SpireTech Blog - Tag: Ransomware
News and tips to avoid ransomware
Ransomware is a plague on businesses and insurers. Cyber insurance can provide protection in the event your business falls victim. However – we’ve heard insurance rates are going up across the board due to ransomware, and hefty payouts that insurers have been forced to make. Fortunately, none of our clients have fallen victim, but we’ve heard some horror stories. Not only will the crooks encrypt your files, but they’ll also threaten to publish your sensitive data if you don’t pay – damaging your business reputation.
You may have heard about the ransomware attack on Colonial Pipeline on Friday. They brought in specialists to examine the evidence to determine what happened, restore normal operations, and secure systems. Often this means replacing entire systems and networks. We’ve heard the IT people and the company management will suffer PTSD-like symptoms due to the stress involved. Of course this is all very expensive – not to mention hefty ransom payments that may be involved. Read more...
used with permission from FTC.gov., by Andrew Smith, Director, FTC Bureau of Consumer Protection
Mention the word “ransomware” at a meeting of small business owners and you’ll feel the temperature in the room drop by 20 degrees. A ransomware attack is a chilling prospect that could freeze you out of the files you need to run your business. When FTC staff met with business owners across the country, you cited ransomware as a particular concern. New resources from the FTC can help protect your company from this threat.
Ransomware: How It Happens
What is a ransomware attack? It can start innocently enough. An employee clicks on a link, downloads an email attachment, or visits a website where malicious code is lurking in the background. With just one keystroke, they inadvertently install software that locks you out of your own files. The cyber crook then demands a ransom, often in the form of cryptocurrency. Read more...
used with permission from Microsoft Secure, by Michael Melone, Principal Cybersecurity Consultant, Enterprise Cybersecurity Group
Earlier this year, the world experienced a new and highly-destructive type of ransomware. The novel aspects of WannaCry and Petya were not skills as ransomware, but the combination of commonplace ransomware tactics paired with worm capability to improve propagation.
WannaCry achieved its saturation primarily through exploiting a discovered and patched vulnerability in a common Windows service. The vulnerability (MS17-010) impacted the Windows Server service which enables communication between computers using the SMB protocol. Machines infected by WannaCry propagate by connecting to a nearby unpatched machine, performing the exploit, and executing the malware. Execution of the exploit did not require authentication, thus enabling infection of any unpatched machine.
Petya took this worming functionality one step further and additionally introduced credential theft and impersonation as a form of worming capability. These techniques target single sign-on technologies, such as traditional domain membership. Read more...
used with permission from Norton by Symantec
Malicious software that uses encryption to hold data for ransom has become wildly successful over the last few years. The purpose of this software is to extort money from the victims with promises of restoring encrypted data. Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it. Ransomware, as it is known, scores high profile victims like hospitals, public schools and police departments. Now it has found its way into home computers.
The nefarious ransomware business model has turned out to be a lucrative industry for criminals. Over the years its ill repute has made law enforcement team up with international agencies to identify and bring down scam operators.
Most of the ransomware attacks that have taken place in the past have been linked to poor protection practices by employees. Read more...
used with permission from Microsoft US Small and Midsize Business Blog
Not long ago, I blogged here about a new type of cybercrime called ransomware. But when it comes to cyber crooks, apparently they’re also using some old-fashioned methods to breach businesses’ systems. The 2017 Annual Cybersecurity Report from Cisco shows cybercrime is growing. Here’s what could be at risk for your business.
How are cyber crooks getting in?
While highly complex cyber attacks are increasing, the Cisco report notes that “classic” attacks are on the rise as well. For example, adware that gathers information about a user’s computer without telling them and malicious spam emails are common attack methods. In fact, spam is flying at levels not seen since 2010. According to the report, almost two-thirds (65 percent) of all email is spam, and 8 percent to 10 percent of spam is malicious.
Another risk for businesses is when employees select and use their own third-party cloud apps on company computers. Read more...
A new ransomware attack called Petya, PetyaWrap, or GoldenEye began spreading worldwide on June 27th, and it looks similar to the WannaCry outbreak in May. It targets Microsoft Windows operating systems and so far reports show that all systems from XP to Windows 10 are susceptible.
Petya looks to be more sophisticated than WannaCry and doesn’t have the same flaws that allowed a “killswitch” to slow down WannaCry’s progress. This means Petya may be a more virulent attack and harder to slow down and stop, although experts are saying they hope the patching of the known exploits it uses after the WannaCry outbreak may limit its impact.
Petya delivers two nasty payloads: ransomware which targets a computer’s entire file system and an information stealer which extracts usernames and passwords from other machines in the network.
So far, this outbreak takes advantage of the same EternalBlue exploit as last month’s WannaCry attack. Read more...
We have recognized that systems that are not actively managed or have no system access management policies are exceptionally susceptible to the current version of ransomware.
What Is Ransomware and Troldesh?
Troldesh is a form of malicious software called ransomware. If infected, your data, and often every fileshare on your network is encrypted and you will be asked to pay a “ransom” to get a key to access your information. Resolving ransomware issues is possible, but ransomware infections remain a significant expense and a huge productivity drain for business.
Now is the time to make sure you have good network security and good security practices in place to limit your exposure to these attacks.
What Is a Sign of Troldesh Infection?
If you notice files with a .XTBL extension on the end, these files are the first clue that a computer or server on your network has been infected by Troldesh. Read more...
used with permission from Norton by Symantec
By Kevin Haley, Director, Symantec Security Response
I despise all forms of bullying. Perhaps the one I hate most of all is where the bully takes a personal item, snatching it from you, and refuses to give it back. It’s dangled right in front of you, but held just out of reach. You’ll only get it back after doing whatever the bully wants.
Ransomware is an on-line form of the bully’s game of keep-away. Here, the bully gets on your computer and takes your personal files -words documents, photos, financial information, all the things you care about. Those files are still on your computer, dangling in from of you, but they are encrypted now, useless to you. In order to get them unencrypted, you’ll need to pay the bully 300-500 dollars.
This is the fastest growing crime on the Internet. It grew by 4500% in 2014, and shows no signs of stopping, its just too profitable for the bullies. Read more...
used with permission from Norton by Symantec
by Nadia Kovacs
Ransomware is a form of malware that will lock files on a computer using encryption. Encryption converts files into another format, like a secret code and can only be decoded by a specific decryption key.
Types of Ransomware
Ransomware can present itself in two forms.
- Locker ransomware will encrypt the whole hard drive of the computer, essentially locking the user out of the entire system.
- Crypto ransomware will only encrypt specific, seemingly important files on the computer, such as word documents, PDFs and image files.
Once the ransomware installs itself, it will display a warning message, usually from the FBI or other government agency, notifying the user that illegal content has been found and that the computer is now locked. The user is given a specific amount of money to pay as a “fine” and a timeframe in which to pay. Read more...