Windows 7 does have some built-in security protections, but you should also have some kind of third-party antivirus software running to avoid malware attacks and other problems -- especially since almost all victims of the massive WannaCry ransomware attack were Windows 7 users. Hackers will likely be going after Windows 7 machines even more often now that Microsoft support has ended.
Trend Micro anti-virus software leaves users open to attack
December 2019 - The latest version of Snatch ransomware installs a Windows service SuperBackupMan that is configured to run in Safe Mode. Once a forced restart is complete, and the system is in Safe Mode, those AV solutions not configured to run leave the system exposed and able to be encrypted. Researchers at Sophos also found it uses RDP as the initial attack vector, can exfiltrate, system information, monitor network traffic, install surveillance software and install remote access trojans (RATs). The payload for Snatch uses the open-source packer UPX to help obfuscate detection of its malicious code. This is very powerful and dangerous stuff here that has attack ramifications both immediately and in the future, depending on how patient the attacker is.
Researchers at Coveware recently analyzed ransomware attacks during Q2 of this year and noticed a similar trend in ransomware attack methods by cybercriminals. The two methods that are gaining popularity by ransomware gangs are email phishing attacks and brute force attacks. To help protect your organization's network you can take additional security measures such as multi-factor authentication, frequent software updates and patches, and most importantly, implement new-school security awareness training.
Ransomware is malicious software that gains access to sensitive information within a system, encrypts that information so that the user cannot access it, and then demands a financial payout for the data to be released. Ransomware is commonly part of a phishing scam. By clicking a disguised link, the user downloads the ransomware. The attacker proceeds to encrypt specific information that can only be opened by a mathematical key they know. When the attacker receives payment, the data is unlocked.
2ff7e9595c
Comments