Ransomware

205

Solutions

498

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

0
Become a Microsoft Certified Solutions Expert
LVL 13
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

1
Gee, it was hard to find how to post!  I wanted to share this whitepaper, which I just received via email.

The direct link to the whitepaper on 4 backup programs and how they rank against ransomware is:

https://media.bitpipe.com/io_14x/io_143910/item_1766942/NioGuard_Corporate_Backup_Solutions_Self_Defense_Test_180321.pdf
0
Listen Up!

IPv6 is here to stay. Removing it can break networking. Do not remove it.

SMBv1is a security hole and has been removed from Windows 7 & above, Server 2008 & up.
SMBv1 has been removed meaning you cannot connect to old operating system, old NAS devices and old printer/scanners.
SMBv1 is a security hole. Do not enable it.

Window 10 is going to update. Get used to it. The people who turned Windows 7 updates off and then blamed Microsoft when their operating got hacked and hosed caused this.

Home group has gone (Windows 10 V1803 and up). Get used to Password Protected sharing and learn how to use it. I wrote an article about this  (look in my Articles for Folder Sharing on modern computers). Do not turn passwords off.

Windows 10 is not Windows 7, does not work like Windows 7 and has dispensed with some old Windows 7 ideas. There is no going back. Get used to it.

You got ransomware from people opening email from strangers. Get a Spam Filter. Train Employees, keep Off-Site backups. It is not a technology problem - it is a management problem.

Amortize expensive software and hardware to create cash for new equipment. "I am stuck on XP because the equipment is too expensive to upgrade" is not an option. Get your accountant to explain this to you.





2
LVL 28

Expert Comment

by:Andrew Leniart
but ask A before AAAA...
(AAAA...)  

Que?
1
LVL 49

Expert Comment

by:noci
DNS Query A = IPV4 address translation, AAAA = IPv6 address query.
2
Keep your business safe from Ransomware Two ransomware attacks to international ports happened recently, at San Diego and Barcelona. Our experts recommend four simple steps to ensure your files, apps, and systems stay safe https://bit.ly/2Nl5UZn
0
Ransomware is the next big security threat. Don’t be a victim. Prepare your business for fast and easy backup now https://bit.ly/2O0FO34 
1
I was talking about this today with another person and never heard what ended up happening.  Looks like they weren't able to pay the ransom because the portal was disabled so the city had to spend 2.6M to recover.  Crazy.

https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/
0
In 2017, the number of vulnerabilities detected in applications rose 33%. Is your company prepared to deal with these risks? Train to become a Certified Penetration Testing Engineer today! There are only two days left to enroll in this month’s Course of the Month.
2
Have you been following the ransomware attack against Atlanta? They were threatened with a bitcoin ransom, due yesterday. As of this morning, city courts were shut down and residents have been unable to pay their bills.

In an NPR report, there was a previous audit of Atlanta's IT department and they were warned this could happen.

What can we learn from this?

http://www.businessinsider.com/atlanta-cyberattack-cripples-city-operations-2018-3

https://www.npr.org/sections/thetwo-way/2018/03/28/597758947/time-is-running-out-for-atlanta-in-ransomware-attack
7
LVL 131

Expert Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
But we ALL there will be no blame and Management will get pay rises!
0
LVL 131

Expert Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
Know is missing autocorrect!
0
Microsoft released a video about Ransomware.  Surprisingly good.

Take a look at it here...

https://resources.office.com/ww-thankyou-ransomware-what-you-need-to-know-video.html

Curious about your thoughts on the advice being given?
1
LVL 32

Expert Comment

by:Thomas Zucker-Scharff
Prevention is the takeaway. Always has been to me.  I think this is a little on the late side,  better late than never. We've had better responses here on EE than this one, imho.
0
LVL 28

Author Comment

by:Andrew Leniart
I think this is a little on the late side,  better late than never.

Good point, although I'm often surprised how many business owners I still come across who say something along the lines of "Ransomware, yeah I've heard about that. What's it all about?" Better late than never is a good sentiment, but if it gets the information over to some people who still have their heads buried in the sand, then I think its great.

We've had better responses here on EE than this one

You've won that argument :)  Although this is very much aimed at non-tech savvy people and I see that as one of its strengths.  

Thanks for sharing your thoughts.
0
OWASP: Forgery and Phishing
LVL 13
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

The recent Meltdown / Specter issue:   Much the same as the big Ransomware issue and then severe viruses before that.

Don't have a heart attack - Patch your computer systems instead.

It seems the people who do not patch wake up and wonder what is happening. Patch Tuesday was today - Update your systems.

1
LVL 40

Expert Comment

by:gr8gonzo
Unless you're running an older AMD PC. Hold off on patching until MS figures out the bricking issue.
0
According to tech support site BleepingComputer, victims can "trick" the program into shutting down: once they reach the PayPal purchase screen, they can hit Ctrl+O to open a dialogue box, and then enter http://hitechnovation.com/thankyou.txt. This makes the program think they've paid the $25, and it shuts down.

https://www.cnet.com/news/this-scam-tricks-you-into-buying-fake-tech-support-software/
1
LVL 28

Expert Comment

by:Andrew Leniart
Great Post and Heads Up Kyle.
0
The Tech or Treat contest winner has been chosen! Congratulations to expert Thomas Zucker-Scharff, our champion, who submitted an article on a suspected hack into his work device that, to this day, has never been solved.
3
LVL 5

Expert Comment

by:Juana Villa
giphy.gif
1
Top 10 Nastiest Ransomware Attacks of 2017

Nastiest-Ransomware.png
We’re revealing the top 10 nastiest ransomware attacks from the past year. NotPetya came in on our list as the most destructive ransomware attack of 2017, followed closely by WannaCry and Locky in the number two and three spots, respectively. NotPetya took number one because of its intent to damage a country’s infrastructure. Unlike most ransomware attacks, NotPetya’s code wasn’t designed to extort money from its victims, but to destroy everything in its path.

Check out the entire list here.

0
Webroot Protects You Against Bad Rabbit

Webroot customers are protected from the Bad Rabbit malware that is affecting computers across Russia, Ukraine, Bulgaria, a few surrounding Eastern-European countries, as well as Japan.

What we know about Bad Rabbit thus far:

Bad Rabbit is a well-made piece of malware that uses a lot of clever tricks to spread, similar to NotPetya, which affected customers across the globe this summer.

Bad Rabbit has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network.

Attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors which helps explain the geographic location.

More about Bad Rabbit, what you can do to protect yourself even further, and what one of our Senior Advanced Threat Research Analyst had to say about it here.
0
Tech spooks happen to every business owner. Check out my top solutions to these issues and share a story of your own! Simply submit your #TechorTreat article before October ends and be entered to win a  tech gadget.
8
Warning: If your device uses WiFi, it's at risk!
News broke today about the Krack Attack, a new cyber threat that can decrypt and potentially view everything users are doing online. The Krack Attack preys on a weakness in WPA2 protocol. Hackers near the vulnerable devices (Android and Linux are at greatest risk) can retrieve sensitive user data and information.
Steps to Protect:
1. Apply patches as they become available. For phones and computers, the patches will come in the usual update format. For wifi routers, the manufacturer's website will have the patches.
2. Don't use public WiFi, especially for sharing or sending any sensitive information.
3. Double check that you are browsing with HTTPS. If you are unsure, install this plug-in to encrypt your communications with major websites and make your browsing more secure. https://www.eff.org/https-everywhere
4. Otherwise, use Ethernet.

For more tips on how to protect yourself: https://techcrunch.com/2017/10/16/heres-what-you-can-do-to-protect-yourself-from-the-krack-wifi-vulnerability/
5
Don't Get Hooked!

September-Consumer-Blog_Phishing_800.png
Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.

Stay safe with these tips.

1
Cyber News Rundown: Edition 9/29/17

CyberNewsRundown.jpg
Showtime Site Found Using Cryptocurrency Miner

Following the discovery last week that ThePirateBay has been using a Monero miner to experiment with revenue alternatives for the site, researchers have found that both Showtime.com and ShowtimeAnytime.com have embedded code for similar cryptocurrency mining. The code itself runs only while the user is on the site, and ceases once they navigate away. The main concern, however, was the high CPU usage users experienced. The script in question was removed after several days of testing, but Showtime has yet to comment on their implementation of the crypto-miner or its intended outcome.

Massive Stash of Credit Card Info Linked to Sonic Breach

In the past few days, researchers have found a trove of credit card data that could be tied to a recent breach at Sonic, the popular drive-in restaurant. The data is organized by the location of each card, and currently contains nearly 5 million unique card numbers and related info. While Sonic has not yet determined the cause of the breach, they have been working with their credit processing company to identify the compromised store locations and implement credit monitoring for affected customers.

More cybersecurity news you might have missed from the week on our blog.
2
LVL 7

Expert Comment

by:Nicholas
I was thinking can they really make that much money from it, as I remembered it it was like pennies if even that
Then I read https://www.lifewire.com/cryptocoin-mining-for-beginners-2483064 and it seems there could be big money to be made where popular sites like this are using it. Why invest money when you can get your customers to make you money

But on the flip side if I am giving away a few CPU cycles that meant no ads then is it really a bad thing...
0
OWASP: Threats Fundamentals
LVL 13
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Thoughts from Webroot’s new President and CEO, Mike Potts

800x600_Blog_Feature_Image.2-nezvn84.jpg
Mike Potts, Webroot's new President and CEO, shares his thoughts on why he joined Webroot and where he sees the cybersecurity industry going.

I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d let you know where I intend to focus in my first months at Webroot, with the goal of taking our customers, partners, and company to the next level of success.

More from Mike on our blog about his plans for the future of Webroot.
2
Marketo made an announcement in response to the statement recently released by Equifax that identified a vulnerability in Apache Struts as the attack vector for their 2017 breach. Neither Marketo nor ToutApp use the struts programming framework, therefore this issue does not pose a risk to Marketo or ToutApp data.
7
Ransomware Spares No One: How to Avoid the Next Big Attack

Ransomware-Blog_Image-800x650-1-ner8.png
With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.

We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.
0
CyberNewsRundown.jpg
Cyber News Rundown: Edition 9/15/17

German Voting Software Raises Concerns

With German elections only a couple weeks away, researchers have been working to determine how secure the voting systems really are. Per a recent study, the software being used contains multiple vulnerabilities that could lead to devastating results if the election is compromised. Meanwhile, the software creator maintains there is nothing wrong with the system and any tampering would only lead to confusion, rather than truly affecting the vote’s outcome.

Upgraded Android OS Slows Tide of Overlay Attacks

While overlay attacks are nothing new to Android™ users, the Toast window is a surprisingly fresh take on this technique. Google has already patched the issue being exploited, but many users unintentionally fell victim and gave permissions to a malicious app using the Toast window overlay on a legitimate page to spoof the users input. This type of attack can range from simply installing an annoying piece of malware on the device, all the way up to locking the device down and demanding a ransom.
2

Ransomware

205

Solutions

498

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.