Security

Can ZCryptor ransomware be stopped by upgrading to Windows 10?

The ransomware worm ZCryptor self-replicates by placing autorun files on removable storage devices and network…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

drives, spreading it to other devices and systems. Microsoft claims that systems can be protected by upgrading to Windows 10. What are some other mitigation steps enterprises can take? And how big of a threat is this ransomware worm compared to conventional ransomware?

Not every security issue can be mitigated by upgrading to the most recent version of an operating system or applying the most recent patch. Both are important security controls and must be included as part of an enterprise security program, but are not complete fixes. The security program should cover how to respond to a ransomware worm like ZCryptor when the enterprise can’t or hasn’t upgraded to the most recent version of the operating system. ZCryptor has functionality to drop malware on USB drives or file shares, including an autorun.inf file to get vulnerable systems to run the malware when opening the directory. ZCryptor is also distributed via malicious emails where an attachment with embedded macros would execute the malware. With the rise in cloud file storage, file shares can include any automated mechanism for saving files in an external location that eventually allows a user to directly open a file and potentially execute the malicious code.

As all enterprises are vulnerable to ransomware like ZCryptor, taking mitigation steps is a necessary process for yours. First, check to see if and how your endpoint security suite protects against ransomware and has functionality such as the CryptoDrop tool developed by researchers at the University of Florida. Having protection against ransomware, as well as the necessity of having good backups has been covered extensively, but taking two additional steps on top of following the Microsoft recommendations can minimize the chance that a compromised endpoint will affect the entire enterprise. Enterprises should ensure users have only the write access they need for file share stores and also disable autorun. Limiting user access to only the needed files will lead to the ransomware only encrypting those files and potentially leaving the other files unaffected. Disabling autorun is a standard antimalware recommendation which can stop the malware from autorunning on a system.

Next Steps

Learn how frequent data backups can help during ransomware attack recovery

Find out how Locky ransomware uses DGA in attacks on banks

Read how cloud DR can fit into your ransomware recovery strategy


Dig Deeper on Email and Messaging Threats (spam, phishing, instant messaging)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever’s puzzling you.





Source link

Tags

About the author

GG

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *