomain.subdomain.domain name.extension/folder/folder/file.extension. The last word in front of the first slash (/) refers to the extension, and together with the word in front of it makes up the real domain name (in this case: scammers.com). A mail sent by KBC bank will therefore always specify kbc.be as the last word in front of the first slash.

Remember that the clickable words in a mail or your browser give no indication whatsoever about the underlying link! If there is a clickable link in your mail, which specifies ‘update your account’, you can make the underlying link visible as follows:

  • Most internet programs such as your browser have a status bar. Activate it. Move the cursor over a link so that the underlying address appears on the status bar.
  • Does your program not offer this option? Right-click a link and copy it to your clipboard to analyse it.
4. Make back-ups

Make regular back-ups of files, preferably to a medium or server in another location. Also make regular backups of files in the cloud to another location. Don't forget to make regular back-ups of your website files either!

5. Good passwords

Good passwords are complicated by definition and not easy to guess. This also makes it difficult for you to remember. This is why a lot of people always use the same password, both for simple logins such as for newspapers, and important logins such as their online bank account. The big risk is that a hacker gets hold of one of your logins and passwords, and is able to access all your accounts, including your bank account.

Use several passwords, or at least make the distinction between passwords for important (your social media accounts, mail, banking, etc.) and less important accounts (newspaper, gaming site, etc.). Better still, use a password manager such as LastPass.

If you apply this hygiene, you will prevent a lot of damage and problems. It's an attitude you need to adopt - in the same that a doctor or nurse washes his/her hands before treating a patient. Do you want to be the person who is responsible for infecting the entire network?

 

 

phishing

Tricksters lure you to a fake website that is a copy of a real one. They then get you to log in with your user name, password and credit card number. Once you’ve done that, the fraudster has your details.

server

A computer program or hardware device that provides services to other computer programs or users.

malware

Collective name for harmful or damaging software. Root kits and backdoors come under the heading of malware, as do viruses, Trojan horses, worms and spyware.

Browser

program that makes it possible to access and read web pages. Internet Explorer, Google Chrome, Mozilla Firefox and Safari are some well-known browsers.
Security