Protect yourself from Ransomware: Guidance from ZOL

18 May 2017

The era of cyber-disaster may finally be here. Your leading Internet Service Provider, ZOL Zimbabwe would like to take this opportunity to educate you on what Ransomware is, and  what measures you can take to protect yourself against such cyber attacks in the future.

What has happened?
Last Friday 12 May, a massive cyber-attack caused by ransomware known as WanacryptOr 2.0, or WannaCry began to spread widely, impacting on thousands of organisations across the globe. WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows. Computers which do not have the latest Windows security updates applied are at risk of infection.

What is the WannaCry ransomware?
WannaCry encrypts data files and asks users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

Are you protected from this threat?
Everyone is a target for ransomware. You can be protected from this threat by implementing multiple layers of protection including (but not limited to):
• Scanning incoming email attachments for viruses
• Special detection logic for phishing emails
• Rewriting web links in emails so that on clicking the target site is scanned for malware
• Using the latest anti-virus software
• Using special advanced scanning in a sandbox environment of file types that are common vehicles for
• malware (things like .doc and .xls files). Note that this can cause a 3 to 4-minute delay on inbound emails
• that contain attachments.
• Using CrashPlan for backing up user files (it keeps previous versions, so one can roll back)

However, the final line of defence is awareness and vigilance on the part of users. Please be vigilant and read and absorb the ZOL-prescribed best practice guidelines below.

Is this a targeted attack?
No, this is not believed to be a targeted attack at this time. Ransomware campaigns are typically indiscriminate. Ransomware creators target homes, businesses and even police departments, city councils, schools and even hospitals, wherever they think they can get money. In general, users exposed to spam and accessing mostly illegitimate sites like torrent websites are at high risk.

How does it spread?
Ransomware commonly spread through spam email campaigns, vulnerable software, legitimate websites with malicious code injected and not so legitimate website like gaming or gambling sites.


Why is it causing so many problems for organizations?
WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows. Computers which do not have the latest Windows security updates applied are at risk of infection.

Can I recover the encrypted files?
Decryption is not available now but the security industry is investigating. We do not recommend paying the ransom. Encrypted files should be restored from back-ups where possible.

What are best practices for protecting against ransomware?
ZOL urges all users to be proactive in protecting their computers and data by keeping their computer software updated and having a robust antivirus software that is also updated. Here are some best practices for protecting against ransomware:

• Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments.
• Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
• Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up.
• Using cloud services could help mitigate ransomware infection, since many retain previous versions of files, allowing you to “roll back” to the unencrypted form. ZOL subscribers can make use of CrashPlan For Africa to backup their data; this has the advantage of keeping previous versions of files, so if one is damaged or encrypted you can recover.
• New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them.
• Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.

Even with updated computer software and a robust up-to-date antivirus software, backup is the first line of defense in data security.

ZOL has a solution called CrashPlan For Africa, a world-class endpoint data protection and management solution that backups every version of every file - continuously and automatically.

The backups are time stamped and maintain timestamped versions, such that, if a user wants a version of a particular date for a file, they can download and restore it. This is important as it differentiates CrashPlan from other online backup services which replace files but do not keep different versions. So, if one’s machine is infected today, the user with CrashPlan can log-in and get the ‘last known good’ versions of their files/data.

Through Crashplan, your data will be secured in the following way:
• CrashPlan will silently and continuously backup your data, so you don’t have to worry about remembering to backup.
CrashPlan For Business will ensure uncompromising security, control and visibility of the entire workforce: All your corporate data is protected through data policies and governance, even in remote offices and sites, reducing the cost of device migration and enabling mobility, without putting data at risk.
• CrashPlan is highly secure because data is encrypted before leaving your device.
• CrashPlan also has 24/7 Telephone support with the benefit of Local cloud storage riding on Direct Liquid Backbone connections – lower latency, faster backup.

Given the potential costs to your business of a digital intrusion – in terms of physical and reputational damage, not to mention the costs of recovery, an investment in data security is essential. Through CrashPlan For Africa, ZOL provides a backup service for your computers whether you are a home or business user. For ZOL’s fibre subscribers, the CrashPlan service is zero-rated meaning that the backup will not eat up your data.

Contact ZOL
For more on CrashPlan details, contact crashplan@zol.co.zw or call 08677222111.