The expert told how to protect themselves from the virus-ransomware
MOSCOW, may 13 — RIA Novosti. The CEO of the company to prevent and investigate cybercrime Group-IB Ilya Sachkov told how to minimize the risk of infection from viruses-coders, one of which on Friday has spread in many countries of the world.
“Kaspersky lab” recorded may 12, about 45 thousand attempts to infect cryptography program in 74 countries worldwide, with the greatest number of attempts of infiltrations is observed in Russia.
Newsthe Largest attack in history. Hacked MIA, MegaFon and thousands of companies
Earlier media reported that the hackers used a modified malicious program of the national security Agency (NSA), USA. The Financial Times, citing analysts in the field of cyber security reported that the tool of the us intelligence services, known as eternal blue (“rich blue”), was combined with “an extortionist” WannaCry.
According to Sachkov, the main thing is to make backups. He also advises promptly update the operating system. “Don’t use OS that is not supported by updates of the manufacturer. For the specific case of WannaCry Microsoft has made an exception and released an update that closes the vulnerability that this virus exploits. To use a version of the OS more than 10 years ago, has long withdrawn from-under protection — a direct path security”, — said the expert.
In addition, you should not open attachments in emails from strangers. within the company network, it is desirable to set the “sandbox”, which will check all files received on email or downloaded by employees from the Internet, launching them in a special, isolated environment.
“In the case of WannaCry solution to the problem may be blocking port 445 on the Firewall (firewall), through which is the infection”, — he explained.
To detect potentially harmful files, you need to enable “Show file extensions” setting in Windows. “Stay away from file extensions, such kakehi,.vbs I. scr. Fraudsters can use several extensions to disguise a malicious file as a video, photo or document (e.g., avi.exe or doc.scr),” said Sachkov.
If you find a suspicious process on the device must be immediately disconnected from the Internet or home Wi-Fi it will help to prevent the spread of the virus, I advise you to Group-IB. Nets recommends never to pay the ransom because there is no guarantee that the attackers will send the decryption key.