Showing posts with label Ransomware. Show all posts
Showing posts with label Ransomware. Show all posts

Tuesday 18 July 2017

Terrifying LeakerLocker Ransomware Can Send Your Most Embarrassing Private Photos to Friends


New ransomware threat found- notorious for sending embarrassing photos to all friends

Ransomware threat doesn’t seem to end any soon. Security experts have found a new one which is notoriously designed to find the private photos of the victims and send it across all their contacts present in the address book. This particular threat has been discovered by a team of experts at the renowned cyber security firm McAfee and this virus has been named as LeakerLocker. This virus has the ability to lockdown the phone and threatens the victim of sending out the private images to all the numbers or addresses present on the phone.

£39 ransom for saving ‘grace’

Like any other ransomware this also has a similar modus operand wherein victim’s phone is locked and a ransom is asked for. In this case users are threatened with sending out the embarrassing photos unless the victim is willing to pay £38 to save his or her modesty. Most of the victims are most likely to pay the token amount in order to save them from humiliation but this is resulting in attackers laughing to the bank.

Earlier ransomware threats

Just a few months back a worldwide ransomware attack was launched which was called WannaCry and this virus is also the same one. WannaCry went on to bring the NHS right to its knees while quite recently McAfee security experts found a virus on the Google Play store which doesn’t really went all the way to encrypting the files but it was still evil in its working. This virus was found in two apps present on the Google Play Store namely “Booster & Cleaner Pro” and “Wallpapers Blur HD”.

However LeakerLocker kept itself below the security experts radar by settling with a really modest ransom. However it did go ahead with making a backup of the phone’s sensitive data and threatened to leak it all to the user’s contacts unless it demands are met which was just £38.

How bad is LeakerLocker?

Any phone infected with the LeakerLocker showcases a ransom threat on the screen which states that all the data present on the device would be sent out to ever person present in the phone contact list and email contact list. Victims are required to pay a modest ransom amount of $50 if they wish to abort this action. It even suggests that there is no other way of deleting the data from the device but it can be done through paying the ransom. If any victim tries to harm the phone or power off the device then it wouldn’t mean that the threat is avoided rather attackers has very smartly backed up all the data in cloud from where it can be sent to the copies email and contact list of the victim.

Security experts at McAfee has clarified that the claims in the form of threats made by this ransomware is not completely true. This virus is not capable enough to access, read or leak every data present in the phone device. But it is banking on the fear of private photos leaking onto every known person of the victim is enough to get $50 ransom easily out of the victims.

Tuesday 16 May 2017

WannaCry: Everything You Need To Know About the Ransomware Sweeping the Globe

WannaCry – Ransomware Programme – Microsoft Windows OS

WannaCry is said to be a ransomware programme affecting Microsoft Windows operating system. A huge cyber-attack utilising it had been launched on May 12, 2017 infecting over 230,000 computers in about 150 countries demanding ransom payments in 28 languages in the cryptocurreny bitcoin. The outbreak spreads by various systems inclusive of phishing emails and on unpatched systems as computer worm which has been defined by Europol as first-time in scale.

 It was the worst ransomware attack ever faced in the world driving thousands to tears all across the world. WannaCry has held out a blatantwarning regarding the susceptibilities of our digital inter-linked presence. WannaCry is also known as WannaCrypt bug that encodes data on a computer within a few seconds displaying message demanding from the user to pay a ransom of $300 in Bitcoins to restore access to the device together with the data with it.

 Most surprisingly the attack also had affected the National Health Service of the United Kingdom obstructing surgeries together with the other critical patients’ treatment all over the British Isles making confidential information and documents of patient inaccessible. Several types of malware affecting a computer are available which may vary from those that may tend to steal your information to those that could delete information which is on the device.

ExternalBlue Exploit

Ransomware as the name indicate foils the user from accessing their devices as well as their data till a definite ransom has been paid to the initiator wherein the computers are locked and encrypts the data on it, thus preventing software together with the apps from functioning. The attack had affected Telefonica together with the other huge companies in Spain together with Britain’s National Health Service NHS, FedEx, Deutsche Bahn and LATAM Airlines.

Other targets in around 99 countries had also been reported to have affected around at the same time. WannaCry is said to have utilised the EternalBlue exploit that had been invented by the U.S. National Security Agency – NSA to gain access to Microsoft Windows computers that had been utilised by terrorist outfits and enemy statesin order to affect computers running Microsoft Windows operating systems.

EternalBlue tends to exploit vulnerability MS17-010 in in implementation of the Server Message Block – SMB protocol of Microsoft. Although a patch to eliminate the underlying susceptibility for the supporting systems, - Windows Vista and later operating systems, had been issued on 14th March 2017, delay in apply security updates together with the absence of support by Microsoft of legacy varieties of Windows had left several users helpless.

Under Control – Malware Tech

Owing to the measure of the attack and dealing with the unsupported Windows system together with an effort of controlling the spread of the ransomware, Microsoft had taken the unusual step of releasing the updates for all the earlier unsupported operating systems from Windows XP onwards.

The attack had been brought under control by a security researcher, an accidental hero who has asked to be identified only as a MalwareTech. He has discovered a hard-coded security control in the form of a connection to a ridiculous domain name and had bought the domain name for $10.69. This had triggered thousands of pings from attacked devices and killed the ransomware together with its spread.

Had this not been surfaced, there would have been millions of computers all over the world supposedly locked within a few days thus disturbing in all types of global services. Several surgeries had been reported to have been postponed, x-rays were cancels and ambulances had been called back within hours of the attack in the UK where a minimum of 40 hospitals under NHS had been affected.

Shadow Broker

Fear of this type of an attacked had been speculated for a long time which would bring public utilities or transport system to a stop compelling the government to pay a huge amount to bring the service back to normal. This had occurred though for a few hours on Friday 12th May. Interestingly a group known as Shadow Broker had stolen the NSA tool in April who had been unhappy with Donald Trump, the US President whom they had voted for. Microsoft had claimed that it had released a security update addressing the susceptibility which these attacks had exploited in March and had advised users to update their system to deploy latest patches.

 But in India, regular updates were not done since most of the official computers tend to run Windows and hence the exposure could be great. Personal online data have now been linked to Aadhaar data of more than a billion India.

Regional Director, ComTIA India, Pradipto Chakrabarty had mentioned that the linking of Aadhaar to bank accounts, income-tax together with other personal information has given rise to threat. Since the bank account of the user is connected with his Aadhaar number, the ransomware could probably lock down the account making it inaccessible unless a ransom has been paid.
Common Phishing Tactics
The Head of Asia Pacific, Corporate Business at F-Secure Corporation, Amit Nath had stated that success of the WannaCry ransomware attack has the potential of giving hostile nation state a cause to create cyber weapons where there could be no hope of recovering the data and it could be the worst case scenario.

One post accredited to the Principal Security Group Manager, Microsoft Security Response Centre, Phillip Misner had mentioned that the attacks had been utilising common phishing tactics such as malicious attachments asking users to be cautious while opening attachments and the least one could do is to refrain from clicking links which cannot be trusted and stop downloading software from the unfamiliar sources.

 F-Secure had also emphasized on the need of a four-phase approach to cyber-security – Predict, Prevent, Detect and Respond, wherein you predict by performing an exposure analysis. Prevent by organizing a defensive solution in reducing the attack surface. Respond by defining on how a breach tends to occur and what are the impacts it tends to have on the systems, detect by monitoring infrastructure for any indications of intrusion or any suspicious behaviour.

Thursday 15 December 2016

Popcorn Time Ransomware Offers to Restore Your Files for Free — If You Infect Two Friends

Popcorn Time Ransomware
Instead of luring users into clicking on the link and then asking for money hackers has come up with an innovative approach. Ransomware has been in vogue for almost a decade where modus operandi has become standardized. This has helped hackers in doing way with billions of dollars in last decade by taking way the control over the files or networks and devices leaving user’s at hacker’s wisdom. Most of the time user decides to pay upfront and get back the critical data or simply lose it by wiping up the machine. With constant campaign against such malpractices and attacks people have vigilant and the ransomware cases started to die down but didn’t went way at all.

Hackers have come up with an innovative alternative wherein the ransomware offers an opportunity to recover the files by simply making your two friends victim of the same.

New Ransomware ‘Popcorn Time’

This new ransomware has been named ‘Popcorn Time’ which offers a lucrative deal to the victims by asking them to infect two other friends in order to safeguard their own data. This ransomware is designed to find all the files present on the desktop along with the files present in My Documents folder and encrypt them using the AES-256 encryption.

Like every other ransomware this one also asks users to pay up in Bitcoin in order to salvage their files and the price is set at just 1 Bitcoin which amounts to $780. Secondly the warning screen also lays down the instruction for paying in the Bitcoins in case a user is not so familiar with this popular cyrpto currency. Even after paying the money users should understand that entering the decryption key wrongly for more than four time will result in losing all the data.

Apart from it this malware also offers an opportunity to get back the files by simply infecting any two of your friend’s system. Victims are simply required to click on the link containing the unique ID which will help in downloading the malware. Simply forward it to your friends and save your files is the modus operandi here.

Hackers living up to their bargain

Most of the promises made by the hackers are not kept but this ransomware originators are showing never seen before honor among the hackers attitude. When a user pays the ransom then he gets a decryption key which helps in restoring the files and it is old school. If ransom is unpaid then that data is lost forever. In a number of cases affected users even after paying up the ransom users were unable to get their data back.

Security analysts and firms are actively working towards finding decryption keys for some of the popular ransomware infections which will offer a free way of getting back the files to the victims. But such initiatives will become obsolete if hackers start using Popcorn Time or its enhanced variants in future which encourage towards making other infected in order to save their skins.

Monday 18 July 2016

Cheap Ransomware Takes Files Hostage


Stampado Malware – No Administrator Rights to Infect Computers

A Malware has been spottedby online security firm Heimdal on the dark web, which is a part of the World Wide Web which is not indexed by regular search engines and which needs specialists’ software or approval on access. The malware tends to give the victims 96 hours to pay a ransom before it tends to being deleting files from their PC. It is said that if the ransom is not paid, it continues to delete random file every six hours.

The newly discovered threat is known as Stampado malware and is said to be on sale for less than $50 for a lifetime licence. The difference between Stampado and the other malware alternatives is that it does not require administrator rights to begin infecting the computers. Ramsomware is malicious software which tends to ascent the data on the users’ PC and thereafter probes for payment before restoring the data to its original state.

The price of unlocking data may differ, with users usually paying a few hundred pounds and businesses a few thousand. A security firm Heimdal had mentioned in a blog that `cryptoware is a big segment of the malware economy, malware creators have to constantly release new products to keep their clients engaged and the money flowing. Researchers at Intel Security, in June, had mentioned that they had seen an alarming rise in the volume of ransomware available to hackers. They had informed that they had logged 124 individual variants of the malware.

Ransomware Attacks Doubled in Past Years

The FBI had also stated that it had envisaged ransomware attacks doubled in the past years, with over 2,400 complaints that had come up. The estimated losses from these attacks amounted to $24m within that timeframe. In recent months, banks, educational institutions and hospitals had all been affected by these attacks. Several made attempts of solving the issue internally before making the payment of any ransoms.Experts are of the opinion that the best way individuals can protect against ransomware is to back up files elsewhere outside the computers like an external hard drive or the cloud. In order to combat the cyber occurrence on a state level needs the efforts of the N.J. Office of Homeland Security and Preparedness. Dave Weinstein, New Jersey’s first chief technology officer, stated that federal departments have their focus on protecting national assets from cyber-attacks, in an effort of protecting the whole country but that could overlook several smaller objects which would only disturb state residents if disabled.

Ransomware a Serious Threat

He further added that there are a majority of assets in the state which tend to fall below the very high verge that if stuck unfavourably it would not influence the nation as a whole but would certainly affect the residents as well as the business of the state of New Jersey. The cyber security division of OSHP, earlier helmed by Weinstein also tracks dozens of well-known ransomware alternatives to inform victims on the decision of paying the attackers or not. Ransomware seems to be a very serious threat and the negative impact it tends to have on individual or corporation relates to the effort, cost and time connected in restoring the systems and devices back to its original working state. On comprehending the cost of recovery, the monetary as well as reputation, the victims are left with an option of paying or move forward with a recovery plan if one tends to exist.

Wednesday 13 April 2016

The Ransomware That Knows Where You Live


Ransomware - Scam Email Quoting People’s Postal Addresses -

As per security researcher, an extensively distributed scam email quoting people’s postal addresses tends to link to a dangerous kind of ransomware. After getting to know of an episode of BBC Radio 4’s You and Yours that discuss about the phishing scam, Andrew Brandt, of US firm Blue Coat had got in touch with BBC. He found that the emails seemed to be linked to ransomware known as Maktub.

The malware tends to encrypt the files of the victims, demanding a ransom to be paid before they can be unlocked. The recipients were told by the phishing emails that they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking a link. However, according to Mr Brandt that leads to malware. One of the said emails had been received by You and Yours reporter, Shari Vahl. Mr Brandt had informed BBC that `it was incredibly fast and by the time the warning message had appeared on the screen, it had already encrypted everything of value on the hard drive, it happened in seconds’. Maktub does not only demand a ransom but it tends to increase the fee which needs to be paid in bitcoin, as time passes.

Addresses Highly Precise

One of the website connected with the malware had explained that during the first three days, the fee is at 1.4 bitcoins or around $580 and rises to 1.9 bitcoins or $799 after the third day. The recipients are told by the phishing emails that they owe money to British business and charities when they do not owe them anything. One of the organisations named was Koestler Trust, a charity that tends to help ex-offenders and prisoners produce artwork.

Chief executive Sally Taylor told You and Yours that they rely on generous members of the public and was very distressed when they discovered that people felt they had received emails from them asking for money when they had not been generated by them at all. A remarkable feature of the scam was that they included not only the victim’s name but the postal address as well. Several of them including the BBC staff had noticed that the addresses were generally highly precise.

Data Derived from Leaked/Stolen Databases

As per cybersecurity expert at the University of London, Dr Steven Murdoch, it is yet not clear how scammers were able to gather people’s addresses and link them to names and emails. The data could have been derived from a number of leaked or stolen databases for instance making it difficult in tracking down the source.

Many of the people had got in touch with You and Yours team to inform that they were concerned that the data could have been taken from their eBay account since their postal addresses had been stored in the same format there as they seemed to appear in the phishing emails.

The firm had mentioned in a statement that eBay tends to work aggressively in protecting customer data and privacy which is their highest priority and they are not aware of any link between this new phishing scam and the data of eBay. In an effort of creating the safest, environment possible for their customers, they tend to constantly update their approach to customer data security.