In many years we did hear that users have to take their responsibilities and protect their PC, some recommendations are:
- Update the OS, SW,..
- Install antivirus, antimalware, …
- Avoid using same password in different places
- Choose password in a clever manner
- User are lazy, change password regularly
(well, recently the recommendation is do not change password too often)
- Do not open files until you are sure about it is not suspicious
- Do not click on links you are not sure about
- Do not use public WiFi
- List of the recommendations goes on and on …
Ransomware has been a real pain since couple of years which caused a lot of damage and pain for the end users, companies, organizations. The following schematics shows possible scenarios that a pc and file system gets infected by Ransomware
- User gets an email with malicious and hidden link, when user opens the email and clicks on the link, a program downloaded to the PC and infects the PC with a virus.
2- User receives an email with a file (usually a zip or another executable, or photo file and when the user opens the file, either the malicious code infects the PC with a virus directly or fetches codes from another site and finally infects the PC.
in my opinion some more attention must be paid from “the other side”. The OS-provider, anti- virus/malware, ISP:s, SW companies etc. Why?
Here are some obvious reasons that the involved “providers” should take more responsibilities
Everything goes through your ISP, Internet service provider. Serious ISP:s do have a lot of tools to detect suspicious network traffic. They monitor the network and automatically receive alarms about data packets with sender or receivers (the IP address) which are blacklisted or with suspicious reputations. This means that ISP:s have possibility to inform about possible virus
- The network (internal network for companies, organizations, etc) Most companies are using data communication equipment’s with lots of good utilities it is up to the decision makers to require good network security even on installed basis. Monitoring suspicious external activities is among the first steps to protect the investments, information, customers.
- Emails goes to your email server (provided by ISP, WEB hotels or other email provider like Microsoft Outlook, Google Gmail, Yahoo, Etc..). Usually emails scans to detect and discard malicious codes, unwanted email etc. They are also preventing receiving emails from the “black listed” IP addresses and even users. In another word the Email providers does have a huge possibility to prevent and inform about the possible malicious code/virus
- User has a big responsibility to prevent his/her PC getting infected and they hear almost every day that they are the weakest link so we do not need to go more in depth.
- The PC
- Operating system in my opinion it should be a built in prevention against malicious code like Ransomware. What Ransomware usually does is to locate and systematically encrypt files like document, calculations, drawing, presentations etc. The encryption codes needs high use of the CPU power and must perform a lot of file access, in other word it is not hard to detect and provide a build in prevention in the operating system. This means that OS-providers must take a better responsibilities for their product.
- File Servers In some cases the malicious code also encrypted files on common file servers, this also means the company should always work on and detect “worst case” scenarios and handle common network disk area more carefully. Fast Backup and restore system could be complementary but preventive actions are crucial.
- Anti-virus and malware SW
If user has installed the anti- virus/malware then the SW should detect and prevent encryption of your hard drive/network files. If it doesn’t then you may need a better SW, change your SW.
Comments are most welcome!