[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Ransomware

176

Solutions

433

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Listen Up!

IPv6 is here to stay. Removing it can break networking. Do not remove it.

SMBv1is a security hole and has been removed from Windows 7 & above, Server 2008 & up.
SMBv1 has been removed meaning you cannot connect to old operating system, old NAS devices and old printer/scanners.
SMBv1 is a security hole. Do not enable it.

Window 10 is going to update. Get used to it. The people who turned Windows 7 updates off and then blamed Microsoft when their operating got hacked and hosed caused this.

Home group has gone (Windows 10 V1803 and up). Get used to Password Protected sharing and learn how to use it. I wrote an article about this  (look in my Articles for Folder Sharing on modern computers). Do not turn passwords off.

Windows 10 is not Windows 7, does not work like Windows 7 and has dispensed with some old Windows 7 ideas. There is no going back. Get used to it.

You got ransomware from people opening email from strangers. Get a Spam Filter. Train Employees, keep Off-Site backups. It is not a technology problem - it is a management problem.

Amortize expensive software and hardware to create cash for new equipment. "I am stuck on XP because the equipment is too expensive to upgrade" is not an option. Get your accountant to explain this to you.





1
LVL 46

Expert Comment

by:noci
there is a few more things from the past that SHOULD not be used anymore from this century onward:
UNENCRYPTED data transfer
like FTP   - use scp or sftp
HTTP - use https
PPTP - use l2tp or better instead
lets not recycle this waste from the 1990's
1
LVL 107

Author Comment

by:John
I agree. I have not used plain FTP or PPTP for years now.
0
CompTIA Cloud+
LVL 12
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Keep your business safe from Ransomware Two ransomware attacks to international ports happened recently, at San Diego and Barcelona. Our experts recommend four simple steps to ensure your files, apps, and systems stay safe https://bit.ly/2Nl5UZn
0
Ransomware is the next big security threat. Don’t be a victim. Prepare your business for fast and easy backup now https://bit.ly/2O0FO34 
1
I was talking about this today with another person and never heard what ended up happening.  Looks like they weren't able to pay the ransom because the portal was disabled so the city had to spend 2.6M to recover.  Crazy.

https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/
0
In 2017, the number of vulnerabilities detected in applications rose 33%. Is your company prepared to deal with these risks? Train to become a Certified Penetration Testing Engineer today! There are only two days left to enroll in this month’s Course of the Month.
2
Have you been following the ransomware attack against Atlanta? They were threatened with a bitcoin ransom, due yesterday. As of this morning, city courts were shut down and residents have been unable to pay their bills.

In an NPR report, there was a previous audit of Atlanta's IT department and they were warned this could happen.

What can we learn from this?

http://www.businessinsider.com/atlanta-cyberattack-cripples-city-operations-2018-3

https://www.npr.org/sections/thetwo-way/2018/03/28/597758947/time-is-running-out-for-atlanta-in-ransomware-attack
7
LVL 129

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
But we ALL there will be no blame and Management will get pay rises!
0
LVL 129

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Know is missing autocorrect!
0
Microsoft released a video about Ransomware.  Surprisingly good.

Take a look at it here...

https://resources.office.com/ww-thankyou-ransomware-what-you-need-to-know-video.html

Curious about your thoughts on the advice being given?
1
LVL 32

Expert Comment

by:Thomas Zucker-Scharff
Prevention is the takeaway. Always has been to me.  I think this is a little on the late side,  better late than never. We've had better responses here on EE than this one, imho.
0
LVL 23

Author Comment

by:Andrew Leniart
I think this is a little on the late side,  better late than never.

Good point, although I'm often surprised how many business owners I still come across who say something along the lines of "Ransomware, yeah I've heard about that. What's it all about?" Better late than never is a good sentiment, but if it gets the information over to some people who still have their heads buried in the sand, then I think its great.

We've had better responses here on EE than this one

You've won that argument :)  Although this is very much aimed at non-tech savvy people and I see that as one of its strengths.  

Thanks for sharing your thoughts.
0
The recent Meltdown / Specter issue:   Much the same as the big Ransomware issue and then severe viruses before that.

Don't have a heart attack - Patch your computer systems instead.

It seems the people who do not patch wake up and wonder what is happening. Patch Tuesday was today - Update your systems.

1
LVL 39

Expert Comment

by:gr8gonzo
Unless you're running an older AMD PC. Hold off on patching until MS figures out the bricking issue.
0
According to tech support site BleepingComputer, victims can "trick" the program into shutting down: once they reach the PayPal purchase screen, they can hit Ctrl+O to open a dialogue box, and then enter http://hitechnovation.com/thankyou.txt. This makes the program think they've paid the $25, and it shuts down.

https://www.cnet.com/news/this-scam-tricks-you-into-buying-fake-tech-support-software/
1
LVL 23

Expert Comment

by:Andrew Leniart
Great Post and Heads Up Kyle.
0
The Tech or Treat contest winner has been chosen! Congratulations to expert Thomas Zucker-Scharff, our champion, who submitted an article on a suspected hack into his work device that, to this day, has never been solved.
3
LVL 5

Expert Comment

by:Juana Villa
giphy.gif
1
Make Network Traffic Fast and Furious with SD-WAN
Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

Top 10 Nastiest Ransomware Attacks of 2017

Nastiest-Ransomware.png
We’re revealing the top 10 nastiest ransomware attacks from the past year. NotPetya came in on our list as the most destructive ransomware attack of 2017, followed closely by WannaCry and Locky in the number two and three spots, respectively. NotPetya took number one because of its intent to damage a country’s infrastructure. Unlike most ransomware attacks, NotPetya’s code wasn’t designed to extort money from its victims, but to destroy everything in its path.

Check out the entire list here.

0
Webroot Protects You Against Bad Rabbit

Webroot customers are protected from the Bad Rabbit malware that is affecting computers across Russia, Ukraine, Bulgaria, a few surrounding Eastern-European countries, as well as Japan.

What we know about Bad Rabbit thus far:

Bad Rabbit is a well-made piece of malware that uses a lot of clever tricks to spread, similar to NotPetya, which affected customers across the globe this summer.

Bad Rabbit has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network.

Attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors which helps explain the geographic location.

More about Bad Rabbit, what you can do to protect yourself even further, and what one of our Senior Advanced Threat Research Analyst had to say about it here.
0
Tech spooks happen to every business owner. Check out my top solutions to these issues and share a story of your own! Simply submit your #TechorTreat article before October ends and be entered to win a  tech gadget.
8
Warning: If your device uses WiFi, it's at risk!
News broke today about the Krack Attack, a new cyber threat that can decrypt and potentially view everything users are doing online. The Krack Attack preys on a weakness in WPA2 protocol. Hackers near the vulnerable devices (Android and Linux are at greatest risk) can retrieve sensitive user data and information.
Steps to Protect:
1. Apply patches as they become available. For phones and computers, the patches will come in the usual update format. For wifi routers, the manufacturer's website will have the patches.
2. Don't use public WiFi, especially for sharing or sending any sensitive information.
3. Double check that you are browsing with HTTPS. If you are unsure, install this plug-in to encrypt your communications with major websites and make your browsing more secure. https://www.eff.org/https-everywhere
4. Otherwise, use Ethernet.

For more tips on how to protect yourself: https://techcrunch.com/2017/10/16/heres-what-you-can-do-to-protect-yourself-from-the-krack-wifi-vulnerability/
5
Don't Get Hooked!

September-Consumer-Blog_Phishing_800.png
Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.

Stay safe with these tips.

1
Cyber News Rundown: Edition 9/29/17

CyberNewsRundown.jpg
Showtime Site Found Using Cryptocurrency Miner

Following the discovery last week that ThePirateBay has been using a Monero miner to experiment with revenue alternatives for the site, researchers have found that both Showtime.com and ShowtimeAnytime.com have embedded code for similar cryptocurrency mining. The code itself runs only while the user is on the site, and ceases once they navigate away. The main concern, however, was the high CPU usage users experienced. The script in question was removed after several days of testing, but Showtime has yet to comment on their implementation of the crypto-miner or its intended outcome.

Massive Stash of Credit Card Info Linked to Sonic Breach

In the past few days, researchers have found a trove of credit card data that could be tied to a recent breach at Sonic, the popular drive-in restaurant. The data is organized by the location of each card, and currently contains nearly 5 million unique card numbers and related info. While Sonic has not yet determined the cause of the breach, they have been working with their credit processing company to identify the compromised store locations and implement credit monitoring for affected customers.

More cybersecurity news you might have missed from the week on our blog.
2
LVL 7

Expert Comment

by:Nicholas
I was thinking can they really make that much money from it, as I remembered it it was like pennies if even that
Then I read https://www.lifewire.com/cryptocoin-mining-for-beginners-2483064 and it seems there could be big money to be made where popular sites like this are using it. Why invest money when you can get your customers to make you money

But on the flip side if I am giving away a few CPU cycles that meant no ads then is it really a bad thing...
0
Thoughts from Webroot’s new President and CEO, Mike Potts

800x600_Blog_Feature_Image.2-nezvn84.jpg
Mike Potts, Webroot's new President and CEO, shares his thoughts on why he joined Webroot and where he sees the cybersecurity industry going.

I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d let you know where I intend to focus in my first months at Webroot, with the goal of taking our customers, partners, and company to the next level of success.

More from Mike on our blog about his plans for the future of Webroot.
2
Marketo made an announcement in response to the statement recently released by Equifax that identified a vulnerability in Apache Struts as the attack vector for their 2017 breach. Neither Marketo nor ToutApp use the struts programming framework, therefore this issue does not pose a risk to Marketo or ToutApp data.
7
Ransomware Spares No One: How to Avoid the Next Big Attack

Ransomware-Blog_Image-800x650-1-ner8.png
With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.

We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.
0
Become a Microsoft Certified Solutions Expert
LVL 12
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

CyberNewsRundown.jpg
Cyber News Rundown: Edition 9/15/17

German Voting Software Raises Concerns

With German elections only a couple weeks away, researchers have been working to determine how secure the voting systems really are. Per a recent study, the software being used contains multiple vulnerabilities that could lead to devastating results if the election is compromised. Meanwhile, the software creator maintains there is nothing wrong with the system and any tampering would only lead to confusion, rather than truly affecting the vote’s outcome.

Upgraded Android OS Slows Tide of Overlay Attacks

While overlay attacks are nothing new to Android™ users, the Toast window is a surprisingly fresh take on this technique. Google has already patched the issue being exploited, but many users unintentionally fell victim and gave permissions to a malicious app using the Toast window overlay on a legitimate page to spoof the users input. This type of attack can range from simply installing an annoying piece of malware on the device, all the way up to locking the device down and demanding a ransom.
2
2
Useful guide in recovery from Ransomware attack.
Nice work on the "C" part of the document: Data Integrity: Recovering from Ransomware and Other Destructive Events, Volume C.

This NIST Cybersecurity Practice Guide demonstrates how organizations can develop and implement appropriate actions following a detected cybersecurity event. The solutions outlined in this guide encourage monitoring and detecting data corruption in commodity components—as well as custom applications and data composed of open-source and commercially available components.

https://nccoe.nist.gov/publication/1800-11/index.html
2
CyberNewsRundown.jpg
Cyber News Rundown: 9/1/17

IRS-Themed Ransomware Using Old-School Tactics

Over the past week, researchers have discovered a new ransomware variant that attempts to impersonate both the IRS and the FBI, similar to the FBI lockscreen malware that was popular several years ago. By tricking the victim into opening a link to a fake FBI questionnaire, the ransomware is downloaded onto the machine and begins encrypting. Fortunately, both the FBI and the IRS are taking great measures to alert possible victims and to catalog any scam emails that are being sent out.

History Repeats Itself at UK NHS District

Back in May, the UK’s National Health Services fell victim to a large WannaCry ransomware attack. While most of the districts have since regained full functionality, the district of Lanarkshire has once again been targeted. A cyberattack on its staffing and telephone systems left the district with only emergency services for several days. This event just reinforces the importance of updating security on critical systems before an attack, and even more so after one as devastating as WannaCry.

To read all of the stories, visit the Webroot Threat Blog.
3

Ransomware

176

Solutions

433

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.