March 2018 - MonsterCloud

26 Percent of Enterprises Got their Data After Paying Ransomware Operators

March 31, 2018

Ransomware attacks are getting bigger and severe in their scope by time. We can see the evil prowess of ransomware attacks at display in Atlanta where the city’s municipal system has become a hostage to the attackers virtually.

Demanding a sum of money for ransomware decrypt is the main catch for the instigators of such attacks. Therefore, there is a perception that by paying a ransom you can restore the ransomware files. However, reality is quite contrary to that, as claimed by a report from Software Company SentinelOne surveying hundreds of US businesses.

According to the report, companies that pay the hackers in the wake of ransomware attack often experience a double whammy i.e. they don’t get their encrypted files back and become victim of ransomware attacks again.

The report says that only 26 percent of the companies paid at least one ransom had their files unlocked. Moreover, they are two-third chances that the companies paying the ransom again become the target of ransomware.

Therefore, The US department of Homeland Security advises against paying a ransom since this trend can lead into forming a business model for organized crimes. But still tech industry seems divided on the issue. For many, paying ransom is the shortest and easiest way to restore ransomware files.

The report also highlights another trend in paying the ransom money to the attackers. Security professionals from more than 500 companies reported that half of the times employees paid the ransom without consulting IT security teams and experts. For that matter, the average ransoms paid by US companies are higher than the global average.

Another worrying fact established by the report is the average amount of business loss, which is closing on to one million dollars. Ransom, loss of work and time consumed in tackling the situation are factored in to estimate this cost. On average, 44 work hours are spent in tackling a ransomware attack.

Regarding the vulnerability that led to the attack, more than half of the companies think incompetence of legacy antivirus protection was the reason. Reviewing the report, VP of SentinelOne thinks that ransomware attackers are only treating companies as their teller machines.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.

Atlanta Ransomware Attack Still Unresolved

March 29, 2018

It’s being considered one of the most significant cases of ransomware attack in recent memory. The city government’s spokesperson reiterated last week that the situation was under control. He further said that they would soon gain back control but it appears as if despite help from Microsoft and Cisco, they still haven’t. For two weeks, the city of Atlanta has been held hostage by a ransomware which was able to infect its city district office computers and effectively accomplish two tasks.

First, it as encrypted the city district’s entire database which means right now none of the city officials have any access to information regarding millions of its own citizens. Secondly, the perpetrators of this ransomware might have accessed confidential data files about the city’s citizens, such as criminal, medical and insurance records. There have multiple ransomware removal attempts that have all failed.

On Saturday, rumors began circulating that the city had given in to the hackers’ demands and paid the $51,000 ransom demanded. However, the city district’s headquarters’ computers remain encrypted which has resulted in speculation that the hackers had gone back on their promise. The mayor has so far declined to comment on the authenticity of the rumor.

As per the last update, the city officials were coordinating with the Feds, Microsoft and Cisco to repair ransomware files on some of the more vital PCs, but there has been no news about success in any of these cases.

The ransomware decryption of the city district has led to some vital services being disrupted such as the Department of Public Works and its website, ATL311. Some of the citizens have recorded their fears about this ransomware expanding to other such necessary services, such as 911. As a preventive measure, the officials at the city district have been advised not to turn on their computers. Hospitals and the Sherriff’s office have similarly turned off their servers temporarily.

The life in the city has come to a cyber standstill as citizens are being advised against using the public networks unless absolutely necessary. Officials are claiming that efforts to remove ransomware have been going round the clock and will continue until a breakthrough is made.

While it is possible to remove the Dharma Ransomware virus from your system, it isn’t possible to decrypt the encrypted files without the keys.

Thanatos Ransomware becomes the first to use Bitcoin cash

March 29, 2018

Ransomware developers are constantly releasing new and improved variations of ransomware. Though most of the time, IT experts are able to come up with a secure protection tool, ransomware developers can hold data hostage for as little as 3 hours before they decide to remotely erase everything. The fear factor has been able to extract extraordinary sums from victims.

Just this week, it has emerged that an obscure ransomware like SamSam had made $850,000 since December 2017, while the total cash accumulated by ransomware attacks for 2017 was close to $16 million worldwide, according to a research report.

Money has always been the primary factor behind any ransomware attack. However, since the beginning of 2017 the definition of money has undergone a significant change as well. This has become even clearer after the recent Thanatos ransomware attack which has left thousands of users infected, with a ransom note demanding payment in bitcoins. Bitcoin has effectively become the currency of choice for ransomware developers.

However, greed has also become a notable factor in these instances. What makes Thanatos unique is not its impact but its flaws. The ransomware is full of bugs and broken code. There is no ransomware removal technique that can remove ransomware that is itself broken. It infects the computer but due to its bugs, it cannot be properly decrypted either by the Unique Key or ransomware removal tool.

There is another aspect that makes Thanatos unique; it is the first ransomware that officially accepts Bitcoin Cash. The ransomware also accepts Bitcoin and Etherum but the added option of Bitcoin Cash is the first that has been noted in the years since cryptocurrency gained popularity among ransomware developers.

The ransom note for this ransomware is generated via an autorun key called “Microsoft Update System Web-Helper”. A readme.txt file will be generated where the user can find instructions on how to make the $200 Bitcoin cash payment.

To remove ransomware of this kind, it is recommended that you use System Restore as the bugs in the ransomware make it impossible to crack. Keeping a regular backup of your files makes it easier to perform a System Restore or even a Windows reinstallation.

For assistance with file recovery and ransomware removal, please contact MonsterCloud – cyber security experts for a professional ransomware removal.