Avoiding Scamware that Purports to Stop WannaCry
The media has widely covered the WannaCry ransomware attacks. It would be difficult to find anyone who hasn’t heard about WannaCry, even among those that don’t follow technology. One positive outcome of this publicity is a significant increase in awareness. That’s a good thing. There are a lot more conversations happening about ransomware than ever before, and many people are considering, often for the first time, what steps they can and should take to protect themselves.
Unfortunately, unscrupulous individuals are trying to capitalize on the fear that WannaCry has created and the legitimate motivation people have to protect themselves. We are seeing a whole new breed of malacious scamware applications that purport to protect devices from WannaCry infections. Unfortunately, these fake applications are a complete fraud and don’t do anything to actually prevent WannaCry. They may actually infect the victim’s device with additional malware. McAfee recently stated on their blog: “cybercriminals often seize the opportunity of trending topics . . . to distribute malicious payloads even on official apps markets.”
Scamware Decryption Tools
There’s also been a flurry of scamware that promises to decrypt the files that WannaCry or other forms of ransomware have scrambled. Ransomware victims often turn to Internet search engines for help, but doing so may lead to scams and fake applications that promise to restore files, but don’t actually work. Related scams tell users that their devices have been infected and promise to restore their system for a fee, even though no infection actually occurred.
So how do we protect ourselves from such scamware and scareware? The following guidelines will go a long way to prevent end users from becoming infected or falling prey to this type of malware.
- Be skeptical. End users need to be very cautious about what they click on, open, download, or install. Hastily clicking on an email, link or app can potentially create more problems than it solves. Users should carefully evaluate every app before installing it. If in doubt, users should get help from their IT or security staff. There are too many scams and pitfalls to go it alone. For example, WannaCry only affects Windows devices, yet scamware exists that purports to prevent WannaCry from infecting Android devices.
- Scrutinize pop-up warnings: Pop-ups from strange or new sources that imply our devices are infected are often easy to identify as scams and users should avoid clicking on them. But scam artists are smarter than ever, often crafting messages that look legitimate and prey upon the less-technical. Be very careful when clicking on any pop-up warning. If you’re not sure, don’t click on it. Get help from your IT or security team.
- Download only from a trusted source. Apps and software should only be downloaded from a well-known and trusted source. For PCs, that’s usually the vendor themselves. Cautiously check each site to make sure it is the official vendor’s site. Don’t download from sites, authors, or vendors that you’ve never heard of, from third parties, or from sites that have added anything to the application. Instead of clicking on the link presented to you, go to the vendor’s official website for the update, patch, or to download new software. For mobile phones, only download apps directly from the phone’s authorized store. Google and Apple have security controls that will usually protect you. Download from their authorized stores and nowhere else.
- Use official vendor channels for updates and fixes. Legitimate vendors use their product’s standard mechanisms to distribute updates, patches, and fixes. They don’t utilize email or viral social media posts to send alerts, and they don’t usually require a download. Users should be very careful about downloading fixes that they receive by email or that they see on the Internet.
- Read application reviews. Before downloading any app (phone or PC) read what others on trusted sites are saying about the app. If there are no reviews, be skeptical. Look for another solution or get advice from a security expert before proceeding.
Unfortunately, when a major security threat like WannaCry surfaces, we can also expect a new round of malware that feeds off the frenzy. Fake protection, fake recoveries, and even fake attacks are typical, just as we’ve seen with WannaCry. But by exercising common sense and following a few policies and procedures, we can go a long way to protect ourselves from these new threats.
Latest posts by Bert Rankin (see all)
- Virtualization-Based Sandboxes are Vulnerable to Advanced Malware - January 12, 2018
- Malware Attack Vectors: What to Expect in 2018 - December 6, 2017
- Detecting Malware in Mac OS X Environments - November 30, 2017