Tagged: ransomware Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:03 am on August 4, 2017 Permalink | Reply
    Tags: Kronos, , Marcus Hutchins, ransomware,   

    Arrest related to Wannacry made, but it’s not who you might think 

    Arrest related to Wannacry made, but it's  not who you might think

    Back in May, a number of computers and corporate networks were infected by the WannaCry ransomware attack. If you’ll recall, Wannacry would encrypt your files and instruct you to pay a ransom in Bitcoin to unknown attackers if you wanted your files decrypted. A British researcher was widely credited for finding an exploit in WannaCry where it could be disabled. Now, that man has been arrested.

    23-year-old Marcus Hutchins was arrested at Defcon, a cybersecurity and hackers conference that’s held annually in Las Vegas. The US Justice Department says Hutchins was allegedly part of another piece of malware called Kronos, Kronos is said to be used in stealing log in information of financial websites enabling an attacker to gain a users’ financial information in theory. The DOJ believes Hutchins made and sold Kronos resulting in a six-count indictment against him, however, those who know him from the cybersecurity field say Hutchins was dedicated to stopping attacks like Kronos and could not possibly be guilty of the crimes he’s accused of.

    Meanwhile, the attackers behind WannaCry finally collected their $140,000 in Bitcoin ransom. While it will be difficult for them to convert Bitcoin into cash without revealing themselves, prosecution may be unlikely considering the attack was believed to have originated from North Korea.

  • Geebo 9:01 am on June 28, 2017 Permalink | Reply
    Tags: Petya, ransomware   

    New ransomware might not be able to be paid off 

    New ransomware might not be able to be paid off

    Yesterday, a new ransomware attack swept across the globe. The attack first hit the Ukraine before affecting business in Russia, The Netherlands, The UK and the US. The ransomware known as Petya seems to have had an even bigger effect than the recent WannaCry attack. Like WannaCry, Petya asks the victims for money in Bitcoin. While a number of business have started keeping Bitcoin on hand for just such an event, it might not be that simple this time around.

    Petya requires its victims to contact their attackers at a certain e-mail address. The e-mail provider has shut down that address. So now, if the ransom is paid, there’s no way to let the attackers know. Meanwhile your files are still encrypted and you’re also out the money used for ransom. On top of that, the ransomware keeps replicating itself not knowing that it’s been cut off from home.

    Again, even if Petya could call home, there’s never any guarantee that the attackers will release your files even if paid. After all, these are extortionists we’re dealing with. Like their counterparts in the analog world, once these attackers get a taste of your money they may try to squeeze you for more.

    Remember, keep your system updated and patched, and avoid any strange attachments and downloads for best practices.

  • Geebo 9:03 am on June 9, 2017 Permalink | Reply
    Tags: Popcorn Time, ransomware   

    Ransomware makes you choose between your friends or your files 

    Ransomware makes you choose between your friends or your files

    With the WannaCry ransomware attack largely gone, news is making the rounds of another type of ransomware that is even more malicious than that. While this other attack has also come and gone, the thought process behind it is so malicious in its genius that it’s worthy of discussion. The ransomware is called Popcorn Time, and it forces you to make a choice of Faustian proportions.

    If your system were to become compromised with this ransomware, you’d be offered two options to unencrypt your files. You can either pay the ransom of one Bitcoin to the attackers, or you can simply click a button and spread the ransomware to two of your friends. These two friends will then be sent a disguised link to download the ransomware, and once their infections are recognized by the attackers, your files will be released. Testing people’s morals like this at the expense of other people could almost be considered super-villainy. Dr. Evil would be proud.

    While no method is 100% foolproof, you can protect yourself from ransomware attacks. Keep your system updated regularly by turning on automatic updates. Also, the age-old adage applies of never clicking on links or attachments in emails from people you don’t know. Regularly backing up your data to the cloud or an external device also goes a long way in saving you from having to deal with lost data. Because in the end, isn’t better to take some extra time to protect yourself than it is dealing with the fallout of a no-win situation?

  • Geebo 9:00 am on May 18, 2017 Permalink | Reply
    Tags: , ransomware   

    Should companies keep Bitcoin on hand in case of ransomware? 

    Should companies keep Bitcoin on hand in case of ransomware?

    In wake of the recent WannaCry ransomware attack, cryptocurrency Bitcoin has been in the news a lot lately. In a nutshell, Bitcoin is a digital form of currency that is almost completely anonymous. While it can be used for legal and legitimate transactions, Bitcoin does have somewhat of a shady reputation since it’s not only used as the method of payment to unlock ransomware, but it’s also been used as the de facto form of payment in dark web black markets like Silk Road.

    The people behind the WannaCry attack have so far claimed close to $100,000 in ransom. That’s not a lot when you consider that they were asking between $300 and $600 for each machine that had become infected that was said to number in the hundreds of thousands. According to NBC News, a number of companies have been stockpiling Bitcoin in order to quickly resolve any ransomware attacks they may become the victims of. Is this good business? Well, yes and no. As mentioned before, there is never any guarantee that the encrypted files will ever be released if the ransom is paid. However, it could be more financially viable for some companies to pay the ransom rather than deploying a battalion of IT workers to hopefully fix the problem. Either way to finding a solution a is a huge gamble and neither of them have any kind of beneficial payoff.

    Paying off ransomware may get your files back, but in the long run it encourages more groups to launch more attacks.

  • Geebo 9:01 am on May 15, 2017 Permalink | Reply
    Tags: , ransomware, ,   

    Latest ransomware attack shows need to keep systems current 

    Latest ransomware attack shows need to keep systems current

    Do you work for a company that still uses Windows XP because there’s a crucial piece of business software that only runs on the 16-year-old operating system? If so, your Monday morning may not be the most productive due to a global ransomware attack called WannaCry. For those of you who may be unfamiliar with the concept of ransomware, it’s a piece of malware that not only infects your computer, but encrypts your files and does not allow you to access them until you pay the hackers holding your system hostage a ransom that it paid through the cryptocurrency Bitcoin. So far, WannaCry has infected over 200,000 systems in 74 countries including a large Spanish telecom and the National Health Service in the UK. In the US, courier service FedEx has said that a portion of their systems have been infected as well.

    The attacks started this past Friday and a security expert was able to find a vulnerability in WannaCry, but since then a new version of the malware has been spotted out in the wild. Since the new version of WannaCry went out during the weekend, a number of companies could be infected and not even know it until they start booting up machines today. The malware was designed specifically to exploit a vulnerability in a number of Windows-based operating systems based on an NSA spy tool that was released to the public by another group of hackers. Windows released a patch for the exploit, even for Windows XP which stopped receiving regular updates from Microsoft in 2014, but many systems unfortunately remain unpatched. Both the US and UK governments are urging those infected with WannaCry to not pay the ransom, which is said to be around $600 USD per infected machine. There is no guarantee that your files will be released once the ransom is paid.

    If you are still running Windows XP at home, you’re running a machine that is ripe for the pickings by malware and ransomware. As previously mentioned, since Windows XP is no longer supported by Microsoft you are no longer receiving any security updates. There are many free to low-cost alternatives to running XP, such as running a more secure Linux operating system. If you’re a business still using XP because the software needed to run your business only works on XP, it is highly recommended that you upgrade to a more current operating system like Windows 10. While it may be saving you money now to keep using the antiquated OS, in the long run it could cost you your entire network. There are simple and low-cost ways to run XP exclusive programs and applications in Windows 10. Lastly, if you think that you’d rather press your luck against such attacks remember this: it only takes one employee to click on one bad attachment to bring your entire operation to a grinding halt.

  • Geebo 10:02 am on August 17, 2016 Permalink | Reply
    Tags: , , ransomware,   

    New ransomware knows you by name and address 

    New ransomware knows you by name and address

    Ransomware is a nasty bit of malware that can lock you out of your computer or network and will hold your files ransom until you pay a bad actor to release them. One of the more infamous ransomware incidents involved a hospital in Kansas that paid the ransom in order to regain access to their patients’ records. One of the main ways ransomware infects a computer network is when a user either opens a strange email attachment or goes to an infected website.

    Now the BBC is reporting a new type of ransomware that tricks you into infecting your computer with your own name and address. In this case the scammers will send you an email that appears to be a large bill that you owe. Normally scam emails like this are generic in their presentation however this new type of attack makes the email look more official by having your name and address listed. Like any other phishing email, it tries to trick you into clicking on to an infected website. Once your computer or network is infected and your locked out from your files, the ransowmware will not only detail instructions on how to pay the ransom with Bitcoin, but it will also give you a timer that shows you how much the ransom increases the longer you wait. There has been no word yet how the attackers have been able to match up the names and addresses to the email addresses. While the malware has only been reported so far in the UK, it’s probably only a matter of time before it shows up in the US.

    The best protection against ransomware is to not click on unknown email attachments or strange websites these emails ask you to click on. It also helps to make multiple back ups of all your important files. According to Wired, if you do become infected, disconnect any infected computer from the network and try to use anti-malwarwe tools to remove the infection from the computer. They recommend only paying the ransom as a last resort as paying the ransom only propagates the attacks.

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc