20 posts, 0 comments

Coronavirus Alert – Ransomware Attacks up by 800%

March 23, 2020

Cybercriminals are taking advantage of the coronavirus crisis.

Cyber counter-terrorism expert Zohar Pinhasi says his cybersecurity firm, MonsterCloud, has had an 800 percent increase in calls since the virus forced many Americans to work from home.

Those remote connections are not always secure, Pinhasi said, giving hackers easy access to devices and networks.

“From those criminals’ perspective, it’s heaven,” he said. “They have stepped on a gold mine.”

Hackers will often send bogus emails called phishing or spear-phishing emails.

The recipient can be tricked into clicking and opening the email because it appears as it could be from someone they know and trust – or be about an important subject — like the coronavirus.

Once they have infiltrated the network, the hacker can hold it hostage and demand ransom payments.

And ransomware attacks aren’t the only tactic.

“Those criminals converted ransomware to something called doxware,” said Pinhasi.

“If you’re not going to pay us, we will sell your data and in addition to that, notify your customers that you were hacked and their data was compromised. This is a game changer since the Coronavirus started – we’ve seen it in the past, but not to that degree.”

Pinhasi said there are several steps individuals, businesses, and government agencies can take to prevent a cyber attack — even with so many remote workers.

Make sure everyone is using a VPN, or a virtual private network, to do office work from home.
Require devices to have two-factor authentication, which verifies a person’s identity before logging in.
Only use WiFi networks that are password protected.
Companies should maintain a reliable back up for their data on a different network.
Organizations should make sure their antivirus software is up to date.
Everyone should think before they click on links and emails.

“Think before you click is major here,” he said, adding he is “extremely worried” about the level of cybersecurity businesses and governments have during this Coronavirus crisis.

Source: CBS12

Ransomware and Bitcoin

February 4, 2020

Cybercrime has become an increasingly prevalent threat for businesses, law firms, security companies and the general public throughout the world. One of the most frequent being a ransomware attack.

Ransomware is malicious software that targets the operating systems in gadgets such as computers, tablets, and mobile phones. The virus enters your hard drive and encrypts all your files, rendering them inaccessible. Ransomware removal then requires a decryption key to retrieve all data. Generally, hackers demand hefty amounts of money, with the most commonly preferred method of payment being Bitcoins. But why is that so?

To answer this, we first need to have a thorough understanding of what a Bitcoin is and how it is used for transactions. An entirely digital currency, Bitcoin does not rely on any banks or governments. Bitcoin, as a currency, today is considered to have an even greater value than gold and is becoming increasingly popular throughout the world. In fact, according to recent BBC reports, around 6 million people currently have online Bitcoin wallets. This digital means of transaction is gradually being adopted by customers who use this electronic cash to purchase various products from groceries to tickets.

However, another reason for the rising interest in Bitcoin is its preference by hackers. With the intensifying rates of cybercrimes worldwide, attackers increasingly favor and rely on this digital currency. The main reason behind this is that these transactions can be anonymized, which reduces the chances of them being identified. Even though bitcoin transactions can be traced back, however, due to lack of data, it is practically not possible to detect the recipient. Once the recipient receives the money via Bitcoins, they can easily convert the coins into cash. Moreover, in order to remove all evidence of previous transactions and ownerships, the hackers wash them away with the Dark Web, leaving no signs.

Another reason for Bitcoin to be highly favored by hackers is its ability to provide a fast, efficient and reliable method of receiving payment. This well-designed network allows the hacker to trace the victim’s payment and even generate unique addresses for each victim. Once the ransom has been paid, the process of decrypting the data for each victim can be automated.

As a result, when data is encrypted by malware on a system, the ransomware attacker demands payment in bitcoin by providing a Bitcoin address to which the victim has to send the money in order to decrypt the data. The victim thereby has to pay the money for ransomware removal to regain access to his files. Many times, a strict deadline is provided after which the number of ransom doubles.

In most scenarios, however, the crooks are not interested in the stolen information, but rather the value the victims assign to their data and the amount they are willing to pay for ransomware removal. This provides a profitable source of monetization for them. The attackers are, therefore, masterfully able to make huge profits with this service due to the ease of creating a virtual wallet, and infecting systems with ransomware.

Even though the main aim of Bitcoin was to revolutionize the currency market and evolve the way financial transactions are conducted, its involvement with criminal activity and the dark web have thwarted its reputation and hindered its progress.

Can you trust your employees? How to keep your data protected?

February 2, 2020

Employees are an integral part of any organization. They have a key role to play in the success of any organization as they contribute effectively towards the accomplishment of goals. They truly are an asset, and employers should value their employees and put their trust in them in order to ensure the successful functioning of the company.

However, unfortunately, sometimes trusting employees immensely can be detrimental to the organization itself. This is much likely to happen in larger organizations, with a large pool of team members. This greatly increases the chances of an employee to breach or leak the data outside the company’s premises.

The employee may do so as vengeance or dissatisfaction from the company or employer. Their personal issues lead them to retaliate against the company, instigating them to use their power against the company and cause potential harm.

It is imperative for organizations to ensure the privacy and security of the businesses and customers, and their information. For this to be done, it is vital to invest in security resources. But, at the same time, it is also true that these organizations, be it small businesses, big corporations or public institutions, often become the target of hacks and leaks. In many incidents of a data breach, a malicious insider is responsible for maltreating the information they had access to.

In today’s day and age, protection of private information is vital for the wellbeing of a business to avoid becoming prey to any data breaches or malware infecting the system, since viruses like ransomware require huge amounts of money to be paid.

Let’s explore a list of ways that you can implement to secure your data from the entire staff:

Firstly, limit the level of access to data only to the employees and company stakeholders who need it for the operations of the company. Regrettably, you cannot trust all your employees, regardless of their position in the company. Many workers have access to much more information than required, and sometimes, they might intentionally or unintentionally end up leaking data – may be as simple as login details. But, to the employer this is a huge deal since an outsider now has confidential information about the company, thereby increasing the chances of probable hacks and malware to infect the system.

The staff should be made aware of the possible ways a malware might try to infect the system, or a hacker might try to encrypt the data. They should be warned about spam emails and infected website links that may cause viruses such as ransomware to enter the system and invade it. Ransomware removal itself is an excruciating task. You also need to give strict measures to your staff on sharing sensitive information outside the premises as companies do realize the potential threats these data breaches are capable of causing.

Another way to protect your data from breaches is by encrypting it, with access only in the owner’s hands. This way, you can open it whenever you want, and it significantly reduces the chances of a hacker accessing it if they’re able to get in the system.

Backup! The most crucial key to securing data on any software is to create a backup. It is extremely imperative to make regular backups of all your data. You wouldn’t want to lose all your data to hackers, so backup your databases to keep your information secured. It is best to do so on an external, physical drive, making multiple iterations that can also be uploaded on another system. However, uploading secure and confidential data on an online, cloud-based drive is not the most efficient approach since digital storage is more vulnerable to hacking.

Installing tracking software to workplace computers is essential to ensure the safety of the data. This provides warrants of any forbidden actions that an employee may take to compromise the privacy or break the security policy. Once the system is encrypted with such viruses or malware, ransomware removal requires a lot of effort. This security measure not just prevents mistakes from happening but also enables the employer to identify the culprit in such a case.

Being a professional organization, it is imperative that employers keep their employees connected together and provide them with fringe benefits in order to keep them satisfied and stop them from developing feelings of revenge.

However, at the same time, it is crucial to maintain a certain degree of the company’s privacy from the employees so that the data remains secured and the threat of any breach is minimized.

How can the top management of a company deal with a ransomware situation?

February 1, 2020

To be stuck in a ransomware situation is one of the worst things management of any company can be faced with. It is one of the easiest and quickest ways to rack in money from the victims. While all the big corporates are investing tremendously in cybersecurity. Ransomware still remains a potential threat at large. That is feared by many companies and corporations in this ever so fast-growing cyber world. With the first instances appearing in the year 2005, more than $11 billion has been lost through ransomware so far.

Better be safe than sorry – in case of any unfortunate event. The following is a list of decisions that must be taken by the company management in order to handle the ransomware situation.

Find the root & filter it

There are many ways someone can infect your system. Two of the most common ways, however, include a link or an email attachment. As soon as you open them, you’re faced with a message demanding ransom. At this point, all the files and data on your system are at risk of loss. So, in a situation like that, it is vital to find a particular device that is infected. Depending upon your system, you can filter out the particular infected device and disconnect it from other devices in the system. So that the infection does not spread to other devices and no more crucial data is at risk.

Reach out to the concerned authorities

The incidents of ransomware have gradually increased. Companies today are aware of the sensitivity of ransomware situations, which is why many companies house special IT teams, especially for such situations. When hit with a ransomware attack, alert the concerned authorities immediately. Smaller companies that house no security IT teams, must immediately report the incident to the cybercrime.

Search for decryption tools

In some cases, the ransomware removal can be done by using the decryption tools if you are aware of the type of ransomware.

Take a decision

If none of the above works, you are faced with a decision whether to pay up or lose all your files. While it is suggested not to pay up since it further brings ransomware into the limelight as the easiest way to make quick money. The decision, however, lies greatly on how important the information is for you. If it is crucial, paying up a few hundred dollars may seem like a sensible idea. But if the information on the device does not mean much to you, feel free to ignore the message and reinstall the entire operating system.

Run an antivirus program

Once you’re done with your effort for ransomware removal, run an antivirus on the device. This will help go through each file present on the system and detect if it poses a threat to your device. Much of the cyberattack clues are found in the metadata. A good anti-malware program will immediately alert you if something fishy is detected.

How Does a Ransomware Attack Happen?

January 29, 2020

Ransomware threats have become dreadfully frequent and widespread, such that they are undoubtedly the biggest threat in the cyber world today. Cybercriminals are now using increasingly sophisticated techniques and advanced methods to trick victims and attack their systems. One of the most recurrently used methods is email scams. These specialized encryption algorithms and social engineering skills developed by the ransomware creators cause a great degree of exploitation in the victim’s system, especially if it lacks proper cybersecurity.

It’s crucial for every user, be it an individual or a company, to have proper knowledge of how and what a ransomware attack is capable of doing to your computer, as well as probable methods for ransomware removal and protection.

Let’s explore the various methods and practices used by cybercriminals to deliver malware to a user’s system.

The most common way for ransomware to enter a user’s system is via email as well as through compromised website links. This happens in several ways:

Malicious Attachments – this malware is delivered in the form of an executable file, image or archive via an email. The attached document may seem authentic, and nowhere close to a virus and may be as simple as a resume, a new project or official data analysis of a company. Once the user clicks on the attachment to open it, it is released into the system. However, it may remain dormant for some time and operates in the background until the data locking system is installed in the software and all files are encrypted. Once this happens, the victim is informed about the virus attack through a dialogue box appearing on the screen, demanding a ransom for ransomware removal to unlock the encrypted data again.

Phishing emails- this is a very commonly used scam by these felons to infect your system with malware. It involves collecting personal information of the users through delusive emails and links. Fake, official emails, for example, from banks, providing links to websites are sent to the victims where they end up providing their confidential information such as bank account details and passwords, enabling the malware to enter into the system.

Malicious Links – these deceptive links sent via email, which appear to be genuine, redirect the user to an infected website, resulting in the malware to be downloaded in the system and encrypt the computer’s hard disk. These malicious and fraudulent URLs deceive the victim into clicking them, thereby retrieving information from their systems. However, this may also occur when the user unknowingly visits a website that is infected, resulting in the malware being downloaded without his knowledge.

Once the malware encrypts the files in the victim’s systems, it delivers the message to the user informing them that their files are now inaccessible and can only be decrypted once the ransom payment has been made. In some cases, however, the victim might be presented with a fake message, claiming to be a law enforcement firm that locked the data in the system due to the presence of illegal activities, pirated software or pornography. This basically reduces the likelihood of the victim reporting the attack to the authorities.

Since, you’re now aware of how potential ransomware can enter your computer, take the necessary security steps to prevent the ransomware attacks to hit you! Be cautious of spam emails and extremely vigilant when opening vulnerable websites to protect yourself and your company from exploitation. Hence, it is imperative to adopt preventive measures as ransomware removal and recovery is a difficult and tedious process.

Is it safe to use a Ransomware effected system?

January 28, 2020

Is it safe to use a Ransomware affected system?

A ransomware attack leads to adverse consequences on the attacked system, be it an individual user or a business. In recent years, it has become one of the greatest security threats due to its potential to cause immense damage.

Ransomware not just causes disruptions in regular operations and reduces productivity, but also results in temporary or even permanent loss of essential information and data. In attempts to restore the files and system, massive financial losses might occur due to paying the ransom – IT costs, legal fees and other recovery costs. Not only this, but a ransomware attack has the potential of considerably affecting an organization’s reputation. Furthermore, investments need to be made to install improved security measures to prevent any further attacks.

A ransomware attack on your system can be pretty terrifying, but you shouldn’t freak out! Calm down and consider the options for ransomware removal.

If you see a dialogue box appear on your screen informing you about the encryption of your files or locked system, the first step is to immediately disconnect it from the network to prevent dissemination to other systems, otherwise, the attack will quickly spread through the network, thereby infecting all the connected PC’s. Ensure that the affected system is completely disconnected from the internet and other devices.

Determining whether it is safe to use a ransomware affected system considerably depends on the type of attack. No doubt ransomware is a serious nuisance, but not all of them are so difficult to deal with.

Cybersecurity officials categorize ransomware in three levels:

Low Risk: in this case, there is a spam antivirus which claims to detect malware in the system and demands money for its removal. This is easier to remove from the system.

Medium Risk: this type of malware claims to be a legal entity and locks the system due to the presence of some illegal activity on your PC. A fine needs to be paid to unlock the screen.

The software programs for these two kinds are typically installed in the computer system. They can be physically uninstalled from the list. Anti-malware solutions are also an effective tool to identify and remove any such programs and detect any other infection that might be present on the system.

Dangerous: this type of malware encrypts the data and files in the user’s systems and demands a ransom to decrypt it back. This is the most difficult type of malware to deal with since it uses a high-grade encryption algorithm and no tool can really fix it.

However, there are a few ways for this ransomware removal, which include restoring backups, using decryption tools or negotiating with hackers.

Although an infected computer can still be used, there is still a risk of the data being lost, and the virus spreading to other systems if connected to the internet. Therefore, it is imperative to get rid of the Ransomware as soon as possible.

A number of ransomware removal and checker tools are available to detect the kind of malware injected the PC and assist the victim. You basically need to find the right tool to help decrypt the locked data. This software should, therefore, be installed in your system to get rid of the virus and prevent any future attacks.

All computer users should, therefore, install cybersecurity software. With the ever-increasing malware attacks, the inbuilt security software with the operating system is not sufficient.

MonsterCloud’s CEO Zohar Pinhasi Talks about RYUK Ransomware on NBC

May 19, 2019

MonsterCloud's CEO Zohar Pinhasi Talks about RYUK Ransomware on WPTV

According to the FBI RYUK Ransomware is still a major threat. Regardless of Antivirus softwares, different strains continue to hit businesses and government entities causing damages for millions of dollars. Our CEO and Cybersecurity expert Zohar Pinhasi was invited by NBC to discuss the potential threat and possibly advice people on how to protect themselves.

RYUK Ransomware Protection

The protection from ransomware could be a complex operation but the important thing is for everyone to understand that the backups, and the education of employees and co-workers is crucial. Not investing enough in cybersecurity can end up being very costly as ransomware attacks can hit again after paying the ransom or decrypting the virus with other means.

See the interview with Zohar below and let us know what you think in the comments!

Ransomware 101: History of Ransomware (The Ultimate Development of Crypto Ransomware)

June 1, 2018

During the nascent phase, we saw how crypto ransomware was introduced in its most basic form. But due to easy and quick ransomware removal, they couldn’t properly take off to become a viable business option for cybercriminals.

However, by 2013, the cryptovirological developers overcame the majority of the issues in their scripting to make their attacks more supple, effective and lethal. The threat of ransomware organizations and individual users facing today had acquired this form five years ago.

Crypto ransomware of today is very effective with its encryption algorithm. Moreover, it is more effective in infiltrating networks and devices. For that reason, ransom demands have also become pricey. An average extortion demand is now $300 for a regular ransomware attack. In addition, more comprehensive and exhaustive ransomware removal activities are now required to disinfect the affected devices.

What Crypto Ransomware Operators Learnt From Earlier Mistakes?

First thing crypto ransomware operators did was to drop symmetric encryption and adopted asymmetric algorithms. However, it also became ineffective after some time after security experts developed ransomware removal measures for it. Later, cryptovirological operators integrated Triple Data Encryption and Advanced Encryption Standard in their crypto strains.

This transition drastically improved the encryption regimen of crypto ransomware. Moreover, they started to develop unique decryption keys for multiple activities of the same strain. Earlier, a single decryption key could be used for ransomware removal on multiple devices affected by a similar strain. Crypto ransomware operators have also stopped to store decryption key in the payload because security experts started to succeed in retrieving it.

Nevertheless, some loopholes are still dug by security experts to neutralize the activity of crypto ransomware. Moreover, the growing trend of maintaining data backups has also factored in making ransomware activities ineffective.

This is the reason ransomware operators are now shifting their focus to target entities working in public domain. For instance, healthcare ventures are the new pick of ransomware operators because they severely get affected regardless of backups and quick ransomware removal measures.

It seems like this unannounced scuffle between cryptovirological operators and security experts will continue.

Is increased lawmaking the answer to stopping Ransomware?

May 14, 2018

One of the most frequently asked questions related to cyber security in 2017 was, “How to remove ransomware?” There are a lot of ransomware removal tools as well as unconventional methods available online that claim to remove ransomware. However, none of them have been able to provide a realistic and potent solution to the problem.

Not only was there a surge in ransomware attacks in 2017, the amount of money being swindled by the perpetrators crossed the billion dollar mark. It has become a cyber threat to not only businesses but also the public and government agencies. The recent ransomware attack in Atlanta serves as perhaps the best example of how bold the masterminds behind ransomware have become. Even though Microsoft assisted the city in order to remove ransomware, in the end, the city district admitted that data worth millions of dollars had been compromised.

Though there are continuous efforts being undertaken in order to design a potent ransomware removal website, there is a lack of proper legislation regarding ransomware.

It might sound unbelievable, but even if the perpetrators of these ransomware attacks are caught, there is a distinct lack of laws to try them under. As long as there is no firm legal foundation, this effort to remove ransomware will always be unfruitful.

There are only a handful of states that have passed any meaningful reform in order to enact laws regarding ransomware. Georgia has a law that criminalizes the possession of ransomware while Connecticut, Texas and California have formally enacted several laws that criminalize the development of ransomware without due approval. These laws are considered as major milestones that will prove beneficial in the fight to remove ransomware as a major cyber threat to both businesses and the public.

There have been talks that the top tech firms are working with the government agencies to develop ransomware removal tools that can provide protection against ransomware attacks and pinpoint where the attack originated from.

A prototype of a similar program was instrumental in pointing out that the notorious WannaCry malware may have originated from Russia adding fuel to suspicions that there might be a foreign hand involved in the surge of ransomware attacks in 2017 in the US.

Michigan Declares Possession of Ransomware a Punishable Offense

April 5, 2018

This Monday, the governor of Michigan approved two bills introduced by the state legislators to deter the ongoing prevalence of ransomware attacks. Both of the bills were formulated to severely criminalize ransomware and associated activities. According to the new cyber legislation of Michigan, any person possessing ransomware can be punished to up to three years of jail time as per the nature and extent of his activity.

Initially the lawmakers wanted to set 10 year prison time for ransomware offences. However, after several discussions on the floor, it was cut down to three years. According to the main sponsor of the Bill, House rep. Brandt Iden, these bills were introduced to fix a legislative ambiguity where law can only punish perpetrators for introducing ransomware, but not for owning it.

As per the new bill, any arrested cyber criminal can end up in jail if a ransomware is found in his possession whether it was used to infect any system or not. Both the bills received overwhelming support from the both houses of the state’s parliament.

Experts think that it will make it easier for law enforcement agencies to chase down the alleged cyber criminals involved in the development of ransomware codes and their affiliates. Some are also hopeful that the criminalization of ransomware possession will also help in curbing the burgeoning business of Ransomware-as-a-Service (RaaS).

Read Also: “Ransomware-as-a-service Playing Crucial Role in the Prevalence of Ransomware Attacks”

Felony of ransomware possession will be treated like any other crime where prosecutors have to prove the false intent of the alleged individual before charging him for ransomware possession.

Moreover, Michigan lawmakers have put some thought while devising the bills unlike their Georgian counterparts and allows the possession of ransomware by security experts for research works. Aside from performing ransomware repairs, it seems like digital security experts will now also help the state to prove the malicious intent of cyber criminals caught with ransomware.

According to the statistics furnished by the Federal Bureau of Investigation, in 2017 individuals and enterprises in Michigan experienced more than 1,300 ransomware attacks resulted in the losses of $2.6 million including ransomware repairs.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.