Ransomware

143

Solutions

367

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

I was talking about this today with another person and never heard what ended up happening.  Looks like they weren't able to pay the ransom because the portal was disabled so the city had to spend 2.6M to recover.  Crazy.

https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/
0
What were the top attacks of Q1 2018?
LVL 1
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

In 2017, the number of vulnerabilities detected in applications rose 33%. Is your company prepared to deal with these risks? Train to become a Certified Penetration Testing Engineer today! There are only two days left to enroll in this month’s Course of the Month.
2
Have you been following the ransomware attack against Atlanta? They were threatened with a bitcoin ransom, due yesterday. As of this morning, city courts were shut down and residents have been unable to pay their bills.

In an NPR report, there was a previous audit of Atlanta's IT department and they were warned this could happen.

What can we learn from this?

http://www.businessinsider.com/atlanta-cyberattack-cripples-city-operations-2018-3

https://www.npr.org/sections/thetwo-way/2018/03/28/597758947/time-is-running-out-for-atlanta-in-ransomware-attack
7
LVL 127

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
But we ALL there will be no blame and Management will get pay rises!
0
LVL 127

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Know is missing autocorrect!
0
Microsoft released a video about Ransomware.  Surprisingly good.

Take a look at it here...

https://resources.office.com/ww-thankyou-ransomware-what-you-need-to-know-video.html

Curious about your thoughts on the advice being given?
1
LVL 31

Expert Comment

by:Thomas Zucker-Scharff
Prevention is the takeaway. Always has been to me.  I think this is a little on the late side,  better late than never. We've had better responses here on EE than this one, imho.
0
LVL 19

Author Comment

by:Andrew Leniart
I think this is a little on the late side,  better late than never.

Good point, although I'm often surprised how many business owners I still come across who say something along the lines of "Ransomware, yeah I've heard about that. What's it all about?" Better late than never is a good sentiment, but if it gets the information over to some people who still have their heads buried in the sand, then I think its great.

We've had better responses here on EE than this one

You've won that argument :)  Although this is very much aimed at non-tech savvy people and I see that as one of its strengths.  

Thanks for sharing your thoughts.
0
The recent Meltdown / Specter issue:   Much the same as the big Ransomware issue and then severe viruses before that.

Don't have a heart attack - Patch your computer systems instead.

It seems the people who do not patch wake up and wonder what is happening. Patch Tuesday was today - Update your systems.

1
LVL 38

Expert Comment

by:gr8gonzo
Unless you're running an older AMD PC. Hold off on patching until MS figures out the bricking issue.
0
According to tech support site BleepingComputer, victims can "trick" the program into shutting down: once they reach the PayPal purchase screen, they can hit Ctrl+O to open a dialogue box, and then enter http://hitechnovation.com/thankyou.txt. This makes the program think they've paid the $25, and it shuts down.

https://www.cnet.com/news/this-scam-tricks-you-into-buying-fake-tech-support-software/
1
LVL 19

Expert Comment

by:Andrew Leniart
Great Post and Heads Up Kyle.
0
The Tech or Treat contest winner has been chosen! Congratulations to expert Thomas Zucker-Scharff, our champion, who submitted an article on a suspected hack into his work device that, to this day, has never been solved.
3
LVL 5

Expert Comment

by:Juana Villa
giphy.gif
1
Top 10 Nastiest Ransomware Attacks of 2017

Nastiest-Ransomware.png
We’re revealing the top 10 nastiest ransomware attacks from the past year. NotPetya came in on our list as the most destructive ransomware attack of 2017, followed closely by WannaCry and Locky in the number two and three spots, respectively. NotPetya took number one because of its intent to damage a country’s infrastructure. Unlike most ransomware attacks, NotPetya’s code wasn’t designed to extort money from its victims, but to destroy everything in its path.

Check out the entire list here.

0
Webroot Protects You Against Bad Rabbit

Webroot customers are protected from the Bad Rabbit malware that is affecting computers across Russia, Ukraine, Bulgaria, a few surrounding Eastern-European countries, as well as Japan.

What we know about Bad Rabbit thus far:

Bad Rabbit is a well-made piece of malware that uses a lot of clever tricks to spread, similar to NotPetya, which affected customers across the globe this summer.

Bad Rabbit has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network.

Attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors which helps explain the geographic location.

More about Bad Rabbit, what you can do to protect yourself even further, and what one of our Senior Advanced Threat Research Analyst had to say about it here.
0
Tech spooks happen to every business owner. Check out my top solutions to these issues and share a story of your own! Simply submit your #TechorTreat article before October ends and be entered to win a  tech gadget.
8
Cloud Class® Course: Ruby Fundamentals
LVL 12
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Warning: If your device uses WiFi, it's at risk!
News broke today about the Krack Attack, a new cyber threat that can decrypt and potentially view everything users are doing online. The Krack Attack preys on a weakness in WPA2 protocol. Hackers near the vulnerable devices (Android and Linux are at greatest risk) can retrieve sensitive user data and information.
Steps to Protect:
1. Apply patches as they become available. For phones and computers, the patches will come in the usual update format. For wifi routers, the manufacturer's website will have the patches.
2. Don't use public WiFi, especially for sharing or sending any sensitive information.
3. Double check that you are browsing with HTTPS. If you are unsure, install this plug-in to encrypt your communications with major websites and make your browsing more secure. https://www.eff.org/https-everywhere
4. Otherwise, use Ethernet.

For more tips on how to protect yourself: https://techcrunch.com/2017/10/16/heres-what-you-can-do-to-protect-yourself-from-the-krack-wifi-vulnerability/
5
Don't Get Hooked!

September-Consumer-Blog_Phishing_800.png
Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.

Stay safe with these tips.

1
Cyber News Rundown: Edition 9/29/17

CyberNewsRundown.jpg
Showtime Site Found Using Cryptocurrency Miner

Following the discovery last week that ThePirateBay has been using a Monero miner to experiment with revenue alternatives for the site, researchers have found that both Showtime.com and ShowtimeAnytime.com have embedded code for similar cryptocurrency mining. The code itself runs only while the user is on the site, and ceases once they navigate away. The main concern, however, was the high CPU usage users experienced. The script in question was removed after several days of testing, but Showtime has yet to comment on their implementation of the crypto-miner or its intended outcome.

Massive Stash of Credit Card Info Linked to Sonic Breach

In the past few days, researchers have found a trove of credit card data that could be tied to a recent breach at Sonic, the popular drive-in restaurant. The data is organized by the location of each card, and currently contains nearly 5 million unique card numbers and related info. While Sonic has not yet determined the cause of the breach, they have been working with their credit processing company to identify the compromised store locations and implement credit monitoring for affected customers.

More cybersecurity news you might have missed from the week on our blog.
2
LVL 7

Expert Comment

by:Nicholas
I was thinking can they really make that much money from it, as I remembered it it was like pennies if even that
Then I read https://www.lifewire.com/cryptocoin-mining-for-beginners-2483064 and it seems there could be big money to be made where popular sites like this are using it. Why invest money when you can get your customers to make you money

But on the flip side if I am giving away a few CPU cycles that meant no ads then is it really a bad thing...
0
Thoughts from Webroot’s new President and CEO, Mike Potts

800x600_Blog_Feature_Image.2-nezvn84.jpg
Mike Potts, Webroot's new President and CEO, shares his thoughts on why he joined Webroot and where he sees the cybersecurity industry going.

I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d let you know where I intend to focus in my first months at Webroot, with the goal of taking our customers, partners, and company to the next level of success.

More from Mike on our blog about his plans for the future of Webroot.
2
Marketo made an announcement in response to the statement recently released by Equifax that identified a vulnerability in Apache Struts as the attack vector for their 2017 breach. Neither Marketo nor ToutApp use the struts programming framework, therefore this issue does not pose a risk to Marketo or ToutApp data.
7
Ransomware Spares No One: How to Avoid the Next Big Attack

Ransomware-Blog_Image-800x650-1-ner8.png
With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.

We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.
0
CyberNewsRundown.jpg
Cyber News Rundown: Edition 9/15/17

German Voting Software Raises Concerns

With German elections only a couple weeks away, researchers have been working to determine how secure the voting systems really are. Per a recent study, the software being used contains multiple vulnerabilities that could lead to devastating results if the election is compromised. Meanwhile, the software creator maintains there is nothing wrong with the system and any tampering would only lead to confusion, rather than truly affecting the vote’s outcome.

Upgraded Android OS Slows Tide of Overlay Attacks

While overlay attacks are nothing new to Android™ users, the Toast window is a surprisingly fresh take on this technique. Google has already patched the issue being exploited, but many users unintentionally fell victim and gave permissions to a malicious app using the Toast window overlay on a legitimate page to spoof the users input. This type of attack can range from simply installing an annoying piece of malware on the device, all the way up to locking the device down and demanding a ransom.
2
Cloud Class® Course: Microsoft Exchange Server
LVL 12
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

2
Useful guide in recovery from Ransomware attack.
Nice work on the "C" part of the document: Data Integrity: Recovering from Ransomware and Other Destructive Events, Volume C.

This NIST Cybersecurity Practice Guide demonstrates how organizations can develop and implement appropriate actions following a detected cybersecurity event. The solutions outlined in this guide encourage monitoring and detecting data corruption in commodity components—as well as custom applications and data composed of open-source and commercially available components.

https://nccoe.nist.gov/publication/1800-11/index.html
2
CyberNewsRundown.jpg
Cyber News Rundown: 9/1/17

IRS-Themed Ransomware Using Old-School Tactics

Over the past week, researchers have discovered a new ransomware variant that attempts to impersonate both the IRS and the FBI, similar to the FBI lockscreen malware that was popular several years ago. By tricking the victim into opening a link to a fake FBI questionnaire, the ransomware is downloaded onto the machine and begins encrypting. Fortunately, both the FBI and the IRS are taking great measures to alert possible victims and to catalog any scam emails that are being sent out.

History Repeats Itself at UK NHS District

Back in May, the UK’s National Health Services fell victim to a large WannaCry ransomware attack. While most of the districts have since regained full functionality, the district of Lanarkshire has once again been targeted. A cyberattack on its staffing and telephone systems left the district with only emergency services for several days. This event just reinforces the importance of updating security on critical systems before an attack, and even more so after one as devastating as WannaCry.

To read all of the stories, visit the Webroot Threat Blog.
3
6
LVL 5

Expert Comment

by:Juana Villa
I have always found sad that people use their skills and knowledge to hinder/hurt others. So, I really like that this article is encouraging people to use their skills on an ethical way.
1
LVL 31

Expert Comment

by:Thomas Zucker-Scharff
Just donated all my waiting shirts.
1
Catch the latest release in Malwarebyte for Android against Anti Ransomware.

Malwarebytes for Android can be managed from a desktop widget. The app can also be controlled using SMS to remotely lock a device, remediate a device if it is being held ransom, and reset device pin codes.

https://www.helpnetsecurity.com/2017/08/25/infosec-product-august-25/
3
LVL 19

Expert Comment

by:Lucas Bishop
Considering the recent bankbot infestation of the Google Play store, the anti-malware software market for Android is probably about to start booming.
1
For everyone who uses a computer, protect yourself from ransomware; do not pay the bounty.  Prevention is the only solution and this author made it very easy for us to learn how.

https://www.experts-exchange.com/articles/30869/Ransomware-Prevention-is-the-Only-Solution.html
6

Ransomware

143

Solutions

367

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.