ransomware malware
Jerry Benton
jerry.benton at mailborder.com
Thu Feb 18 12:18:48 UTC 2016
The ransomware that comes though email is typically not the ransomeware itself. Usually it is a zipped HTML file labeled “resume.html” or something similar. The target user typically unzips the file, opens the HTML attachment, which then downloads a file via an iframe. The user then typically opens the downloaded file, which is a trojan.
So, if you look at that process the obvious weak point is the user. The first thing you need to do is train your users not to open attachments from people they do not know. The next step is you must run a respectable antivirus package on your workstations. Preferably one that is centrally managed so that you can see if a workstation is falling out of date.
Use incremental cloud backups for critical data. Note that if you have a backup solution on site that is accessible from the user’s workstation, it is not much good.
Do not attach network shares to a user’s workstation unless they absolutely need it.
Set the correct permissions on network shares. If everyone can write to everything, you are just asking for disaster.
Note that some of this ransomware also comes through flash advertisements on valid websites. Disable and uninstall flash on everything. You do not need flash anymore.
You can block HTML attachments in MailScanner if you like, even if they are in zip files.
The biggest exploit for ransomware is uneducated users and lax architecture. If you do things the way they are supposed to be done, you greatly reduce your risk to ransomeware and a whole host of other problems.
-
Jerry Benton
www.mailborder.com
> On Feb 18, 2016, at 4:18 AM, Arun Gupta <arung at cdac.in> wrote:
>
> Dear Sir/Madam,
>
> Is there any free opensource antivirus which MailScanner can use to catch ransomware malware.
>
>
> --
>
> Thanks & Regards,
>
> Arun
>
> -------------------------------------------------------------------------------------------------------------------------------
> [ C-DAC is on Social-Media too. Kindly follow us at:
> Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
>
> This e-mail is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender by reply e-mail and destroy
> all copies and the original message. Any unauthorized review, use,
> disclosure, dissemination, forwarding, printing or copying of this email
> is strictly prohibited and appropriate legal action will be taken.
> -------------------------------------------------------------------------------------------------------------------------------
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
More information about the MailScanner
mailing list