RansomwareSponsored by Webroot

70

Solutions

194

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Topic Sponsored by Webroot
Part Two of the two-part Q&A series with MalwareTech.
4
Get 15 Days FREE Full-Featured Trial
LVL 1
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
3
 
LVL 11

Expert Comment

by:Andrew Leniart
Comment Utility
Thanks for sharing your story. Ransomware is a topic I follow closely and have a lot of interest in. Sorry to hear you were hit by these criminal scum bags and while it irks me to know they profited from your misfortune not once, but twice, I understand the dilemma you were faced with. Backups are something we all tend to fall lax with at times and this story highlights the reasons we all need to stay vigilant. Good luck for the future.
0
BecomingMalwaretech-SocialMedia-Nati.pngEver wondered what it takes to become a threat intel expert like Malwaretech? Check out our first Q&A release where Marcus discusses his background and predictions for the next threat in malware.
4

Cyber News Rundown: Edition 7/21/17


Cyber-News-Rundown-WordPress-800x600.jpg
Malware Lurking in Game of Thrones Torrents

Viewers hoping to catch an illegal copy of the season 7 premier of Game of Thrones, released last Sunday evening, stumbled across something much more dangerous than White Walkers. The most pirated TV show in the last 5 years, Game of Thrones torrents often come with an extra side of malware, and have even released a Cerber ransomware variant onto unsuspecting viewers. While some lucky pirates have escaped with clean torrents, others haven’t been so fortunate. Use caution in all your internet activities, whatever they may be.

Twitter Porn Bot Shutdown

In the last few weeks, researchers have been attempting to bring down a Twitter botnet that took over 86,000 bot accounts to send out a relentless stream of porn ads to Twitter users across the globe. The botnet itself began by creating systematically generated Twitter accounts to send out a malicious URL payload to victims, which would then redirect them to a variety of porn sites controlled by the same network.

Adoption Data Leaked in Newcastle

Recently, officials of the Newcastle City Council have been attempting to resolve a data breach in which a spreadsheet of over 2,700 adopted children’s information
5
ive been hit with a ransomware attack
I can still use the computer but all word docs have been encrypted
I can open docs but they are blank
is my only option paying or can I get these back?
they are requesting over £800
0
QTT2017.PNG
In This Issue:
Streaming Malware Detection and Trends

More information here.

Although malware and potentially unwanted applications (PUAs) such as spyware and adware have been a top concern for years, many organizations still find themselves overwhelmed by the abundance of modern threats. This quarter, we examine malware trends, get insight from Webroot CTO Hal Lonas on dissolving security perimeters, and present findings from two recent surveys on how security professionals will focus their security efforts over the next year.

Get the latest Threat Trends Report now!
2
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard yourself from future ransomware attacks.
2
Part One of the two-part Q&A series with MalwareTech.
7
Experts Exchange got the opportunity to interview MalwareTech, the 22yr old who discovered the WannaCry kill switch. Check out his advice on security and future security threats, as well as his comments on the importance of tech communities.
5
 
LVL 31

Expert Comment

by:Zoppo
Once a customer called me and told our software tells him 'Hardlock not found' - after 10 minutes verifying everything (driver, service, client) was installed fine and running, just for fun and coz I was a little bit frustrated, I aksed if he really plugged in the hardlock - the customer was a bit surprised and answered "No, it's here, laying in front of me, on my desktop - do I have to plug it somewhere?"

Another time I sent a PDF docu to a customer - he answered with a mail asking me what to do with this PDF. I wrote 'just open it to read or print it' - he answered he doesn't know what 'open' means and asked me if it would be possible that I open the PDF and send it to him 'opened'.

And one of my favorites, allthough it wasn't directly me: Once surprisingly I heard my colleague (usually a relaxed guy) yelling loud into the telephone "NO! STOP! Stop EVERYTHING! DON'T TOUCH the mouse! DON'T TOUCH ANYTHING! When I tell you 'click', click EXACTLY ONCE with the LEFT mouse button! WHEN I TELL YOU 'double click', click EXACTLY TWICE with the LEFT mouse button! As long as I don't tell you anything DON'T TOUCH ANYTHING!!!"
0
Skyport2-SocialMedia-LinkedInV2.pngDid you miss our co-branded webinar with Skyport Systems yesterday? Check out the recorded webinar available on-site to learn how to secure your Active Directory against security threats.
1
Are You Headed to Black Hat USA 2017?
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Let's recap what we learned from yesterday's Skyport Systems webinar.
1
Cyber-News-Rundown-WordPress-800x600.jpg
Cyber News Rundown Edition: 7/14/17

Verizon Call Logs Found Exposed Online

Over the past month, researchers have been learning more about the recent discovery of unsecured customer service call records for over 14 million individuals on an Amazon server. The server in question is controlled by Nice Systems, an enterprise software company based in Israel, and contained call logs from January through June of this year. In the unencrypted records were customers’ names and their Verizon account login credentials. Even after Verizon became aware of the server’s vulnerability, it took over a week to get it properly secured by Nice Systems.

Bupa Healthcare Services Breached

In the last week, international healthcare provider Bupa was the victim of a data breach that included basic customer information, such as names, birthdates, and nationalities. The breach originated with an employee incorrectly transferring data between systems of Bupa Global, which handles international health insurance for frequent travelers—around 108,000 customers in total. The affected branch of Bupa has contacted all affected customers, and has stated that no other branches worldwide have been compromised.

Botnets Distributing New Point-of-Sale Malware

With the recent influx of botnet-related cyberattacks in the last year, it’s hardly surprising that Point-of-Sale malware is now spreading through the same channels
3
Bupa breach affects more than half a million customers

A London health insurance agency has been hit with a massive data breach. The personal information of about 547,000 people was compromised.

More info here
1
Cyber-News-Rundown-WordPress-800x600.jpg
Cyber News Rundown: Edition 7/7/17

British Lawmakers’ Logins Targeted

Over the last week, multiple parliament members and other lawmakers in the UK have been the focus of cold-callers attempting to gain login credentials, following a successful brute force attack that compromised the credentials of several other officials. Passwords for the remainder of the parliamentary staff have received a force reset to avoid any further exploitation of their systems.

Banks Still Struggle with Security

The Online Trust Alliance recently conducted an anonymous study of 1,000 websites across many different sectors, to test for security, privacy, and consumer protection. Of the 100 largest US banks in the study, only 27% passed all 3 categories, while 65% failed in at least one category. Although the American Banking Association still believes that banks are the current standard for security, the long list of breaches throughout the last year alone leave many consumers questioning just how secure their banks really are.

Sabre Breach Exposes Google Employee Data

In the past few days, Google has been sending out notifications to employees after Sabre Hospitality Services experienced a breach in their reservation system
4
bitcoin_photo_via_shutterstock.jpg
This just in... Humans Still the Weakest Link

"The fact that access appears to have been initiated by initially compromising an employee's personal PC is a very worrying development – highlighting huge failings on so many levels, from an employee education and training standpoint, all the way to administrative and technical controls, to monitoring and enforcement." -  David Kennerley, director of threat research at Webroot.

More on TheRegister.
5
 
LVL 2

Expert Comment

by:Christopher Rourke
Good ol' PEBCAK :) Thanks for the article link.
1
 

Author Comment

by:Drew Frey
Happy to share, Christopher! There's an educational component most people could use to help combat PEBCAK :)
1
1
This question may not make sense at all but would like to still give it a go:

what are the risks our EMC VMAX SAN to ransomwares & how are the attacks/
infections likely to occur?

Our MS Exchange's huge partitions are on SAN as well as our servers' database
& applications partitions.  Our PCs/laptops don't use SAN.

I can see the largest malwares & ransomwares being blocked is via our emails
(in thousands or tens of thousands monthly) compared to only a hundred or
less being blocked by endpoint AV & proxy : so how is this translated to our SAN?

A very unique question from our management.

So how do we mitigate ransomwares risks to SAN?  Just by endpoint AV & our
email filtering (which we use Proofpoint which reported tons of ransomwares
& ransomware downloaders being blocked monthly)
0
hi guys

I am setting up a Excel password sheet that is protected with information regarding  our domain passwords and switches etc. With the issue of ransomware etc becoming a grander problem by the day, I am now being asked to not only create these protected password sheets on the network, but also in the cloud with providers like 'LastPass'.

Would you or have you done this and feel safe to put your passwords in a vault in the cloud?

Thanks for helping
Yashy
1
0
 

Expert Comment

by:Pierre Ammoun
Where can I find basic guidelines to "educate the users" on being careful about malware ransomware ?
1
 

Author Comment

by:Alix Postan
Hi Pierre! That's a great question! Here are some links to some articles that I think would help educate users about being careful about malware:

1) 7 Things About Information Security Your Boss Wants to Know: http://www.uzado.com/blog/7-things-about-information-security-your-boss-wants-to-know

2) 7 Tips for Dealing with Internet Security Threats: http://www.uzado.com/blog/7-tips-for-dealing-with-internet-security-threats

3) 5 Best Security Blogs You Should be Reading: http://www.uzado.com/blog/five-best-security-blogs-you-should-be-reading

Hope that helps! Let me know if you need more articles!
0
Optimize your web performance
LVL 1
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Hello all
I have many workstations that are similar. And all are on domain.
They are all infected with a virus. Except one.
I would like to clone the good one and over write the infected ones. And then run sysprep on that machine. Any ideas what is the best software to do that. Or best advices you can give. ?
We can worry about he activation later. How long will the work before the activation pops up and block users from work.  ?
We are expecting SCCM to get back up and reimage the machines properly in two weeks. So this is just a quick way to get workstations back up and running.
0
I am looking at disabling SMB on all our Servers and workstations through a GPO.
Servers being Windows 2012r2, Workstations being Windows 10.

Few questions.
- If you remove this, by design in Windows features, does it cause issues authentication issues?
- Referring to technet document, attached - when the registry changes take effect through GPO, what actually happens?


The idea is to eliminate risk of Ransomware attacks on our domain.
0
I am trying to decide whether to disable SMB1 in a few of the domains I manage to protect against WannaCry / Petya copycats.

I have a windows Server 2012 domain with Windows 7 Clients and I also have a SBS2011 domain with windows 10 clients.

I have patched all the clients and servers so I know my machines are protected against the current outbreaks. Yet most of the advice I am reading still encourages us to disable SMB1 even with the patches installed. Perhaps for copy cat viruses that may find a way to expose the exploit.

I don't have legacy systems accessing shares so I dont believe I will have problems there.

What is the view of other people??? should I disable SMB1??

Below is the link I was following to disable... Is it sufficient to setup the GPO's to disable SMB client and server on all domain clients and servers??
https://support.microsoft.com/en-gb/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows
0
Today is the last day to enroll in June’s Course of the Month. With ransomware attacks on the rise this year, we encourage all members of our community to enroll and avoid becoming part of 2017's statistics. Premium members, Team Account members, and Qualified Experts will have 30 days after enrollment to complete the course. Don’t miss this opportunity to enhance your security!
3
I've been researching these recent ransomware attacks, but have not found what I'm looking for, maybe because there's so much out there I just haven't gotten to it all. Cutting to the chase ...

I've found that petya encrypts files with certain file types (of course). Does it retain or change the modification time of the encrypted file?

Does either petya or wannacry create ransom message files like cryptowall's HELP_DECRYPT?

Are there any additional indicator files these malware will create on e.g. a shared NAS storage device (versus simply on the infected computer itself).

According to what I've read this variant uses the Windows Management Instrumentation Command-line (WMIC) interface for lateral movement over SMB (Server Message Block) and using the EternalBlue (MS17-010) exploit. Questions:

Is it possible for a pure Linux system which does use CIFS?

Is it possible for Windows workstations peers to infect each other in a system that does use Samba for file sharing on Linux hosted Samba mounts?

Is it possible for this malware to infect Linux workstations?

Can anyone provide some references on more details on Wannacry and Petya?

--more information ...

I found this at https://blog.barracuda.com/2017/06/29/notpetya-both-more-and-less-than-it-seems

A typical NotPetya attack we observed starts its life as an RTF file with a .doc extension attached to an email ... In the RTF attack vector, using a .doc file extension helps ensure that Microsoft …
1
3

RansomwareSponsored by Webroot

70

Solutions

194

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.