Tag : ransomware

Are you promoting a safe Network?

security

On average, organizations take about 200 days to identify new ransomware threats. In combination with aging hardware, out of date software, poor network monitoring, and lack of professional IT assistance, this makes for quite the mess.

Hackers are less likely to attempt an attack against an automatically patched software or newly issued hardware. The reason being that vulnerabilities are lower and exploits for newly issued hardware most likely have not been found yet, or are already patched. Those that are behind in refreshing their technology are an easy target for attack.

Here are 5 best practices to follow to secure your network and avoid ransomware attacks.

  1. Improve Network Hygiene – Automatic deployment of patches and updates, replace old or out of date firewalls, IPS, as well as ensure you are using a quality email spam filtering service to protect against phishing and malicious links and sites.

  2. Defend Strategically rather than Haphazardly – It is recommended that organizations employ security as a big picture solution rather than single use. Integrated security is the best defense for networks as it reduces backdoor vulnerabilities and holes that might be exploited.

  3. Reduce Detection Time – It would be ideal if your organization had the tools and professional aid to recognize an attack as soon as it occurred. But most organizations find themselves in the dark for weeks before an attack is detected. By measuring the time to detection, you vet that the systems in place are capable or not capable of delivering the fastest detection time. This ensures that your organization can respond to threats in real time, and prevent further attack.

  4. Protect Users No Matter the Location – Ensure that you are protecting your users while they are on the company network and when they are not. Good password manager software and VPN tunnels are key to keeping to a good security practice. It is also important that you communicate with your users the importance of cyber security and illustrate good habits.

  5. Routinely Test Backups – Confirm that your backups are healthy and current. Test that they are free from compromise. If you are hacked, you will want to have backups that are ready to go.

 


 

If you are interested in reading the original article, or would like to educate yourself in more detail about the information presented in this blog post, please visit: https://newsroom.cisco.com 

Fully Booked hotel & ski-resort pays bitcoin to regain control

bitcoin

Four-star hotel and ski-resort in Australia paid a reported $1,600 ransom to regain control of its computer system during a fully booked weekend. The systems were kicked offline which temporarily interfered with room keys and guest check in among other things. This ransom marks the third attack on the hotel system, but the first time full control was taken. This may be why the hotel opted to pay the bitcoin rather than mess with the situation any further. Rather than risk losing revenue and fully restricting guests from checking in or out of their rooms the hotel worked with the hackers. Cheaper and faster said the hotel representative.

“Neither police nor insurance help you in this case,” Brandstaetter lamented to The Local. “The restoration of our system after the first attack in summer has cost us several thousand euros. We did not get any money from the insurance so far because none of those to blame could be found.” – PCmag

This is not the first time that a company has had to make the difficult decision whether or not to pay the bitcoin and risk losing that money as well as their data, or not paying the bitcoin, and risk total lockout of the system. IBM Security ran a study that found 70 percent of businesses attacked and infected with ransomware have paid the dollar to regain access to their systems and or data.

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcmag.com

 

Cerber Ransomware – Business Model for Extortion

cerber ransomware

Cerber ransomware earned close to $200,000 in July alone, despite a payment rate of 0.3 percent (not even 1 percent!), due to its affiliate distribution model, according to Check Point Software technologies Ltd.and IntSights Cyber Intelligence.

If this rate were to continue, without increasing, that would mean a $2.3 million payout over the course of the year, said Maya Horowitz, group manager of threat intelligence at Check Point.

An affiliate model means that non-technical customers can run their own campaigns using the platform and still walk away with 60 percent of the profit. Customers receive access to management rools, Cerber’s Bitcoin laundering system, and of course, the Cerber ransomware. Horowitz reports that each day an average of eight new cerber ransomware campaigns are launched, adding to the over 150 affiliates.

Another “brand name” ransomware commonly seen today is Locky. Locky differs greatly from Cerber in that Locky is run by one solo team of threat artists, with all proceeds directly going to this team as they do not share their malware with any other parties. Cerber is acting as a business model, taking ransomware to a new level and allowing anyone to join in on the cyber crime cash cow. Not only does Cerber allow user to gain a 60 percent cut, but they also offer a 5 percent referral bonus for member that recruit. This is most certainly the future of malware, with more services to follow this model.

This is one of the first times that security researchers have been able to follow the trail. By extracting the unique Bitcoin wallet identifiers assigned to each victim, Check Point was able to follow the money trail to the central wallet, then to a network of other wallets that are apart of the Bitcoin mixing service, and then to the final destinations. Hundreds of thousands of wallets were followed, which allowed Check Point to actually see the payment rate of people who paid the Bitcoin ransom.

Surprising to most, the number was a very small 0.3 percent. In comparison to other ransomware reports, this percent is much lower. However, this number has been able to foster a hefty income.

 


 

To view the origin of this post, and to educate yourself in more detail, please visit : www.csoonline.com 

Do you understand the importance of cyber security?

cybersecurity-professionals-top-complaints

 

 

It is extremely important that you as the user understand why in the heck you should be concerned about the security of your device. Sure you may have heard about the tons of malware out there or the ransomware stealing millions from large corporations, but it is easy to disregard such headlines as a user. “What would anyone want with my computer?” proves to be the usual user mindset. It really does pay to be conscious however, and proactive none the less. Malware, and ransomware, a type of malware, is designed by cyber criminals with boatloads of knowledge as to how to steal your information, passwords, bank account numbers, log-ins, sensitive data and of course, your money. The general tactic appears in the form of downloaded malware or ransomware, unsuspecting to the user, waiting idly by until the person on the other side decides to take a dig into your life. Like the monster under your bed, but worse.

Malware  is something to worry about because for one, it is used to indefinitely steal your data and these days..your money. Not to mention the fact that if you happen to lose to cyber theft, not much can be done to help your case. Most cyber criminals operate in foreign countries outside U.S. legal jurisdiction, and to be honest even if they were, you still wouldn’t get your money back. It’s just not the way it works.

Don’t be a victim.

Ask anyone and they will tell you the quickest way to get hacked is by lack of updates for commonly hacked programs, basically leaving your doors unlocked and asking to be robbed, and by being tricked into installing a Trojan, the equivalent of the robber ringing the doorbell and you inviting them to stay for dinner before they rob you dry. Neither is good!

“Sure, there are hundreds of other methods: SQL injection attacks, password guessing, and so on. But nearly everything besides unpatched software and downloaded Trojans is statistical noise. In fact, if you fix the main two issues, you almost don’t need to do anything else.” – Roger A. Grimes computer security columnist for Info World

Malware can be broken down into worms, viruses, Trojans, and hybrids. Viruses spread by infecting other host files and when run initiate the malware to commence. Worms are self replicating, once started they need no further assistance. Trojans need victims to get to business. They do not spread themselves, rather the originating hacker must spread each copy to each victim separately, usually via email. The benefit to this is that unless you experience ransomware, that locks the device, Trojans can be removed once identified.

You’d be surprised the amount of users that still give away their logins to hackers every day. It’s insane. Typically the user is sent a phishing email asking for credentials and claims to be from a legitimate website. Many times the email makes a small call to action such as threatening the termination of service. Trust the website in this case, not the email and go directly to the website to confirm.

Signature-based anti-malware simply cannot keep up with the thousands of malicious programs that hit each month. That is just the truth of the matter. Some of the responsibility must be in the hands of the user, or a good IT management team. A single antivirus program can only get so far, it would be who of you to periodically run a boatload of free antivirus programs at once. Together, the programs together can identify what the single one could not.

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.infoworld.com

Ransomware – Never too late to negotiate

negotiate

Researchers claim that ransomware campaigns are usually willing to negotiate these days.

“Cybersecurity firm F-Secure released a new report, “Evaluating the Customer Journey of Crypto-Ransomware and the Paradox Behind It,” which claims that three out of four ransomware criminal gangs were willing to negotiate the ransom fee.” – Charlie Osborne, writer for ZDNet.

By creating a fake account, researchers were able to negotiate with hackers and even receive up to 30 percent “discounted” from their ransom. This changes what we already know about ransomware. Many times when ransomware takes hold, a deadline for payment is put into place, creating a sense of urgency and stress for the victim. Hackers want you to pay as quickly as possible, and often place a lingering threat of further file deletion if payment is not met in a timely fashion. F-secure states that this is not exactly true, and that ransomware deadlines are more flexible than the average victim is aware of. As proven to be true with the fake account, each cyber attacker contacted by fake victims offered deadline extensions for payment. Remember this is for payment, not for letting victims off without file deletion.

F-Secure believes hackers are interested in establishing trust between victim and hacker to ensure they receive payment in some form. Hackers don’t necessarily care about the files lost, but are willing to work with you, purely for payment purposes. Begging and pleading still won’t get you much more than that.

As always, taking steps to stay secure is the best practice to avoiding ransomware. Negotiating is now on the table, but the reward is small in comparison to avoiding the malware altogether.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com 

Kansas Heart Hospital- Paying the ransom still wasn’t enough

bitcoin, ransomware

The Kansas Heart Hospital in Wichita, recently found themselves at the mercy of a ransomware nightmare. Seeing as the demands were not unattainable or extremely high, the hospital decided to simply pay the Bitcoin, thinking that would be the end. Not quite. After the hospital paid the Bitcoin, the hackers decided that the hospital was a willing target for even more money! The hackers received payment and decided to hold back some of the data they had encrypted and proceeded to demand more money from the Kansas Hospital.

To my surprise, the Kansas Heart Hospital didn’t end up giving any more funds to the hackers. We aren’t sure if they decided the data was not of importance, or if the hospital employed some tech support from a trusted source. Whichever the case, I appreciate the hospital standing firm in their decision to not pay anymore Bitcoin. As many have been urged to not pay absurd ransomware demands, it can be terrifying when the circumstance comes about. Helpless, I’m sure is how many ransomware victims feel.

Nevertheless, it is important to be aware of malware and ransomware threats. Nearly half the hospitals in the United States have been attacked by some variable of malware/ransomware. An official at the Kansas Heart Hospital even told reporters that they “were aware of the ransomware threat and had a plan in place to deal with it”. Better make sure you have a plan B too.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: Hospital pays ransom, ransomware demands more money

Ransomware like scam – Windows Product Key is “Invalid”

 

Now that ransomware is on the brain, a few crooks posing as tech support are tailoring their skills to work the system. A lock screen appears on your PC and claims that a users Windows license has expired and to simply call the tech support number provided in order to quickly and effortlessly solve the problem. A fake Microsoft technician answers the line and is more than happy to help, if you are willing to pay the price.

Users will see a lock screen appear on their machine that truly resembles a genuine Microsoft program. After the program installs it waits patiently for the user to restart the PC. After the restart the program activates and sequentially takes over the desktop and displays a highly sophisticated Windows Update screen. Unrecognizable to the naked eye that this is in fact ransomware.

ransomware-like-tech-support-scam-100661683-large.idge

After the program activation, the infected PC will display a screen that tells the user the desktop has been made effectively disabled because of an expired license key, with the computer name being taken from the victims actual PC. Now that the PC is locked, the user thinks they are doing the right thing by calling the number provided and talking to who they think is a tech support working for Microsoft.

Malwarebytes called the number, and a fake Microsoft technician revealed a hidden functionality. Hitting Ctrl+Shift+T would bring up a built-in installer for TeamViewer. The tech support scammer on the other end of the call refused to give much more information without the $250 to unlock the PC, which of course, Malwarebytes did not pay.

If a user refused to pay the fee requested, they would have little resources to fix the machine on their own. Fortunately, security researchers have found a small loop hole. Discovered by  @TheWack0lian, Ctrl+Shift+S will allow users to kill the winlocker without touching the contents of their machine. The hardcoded values “h7c9-7c67-jb” or “g6r-qrp6-h2” or “yt-mq-6w” can be entered as the product key. These may work to unlock the machine, but is not a fix across the board as they will not work for all versions of the lockers.

If you would like to educate yourself in more detail about the information presented in this blog post please visit: Ransomware-like tech support scam locks screen, labels Windows product key as invalid

Businesses Beware- FBI warns Ransomware is on the rise

ransomeThe FBI released statements of warning this week about the rapid growth of ransomware attacks. As attacks become more frequent and sophisticated, it is crucial that businesses are proactive about ransomware prevention. The influx of attacks against hospitals has made ransomware a major threat to the U.S. healthcare industry this year and will only continue without proper protection.

Years prior, ransomware was delivered through email. Now that email systems have evolved, and spam settings have become more sensitive, cyber criminals have stepped away from email delivery. Seeding legitimate websites with malicious code and taking advantage of unpatched software on end-user computers, there is no need for an individual to click on a link in order to be infected. In a usual email attack, a user may see an email addressed to them and open it. Unsuspectingly clicking on the attachment that appears no different than any other attachment, the malware code is then able to access the victims machine and the rest is history.

Once the machine has been infected, the malware begins encrypting the files and folders on local drives, including attached drives, backups and even other computers on a shared network. As seen many times this year, organizations are often unaware of the attack until they are unable to open their files and retrieve data. Sometimes organizations are not made aware of the encryption until messages start to display ransom payment in exchange for a decryption key.

Whether or not to pay the ransom is still under debate. The FBI does not encourage payment, only because paying the bitcoin does not guarantee the safe return of sensitive data. Morally, payment would be frowned upon, as it is most certainly funding illicit criminal activity and encouraging more attacks. However, it is understandable why many have been forced to pay, simply put businesses need their data in order to survive. Unfortunately ransomware criminals know that all too well.

Prevention Measures 

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
  • Back up data regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

If you would like to educate yourself in more detail about the information presented in this blog post please visit: FBI: Ransomware threat at all-time high; how to protect company jewels

Ransomware Attacked My Mom’s Computer

04CYBERWALL-facebookJumbo
How My Mom Got Hacked, a real life story about Brooklyn artist who receives a panicked phone call from her mom one day complaining her personal computer has been taken over by some sort of strange encryption. The story unravels the journey Alina Simone and her mom Inna endure in order to restore the files back from the hackers. After the initial shock of the situation sets in the two research their options and realize, as many do, that there is little to no answer as to how to get the files back without paying the hefty $500 ransom fee.

“I thought it was a typical mom rant about hr hardware crashing and having to pay the repair people $500 because her computer crashed.” Like many of us do when our parents call us after a long days work, Alina didnt take her mom seriously. Seeing as it was Thanksgiving weekend, a major snowstorm had just hit, and the ransom deadline was already decreasing to less than a 24 hour bracket, Alina and her mother were frantic. Her mother didn’t make the deadline, and according the the hackers the ransom would double due to this. Inna pleaded with the hackers and they let her off with $500 ransom and all her files. Luckily.

Others, such as the case of the Hollywood Presbyterian Medical Center that was hacked in early February and had to pay a whooping 40 bitcoin, $17,000 ransom, in order to get their system back on track.

“The value of my personal files and pictures caps off somewhere. But [if] I encrypt the back-end of your corporate system and prevent you from processing payments, that has a tremendous value. And if the hacker can recognize the value of what he has, the ransom can be more dynamically set based on the content of the data.”explains Grayson Milbourne, Security Intelligence Director for Internet security firm Webroot.

From personal to corporate, ransomware is most certainly an eye opening experience to security vulnerabilities.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: The Growing Threat of Ransomware

Ransomware

 

Ransomware Malware Ransomware is the devilish and extremely debilitating program designed to lock and encrypt files in order to extort money from consumers, business owners, and even government officials. It seems that no one is safe in the fight against ransomware. Most ransomware programs are targeted at the most popular operating system, Windows. Ransomware programs can and will target other systems such as Android applications, Mac OS X and possibly even smart TVs in the near future. Not only is this an unsettling forecast for consumers, but also a call to action for preventative measures to protect your most important data files.

What can be done? Most users have learned the hard way that it is better to back up sensitive data to an external hard drive. However, this type of malware is tuned in to this. When a ransomware program infiltrates a computer, it infects all accessible drives and shared networks, encrypting all files found. This makes for a very irritating discovery of locked data across the board.

Rather than rely on the external hard drive method for backups, it is suggested that consumers adopt a new best practice. Ensure at least three copies of sensitive data are made, and stored in two different formats. At least one of these copies should be stored off-site or offline. This way if ransomware locks files away consumers are not forced into a sticky situation of deciding whether to risk paying for the data retrieval or losing the data forever.

What to do when faced with ransomware? Not much can be done once ransomware has attacked. Most security researchers advise not paying for files to be unlocked, as there is no guarantee that the hackers will provide the deception key once paid. Security vendors also worry about the implications for fueling the fire. The more consumers give in and pay for the safe return of their data, the further encouraged ransomware criminals become to continue this practice of extortion.

If I haven’t said it enough already, I will say it again. Prevention is key. Know how ransomware reaches your computer. Be especially careful of email attachments, word documents with macro code, and malicious advertisements. Always keep the software on your computer up to date. It is especially important to ensure that OS, browsers such as Flash Player, Adobe Reader, and Java are always updated when available. Unless you have verified the senders, never enable the execution of macros in documents. Finally and most importantly, perform daily activities from a limited user account rather than an administrative one. And always, always, utilize a well running and up to date antivirus program.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcworld.com/article/3041001/security/five-things-you-need-to-know-about-ransomware.html