Program WinRAR, ki poleg
programa WinZIP velja za najbolj razširjen program za delo s stisnjenimi
datotekami na svetu, v sebi skriva ranljivost, ki ni bila odkrita kar 19 let.
V njem namreč obstaja kritična varnostna luknja, ki spletnim kriminalcem omogoča vstavljanje zlonamerne vsebine. Predvsem se je v zadnjem času uporabljal za širjenje JNEC, kriptovirusa, ki je po tem, ko je bila zadevna datoteka stisnjena, to trajno blokiral in jo zadržal do plačila odkupnine. Od žrtev kriptovirus zahteva plačilo, da plača 0,05 bitcoina, kar po današnjem tečaju znaša približno 175 evrov.
Ker je v obtoku nov kriptovirus, velja slediti naslednjim nasvetom, kako zmanjšati tveganja in pred tovrstnimi škodljivimi kodami zaščiti poslovanje podjetja.
Več informacij (v angleškem jeziku):
Compressed files have proven to be an endlessly useful tool among users. But perhaps the ambit where they’ve had most success is the business world. The fact that many corporations work in several offices scattered around the world, or even have employees teleworking, means that sending and receiving large files can be inefficient. Though virtually every company has cloud storage capacities, many use compression to send and receive files more easily.
However, using compressed files can often be counterproductive and, instead of helping transfer files, can lead to serious corporate cybersecurity problems.
A group of researchers has recently discovered an IT security flaw in one of the world’s most widely-used file compressors. WinRAR, the largest compressor along with WinZIP, has been discovered to harbor a vulnerability that had gone undiscovered for no less than 19 years.
In one of the WinRAR libraries, specifically UNACEV2.DLL, used to unzip .ace files, there is a critical security flaw that allows cybercriminals to insert malicious content. In particular, it has been used lately to spread JNEC, a piece of ransomware that, after the file in question has been compressed, permanently blocks it and holds it ransom. In order to recover it, the victim is asked to pay 0.05 bitcoins – roughly €175.
How to compress files securely
The appearance of this malware has forced companies and large organizations to take measures to protect their corporate cybersecurity and to protect themselves against cybercrime. These are some of the things that must be done to compress and unzip files without putting their information at risk:
1.- Update the compressor. Users often download WinRAR or WinZIP then stick with that same version without ever updating it. Nevertheless, since the discovery of JNEC, millions of WinRAR users need to update the software. Generally speaking, and quite apart from this incident, using the latest version of theses kinds of programs will help avoid future problems.
2.- Backups. The main problem that JNEC poses is that the cybercriminals who block the file demand a ransom to unblock it, and not even paying up can rule out this coercion happening again. Should this kind of blackmail happen, companies need to have backups of all their files in order to be able to use them if something were to happen. This is especially true of large and valuable files.
3.- Is compression necessary? Compressing a file can be very useful at times, but not necessarily all the time. Is it really necessary to compress any file in order to save space? Companies must avoid abusing this kind of tool. As well as having backups, they can make use of storage solutions in the cloud, or on their own servers with no Internet access.
How to stop infected files from coming in
The danger doesn’t just lie in the compression itself; unzipping also poses certain risks. This is why companies need a best practice code when it comes to receiving documents.
1- Monitor system activity. Nothing can ensure that out company won’t fall victim to a JNEC attack, or any other kind of ransomware. What we can do, however, is to closely observe the activity happening on servers and computers in order to avoid or mitigate problems. This is where Panda Adaptive Defense comes in; it is able to automatically monitor a company’s IT system activity in real time, detecting possible points of infection, and stopping problems even before they come up.
2.- Careful with emails. Employees in any company need to be subjected to a best practices protocol about receiving all kinds of files. When receiving a document, especially by email, they need to be alert to possible problems. What’s more, files shouldn’t be compressed when it is not 100% necessary or when the compression doesn’t significantly reduce the file’s size.
It is all about minimizing risks. Knowledge and sharing experiences are a fundamental part of it. This is why events such as the Panda Security Summit are so important. PASS2019 is an event for professionals and companies in the cybersecurity sector, and for those that want and need to apply the techniques and strategies revealed there. Because nobody can guarantee that a company won’t receive infected files. But what can be done is to establish appropriate measures to avoid unnecessary conflict and protect the whole organization’s corporate cybersecurity.