The Indian Computer Emergency Response Team (CERT-In) has released a advisory marked as high severity so that system administrators and users can safeguard their machines from a new wave of ransomware attacks. The ransomware is noted to have worm like capabilities, and is spreading using EternalBlue, an exploit also used by WannaCry. If the malware gets administrator privileges, it encrypts the master file tree (MFT) and overrides the master boot record (MBR) with a custom bootloader that prevents the system from being used.
The relevant patches to prevent infections have been released by Microsoft in the security bulletin MS17-010. CERT advises backing up all critical data in an airgapped system, that is not connected to any network. Blocking of SMB ports also prevents the malware from spreading. Another safety precaution users can take is to not download or open files from unsolicited emails. CERT recommends disabling macros in Microsoft Office products, disabling remote desktop functionality, and using accounts with the least privileges.
Users are advised to keep their operating systems and all the installed software updated with the latest security fixes and patches. If affected by the ransomware, CERT advises users to not pay the ransom, as there is no guarantee that the files will be decrypted and released. If attacked by the ransomware, CERT requests users to report the infection to CERT and law enforcement agencies.
Updated Date: Jun 28, 2017 17:15 PM