Boris Zion, Author at MonsterCloud

13 posts, 0 comments

Ransomware 101: History of Ransomware (The Ultimate Development of Crypto Ransomware)

June 1, 2018

During the nascent phase, we saw how crypto ransomware was introduced in its most basic form. But due to easy and quick ransomware removal, they couldn’t properly take off to become a viable business option for cybercriminals.

However, by 2013, the cryptovirological developers overcame the majority of the issues in their scripting to make their attacks more supple, effective and lethal. The threat of ransomware organizations and individual users facing today had acquired this form five years ago.

Crypto ransomware of today is very effective with its encryption algorithm. Moreover, it is more effective in infiltrating networks and devices. For that reason, ransom demands have also become pricey. An average extortion demand is now $300 for a regular ransomware attack. In addition, more comprehensive and exhaustive ransomware removal activities are now required to disinfect the affected devices.

What Crypto Ransomware Operators Learnt From Earlier Mistakes?

First thing crypto ransomware operators did was to drop symmetric encryption and adopted asymmetric algorithms. However, it also became ineffective after some time after security experts developed ransomware removal measures for it. Later, cryptovirological operators integrated Triple Data Encryption and Advanced Encryption Standard in their crypto strains.

This transition drastically improved the encryption regimen of crypto ransomware. Moreover, they started to develop unique decryption keys for multiple activities of the same strain. Earlier, a single decryption key could be used for ransomware removal on multiple devices affected by a similar strain. Crypto ransomware operators have also stopped to store decryption key in the payload because security experts started to succeed in retrieving it.

Nevertheless, some loopholes are still dug by security experts to neutralize the activity of crypto ransomware. Moreover, the growing trend of maintaining data backups has also factored in making ransomware activities ineffective.

This is the reason ransomware operators are now shifting their focus to target entities working in public domain. For instance, healthcare ventures are the new pick of ransomware operators because they severely get affected regardless of backups and quick ransomware removal measures.

It seems like this unannounced scuffle between cryptovirological operators and security experts will continue.

Is increased lawmaking the answer to stopping Ransomware?

May 14, 2018

One of the most frequently asked questions related to cyber security in 2017 was, “How to remove ransomware?” There are a lot of ransomware removal tools as well as unconventional methods available online that claim to remove ransomware. However, none of them have been able to provide a realistic and potent solution to the problem.

Not only was there a surge in ransomware attacks in 2017, the amount of money being swindled by the perpetrators crossed the billion dollar mark. It has become a cyber threat to not only businesses but also the public and government agencies. The recent ransomware attack in Atlanta serves as perhaps the best example of how bold the masterminds behind ransomware have become. Even though Microsoft assisted the city in order to remove ransomware, in the end, the city district admitted that data worth millions of dollars had been compromised.

Though there are continuous efforts being undertaken in order to design a potent ransomware removal website, there is a lack of proper legislation regarding ransomware.

It might sound unbelievable, but even if the perpetrators of these ransomware attacks are caught, there is a distinct lack of laws to try them under. As long as there is no firm legal foundation, this effort to remove ransomware will always be unfruitful.

There are only a handful of states that have passed any meaningful reform in order to enact laws regarding ransomware. Georgia has a law that criminalizes the possession of ransomware while Connecticut, Texas and California have formally enacted several laws that criminalize the development of ransomware without due approval. These laws are considered as major milestones that will prove beneficial in the fight to remove ransomware as a major cyber threat to both businesses and the public.

There have been talks that the top tech firms are working with the government agencies to develop ransomware removal tools that can provide protection against ransomware attacks and pinpoint where the attack originated from.

A prototype of a similar program was instrumental in pointing out that the notorious WannaCry malware may have originated from Russia adding fuel to suspicions that there might be a foreign hand involved in the surge of ransomware attacks in 2017 in the US.

Michigan Declares Possession of Ransomware a Punishable Offense

April 5, 2018

This Monday, the governor of Michigan approved two bills introduced by the state legislators to deter the ongoing prevalence of ransomware attacks. Both of the bills were formulated to severely criminalize ransomware and associated activities. According to the new cyber legislation of Michigan, any person possessing ransomware can be punished to up to three years of jail time as per the nature and extent of his activity.

Initially the lawmakers wanted to set 10 year prison time for ransomware offences. However, after several discussions on the floor, it was cut down to three years. According to the main sponsor of the Bill, House rep. Brandt Iden, these bills were introduced to fix a legislative ambiguity where law can only punish perpetrators for introducing ransomware, but not for owning it.

As per the new bill, any arrested cyber criminal can end up in jail if a ransomware is found in his possession whether it was used to infect any system or not. Both the bills received overwhelming support from the both houses of the state’s parliament.

Experts think that it will make it easier for law enforcement agencies to chase down the alleged cyber criminals involved in the development of ransomware codes and their affiliates. Some are also hopeful that the criminalization of ransomware possession will also help in curbing the burgeoning business of Ransomware-as-a-Service (RaaS).

Read Also: “Ransomware-as-a-service Playing Crucial Role in the Prevalence of Ransomware Attacks”

Felony of ransomware possession will be treated like any other crime where prosecutors have to prove the false intent of the alleged individual before charging him for ransomware possession.

Moreover, Michigan lawmakers have put some thought while devising the bills unlike their Georgian counterparts and allows the possession of ransomware by security experts for research works. Aside from performing ransomware repairs, it seems like digital security experts will now also help the state to prove the malicious intent of cyber criminals caught with ransomware.

According to the statistics furnished by the Federal Bureau of Investigation, in 2017 individuals and enterprises in Michigan experienced more than 1,300 ransomware attacks resulted in the losses of $2.6 million including ransomware repairs.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.

Ransomware-as-a-service Playing Crucial Role in the Prevalence of Ransomware Attacks

April 2, 2018

Ransomware attacks are getting bigger and better in their scope. Wide-reaching destructions of NotPetya and WannaCry are some recent examples where ransomware attacks have even brought about tensions between countries.

Moreover, a research report indicates that nearly half of the companies were hit by ransomware attacks last year and majority of them were targeted more than once. The research was conducted by a British security software company Sophos on the current state of endpoint security of digital systems. Businesses that got affected by ransomware in 2017 had to spend $133,000 on average to deal with the fallout of these attacks.

According to experts, the availability of ransomware-as-a-service (RaaS) is one of the reasons why ransomware attacks are becoming so regular and universal.

Ransomware programs are not run-of-the-mill malware codes. Only highly skilled and experienced cyber criminals can devise an ingenious ransomware attack. Therefore, ransomware activities stay beyond the scope of amateurs. However, RaaS enables all such ambitious cyber criminals who don’t have the prowess to carry out their own ransomware attacks to get the services of third-party developers from the criminal world of dark web. The catch of using RaaS by novices is to get a good sum of money for encryption key from the affected parties to restore ransomware files. Research team at Sophos studied one such ransomware kit available on the dark web for least skilled cyber criminals to work out their ransomware outings on the template of that kit.

Expert cryptovirologists are also exploring new methods to make their ransomware programs undetectable because it will add value to RaaS. For instance, they are now using built-in features such as non-executable malware code to get around the detection from endpoint protection code.

This unannounced collaboration between cyber criminals in the form of RaaS is indicative of the fact that more trouble is yet to come for organisations that are completely reliant on digital systems for their operations. We have already discussed how robots might be the next target of ransomware operators. Similarly, in future owners of smart homes and cars may also need ransomware removal services to get back the control of their valuables.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.

26 Percent of Enterprises Got their Data After Paying Ransomware Operators

March 31, 2018

Ransomware attacks are getting bigger and severe in their scope by time. We can see the evil prowess of ransomware attacks at display in Atlanta where the city’s municipal system has become a hostage to the attackers virtually.

Demanding a sum of money for ransomware decrypt is the main catch for the instigators of such attacks. Therefore, there is a perception that by paying a ransom you can restore the ransomware files. However, reality is quite contrary to that, as claimed by a report from Software Company SentinelOne surveying hundreds of US businesses.

According to the report, companies that pay the hackers in the wake of ransomware attack often experience a double whammy i.e. they don’t get their encrypted files back and become victim of ransomware attacks again.

The report says that only 26 percent of the companies paid at least one ransom had their files unlocked. Moreover, they are two-third chances that the companies paying the ransom again become the target of ransomware.

Therefore, The US department of Homeland Security advises against paying a ransom since this trend can lead into forming a business model for organized crimes. But still tech industry seems divided on the issue. For many, paying ransom is the shortest and easiest way to restore ransomware files.

The report also highlights another trend in paying the ransom money to the attackers. Security professionals from more than 500 companies reported that half of the times employees paid the ransom without consulting IT security teams and experts. For that matter, the average ransoms paid by US companies are higher than the global average.

Another worrying fact established by the report is the average amount of business loss, which is closing on to one million dollars. Ransom, loss of work and time consumed in tackling the situation are factored in to estimate this cost. On average, 44 work hours are spent in tackling a ransomware attack.

Regarding the vulnerability that led to the attack, more than half of the companies think incompetence of legacy antivirus protection was the reason. Reviewing the report, VP of SentinelOne thinks that ransomware attackers are only treating companies as their teller machines.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.

Atlanta Ransomware Attack Still Unresolved

March 29, 2018

It’s being considered one of the most significant cases of ransomware attack in recent memory. The city government’s spokesperson reiterated last week that the situation was under control. He further said that they would soon gain back control but it appears as if despite help from Microsoft and Cisco, they still haven’t. For two weeks, the city of Atlanta has been held hostage by a ransomware which was able to infect its city district office computers and effectively accomplish two tasks.

First, it as encrypted the city district’s entire database which means right now none of the city officials have any access to information regarding millions of its own citizens. Secondly, the perpetrators of this ransomware might have accessed confidential data files about the city’s citizens, such as criminal, medical and insurance records. There have multiple ransomware removal attempts that have all failed.

On Saturday, rumors began circulating that the city had given in to the hackers’ demands and paid the $51,000 ransom demanded. However, the city district’s headquarters’ computers remain encrypted which has resulted in speculation that the hackers had gone back on their promise. The mayor has so far declined to comment on the authenticity of the rumor.

As per the last update, the city officials were coordinating with the Feds, Microsoft and Cisco to repair ransomware files on some of the more vital PCs, but there has been no news about success in any of these cases.

The ransomware decryption of the city district has led to some vital services being disrupted such as the Department of Public Works and its website, ATL311. Some of the citizens have recorded their fears about this ransomware expanding to other such necessary services, such as 911. As a preventive measure, the officials at the city district have been advised not to turn on their computers. Hospitals and the Sherriff’s office have similarly turned off their servers temporarily.

The life in the city has come to a cyber standstill as citizens are being advised against using the public networks unless absolutely necessary. Officials are claiming that efforts to remove ransomware have been going round the clock and will continue until a breakthrough is made.

While it is possible to remove the Dharma Ransomware virus from your system, it isn’t possible to decrypt the encrypted files without the keys.

Thanatos Ransomware becomes the first to use Bitcoin cash

March 29, 2018

Ransomware developers are constantly releasing new and improved variations of ransomware. Though most of the time, IT experts are able to come up with a secure protection tool, ransomware developers can hold data hostage for as little as 3 hours before they decide to remotely erase everything. The fear factor has been able to extract extraordinary sums from victims.

Just this week, it has emerged that an obscure ransomware like SamSam had made $850,000 since December 2017, while the total cash accumulated by ransomware attacks for 2017 was close to $16 million worldwide, according to a research report.

Money has always been the primary factor behind any ransomware attack. However, since the beginning of 2017 the definition of money has undergone a significant change as well. This has become even clearer after the recent Thanatos ransomware attack which has left thousands of users infected, with a ransom note demanding payment in bitcoins. Bitcoin has effectively become the currency of choice for ransomware developers.

However, greed has also become a notable factor in these instances. What makes Thanatos unique is not its impact but its flaws. The ransomware is full of bugs and broken code. There is no ransomware removal technique that can remove ransomware that is itself broken. It infects the computer but due to its bugs, it cannot be properly decrypted either by the Unique Key or ransomware removal tool.

There is another aspect that makes Thanatos unique; it is the first ransomware that officially accepts Bitcoin Cash. The ransomware also accepts Bitcoin and Etherum but the added option of Bitcoin Cash is the first that has been noted in the years since cryptocurrency gained popularity among ransomware developers.

The ransom note for this ransomware is generated via an autorun key called “Microsoft Update System Web-Helper”. A readme.txt file will be generated where the user can find instructions on how to make the $200 Bitcoin cash payment.

To remove ransomware of this kind, it is recommended that you use System Restore as the bugs in the ransomware make it impossible to crack. Keeping a regular backup of your files makes it easier to perform a System Restore or even a Windows reinstallation.

For assistance with file recovery and ransomware removal, please contact MonsterCloud – cyber security experts for a professional ransomware removal.

MonsterCloud’s CEO Zohar Pinhasi on CBS – Ransomware Spikes During The Holidays

January 3, 2018

MonsterCloud’s CEO Zohar Pinhasi on WPTV – Ransomware Spikes During The Holidays

NY TIMES: Quotation of the Day: In Computer Attacks, Clues Point to Frequent Culprit: North Korea

May 16, 2017

“This is what happens when you give a tiny little criminal a weapon of mass destruction. This will only go bigger.”

ZOHAR PINHASI, the chief executive of MonsterCloud, which handles ransomware attacks like the one that struck dozens of countries last week

CBS Credits MonsterCloud for Predicting the Global Cyber Attacks

May 16, 2017

A Massive Cyber Attacks causes problems in dozens of countries. Twenty-two year old cyber security researcher registered a domain accidentally helping to spread that cyber attack around the world shutting networks at hospitals, banks and even government agencies. Zohar Pinhasi, the MonsterCloud CEO predicted the cyber attack 3 weeks ago on CBS.