RansomwareSponsored by Webroot

61

Solutions

28

Articles & Videos

162

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Topic Sponsored by Webroot
Gain the added security of knowing you are prepared and properly protected against future ransomware attacks, such the Petya attack, with this free course! Premium members, Team Account members, and Qualified Experts have 3 days to enroll for June’s Course of the Month. Once you enroll, you have 30 days to complete the course.

3
Free Tool: SSL Checker
LVL 9
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

1
2
 
LVL 95

Expert Comment

by:John Hurst
Because:

1. People do not update their systems still.
2. People go to dodgy sites.
3. People open emails from complete strangers.

I am in no way surprised.
1
Petrwrap, specifically, targets the Master File Table (MFT), which is essential for your computer to find files on the computer. By targeting the MFT, the ransomware is able to attack individual files faster than if each file were to be encrypted one-by-one. The good news is… that Petrwrap is detectable by anti-virus tools. Unfortunately, if the anti-virus scanner is delayed in catching it, Petrwrap can easily get a foothold into the computer system and spreads very quickly. Moreover, the encryption is so strong, that it is unlikely to be able to break through the software and recover files.
Check out our blog post on “Why Vulnerability Assessments Are Insufficient” for more information on securing your servers.


http://www.uzado.com/blog/why-vulnerability-assessments-are-insufficient
3
Today's ransomware attack is spreading by SMB through the local network according to Marcus,
 @MalwareTech, who stopped the last attack—known as WannaCry—and is working to stop this one.
malware-tech.JPGPost your advice or news on the currently named "Petya" attack and be sure to ask any questions by tagging the topic "ransomware"  to get solutions fast!
4
 
LVL 17

Expert Comment

by:krakatoa
To vaccinate your computer so that you are unable to get infected with the current strain of NotPetya/Petya/Petna simply create a file called perfc in the C:\Windows folder and make it read only.
1

Many Firms Hit by Global Cyber Attacks - Petrwrap


Firms around the globe are reporting that they have been hit by a major cyber-attack. Some experts have suggested that it could be a ransomware attack, similar to Wannacry which hit last month. Alan Woodward, a computer scientist at Surrey University, said: "It appears to be a variant of a piece of ransomware that emerged last year.

More on this story via the BBC.
8
 
LVL 17

Expert Comment

by:Lucas Bishop
In the meantime, Ukraine Twitter social media account manager is handling this situation like a boss:
https://twitter.com/Ukraine/status/879706437169147906
2
 
LVL 9

Expert Comment

by:Experts Exchange
They have a sense of humor.
0
4
 
LVL 4

Author Comment

by:Doug Walton
Oh jeez, I didn't realize they were that bad with ads!  I have a subscription to them through amazon prime so my ad blocker doesn't have to do anything.
1
 
LVL 10

Expert Comment

by:Andrew Leniart
Yes, I easily tolerate a few adds on websites, but 46 on the front page?  Haha.. Next! :)
0
8
 
LVL 17

Expert Comment

by:Lucas Bishop
Evgeniy Bogachev
0
 
LVL 4

Expert Comment

by:Doug Walton
I think it's being referred to as "NotPetya"

Early reports from a Kaspersky researcher identified the virus as a variant of the Petya ransomware, although the company later clarified that the virus is an entirely new strain of ransomware, which it dubbed “NotPetya.”
0
1
Honda isn't alone in facing these challenges -- according to Reuters, competitors Nissan and Renault also stopped production at plants in Japan, Britain, France, Romania and India last month due to WannaCry attacks.  

This attack should serve as a reminder that even if your business wasn't hit during the initial WannaCry outbreak, you may well still be vulnerable.

More on the latest WannaCry attack and how you can mitigate future attacks here.
3
Is your NGFW recommended by NSS Labs?
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

In this blog we highlight approaches to managed security as a service. We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
0
Patch Pic
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server 2003 and 2008 - Both 32 and 64 Bit installs.
0
4
 
LVL 6

Expert Comment

by:Nicholas
Yawn
0
 
LVL 10

Expert Comment

by:Andrew Leniart
I get why the host company decided to pay the ransom to recover customer data, but it sure leaves a bad taste knowing the criminals got anything at all out of an extortion exercise like that, let alone the massive payout that was agreed on.

And what's a web host doing running a service like that without secured backups anyway? Boggles the mind..
2
Internet of Ransomware Things ...
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others. This conference is aimed mainly at government agencies. So it addresses the various compliance issues with which they have to deal.
2
Only 10 days left to sign up for our ransomware prevention and preparation Course of the Month for June. With a 300% increase in ransomware attacks from 2015 to 2016, it is vital to decrease your vulnerability to the next attack and enhance your security by enrolling today.




5
 

Expert Comment

by:Josh Petraglia
Signed up. What a perfect topic to cover!!!
2
5
 
LVL 6

Expert Comment

by:Nicholas
Old news and was already posted less than a day ago
0
 

Expert Comment

by:Mahima Gupta
why to pay 1 Million, if you can do the same thing in a very less bucks..  http://bit.ly/2rJTnVj
0
Drew Frey writes articles on cyber security and ransomware protection.  Follow him if you're interested in seeing new articles in those topics.

https://www.experts-exchange.com/members/Drew-Frey.html
5
 

Expert Comment

by:Michael Bodine
SP INFOTECH was also part of a scam...they had people calling up with foreign voices and the company name would change..as they answered the phone.. certaintly unpredictable crap.
1
 
LVL 16

Author Comment

by:Kyle Santos
Source?
0
A $1 million payout in a ransomware case?! Well crap... That's worrisome. What'll the hackers do with that money? How many new attempts will this incentivize? What would you do in their place?

https://arstechnica.com/security/2017/06/web-host-agrees-to-pay-1m-after-its-hit-by-linux-targeting-ransomware/
4
 
LVL 11

Expert Comment

by:Maclean
Restore last good version, apologize to clients, and probably end up losing clients would be the proper thing to do.
I would assume that if it was done due to damage control, paying up would lose me more clients and face then dealing with the issue at hand best as one can. This is a terrible incentive to these type of ransomware developers. They might now target this webhost on purpose in the future.
2
 
LVL 6

Expert Comment

by:Nicholas
And the reality is now that this is public news they will lose all their customers anyway and probably be outta business within a month

If some hosting company can afford to pay that much money to get their data back they should have been able to employ someone for a lot less money to make sure it didn't happen in the first place
4
Q1:
Is MS Windows AV defender bundled free with Win 10?  Any specific
version of Win10 that it comes free?

Q2:
Win AV defender was touted as blocking the execution of Java, VB
scripts etc: does McAfee or Trendmicro do this as well?  How does
Win AV defender compares in terms of ransomware protection
against other major AV vendors' ?

Q3:
Can Win AV defender coexist say with McAfee AV & McAfee HIPS agent?

Q4:
Do we need a separate EPO (just like McAfee) to update Win AV defender
signatures on users' PCs/laptops or WSUS will do?   A few hundred PCs/
laptops in our corporate don't have Internet access
0
Transaction Monitoring Vs. Real User Monitoring
LVL 1
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

0
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
0
For all you people who turn Updates OFF.  Patch Tuesday today and miles of patches. BIG ones for Windows 10 and 7. Updates for XP and Servers. Hop to it.

5
 
LVL 95

Author Comment

by:John Hurst
There is no issue with having manual updates and checking weekly (servers).

My barb above was aimed at people who turn updates off and leave them off. Then they come in here wondering what happened.
0
 
LVL 121

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
most of our Windows 10 machines, are now being served with the Creator Update, and a new version of Windows, and if you wondered where your old files went, that are missing, from your User Profile, Documents....

check Windows.old\Users!
0
2
 
LVL 4

Expert Comment

by:Christ Harold
Really Nice article . Thanks For Sharing the Link
0
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to thoroughly revise their security concepts.
9
 
LVL 55

Author Comment

by:McKnife
Comment Utility
Andrew, thanks for the feedback. I am aware that this article is mainly raising question while not answering many.
Maybe it's rather a starting point for discussions than sharing solutions.

You ask "So what's the solution? Shutting it all down..." which is the same that I ask in the article and I answer with "no" immediately afterwards.
You write "it's not quite fair to point blame on IT administrator's shoulders ...These guys more often than not work with tied hands" - that's exactly what I am saying. If the admin is not comfortable making his concerns heard, then he is not employed at the right place and should not fear to be replaced but leave on his own.

Before you start discussing - let's wait for other comments.
0
 
LVL 55

Author Comment

by:McKnife
Comment Utility
Some news that might be of interest for Americans: https://www.upguard.com/breaches/the-rnc-files
In short: US politicians payed for analysing voter opinions on US election-critical topics. Voter data (1,1 TB!) of 198 million Americans was uploaded to an amazon server but the access rights were incorrectly set - it was open to the public and the data was not encrypted. It leaked.
See what I am talking about?
0
After the WannaCry ransomware attack, we sat down with Thomas Zucker-Scharff to get the inside information on the technology behind the attack and what steps you can take to prevent this in the future. Read more of his advice. Take a step toward your security by enrolling in our free Course of the Month covering ransomware security and prevention written by Thomas.

4

RansomwareSponsored by Webroot

61

Solutions

28

Articles & Videos

162

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.