[Important Security Warning] New Fileless Extortion Software “SOREBRECT” Attack Warning
As this ransomware affects both individuals and organizations, the Alibaba Cloud security team suggests that system administrators and security engineers take the following precautions:
1. Do not expose port 3389 to the Internet. If you need to use RDP to administer remote machines, we recommend you set up a VPN and access RDP services through a VPN tunnel. You can also directly administer machines through the Alibaba Cloud ECS console’s “Connect” function.
2. Strengthen your Windows account passwords, and turn on audit logs so you can track who logs in and when.
3. Disable folder sharing, or set stricter security controls: public folder shares which do not require login are most at risk.
4. Apply patches regularly.
5. Backup all important files and documents regularly, and backup data to external storage devices that are not connected to the computer frequently. ECS’s “Snapshot” feature can be used for this.
6. Install anti-virus software, and avoid clicking on unfamiliar links.
7. Use Alibaba Cloud Anti-DDoS Pro and Server Guard to detect and defend servers automatically.
If you have any questions, please feel free to contact us via ticket.
Alibaba Cloud Security Team