Cyber incidents are fast moving and increasing in number and severity. When a cyber incident occurs, the attacked enterprise responds with a set of predetermined actions. Get trending information on exploits, and vulnerabilities every week to help your organisation to be better equipped to avoid being victim of cybercrimes. Anglo African brings you the weekly cyber-attack news wrap-up and remedy tips to support your business to defend against hackers.
Sage 2.0 is a new ransomware recently spotted by security experts, it was first observed in December and not now it is distributed via malicious spam. Sage is considered a variant of CryLocker ransomware, it is being distributed by the Sundown and RIG exploit kits. The current campaign also leverages steganography to exfiltrate information about the victim’s PC inside a PNG image.
Ransomware app found its way into Google Play and managed to make at least one victim. The app has since been removed by the Android team. According to security firm Check Point Software Technologies, several weeks ago they detected and quarantined an Android device that had this malware on it. The owner of the phone had downloaded an app that had this 0day mobile ransomware on it, named “Charger’.
Security experts are warning that Android users should brace for a potential spike in hacking attacks after the source code and step-by-step instructions about a piece of malware designed to steal banking credentials was leaked online via an underground forum.
The HummingBad malware first discovered in February 2016 is making a return visit to the charts. The original was cleaned up, but not before the malware’s authors Yingmob racked up around US$300,000 per month at its peak. Check Point Software Technologies says it’s spotted the return version, which it’s dubbed HummingWhale, adding the authors have added better ad fraud capabilities to the code.
Prevention is far better than a cure. Here are tips to protect yourself against ransomware.
- Back up your files regularly and keep a recent backup off-site.
The only backup you’ll ever regret is one you left for “another day.” Backups can protect your data against more than just ransomware: theft, fire, flood or accidental deletion all have the same effect. Make sure you encrypt the backed up data so only you can restore it.
- Don’t enable macros.
A lot of ransomware is distributed in Office documents that trick users into enabling macros. Microsoft has just released a new tool in Office 2016 that can limit the functionality of macros by preventing you from enabling them on documents downloaded from the internet.
- Consider installing Microsoft Office viewers.
They allow you to see what a Word or Excel document looks like without macros. The viewers do not support macros so you can’t enable them by mistake, either.
- Be very careful about opening unsolicited attachments.
Most Windows ransomware in the recent months have been embedded in documents distributed as email attachments.
- Don’t give yourself more login power than necessary.
Don’t stay logged in as an administrator any longer than necessary. Avoid browsing, opening documents or other regular work activities while logged in as administrator.
- Patch, patch, patch.
Malware that does not come in via document macros often relies on bugs in software and applications. When you apply security patches, you give the cybercriminals fewer options for infecting you with ransomware.
- Train and retrain employees in your business.
Your users can be your weakest link if you do not train them how to avoid booby-trapped documents and malicious emails.
- Segment the company network.
Separate functional areas with a firewall, e.g., the client and server networks, so systems and services can only be accessed if really necessary.