RansomwareSponsored by Webroot

60

Solutions

26

Articles & Videos

158

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Topic Sponsored by Webroot
Internet of Ransomware Things ...
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others. This conference is aimed mainly at government agencies. So it addresses the various compliance issues with which they have to deal.
0
When ransomware hits your clients, what do you do?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Only 10 days left to sign up for our ransomware prevention and preparation Course of the Month for June. With a 300% increase in ransomware attacks from 2015 to 2016, it is vital to decrease your vulnerability to the next attack and enhance your security by enrolling today.




4
Patch Pic
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server 2003 and 2008 - Both 32 and 64 Bit installs.
0
4
 
LVL 17

Expert Comment

by:Lucas Bishop
Guess it was easier for them to pay $1M than restore 153 servers from backup? I'd think if they have $1M, they'd have backups? Sheesh.

In related news, Coinbase is shutting down the accounts of people who pay ransoms:
http://www.coindesk.com/coinbase-white-hat-hacker-dont-want-bitcoin/
2
 
LVL 6

Expert Comment

by:Nicholas
Old news and was already posted less than a day ago
0
Drew Frey writes articles on cyber security and ransomware protection.  Follow him if you're interested in seeing new articles in those topics.

https://www.experts-exchange.com/members/Drew-Frey.html
4
 

Expert Comment

by:Michael Bodine
SP INFOTECH was also part of a scam...they had people calling up with foreign voices and the company name would change..as they answered the phone.. certaintly unpredictable crap.
0
 
LVL 16

Author Comment

by:Kyle Santos
Source?
0
A $1 million payout in a ransomware case?! Well crap... That's worrisome. What'll the hackers do with that money? How many new attempts will this incentivize? What would you do in their place?

https://arstechnica.com/security/2017/06/web-host-agrees-to-pay-1m-after-its-hit-by-linux-targeting-ransomware/
4
 
LVL 11

Expert Comment

by:Maclean
Restore last good version, apologize to clients, and probably end up losing clients would be the proper thing to do.
I would assume that if it was done due to damage control, paying up would lose me more clients and face then dealing with the issue at hand best as one can. This is a terrible incentive to these type of ransomware developers. They might now target this webhost on purpose in the future.
2
 
LVL 6

Expert Comment

by:Nicholas
And the reality is now that this is public news they will lose all their customers anyway and probably be outta business within a month

If some hosting company can afford to pay that much money to get their data back they should have been able to employ someone for a lot less money to make sure it didn't happen in the first place
4
Q1:
Is MS Windows AV defender bundled free with Win 10?  Any specific
version of Win10 that it comes free?

Q2:
Win AV defender was touted as blocking the execution of Java, VB
scripts etc: does McAfee or Trendmicro do this as well?  How does
Win AV defender compares in terms of ransomware protection
against other major AV vendors' ?

Q3:
Can Win AV defender coexist say with McAfee AV & McAfee HIPS agent?

Q4:
Do we need a separate EPO (just like McAfee) to update Win AV defender
signatures on users' PCs/laptops or WSUS will do?   A few hundred PCs/
laptops in our corporate don't have Internet access
0
0
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
0
For all you people who turn Updates OFF.  Patch Tuesday today and miles of patches. BIG ones for Windows 10 and 7. Updates for XP and Servers. Hop to it.

5
 
LVL 95

Author Comment

by:John Hurst
There is no issue with having manual updates and checking weekly (servers).

My barb above was aimed at people who turn updates off and leave them off. Then they come in here wondering what happened.
0
 
LVL 121
most of our Windows 10 machines, are now being served with the Creator Update, and a new version of Windows, and if you wondered where your old files went, that are missing, from your User Profile, Documents....

check Windows.old\Users!
0
Automating Your MSP Business
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

2
 
LVL 4

Expert Comment

by:Christ Harold
Really Nice article . Thanks For Sharing the Link
0
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to thoroughly revise their security concepts.
9
 
LVL 55

Author Comment

by:McKnife
Comment Utility
Andrew, thanks for the feedback. I am aware that this article is mainly raising question while not answering many.
Maybe it's rather a starting point for discussions than sharing solutions.

You ask "So what's the solution? Shutting it all down..." which is the same that I ask in the article and I answer with "no" immediately afterwards.
You write "it's not quite fair to point blame on IT administrator's shoulders ...These guys more often than not work with tied hands" - that's exactly what I am saying. If the admin is not comfortable making his concerns heard, then he is not employed at the right place and should not fear to be replaced but leave on his own.

Before you start discussing - let's wait for other comments.
0
 
LVL 55

Author Comment

by:McKnife
Comment Utility
Some news that might be of interest for Americans: https://www.upguard.com/breaches/the-rnc-files
In short: US politicians payed for analysing voter opinions on US election-critical topics. Voter data (1,1 TB!) of 198 million Americans was uploaded to an amazon server but the access rights were incorrectly set - it was open to the public and the data was not encrypted. It leaked.
See what I am talking about?
0
Here's a look at newsworthy articles and community happenings during the last month.
3
After the WannaCry ransomware attack, we sat down with Thomas Zucker-Scharff to get the inside information on the technology behind the attack and what steps you can take to prevent this in the future. Read more of his advice. Take a step toward your security by enrolling in our free Course of the Month covering ransomware security and prevention written by Thomas.

4
Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
1
I have a new project which involves demonstrating exactly how ransomware works. I need to set up a virtual machine with some sample data and some variant of ransomware. I need to run a live demonstration which shows what happens on a PC from the initial point of infection all the way to the point where the ransom notice is displayed. Obviously I know this is dangerous and the correct precautions will be in place to ensure that the VM is completely network isolated. Does anyone know how I can do something like this?
0
June’s Course of the Month has been released! Enroll in our community security expert, Thomas Zucker-Scharff's, ransomware prevention and preparation course free of charge. Learn more about the course.
3
The world has now had time to recover and mitigate damage from the widespread WannaCry ransomware attack. We evaluated what it has left in its wake. Tallied damage includes:
 
More than 150 countries.
Currently $111,996.86 has been paid in bitcoin so far to decrypt files.
Around 16 of England’s National Health System organizations affected, with doctors resorting to pen and paper to complete patient records.
Renault, a European auto manufacturer, kept a French plant—that employs 3500 people—closed Monday, May 28th as a “preventative” measure.
 
Learn how to secure your data and prepare against future threats by taking our June Course of the Month covering ransomware prevention and preparation.

 
3
 
LVL 29

Expert Comment

by:masnrock
The sad part is a common failure in projects is failing to ask users for requirements.
1
 
LVL 121

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
The NHS does not consider the opinion of NURSES and DOCTORS worthy!

Very Wrong, and they wonder why, they are all leaving and retiring, now leaving a brain drain in the NHS!
0
Ready for our next Course of the Month? Here's what's on tap for June.
3
Threat Trends for MSPs to Watch
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Every 10 seconds, a consumer gets hit with ransomware. Enroll in June’s featured Course of the Month to learn the basics of ransomware, how it works, how to prevent it, and what to do if you’ve been infected. Premium members, Team Accounts, and Qualified Experts will enjoy this free course written by our resident security expert, Thomas Zucker-Scharff. Learn more and enroll today!

facebook-ad-1200x628.png
6
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
1
 
LVL 1

Expert Comment

by:Mihai Corbuleac
Comment Utility
Absolutely true! Backup is mandatory these days. I would recommend multiple backups (different hosts). The most common threat these days is indeed Ransomware and that's because it is very different from other types of viruses. Learn more about it and what you need to do to keep your data safe. Remember to always keep everything patched and updated!
0
Just wondering what is the best way to check windows servers to make sure the WannaCry updates are installed?
2
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and protection.
1
When a tech company stops servicing a particular program, software, or piece of hardware, consumers still using the outdated equipment are usually left to fend off security measures, bugs, and other problems that come their way on their own.
 
During the WannaCry ransomware attack a few weeks ago, we saw an unprecedented action from Microsoft, as they stepped up to provide a patch for Microsoft XP, Windows 8, and Windows Server 2003. Microsoft XP is a program they have not supported since 2014.
 
This action to secure vulnerable devices and avoid the encryption of personal, patient, and corporate data showed the tech community that corporations care about more than the bottom line.
 
Learn more about Microsoft’s special patch release and how the tech community has responded.
 
How were you affected by WannaCry? We’d love to hear from you—share your experience online now.
3
There seems to be a general consensus that if you've been hit with a Ransomware Virus, especially if by a newly discovered strain of ransomware, and do not have a reliable and unaffected backup to restore from, that all hope is lost.  

This is not necessarily the case!

Whilst it's true that Ransomware is one of the most difficult "destructive infections" to recover from, recovery should never be considered impossible.

Advising those seeking help that they should just accept defeat and wipe all chances of recovering their data is bad advice. This is a point that has been proven time and time again, particularly with past Ransomware strains that were once considered hopeless, yet have now had decryption recovery tools developed to restore data.

If you have been hit by a Ransomware Virus and don't have a backup - do not accept advice that you should just cut your losses, format your hard drive and admit defeat. That's just letting the criminals win.

The first thing you should do (after deactivating the virus) is make a Full Image Backup of your affected hard drive using an imaging backup tool like Acronis, Macrium Reflect or similar so as to have a copy of all files that were encrypted.  Safely store that backup away for future recovery attempts, or to restore from if a recovery attempt goes belly up.

Once backed up, Wipe and Start fresh if desired to get back to a working …
3
 
LVL 10

Author Comment

by:Andrew Leniart
Security companies do have excellent heuristics and definitions,  but they will never catch everything.

No argument.  But doesn't it then naturally follow that they can never "block" or "prevent" everything either?

Using that train of thought, even with all of the security software that you have protecting your machine(s), how can you be certain that you don't have a key logger recording your key strokes right now? Or a yet unknown time bomb trojan just waiting to jump up and deliver its payload? How could any system ever be trustable?

I'm honestly not trying to be argumentative here, it's just that the logic behind your conclusion is escaping me.

If you can't trust your security software to clean up an infection that has been researched and that it knows about, then how is it that you can trust the same software to prevent a yet unrealized one from occurring?

I'll agree we probably need to disagree.  

Life would be too boring if everyone agreed on everything anyway. :)

My thanks again for your input.
1
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
I guess what I meant was that no one security software is likely to catch everything.  That is why I have a multilayered approach on my machines.  But you are correct, I do not feel safe even with that.  I guess I am on the paranoid side, which begs the question, "Is one paranoid, if the fear is true?"  That is a paraphrase of the original question.

The biggest problem, IMHO, is that to secure one's computer (and still have a computer that actually works, instead of one filled with cement), one needs to put enough security software on there that it slows down even the best of computers.

I would like a product that doesn't hog resources and assures me that I will never get malware of any kind (like that is happening).
2

RansomwareSponsored by Webroot

60

Solutions

26

Articles & Videos

158

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.