- Microsoft had issued a security patch on 14 Mar 2017 - refer to IBM X-Force, Securelist, Microsoft
- Infection mostly detected in Russia - refer to Securelist
In plain English, the first thing you need to do in the morning is to run Windows updates before opening your emails - this is because this Trojan-based malware exploits one of the vulnerabilities in Windows.
According to IBM X-Force, it affected mostly Windows XP, Windows 8 and Windows Server 2003; according to Symantec, it targets data server because it will attempt to shutdown MS SQL Server services and email exchange services whilst encrypting all physical files.
I totally agree with Symantec on best practices to protect against ransomware :
- New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
- Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
- Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
- Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However organizations should ensure that back-ups are appropriately protected or stored off-line so that attackers can’t delete them.
- Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form.
My advise to you :
- Run windows updates the first thing in the morning before opening emails.
- Backup all important files to an external hard disk.
- Do not open email attachments from unknown source.
- To those using pirated Windows where windows updates is not functioning, refrain from connecting to the Internet or the office network.
- Switch to gmail or yahoo email which offers built-in security protection - i.e gmail disallowed exe file to be sent over as attachment.