Sunday, May 14, 2017

WannaCry Ransomware

Ransomware .
Ransomware - a type of malicious software designed to encrypt all your files, which will not be decrypted by the attacker until a sum of money is paid.

Check out my other post relating to Ransomware Risk Mitigation


WannaCry Ransomware :
This ransomware spreads via known vulnerabilities, which was patched recently by Microsoft MS17-010 . Once the system is targeted the files are encrypted and a countdown appears. The popup demands $300 dollars of payment to be made via bitcoin.





Which files are encrypted?
Almost all common extensions.

What to do if you have been attacked by WannaCry?

For now, do not pay the ransom. Restore the files from your backup.
Most of the previous ransomware attacks have a  way to decrypt the files without paying the ransom. However for wannacry at this moment there is no way.

Has the infection been contained?

Yes the infection being spread has been halted for now. Thanks to the good intentions of a researcher called MalwareTech.

 but everyone seems sure that another such attack is imminent.


Precautions to be taken:
  

Windows Update MS17-010
The virus uses ETERNALBLUE exploit, which is closed by Microsoft security update MS17-010 released in March. I recommend that you check update center for presence of such an update (by code) on your computer (for example, code for Windows 7 will be KB4012212 or KB4012215).
If updates are not installed, you can download them from official Microsoft website:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx


Close ports 135 and 445
According to the reports of antivirus companies, wcrypt penetrates computers through SMB (Server Message Block) ports. To prevent penetration, we block the ports 135 and 445 through which the virus penetrates (in most cases they are not used by ordinary users).
To do this, open the console with administrator rights (cmd.exe -> run as administrator). And we execute in turn 2 commands (after each command there should be status OK).
netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name="Block_TCP-135"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445"


Disabling SMBv1 support
The vulnerability can also be closed by completely disabling SMBv1 support. Run this command in cmd (run as administrator).
dism /online /norestart /disable-feature /featurename:SMB1Protocol
 
 




To prevent yourself from future Ransomware Attacks:


Back up necessary data from time to time. 

Update your OS to the latest. (the recent NSA exploit leaks about OS like XP will trigger more ransomware with different flavors)

Updating Antivirus or having the best, does not provide necessary protection against such attacks.

Do not open any emails from unknown senders.

Close the ports which you do not use.

Check out my other post relating to Ransomware Risk Mitigation
 


References:
For a detailed view on the attack:
https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/


 

Tuesday, April 25, 2017

Removing empty pages in SSRS Report.

How to get rid of blank pages in PDF exported from SSRS

This issue occurs when you have added some components to your SSRS report and the page width has increased. Mostly it is the right margin of the page.

 

Resolution:  go to the report in design view.

                     Right Click > view > ruler

                     Reduce the width now. Your report will now be void of blank pages.


Wednesday, January 18, 2017

Layoff the Bhim App (For Now)


BHIM app the UPI payment app introduced by the Indian PM is just another UPI app.

There are far too many competitors of BHIM such ICICI UPI app, HDFC UPI app, Axis Pay, PhonePe, SBI Pay etc.

However, BHIM was hailed as the most secure

“BHIM uses three-factor authentication and hence, is relatively more secure from a consumer point of view. It also combines the convenience of a mobile wallet with the security of net banking,” he said.

When a user opens BHIM application for the first time, the application automatically binds itself to their device ID and phone number — both of which are unique. This means that the same UPI cannot be used from two phones. The BHIM application will also not work on a phone which doesn’t have a SIM card.

“This uniquely identifies not just the device but the active number. If there is some fraud…you have an operational number plus the device ID, which in some cases can be masked, but a combination of both makes it easy to track the cell phone and law enforcement agencies can physically trace the person, if needed.” said a security firm researcher.

“The third factor is the UPI PIN, set by the user, which will be required for every transaction through the application.” No user would be able to do transactions without the UPI PIN, he said.



However after few days after the release of the app, lot of people are complaining about the app being sluggish.

There are other security concerns of the app such as,

  • The back button is not restricted and you can move back and forth the payment page.
  • The app is prone to SQL injection attacks.
  • The app is slow, (in fairness so are majority of the UPI apps)

So it is definitely worth to wait before you jump onto BHIM. The app makers stated that they are working on the issues and will release an update at the earliest.