I was on a business trip to the Holy Land (I will not write about my trip and how interesting was there. You should visit and feel this country) when newspapers began to write in panic about a new Ransomware virus and the complete disaster that will ensue…
It all started that very same afternoon. My colleague and I walked down the streets and beach of Tel Aviv, when my phone rang. It was a call from one of our customers. He told us that he read about this new “mega” threat and asked about the MS patch that can fix the problem.
Other calls soon followed. Some were from customers and some from our support help-desk. I was surprised.
I know that the ransomware virus is devastating and that some people lost everything on their computer. But, I didn’t expect a few bombastic and sensationalist newspaper articles to cause such a big panic. When I heard the details of one such article, I pointed out that this is a very distorted picture.
I started to laugh when I read articles with titles like “When you come into the office on Monday, THIS is what will happen”. Hey, it was Sunday and people in some countries, like Israel, work. So, they came into their offices, what happened was one big nothing!
A few unlucky or careless people caught the virus. Other people barely noticed it. So you now ask – how is this possible?
The answer is very simple, my friends. Updated anti-virus signatures and patched Microsoft Windows operating systems. That’s right, you spotted the root of the problem.
Why you ignored the patch?
So, we are supporting our customers and some of their applications. The manufacturer of this software explicitly requires that Windows must be patched manually (after they check the patch and its effect on the software). This is good practice; alas, it requires more administrative work on the customer’s side – you can see where I am going with this.
Analyzing all information that was available at this time, eventually we come to the Microsoft security bulletin MS17-010.
I opened this bulletin and was very unpleasantly surprised. It was two months old! People, do you patch your system on time?
Even if you don’t strictly follow Microsoft’s advice to patch your systems and servers every month, you should do that at least every 45-60 days. Especially the security patches.
In my experience, during the last few years, Microsoft security patches are stable and don’t cause problems with systems. However, it’s strongly advised to install all new patches on a test system and check them before you apply them to the production system.
And anti-virus on the top
In most cases, the ransomware viruses are spreading over e-mail messages. You receive the e-mail with some receipt or pro-form. As it’s very similar to your everyday messages, it is likely that you will open it.
Remember, my friends, that everybody can be tricked to opening an email. Even I almost opened one fake attachment, while I was distracted (waiting for a document from our vendor). I was multi-tasking and when I saw it, I opened the .zip file.
However, in the next moment I stopped and asked myself why am I opening .zip archive. They never send their documents that way. Therefore, I looked at it carefully and found this to be a virus.
What you can do with these threats? Honestly, you can’t stop it from being received, but you can block it as much as you can. You can even use layered anti-virus protection. For example, you can use one AV solution on the workstations and another solution on the e-mail server(s).
Going a step further, you can implement the proxy servers to block inappropriate Web content. Unfortunately though, the proxy server will not protect you when you’re using secured Web traffic (HTTPS).
Don’t panic, just patch
In short, whenever you read another bombastic article, immediately reject half the content; as this is a balloon full of hot air. Use the rest of information, as the starting point for your own investigation.
Try to check a few Internet portals and see what they’re talking about. Even they can have incomplete information.
Immediately update the AV solution and check for Microsoft updates. Both Microsoft and AV companies will work with hardly any sign of the global threat.
Even if there is no specific threat, you should be alert. Have a good AV, update it regularly and keep your Windows up to date. In addition, be very careful when you opening your e-mail. Otherwise, you can easily become a victim of a low-scaled threat.
Above all else, don’t panic. The internet is not a safe place. Contrastingly, it’s not also worst place on the planet. Just be cautious and enjoy the Internet’s vastness.
Whatever happens, keep calm and read my blog.