Do not open suspicious emails, large numbers of threats being distributed by “Jaff / WannaCryptor” ransomware

ransom

ESET is aware of several ransomware outbreaks that stem from malicious emails that can be used to introduce threats to your system.

ESET identifies these threats as Wannacryptor.d and Filecoder.NLI (Jaff), and ESET detects and blocks these threats and their variants. Click here for a list of best practices to stop these threats.

ESET products can detect and block the malware. We strongly recommend that you follow the suggestions below to ensure the highest level of security on your computer:

You must have the latest Windows operating system updates and patches!

You can protect against this exploit by running Windows Update. For more detailed information about the Windows vulnerability and how to resolve it, see Microsoft Security Bulletin MS17-010 – Critical.

  • Make sure that ESET Live Grid is enabled in your ESET product.
  • Make sure that your ESET software is upgraded to the latest version and has the latest Virus Signature Database updates.
  • Do not open attachments sent to you in emails from unknown senders.
  • Warn colleagues who frequently receive emails from external sources – for instance financial departments or Human Resources.
  • Regularly back up your data. In the event of infection, this will help you recover all data. Do not leave external storage used for backups connected to your computer to eliminate the risk of infecting your backups. If your system requires Windows Updates to receive the patch for this exploit, create new backups after applying the patch.
  • Disable or restrict Remote Desktop Protocol (RDP) access (see Remote Desktop Protocol best practices against attacks).
  • Disable macros in Microsoft Office.

For more detailed information about how you can use ESET to protect your systems from ransomware infections, see the following Knowledgebase article:


2 thoughts on “Do not open suspicious emails, large numbers of threats being distributed by “Jaff / WannaCryptor” ransomware

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s