Showing posts with label Ransomeware. Show all posts
Showing posts with label Ransomeware. Show all posts

Tuesday, 16 May 2017

WannaCry: Everything You Need To Know About the Ransomware Sweeping the Globe

WannaCry – Ransomware Programme – Microsoft Windows OS

WannaCry is said to be a ransomware programme affecting Microsoft Windows operating system. A huge cyber-attack utilising it had been launched on May 12, 2017 infecting over 230,000 computers in about 150 countries demanding ransom payments in 28 languages in the cryptocurreny bitcoin. The outbreak spreads by various systems inclusive of phishing emails and on unpatched systems as computer worm which has been defined by Europol as first-time in scale.

 It was the worst ransomware attack ever faced in the world driving thousands to tears all across the world. WannaCry has held out a blatantwarning regarding the susceptibilities of our digital inter-linked presence. WannaCry is also known as WannaCrypt bug that encodes data on a computer within a few seconds displaying message demanding from the user to pay a ransom of $300 in Bitcoins to restore access to the device together with the data with it.

 Most surprisingly the attack also had affected the National Health Service of the United Kingdom obstructing surgeries together with the other critical patients’ treatment all over the British Isles making confidential information and documents of patient inaccessible. Several types of malware affecting a computer are available which may vary from those that may tend to steal your information to those that could delete information which is on the device.

ExternalBlue Exploit

Ransomware as the name indicate foils the user from accessing their devices as well as their data till a definite ransom has been paid to the initiator wherein the computers are locked and encrypts the data on it, thus preventing software together with the apps from functioning. The attack had affected Telefonica together with the other huge companies in Spain together with Britain’s National Health Service NHS, FedEx, Deutsche Bahn and LATAM Airlines.

Other targets in around 99 countries had also been reported to have affected around at the same time. WannaCry is said to have utilised the EternalBlue exploit that had been invented by the U.S. National Security Agency – NSA to gain access to Microsoft Windows computers that had been utilised by terrorist outfits and enemy statesin order to affect computers running Microsoft Windows operating systems.

EternalBlue tends to exploit vulnerability MS17-010 in in implementation of the Server Message Block – SMB protocol of Microsoft. Although a patch to eliminate the underlying susceptibility for the supporting systems, - Windows Vista and later operating systems, had been issued on 14th March 2017, delay in apply security updates together with the absence of support by Microsoft of legacy varieties of Windows had left several users helpless.

Under Control – Malware Tech

Owing to the measure of the attack and dealing with the unsupported Windows system together with an effort of controlling the spread of the ransomware, Microsoft had taken the unusual step of releasing the updates for all the earlier unsupported operating systems from Windows XP onwards.

The attack had been brought under control by a security researcher, an accidental hero who has asked to be identified only as a MalwareTech. He has discovered a hard-coded security control in the form of a connection to a ridiculous domain name and had bought the domain name for $10.69. This had triggered thousands of pings from attacked devices and killed the ransomware together with its spread.

Had this not been surfaced, there would have been millions of computers all over the world supposedly locked within a few days thus disturbing in all types of global services. Several surgeries had been reported to have been postponed, x-rays were cancels and ambulances had been called back within hours of the attack in the UK where a minimum of 40 hospitals under NHS had been affected.

Shadow Broker

Fear of this type of an attacked had been speculated for a long time which would bring public utilities or transport system to a stop compelling the government to pay a huge amount to bring the service back to normal. This had occurred though for a few hours on Friday 12th May. Interestingly a group known as Shadow Broker had stolen the NSA tool in April who had been unhappy with Donald Trump, the US President whom they had voted for. Microsoft had claimed that it had released a security update addressing the susceptibility which these attacks had exploited in March and had advised users to update their system to deploy latest patches.

 But in India, regular updates were not done since most of the official computers tend to run Windows and hence the exposure could be great. Personal online data have now been linked to Aadhaar data of more than a billion India.

Regional Director, ComTIA India, Pradipto Chakrabarty had mentioned that the linking of Aadhaar to bank accounts, income-tax together with other personal information has given rise to threat. Since the bank account of the user is connected with his Aadhaar number, the ransomware could probably lock down the account making it inaccessible unless a ransom has been paid.
Common Phishing Tactics
The Head of Asia Pacific, Corporate Business at F-Secure Corporation, Amit Nath had stated that success of the WannaCry ransomware attack has the potential of giving hostile nation state a cause to create cyber weapons where there could be no hope of recovering the data and it could be the worst case scenario.

One post accredited to the Principal Security Group Manager, Microsoft Security Response Centre, Phillip Misner had mentioned that the attacks had been utilising common phishing tactics such as malicious attachments asking users to be cautious while opening attachments and the least one could do is to refrain from clicking links which cannot be trusted and stop downloading software from the unfamiliar sources.

 F-Secure had also emphasized on the need of a four-phase approach to cyber-security – Predict, Prevent, Detect and Respond, wherein you predict by performing an exposure analysis. Prevent by organizing a defensive solution in reducing the attack surface. Respond by defining on how a breach tends to occur and what are the impacts it tends to have on the systems, detect by monitoring infrastructure for any indications of intrusion or any suspicious behaviour.

Monday, 18 July 2016

Cheap Ransomware Takes Files Hostage


Stampado Malware – No Administrator Rights to Infect Computers

A Malware has been spottedby online security firm Heimdal on the dark web, which is a part of the World Wide Web which is not indexed by regular search engines and which needs specialists’ software or approval on access. The malware tends to give the victims 96 hours to pay a ransom before it tends to being deleting files from their PC. It is said that if the ransom is not paid, it continues to delete random file every six hours.

The newly discovered threat is known as Stampado malware and is said to be on sale for less than $50 for a lifetime licence. The difference between Stampado and the other malware alternatives is that it does not require administrator rights to begin infecting the computers. Ramsomware is malicious software which tends to ascent the data on the users’ PC and thereafter probes for payment before restoring the data to its original state.

The price of unlocking data may differ, with users usually paying a few hundred pounds and businesses a few thousand. A security firm Heimdal had mentioned in a blog that `cryptoware is a big segment of the malware economy, malware creators have to constantly release new products to keep their clients engaged and the money flowing. Researchers at Intel Security, in June, had mentioned that they had seen an alarming rise in the volume of ransomware available to hackers. They had informed that they had logged 124 individual variants of the malware.

Ransomware Attacks Doubled in Past Years

The FBI had also stated that it had envisaged ransomware attacks doubled in the past years, with over 2,400 complaints that had come up. The estimated losses from these attacks amounted to $24m within that timeframe. In recent months, banks, educational institutions and hospitals had all been affected by these attacks. Several made attempts of solving the issue internally before making the payment of any ransoms.Experts are of the opinion that the best way individuals can protect against ransomware is to back up files elsewhere outside the computers like an external hard drive or the cloud. In order to combat the cyber occurrence on a state level needs the efforts of the N.J. Office of Homeland Security and Preparedness. Dave Weinstein, New Jersey’s first chief technology officer, stated that federal departments have their focus on protecting national assets from cyber-attacks, in an effort of protecting the whole country but that could overlook several smaller objects which would only disturb state residents if disabled.

Ransomware a Serious Threat

He further added that there are a majority of assets in the state which tend to fall below the very high verge that if stuck unfavourably it would not influence the nation as a whole but would certainly affect the residents as well as the business of the state of New Jersey. The cyber security division of OSHP, earlier helmed by Weinstein also tracks dozens of well-known ransomware alternatives to inform victims on the decision of paying the attackers or not. Ransomware seems to be a very serious threat and the negative impact it tends to have on individual or corporation relates to the effort, cost and time connected in restoring the systems and devices back to its original working state. On comprehending the cost of recovery, the monetary as well as reputation, the victims are left with an option of paying or move forward with a recovery plan if one tends to exist.