Wannacry ransomware's rich cousin - Is your computer mining money for hackers?
Here are a couple of snippets from Perth Now Sunday Times in Australia
ANOTHER large-scale, stealthy cyber-attack is underway on a scale that could dwarf last week’s assault on computers worldwide.
The new attack targets the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.
“It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose,” he said.
Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to “mine” in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.
…symptoms of the attack include loss of access to shared Windows resources and degradation of PC and server performance, effects which some users may not notice immediately.
How do I prevent WannaCry ransomware?
Dear Valued Client,
Before we begin, if at any point while reading the message below, you need assistance or are just not sure, call 877-662-6624 or contact us by email and let us know so we may assist you. If you are one of our Patchworx clients or that rare organization that is covered through other effective measures, we sincerely congratulate you for your efforts to protect your company.
Whether you request our assistance or do the work of protecting yourself, not acting could be a very costly choice.
Critical news:
As you have likely heard in the national news, networks all over the world (in more than 150 countries) have been infected by WannaCryp Ransomware also known as WannaCry since Friday 5/12/2017…in fact it is estimated that 100s of thousands of computers are already infected and potentially million more will soon be. So, before we move into the details of why this matters, please DO NOT OPEN any attachments, click on links in emails from unknown senders, bring in un-scanned USB drives or otherwise invite an infection into your network.
What does ransomware do?
There are different types of ransomware but, all of them will prevent you from using your PC or server normally. They will then ask you to do something such as pay money before you can access your systems and data. Not all but most make getting data back impossible without
Read MoreRansomware Training for End-Users - Be Ransomware Aware
Educate your users - Don’t let them be tricked into downloading ransomware/malware
Everyone should follow this advice:
- Be very cautious when opening an attachment or clicking a link in an email, instant message, or post on social networks (like Facebook)—even if you know the sender. If you are suspicious, call to ask the sender if they sent it. If not, delete it.
- The attack can look like it is from an official sources like banks, UPS, FedEx, USPS, eFax, etc. This has been the most common attack method to date.
- If an e-mail gets blocked and quarantined by your spam filter, be very certain about the message and any attachments before you release it from quarantine. One user recently got burned this way.
- Avoid clicking Agree, OK, or I accept in banner ads in unexpected pop-up windows with warnings or offers to remove spyware or viruses, or on websites that may not seem legitimate. These are usually bogus. Call your IT specialist if you are concerned.
What changed in NIST 800-171r1?
If you must comply with NIST 800-171 under DFARS you may wonder what has changed with the first revision, released in December, 2016. There are two substantive changes:
1. "Information Systems" has been replaced by "Systems" throughout the document. This mean the scope of your compliance effort is expanded to cover Industrial Control Systems (ICS) or Supervisorial Control and Data Systems (SCADA) that could be vulnerable to attack.
Therefore, your compliance team should have the necessary skills and experience to assess these additional systems.
What changed in NIST 800-171r1?
2. The addition of a 110th requirement for a System Security Plan (SSP). Paragraph 3.12.4 now requires you to "Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.”
An SSP differs from a Plan of Action and Milestones (POAM). A POAM is an actionable project plan with commitments that can be contractually binding versus an SSP that is more conceptually in nature. However, we think that Contracting Officers will expect suppliers to make their SSP's actionable and take good-faith efforts to abide by them.