This advisory is provided as a courtesy.
We would like to bring to your attention that there has been a noticable rise in ransomware threats and infections in recent months, both in Singapore and all over the world.
What is a ransomware?
Ransomware is a malware type which encrypts files and data inside a computer or server and holds them ransom, restricting access to the files until ransom is paid. It may affect different type of operating systems (Linux and Windows) depending on the type of the ransom malware, and some malware variants can also traverse across network and encrypt files on shared and/or network drives.
How does the ransomware spread?
While most of the ransomware spreads due to accidental opening of the viruses on phishing emails by unsuspecting users, ransomware can also be injected through some exploits or vulnerabilities on servers' operating systems and applications.
What is the symptom of ransomware infection?
When ransomware infection happens, users would not be able to access the files on the server, and a ransom note will usually saved on the infected disk, to inform the user of the ransom, with instructions on how to make payment (usually in Bitcoin) to get the decryption key. Note that paying the ransom doesn't guarantee return of access to the files.
How to mitigate ransomware attack on my servers?
1. Update your server's OS and applications regularly
Ensure that your servers's operating system is up to date and installed with all the latest patches. Run Windows Update on Windows systems, and "yum update" or "apt-get update && apt-get upgrade" on Linux CentOS and Ubuntu/Debian systems regularly.
Ensure that you also patch your running applications to the latest versions. If you are running CMS applications such as WordPress, Joomla or Magento, ensure that the applications, as well as the plugins are updated with the latest version. Avoid using out-of-date plugins and applications which are no longer maintained by the vendor.
2. Perform file backup regularly
Ensure that you perform backup of all your files regularly. Note that our public cloud services do not come with backup by default, you are strongly advised to perform your own backup or subscribe to our online backup service for the purpose.
3. Follow best practices to stay safe online
If you are using your cloud server as workstations (e.g. virtual desktop), please ensure that you follow the best practices to stay safe online. That includes not visiting any suspicious websites or click any links there, avoid opening suspicious email attachments and most importantly, do not download and install software from unofficial or disreputable sources.
My server is infected with ransomware. What should I do?
In the event that your server is infected with ransomware, we would recommend you to rebuild your server's operating system and install all the latest patches, before you restore back your applications and data. We also strongly advise you to check your applications to ensure that there are no exploits.
If you have re-installed the OS and installed all the latest patches, and yet your servelet is still infected, then most probably it's due to exploit on the application level.
References:
https://www.csa.gov.sg/singcert/news/advisories-alerts/ransomware
https://www.us-cert.gov/ncas/alerts/TA16-091A
??
English
Bahasa Indonesia
???
Espanol