WCRY Ransomware Attack 2017 –Validate If Your System is Safe Today

Breaches in IT security are spreading like wildfire all over the world. There is a new culprit found on May 12, 2017, which is known as WCRY ransomware, affected approximately 230,000 computers worldwide. It is known as WannaCrypt too.

Be it any business vertical, this nasty Internet offender did not restrict itself anywhere, and was designed to blow the whole IT industry. This massive cyber-attack holds the potential to encrypt data of any system within minutes and displays a message on the user’s screen, asking to pay $300 in Bitcoins for data retrieval. It quickly got spread via phishing emails and targeted unpatched applications/operating systems in the form of computer worm. In other words, it majorly targeted those machines that were using older operating systems. National Health Service of the UK, national petroleum of China, and factories of Renault situated in France were some of its victims that were affected adversely.

That’s not all! It also impacted the patient tracking systems in various renowned hospitals, which made the patient related information inaccessible to the doctors. Well! It was really a serious matter because it could lead to inapt diagnosis, surgeries, or even deaths of innocent patients. However, the patch to keep these types of vulnerability was developed a couple of weeks before the attack, but perhaps it was not applied by Microsoft at the right time. Thanks to an IT geek, who researched and found an effective ‘kill switch’ to get rid of further possible damage caused by this ransomware. It certainly reduced the speed of this spread. But, it doesn’t mean that it is wiped out completely. According to a report published by Kaspersky, a new version of this malware has been detected, which will not be stopped by ‘kill switch’. There are chances that users may come across another attack starting May 15, 2017. 

So far, the face of its creator has not come in the picture completely. But, per latest news, it is stated by various IT security agencies that these attacks were caused by some highly-advanced hacking weapons that were stolen by a group of hackers, namely ‘Shadow Broker’. Now let’s discuss the precautions. If you are using an older version of windows in your computer such as windows XP, windows server, or any other older OS, then it’s a high time to take an immediate action. Upgrade your systems with new security update to stay secured against WCRY attack. Always validate your emails prior to open their attachments, as a tiny mistake on this action may make you lose your important data. To keep your IT secured further, it is advisable to install the latest version of antivirus on your system. If you own a website, you can install an SSL certificate to protect it against cyber-attacks.  For any question related to IT security, feel free to connect with mysslonline team.      

Massive Phishing Attack on Google Docs - Case Study

Rethink While Allowing Apps Accessing Your Google Account Now

Did you know that Google Docs recently encountered a major phishing attack on Tuesday, 2^nd, May, 2017? This attack got spread like a wildfire, and was designed to steal the precious information from your mailbox.

The strategy of this attack was slightly advanced than other phishing attacks. Here, users get emails with a link, namely ‘Open in Docs’.

This phishing attack was designed by exploiting a renowned standard, namely ‘OAuth’, which is used to provide third party services or apps to connect with your Google account. Usually, this functionality is being utilized by numerous authentic websites to help users quickly connect with them. But, if we discuss this phishing attack, the moment users click this link, they are redirected to Google.com. It is one of the reasons that they could not sense that it is extremely harmful for their precious data. Being a user, you are also asked to provide your permission to an app to connect with your Google account. And, once the permission is granted, it sends the same email to your entire contact list. This is how this phishing attack reached to a maximum number of people worldwide. However, the name of this app is ‘Google app’, but it is not a Google based app. It is an illegitimate application, which has been given this name to cheat the users. Once you give accessibility permission to this app, it takes control of your mailbox management including data, emails, etc. If you research it a little bit more by clicking its link for detail, it is clearly mentioned that it is owned by someone with an email id, ‘eugene.pupov@gmail.com’.

However, Google is known to be one of the most secured platforms on the Internet, but to maintain the flawless security, constant IT security surveillance is mandatory. Well! IT industry has a nature of staying on wheels. It never remains static, as new challenges, innovations and solutions are the part of it. No matter how secure a software becomes, hackers never take their eye off from it, and keep finding ways to temper it. Not sure if anyone can ever change their negative thought process. But, we can surely boost the level of our security for a safer online experience. In order to get more information about this OAuth phishing, you can refer to Ars Technia, Quartz, the Verge, etc. Be it any business vertical, data plays a vital role everywhere, and no one can afford to lose it in today’s highly competitive world.

Google took a quick action on this incident and deactivated the app’s authentication token, which means it is not going to create nuisances in your digital world. But, for security viewpoint, you can access your Google Account Settings and remove this unethical app from there. Finally, it is always good to check the authenticity of applications that are asking for your personal or other account related details to stay safe online. Be aware to stay safe. You can always connect with mysslonline technical team to get any information related to IT security.