SEARCH
  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

ransomware

[:en]Defeat ransomware: Backup your data[:af]Fnuik ransomware: Rugsteun jou data[:]

Wednesday, July 5th, 2017

[:en]

The destructive Petya ransomworm caused destruction and major interruptions of services around the world last week. Unfortunately, it’s becoming progressively more difficult to avoid these attacks as cybercriminals become more clever and inventive in their methods. While there are ways to prevent that you fall prey to such an attack, there’s one thing you can do which will ensure that you are safe. And it’s not technical or difficult to do.

Once a week, backup all your data. Yes, this is a menial, boring administrative task – and we all hate those, but by ensuring that your data is safe and sound elsewhere, it won’t matter if your PC is infected by ransomware or any other malware. If you do lose your data, you will have another version available. 

Here are a few quick tips to help you:

  1. Choose one day a week which suits you and make an appointment in your diary to do a weekly backup.
  2. Try not to overwrite your previous backup. Rather make consecutive copies in various folders on your external hard drive or on your network space and name each with the particular day’s date. If any of the documents become corrupt for some reason, you can always fall back on a previous version.
  3. Regularly check that the medium on which you made your backup is still in working order and you’re able to access your documents.
  4. Use more than one backup medium, for example, your network space AND an external hard drive.

Where should you backup data?

  1. Each staff member has access to his/her own network space (usually the h-drive) where you can save an allocated amount of data for free. You have 1GB at your disposal to backup your most critical documents. At an extra cost of R10-00 per 1GB this space can also be increased. This network space is also available via the web at storage.sun.ac.za if you find yourself away from the SU network. 
  2. On your departmental network space (usually the g-drive). The departmental drive can be used for files used by more than one person and 15GB is allocated to each department. SharePoint can also be used by groups for sharing documents.
  3. OneDrive allows each staff member 5TB of storage space. This is available via the Office365 suite. https://portal.office.com/
  4. If you choose to have your data close at hand, get yourself an external hard drive. Never save important data on a flash drive – its sole function is for transporting data from one device to another and is not a dependable medium for backup. Just ensure that these devices are stored somewhere else (not also in your office) or in a safe. If confidential, SU documents are kept on an external hard drive, files have to be protected with a password or encrypted. Keep in mind that if you lose the password, not even IT can salvage your data.
  5. Alternatively, you can save data in the cloud. We’ve already mentioned OneDrive, but GoogleDrive or Dropbox are also examples of this. It is extremely important that cloud storage is only for personal use, not for any academic information or sensitive data. Also keep in mind that if you use more than one device, you have to sync data across devices and this will incur costs.

More tips on backups, as well as activating Windows’ automatic backup function on www.backblaze.com.

 

 

[:af]

Die vernielsugtige ransom-wurm Petya het laasweek verwoesting regoor die wêreld gesaai en vele kritiese dienste onderbreek. Ongelukkig raak dit toenemend meer moeilik om hierdie tipe aanvalle te vermy, aangesien kuberkriminele slimmer raak en al meer inisiatief aan die dag lê. Hoewel daar maniere is om te voorkom dat jy in die ransomware-slaggat trap, is daar een ding wat jou sonder twyfel sal beskerm. En dis nie te tegnies of te moeilik om te doen nie.

Rugsteun jou data eenmaal ʼn week. Ja, dis ʼn vervelige, sieldodende, administratiewe taak en ons almal haat admin ewe veel – maar deur net dit te doen, verseker jy dat jou data veilig is. Selfs al word jou rekenaar oorgeneem deur ransomware of enige ander malware, het jy ekstra weergawes daarvan beskikbaar elders.

Hier is ʼn paar vinnige wenke om jou te help:

  1. Kies een dag in die week wat jou pas en skeduleer ʼn afspraak in jou dagboek om ʼn weeklikse rugsteun te doen. 
  2. Probeer om nie oor vorige rugsteundokumente te skryf nie.  Maak eerder opeenvolgende kopieë in verskeie vouers op jou eksterne hardeskyf of netwerkspasie met elkeen se datum as beskrywing. Indien enige van die dokumente korrup word, sal daar altyd ʼn vorige weergawe beskikbaar wees. 
  3. Gaan gereeld jou rugsteun-medium na en maak seker dat dit nog in ʼn werkende toestand is en jy toegang tot jou dokumente kan kry. 
  4. Gebruik meer as een rugsteun-medium, byvoorbeeld jou netwerkspasie EN ʼn eksterne hardeskyf. 

Waar moet jy jou data rugsteun?

  1. Elke personeellid het toegang tot sy/haar eie netwerkspasie (gewoonlik die h-skyf) waar jy ʼn vasgestelde hoeveelheid data gratis kan stoor. Jy het 1GB tot jou beskikking om die mees kritiese dokumente te stoor. Die spasie kan ook vermeerder word teen ʼn ekstra koste van R10-00 per 1GB. Jou netwerkspasie is ook beskikbaar via die web by storage.sun.ac.za indien jy nie op kampus is nie.
  2. Departementele netwerkspasie (gewoonlik die g-skyf). Die departementele netwerkspasie kan gebruik word vir leêrs wat deur meer as een persoon gebruik word en 15GB word aan elke departement toegeken. SharePoint kan ook deur groepe gebruik word om dokumente te deel.
  3. OneDrive bied 5TB stoorspasie per personeellid. Hierdie diens is beskikbaar via die Office365 suite. https://portal.office.com/
  4. Indien jy verkies om jou data naby te hou, kry vir jou ʼn eksterne hardeskyf. Moet nooit belangrike data op ʼn flitsskyf stoor nie – die enigste doel daarvan is om data van een toestel na ʼn ander te skuif. Dis nie ʼn betroubare rugsteun-medium nie. Maak ook seker dat jou rugsteun-mediums elders gebêre word of in ʼn kluis (nie in jou kantoor nie). Indien jy US-dokumente op ʼn eksterne hardeskyf stoor, MOET dit met ʼn wagwoord beveilig word of enkripteer word. Hou ook in gedagte dat indien jy die wagwoord verloor, IT nie jou data weer sal kan opspoor nie.
  5. Laastens kan jy ook jou data in die wolk stoor. OneDrive is een voorbeeld van wolkberging, maar GoogleDrive of Dropbox is ander opsies. Wolkberging is slegs vir persoonlike gebruik en nie vir enige akademiese of sensitiewe data nie. Onthou ook dat, indien jy meer as een toestel het, jou data op alle toestelle sinkroniseer moet word en kostes noodwendig betrokke is. 

Vir meer wenke en hoe om Windows se outomatiese rugsteun-funksie te aktiveer, lees gerus op www.backblaze.com.

 

[:]

[:en]Petya wreaks havoc worldwide[:af]Petya saai wêreldwyd verwoesting[:]

Wednesday, June 28th, 2017

[:en]

A serious ransomware attack, similar to WannaCry, has reached Asia after spreading from Europe to the US, hitting businesses, banks, airports, power stations, port operators and government systems. This ransomware is being described by the press and security researchers as “Petya Ransomware.”  Read more on Fin24.

Ransomware is a type of computer virus usually downloaded that attacks and takes over a computer, sometimes installing a password or encrypting the entire hard drive, preventing any access. The victim is then extorted for money, usually payable in Bitcoin, in order to unlock their precious data.”

“This is a new generation of ransomware designed to take timely advantage of recent exploits. This current version is targeting the same vulnerabilities that were exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as a ransomworm. In this variant, rather than targeting a single organization, it uses a broad-brush approach that targets any device it can find that its attached worm is able to exploit.” (www.blog.fortinet.com)

While many of you might not be too concerned about this attack, since it originally happened in Ukraine, a small country on the other side of the world, the nature of the Internet and the fact that we are all connected in some way or another, means that it will only be a matter of time before we start to experience attacks on South African soil. There are already reports of infected emails from the Ukraine attack being detected in parts of Western Europe and the USA. 

This attack seems to have began with a extensive phishing attack of emails sent out with infected Excel attachments, or a Trojan virus that attempts to disguise itself as a type of Microsoft Excel online document. Once opened the infected attachment will gain control over the victim’s computer and start encrypting the hard drive contents, preventing any access.

To ensure that you don’t fall prey to this attack, you can follow these instructions from Microsoft.

Please be wary of emails that come from unknown sources, (or even from senders who are unaware that their computers are controlled by ransomware and are busy sending out infected emails.) especially if they have .XLS, .PDF and .HTML attachments or ask you to login to verify details or click on links.

  • The best defense against ransomware is to outwit attackers by not being vulnerable to their threats in the first place. This means backing up important data daily, so that even if your computer gets infected, you won’t be forced to pay to see your data again. Do you have a backup of ALL your important data? Operating systems can be easily rebuilt or reinstalled – your personal data cannot.
  • Be aware of emails that carry a malicious attachments or instruct you to click on a URL.
  • Watch out for “malvertising” – this involves compromising an advertiser’s network by embedding malware in ads that get delivered through web sites you know and trust. Ad blockers are one way to block malicious ads, and patching known browser security holes will also thwart some malvertising. Is your computer up-to-date?
  • Finally, don’t be trigger-happy and click on links, no matter how legitimate they might look. Think first before clicking. If you have doubts about an email, phone up the IT HelpDesk and find out or ask your local computer geek for their opinion.

Many of you are on holiday and at home where your protection *might* not be a good as what we enjoy at the university. 

[ARTICLE BY DAVID WILES]

[:af]

ʼn Ernstige ransomware-aanval, soortgelyk aan WannaCrypt0r/WannaCry, het gisteraand Asië bereik nadat dit van Europa na Amerika versprei het. Verskeie groot besighede, hawens, banke, lughawens, kragstasies en regeringstelsels is swaar getref. Hierdie ransomware word deur die pers en sekuriteitsnavorsers beskryf as “Petya”. 

Ransomware is ʼn tipe rekenaarvirus wat afgelaai word en rekenaars aanval en oorneem. Soms installeer dit ʼn wagwoord of enkripteer die hele hardeskyf en belemmer enige toegang tot data. Die slagoffer word gevolglik gevra vir geld, gewoonlik betaalbaar d.m.v. Bitcoin, indien hy/sy data terug wil kry. 

“This is a new generation of ransomware designed to take timely advantage of recent exploits. This current version is targeting the same vulnerabilities that were exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as a ransomworm. In this variant, rather than targeting a single organization, it uses a broad-brush approach that targets any device it can find that its attached worm is able to exploit.” (www.blog.fortinet.com)

Aangesien die betrokke aanval oorspronklik in Ukraine, ʼn klein landjie aan die ander kant van die wêreld, gebeur het, is dit maklik om te ignoreer. Maar weens die aard van die Internet en die feit dat ons almal verbind is, beteken dit dat Suid-Afrika ook bereik kan word. Petya is intussen ook in Wes-Europa en Amerika opgemerk.

Dit blyk of Petya begin het met `n deeglike phishing-aanval deur e-posse met aangehegde, besmette Excel aanhangsels of ʼn Trojaanse virus in die vorm van ʼn aanlyn Microsoft Excel dokument. Sodra die aanhangsel oopgemaak word, neem dit die ontvanger se rekenaar oor, enkripteer die hardeskyf en verhoed dat jy toegang het tot jou data.

Rekenaars op die SUN-domain kan beskerm word deur die volgende instruksies van Microsoft te volg:

Wees versigtig vir e-posse van onbekende bronne, veral as dit .XLS, .PDF en .HTML aanhangsels het of jou vra om aan te teken en jou details te bevestig of op skakels te kliek.

  • Die beste beskerming teen ransomware is om nie jouself kwesbaar te laat nie. Dit beteken dat jy jou data gereeld moet rugsteun, sodat, indien jou rekenaar besmet word, jy steeds toegang daartoe elders kan kry. 
  • Wees versigtig vir e-posse met gevaarlike aanhangsels of wat vra dat jy op skakels kliek. 
  • Oppas vir “malvertising” – malware wat versteek word in advertensies op webwerwe wat jy ken en vertrou. Advertensieblokkers kan help om advertensies te blok en om te sorg dat jou webblaaier tot op datum opdateer is, sal ook keer dat daar sekuriteitsgapings is.  
  • En laastens, moenie kliekmal wees en op enigiets kliek nie – al lyk dit hoe oortuigend. Dink voor jy kliek. As jy twyfel, kontak die IT Dienstoonbank. 

[ARTIKEL DEUR DAVID WILES]

[:]

[:en]How to avoid ransomware attacks[:af]Hoe om ransomware te vermy[:]

Friday, June 2nd, 2017

[:en]

Ransomware is a type of malware designed to encrypt users’ files or lock their operating systems so attackers can demand a ransom payment. According to a 2016 Symantec report, the average ransom demand is almost $700 and “consumers are the most likely victims of ransomware, accounting for 57 percent of all infections between January 2015 and April 2016.”

Similar to a phishing attack, ransomware executes when a user is lured to click on an infected link or e-mail attachment or to download a file or software drive while visiting a rogue website. Sophisticated social engineering techniques are used to entice users to take the desired action; examples include

  • an embedded malicious link in an e-mail offers a cheap airfare ticket (see figure 1);
  • an e-mail that appears to be from Google Chrome or Facebook invites recipients to click on an image to update their web browser (see figure 2); or
  • a well-crafted website mimics a legitimate website and prompts users to download a file or install an update that locks their PC or laptop.

Figure 1. Phishing e-mail with ransomware embedded in a link

Figure 2. A fake Google Chrome e-mail

To avoid becoming a victim of ransomware, users can follow these tips:

  • Delete any suspicious e-mail. Messages from unverified sources or from known sources that offer deals that sound too good to be true are most likely malicious (see figure 3). If in doubt, contact the alleged source by phone or by using a known, public e-mail address to verify the message’s authenticity.
  • Avoid clicking on unverified e-mail links or attachments. Suspicious links might carry ransomware (such as the CryptoLocker Trojan).
  • Use e-mail filtering options whenever possible. E-mail or spam filtering can stop a malicious message from reaching your inbox.
  • Install and maintain up-to-date antivirus software. Keeping your operating system updated with the latest virus definitions will ensure that your security software can detect the latest malware variations.
  • Update all devices, software, and plug-ins on a regular basis. Check for an operating system, software, and plug-in updates often — or, if possible, set up automatic updates — to minimise the likelihood of someone holding your computer or files for ransom.
  • Back up your files. Backup the files on your computer, laptop, or mobile devices frequently so you don’t have to pay the ransom to access locked files.
Figure 3. An example ransomware e-mail message

Figure 3. An example ransomware e-mail message

 

[:af]

Ransomware is `n tipe malware ontwerp om gebruikers se lêers te enkripteer of hulle bedryfstelsels te blok sodat kuberkrakers `n losprys kan eis.  Volgens `n 2016 Symantec-verslag, is die gemiddelde losprysbedrag $700 en is 57% van alle sekuriteitsinsidente onder gebruikers tussen January 2015 en April 2016 ransomware.

Soortgelyk aan `n phishing-aanval, lok ransomware ook gebruikers om op `n kwaadwillige skakel te kliek, of `n epos aanhangsel oop te maak of om sagteware af te laai vanaf `n bedrieglike webwerf. Gesofistikeerde sosiale ingenieurswese metodes word gebruik om gebruikers in die versoeking te bring om te reageer, byvoorbeeld

Sophisticated social engineering techniques are used to entice users to take the desired action; examples include

  • `n ingesluite kwaadwillige skakel in `n e-pos belowe `n goedkoop vliegtuigkaartjie (siene figuur 1);
  • `n e-pos wat lyk asof dit van Google Chrome of Facebook kom nooi ontvangers om op grafika te kliek om hulle webblaaier op te dateer (sien figuur 2); of
  • `n goedgeprakseerde webwerf na-aap `n werklike webwerf en por gebruiker aan om `n lêer af te laai of `n opdatering te installeer wat dan hulle toestel sluit. 

Figure 1. Phishing e-pos met ransomware versteek in `n skakel

Figure 2. `n Vals Google Chrome e-pos

Om te voorkom dat jy die slagoffer word van ransomware, volg die hierdie wenke:

  • Vee enige verdagte e-posse. Boodskappe gestuur vanaf ongeverifieerde bronne wat aanbiedinge bied wat te goed klink om waar te wees, is waarskynlik gevaarlik. (sien figuur 3) As jy twyfel, kontak die beweerde bron telefonies of d.m.v. hulle amptelike adres om die boodskap se geloofwaardigheid te bevestig.
  • Moenie op ongeverifieerde e-posskakels of aanhangsels kliek nie.  Verdagte skakels kan ransomware (soos die CryptoLocker Trojan bevat).
  • Gebruik e-pos filtermetodes wanneer moontlik. E-pos of gemorsposfilters kan keer dat gevaarlike boodskappe in jou posbus beland.
  • Installeer en onderhou jou antivirus-sagteware.  Hou jou bedryfstelsel op datum met die nuutste virusdefinisies. Dit sal verseker dat  jou sekuriteitsagteware die nuutste malware-weergawes kan optel.
  • Dateer jou toestelle, sagteware en inprop-programme (plug-ins) gereeld op. Kyk gereeld vir nuwe weergawes of opdaterings van jou bedryfstelsel, sagteware en inprop-programme — of, indien moontlik, stel dat dit outomaties opdateer. Dit sal die kans dat jou rekenaar en data gyselaar gehou word verminder. 
  • Rugsteun jou lêers. Rugsteun die lêers op jou PC, skootrekenaar en toestelle dikwels sodat jy nie hoef te betaal as jou data nie toeganklik is as gevolg van ransomware nie. 
Figure 3. An example ransomware e-mail message

Figuur 3. `n Voorbeeld van `n ransomware e-posboodskap

 

[:]

[:en]How to protect yourself from ransomware[:]

Friday, May 19th, 2017

[:en]

A serious virulent ransomware threat known as WannaCrypt0r/WannaCry has been affecting Windows computers on shared networks in around 150 countries worldwide. Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies. More on this attack. 

Ransomware forms part of a group of malicious computer software called malware,  which installs itself on your PC. It can be installed by means of an e-mail attachment, an infected programme or unsafe website with malware installed on it.  The software “kidnaps” your data by encrypting or limiting your access to it and then sending you a message demanding money to regain your access.  The only way access is possible again, is by acquiring an encryption key from the creator of the ransomware at a fee and this isn’t necessarily guaranteed.

But how do you protect yourself from ransomware

  • If you use Windows, install the patch that Microsoft has released to block the specific exploit that the WannaCry ransomware is using. Instructions can be found in the Microsoft Knowledge Base. You can also directly download the patches for your OS from the Microsoft Update Catalogue. (Take note that this is mostly applicable to devices that are not on the university network.)
  • Update your Antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry. (Devices running on the SU network should be up to date)
  • If you don’t have anti-virus software enabled on your Windows machine, enable Windows Defender, or Avast! AV or Avira AntiVirus, which is free.
  • Backup regularly and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.
  • For further reading, this is an excellent detailed write-up on the WannaCry ransomware.  
  • Get the word out.

[INFORMATION SUPPLIED BY DAVID WILES]

[:af][:]

[:en]Critical ransomware attack targeted Windows computers[:af]Kritiese ransomware val Windows-rekenaars aan[:]

Saturday, May 13th, 2017

[:en]

A serious virulent ransomware threat known as WannaCrypt0r/WannaCry has been affecting Windows computers on shared networks in at least 150 countries worldwide. Once one computer on a network is affected, the infection easily spreads to other Windows computers on the same network, easily shutting down entire government agencies and national infrastructure companies. More information on this attack

Ransomware is a malicious script or software that installs itself on your computer without you knowing. Once it’s installed and running, it will lock down your system and won’t allow you to access any files or programs on that computer. To unlock your system and regain access to the computer being held hostage, the lock screen informs you that you must pay for an unlock tool or decryption key from the hacker.

If your Windows computer is connected to a shared network, such as those at the University, Information Technology will automatically keep your Windows up-to-date so you don’t have to.

If you are running Windows and automatic updates are enabled you should be okay. If you don’t and haven’t updated recently you should update to the most recently released version immediately. Information Technology does manage automatic updates on many of our computers, but users also have to check their computers, especially with laptops that are taken home, in hostels and connect to other less well-managed networks. 

Keep an eye open for phishing e-mails requesting that you click on links and fill in your username and password. Beware sites that you visit that have suspicious popups that ask you to install software or “inform” you that your computer is infected with viruses.

Just because the mail looks like it has been sent from a university address or the site that you visit looks like a university or Internet banking website, don’t be fooled. Check the address and what you are being asked to do. If in doubt ask Information Technology, or your local “computer nerd”. They will be able to help and advise you.

More articles on ransomware.

[ARTICLE BY DAVID WILES]

[:af]

Ernstige ransomware, bekend as WannaCrypt0r/WannaCry, het verlede maand Windows rekenaars op gedeelde netwerke in ten minste 150 lande aangeval. Sodra een rekenaar op ʼn netwerk besmet is, versprei die infeksie moeiteloos na ander Windows rekenaars op dieselfde netwerk. Op so ʼn  manier word groot maatskappye, regeringsorganisasies en nasionale infrastruktuur maatskappye maklik en vinnig buite aksie gestel. Meer inligting oor hierdie aanval.

Ransomware is ʼn  kwaadwillige programmeringskrip of sagteware wat op jou rekenaar installeer word, sonder jou wete. Sodra dit loop op jou rekenaar, word jou hele stelsel geblok en het jy geen toegang tot jou lêers of programme op jou rekenaar nie. ʼn Kennisgewing op jou skerm sal aandui dat jy die kraker moet betaal vir die sleutel of die dekripsie-instrument voordat jou stelsel oopgesluit word en jy weer toegang kan kry.

Indien jou Windows-rekenaar verbind is aan ʼn gedeelde netwerk, soos dié van die universiteit, hou Informasietegnologie jou rekenaar outomaties op datum met Windowsopdaterings sodat jy dit nie hoef te doen nie.

Indien jy Windows gebruik en jou outomatiese opdateringsfunksie is geaktiveer, behoort jy dus veilig te wees. Indien dit nie is nie en jy lanklaas enige opdaterings gedoen het, sorg dat jy dadelik die nuutste weergawe kry. Alhoewel Informasietegnologie outomatiese opdaterings doen op die meeste rekenaars, is dit belangrik dat gebruikers self ook hulle rekenaars nagaan. Dis veral van toepassing op skootrekenaars wat huistoe geneem word en aan tuis, koshuise en ander minder veilige reguleerde netwerke verbind. 

Wees bedag op phishing e-posse wat versoek dat jy op skakels kliek en jou gebruikersnaam en wagwoord intik. Oppas vir webwerwe wat bedenklike opspring-skerms het wat vra dat jy sagteware installeer of vir jou sê dat jou rekenaar besmet is met virusse.

Bloot omdat ʼn  e-pos lyk asof dit gestuur is vanaf `n universiteitsadres of die webwerf lyk soos die universiteit of jou bank s’n, beteken nie dit is nie. Kyk na die webadres en lees noukeurig wat van jou gevra word. As jy enigsins twyfel, kontak IT of jou ʼn  IT-kenner wat jy vertrou. Hulle sal jou kan help en raad gee.

Meer artikels oor ransomware.

[:]