January 25, 2022
Good morning, everyone!
The latest critical vulnerabilities:
Patch All the Things!
Your personal incident response plan
You're working on your computer when something causes alarm bells – a strange popup box, or your web browser takes you somewhere you didn’t plan to go, a strange voice suddenly talking or singing from your computer, or it just freezes – What do you do?
You need a personal Incident Response Plan! Here goes:
(1) UNPLUG Disconnect the computer (or mobile device) from the network immediately. Either pull the ethernet cable out, or turn off the wireless access. If if won’t let you turn off wireless, and if you are in control of the wifi device you are connected to, unplug it from the Internet. The important thing is to disconnect the possibly-infected device from all other devices:
- First, to stop the spread. If you have been infected with a something like a cryptolocker ransomware, it could quickly spread across the network and infect other devices. Limit the potential damage by stopping the spread.
- Second, to cut off communication between the malware and its control server on the Internet. Quite often, the first infection is just snooping around -- trying to learn more about your system, what vulnerabilities are available for exploit, what kind of information is available to steal. The snooper malware will report back to its control server, and then someone will make a decision what really bad stuff to install on your device. If you cut off communication before round two happens, it’s usually much easier to clean the device and get back to business.
If you are unable to disconnect your device from the Internet, your last resort may be to kill the power. I wouldn't do this unless it’s the only option for potentially stopping the spread. Some malware, like the recent MBR Wiper, is only installed when the computer is rebooted:
According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note
(2) TAKE A PICTURE of whatever is showing on your screen. This will greatly help diagnose the problem and find a possible solution.
(3) CALL FOR HELP Don’t delay! Don’t take a screen capture, email it to a friend asking for advice, and finish emptying your inbox. The sooner you disconnect that potentially-infected device from the network, the better your chances for a speedy (and less painful) recovery.
I hope you found this helpful. Let me know what you would like to read about in future editions of this newsletter!
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺