Simeon, Author at MonsterCloud

9 posts, 0 comments

Security Think Tank: Focus on Malicious Use of AI in 2019

January 13, 2019

In the end of 2018, Security Think Tank was asked three fundamental questions that will paint a clearer picture of the malware landscape of 2019. What was the one thing that was predicted for 2018 but didn’t happen? What was the one thing that wasn’t predicted but did happen? And what the one thing that should happen in 2019, but probably will not?

Predicted, but Didn’t Happen

As ransomware removal problems had surfaced in 2017, it had been predicted that there will be an explosion of ransomware in 2018. Well, ransomware removal remained a huge problem in 2018, and even small to medium sized businesses struggled a lot. Even though this was the case, researches signified that 2017 saw 62% respondents experiencing attacks in 2017 and 45% respondents experiencing one in 2018.

Hardly an explosion, is it? These stats were so because of the fact that 73% of these people had ransomware removal strategies in place in 2018 – as opposed to a smaller 53% in 2017.

Happened, but Wasn’t Predicted

Even though the explosion of ransomware was predicted, another form of malware had been seen taking the throne for causing chaos – crypto mining.

Predicted, but Probably Won’t in 2019

Many experts in the field of AI had thought about the possible dangers of technology in terms of malware. This is because, given the speed at how this technology is progressing, Security Think Tank believes that this threat is not going to be a problem in 2019.

Don’t get us wrong though – it will happen. It won’t be possible anytime soon, but once it does become a reality, corporations should be geared enough to handle a whole new level of ruckus!

Ransomware: What is it? What are its Different Kinds?

January 11, 2019

Nearly everyone in today’s age knows what is inside a mobile phone or a personal computer. Now we’re entering into a time where people are learning about what ransomware removal really is. Imagine if someone steals whatever is inside your mobile phone or personal computer and demand a ransom.

Security has always been a concern among companies that provide cybersecurity. Ransomware removal, on the other hand, is a completely new level of security. This is exactly why cybersecurity firms have one thing among their minds nowadays – ransomware removal.

Ransomware signifies a type of software that encrypts all the documents of the computer it enters. The victims of this threat can only regain access to their personal data once they have paid the ransom asked for by the cybercriminals.

Ransomware had made its way to the surface somewhere in 2017, but by an approximate growth of 748%, ransomware has now come to be known as a global issue. Let’s have a brief look at some of the basic kinds of ransomware.

1. Bad Rabbit

Bad Rabbit was seen in Eastern Europe and Russia and was spread via a fake update for Adobe Flash.

2. Crysis

Crysis targeted the network and removable or fixed drives when they were connected to the infected computer.

3. Cerber

Cerber targeted users of the Office 365 cloud and millions of people had been affected.

4. CryptoLocker

This aptly named ransomware works in a manner of using algorithms to search for files to encrypt in terms of priority.

5. CryptoWall

CryptoWall spreads via exploit kits or spam, and it works in the same manner as the CryptoLocker variants

6. Jigsaw

Jigsaw, which was named after a villain from a movie series, continues to delete files until the respective ransom isn’t paid.

Well, all of this doesn’t sound scary enough for those who don’t rely too much on technologies. For those who do, however, it’s an absolute nightmare!

Malwarebytes: Fileless Ransomware an Emerging Threat for the US

January 11, 2019

Malwarebytes has brought forward a report which has introduced a whole new problem for ransomware removal companies. ‘Sorebrect’ has come forward as ransomware that is completely fileless and Malwarebytes says it is the very first of its kind.

Malwarebytes’ report named ‘Under the Radar: The Future of Undetected Malware, observes four major ransomware attacks in 2018 that were completely fileless. These include SamSam, TrickBot, Emotet, and now Sorebrect. These attacks have accounted for about 35% of all of the attacks in 2018 and were also known to be 10 times more successful than the traditional form – in terms of ransomware removal.

The director of Malware Intelligence, Adam Kujawa said that GandCrab was the most popular kind of ransomware because of its capabilities, but Sorebrect was a completely new evolution of malware. The main way it infects victims is via exploited scripts or MS Office documents. It then resides into the memory of the device in question and hangs around long enough to encrypt everything.

The director also said that as ransomware removal methods for this threat aren’t full proof as yet, enterprises should adopt behavioral detection and move beyond their signature-based detection methods. Other than this, Malwarebytes also went on to suggest that these corporations should focus their strengths on email messages with the help of security products that disable threats and remove them entirely from the system.

All of this should be done before this form of malware makes any advances. Adam Kujawa was quoted to have said that we are still lucky that this form of malware hasn’t spread as yet, which means that cybercriminals out there haven’t started forming copycats of Sorebrect as yet and bigger splashes from these can be expected soon enough.

Gear up people!

WannaCry is Far from Dead – What You Need to Know?

January 4, 2019

Nearly one and a half years ago, the world experienced probably the biggest cyberattack in its history. The attack was carried out through a ransomware script called WannaCry. The ransomware infiltration spread like the Biblical plague. Within a week, WannaCry affected millions of computers in more than 140 countries. There are no exact figures to corroborate this claim, but it is said that billions of dollars have been spent on ransomware removal and for the recuperation of the all the tangible and intangible losses inflicted by the ransomware.

There is a perception among many users that WannaCry was sen into oblivion after this unprecedented wide-scale attack. However, that’s not quite true. According to the developer of a killswitch at Kryptos Logic, WannaCry is still thriving in the cyberspace. The kill switch was particularly developed to neutralize the encryption component of WannaCry. This means users with the Killswitch on their devices won’t lose their data even if they get affected by a WannaCry ransomware attack.

Nevertheless, the Killswitch can’t entirely wipe out the cryptovirological strain. So, professional ransomware removal services are still required. WannaCry keeps on running in the background and continuously tries to connect with a Killswitch to see whether it is still active.

Kryptos Logic’s head of security and threat intelligence, Jamie Hankins, has recently revealed the figures regarding the Killswitch activity. Those numbers clearly indicate that WannaCry is still alive and kicking.

As per Hankins, their kill switch domain for WannaCry still detects over 17 million connections within a week. It was also found that these beacons are coming from over 600 different IP addresses from all corners of the world. This stat only shows the activity of WannaCry on devices with kill switch domains. The actual figure of its attempts is definitely way more than that.

Vulnerability Assessment for Ransomware Attacks

May 30, 2018

Ransomware attacks have taken a form of an epidemic in last two years. Organizations and individual users are affected by the cryptovirological menace alike. Therefore, it is important for every user to evaluate their vulnerability against ransomware attacks. With assessment, you can devise a better strategy to deter cryptovirological attacks and to prevent consequent ransomware removal activities. Vulnerability assessment for ransomware attacks can be carried out by asking the following questions.

Are Employees Aware of Phishing Techniques?

Phishing is at the forefront of ransomware attacks. More than 80 percent cryptovirological attacks were carried out by delivering the payload through phishing mail. For that matter, it is important for any organization to educate their people regarding social engineering tactics that are used to devise a different type of phishing attacks. It is also important to note that organizations have to spend millions of dollars on ransomware removal measures because of the lack of awareness of employees regarding phishing.

Is Data Being Backed Up Regularly?

Reports suggest that the majority of businesses working in the digital realm are still not maintaining regular data backups. With the regular routine of data backups, you can significantly reduce ransomware removal cost and also the incurred downtime.

Is the Network Secure?

Ransomware operators also use Remote Desktop Services (RDS) to infiltrate organizational networks. If you are using RDS without taking care of its security, then keep in mind that your network is not protected. Similarly, if unauthorized devices are connected to the network, then it remains vulnerable to the instances of ransomware infiltrations.

Is Patch Management a Regular Practice?

Developers of cryptovirological strains frequently take advantage of the vulnerabilities of different vital software applications (MS Office, Window Scripting Files, and JavaScript etc.) to infiltrate and infect the devices with encryption.

By timely updating the devices with latest patches introduced by the developers, you can reduce the vulnerability of software. It will be interesting to mention that WannaCry ransomware, which wrecked havoc on digital users last year, used vulnerabilities of Windows system files to infiltrate the devices. A significant amount of resources were exhausted in ransomware removal activities following WannaCry epidemic.

Ransomware Basics: Common Methods Employed for a Ransomware Infiltration

April 20, 2018

This is the second blog in the series where we are touching upon some of the fundamental knowledge about ransomware attacks. The purpose of this series is to ensure that our readers remain fully familiar with this contemporary cyber threat and can timely employ preventive measures. Moreover, this information will also help them in picking the right ransomware repair services.

Here, we will discuss different methods or vectors that are used by ransomware operators to deliver cryptovirological codes to the devices of targeted users.

Email

Email is the most commonly used delivery method in many of the ransomware campaigns.

Attachments

Malicious email attachments are used by ransomware operators to transfer cryptographic codes. Social engineering is at full demonstration while crafting the mails that contain these malicious attachments. In most of the cases, these attachments are word files, Java scripts or any other portable executable extension. Victims download these attachments as they are instructed in the mail. However, instead of downloading any useful piece of information, they inadvertently download the payload of a ransomware strain.

This type of delivery method is effectively used by ransomware operators to infect organizational networks by exploiting the technological unawareness of employee.

Web Links

Emails through social engineering tactics is also used to redirect the users to the web links that directly transfer the payload of a ransomware to the targeted devices.

Exploit Kits

As the name suggests, these are the hidden software kits responsible to run malicious web pages. These web pages asses and exploit vulnerabilities of the targeted user’s device. Exploit kits start to run as soon as a user visits a compromised web address. If the kit succeeds in finding out the vulnerabilities of the device, a payload of the ransomware strain infiltrates into the device by a drive-by download.

As soon as the payload of a ransomware strain is transferred to the targeted device, encryption activity starts which results into the lockdown of the stored data. The affected victims then need professional ransomware repair services to get back the access to their locked down files.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.

Profiling Some Infamous Ransomware Strains of Late

April 20, 2018

In last two years, the cyberspace has witnessed some of the deadly attacks in the form of ransomware infiltrations. We know that cybercriminals are always working from the sphere of anonymity. Therefore, it is always difficult for cyber security professionals to identify any ransomware strain with the motives of its operators.

However, by analyzing cyber attacks orchestrated by using particular ransomware strains, one can profile them. Let’s have a look on how some of the notorious ransomware strains of recent time are used by their operators.

SamSam

This ransomware strain might be the biggest cyber threat of this year, just like WannaCry was for the last year. From affecting large private public networks (Allscripts) to target the systems of local governments (Atlanta), this cryptovirological strain has been successfully employed by its operators to cause wide scale technological destruction in last couple of months.

If we dissect all the noteworthy SamSam attacks, it can be easily inferred that the culprits behind these cyber criminal activity target those organizations that can afford to pay hefty extortion money to remove ransomware. In addition, SamSam operators have targeted all those organizations where downtime is considered very critical.

In cases of SamSam attacks, companies that refused to pay the operators to remove ransomware had to spend millions of dollars to disinfect and restore their networks and systems.

WannaCry

WannaCry attacks might be the largest cyber assault that we have ever seen where hundreds and thousands of users got affected in more than 150 countries. With the available information on the subject, experts have concluded that the attack was launched or facilitated by the rogue state of North Korea to disrupt the worldwide status quo while minting money through ransom payments. Some estimates suggest that more than one billion dollar have been spent by the affected users globally to remove this ransomware strain and for other recovery measures.

Locky

It is another ransomware strain that is primarily used to attack large organizations including government bodies and for the same reason as SamSam i.e. to ask for large sum of money to remove ransomware infection.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.

Ransomware Basics: Different Types of Ransomware

April 16, 2018

We are starting a blog series where we will discuss different fundamental information about the cyber threat of ransomware. The purpose of this new blog thread is to educate and inform all those individuals who are new to the cyber world and not well-acquainted with different threats lingering in that space, particularly ransomware.

Let’s kick off the series by discussing different types of ransomwares used by cybercriminals to rip off the victims.

Crypto or Locker Ransomware

Crypto or Locker is the most frequently used ransomware. This malware code is developed to lock down the data on the affected device through encryption. The operators of such attacks demand money to provide a key for unlocking the encrypted files. Some of its variants also lock down the system applications.

For the past two to three years, crypto ransomware has been the most fearsome cyber threat faced by the organizations and individuals worldwide. You can measure the extent of crypto ransomware’s destruction by the fact that one of its strains has affected users in more than 150 countries.

Scareware

As the name suggests, this ransomware is heavily relied on scare tactics to coerce the victims for ransom payment. The underlying code of this ransomware is quite different from the traditional ransomware, which is written by the principles of cryptovirology. In scareware attacks, usually a ransom note pops on the desktop of the affected user that alleges severe offences on him and asks for ‘penalty’ to avoid legal percussions.

The operators of such attacks mention locale address and the name of the ISP to make their ransom note look more authentic. Even false allegations of horrendous acts (e.g. watching child pornography) forces many victims to pay the attackers instead of contacting the authorities.

Pseudo Ransomware

Pesudo ransomware is a malware that doesn’t employ any encryption module to lock down the files on the affected device. Instead, it deletes the files from the computer straight away and makes some fake files and folders to trick the victims into believing that they can get back their data after the payment of ransom. However, the attackers vanish after the payment of ransom and the victim loses their data forever.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.

Only a Minority of IT Security Executives Can Deter Ransomware Attacks

April 9, 2018

A recent survey from the software company SolarWinds has furnished a very worrying conclusion regarding the aptitude of IT executive to prevent large-scale ransomware attacks. Among the security experts who took part in the survey, only 30 percent were positive that they can put off a ransomware attack. It’s worth mentioning that senior IT professionals from the US and UK were part of the survey.

Organizations Remain Careless

The survey also points out towards another worrisome prospect regarding digital and network security of organizations. As per the respondents’ replies, nearly one-third of the surveyed organizations are still working without any specialized cyber security department neither do they consult any external security professional. This means they are completely exposed to cyber attacks and it’s just a matter of time before they suffer a hit.

Nevertheless, there is a silver lining to the situation as well because survey indicates that the awareness regarding ransomware attacks is increasing. Nearly 70 percent of surveyees were completely familiar with the threat of ransomware attacks such as WannaCry and NotPetya, both of them were the deadliest cyber attacks of the last year.

Another take-away from the survey is that organizations will still have to rely on outsourced services to remove ransomware since majority of their IT workforce is not equipped to prevent these cryptographical attacks.

The survey also tells us that many organizations face budget constraints and that lead to less allocated resources for the network security. VP of security architecture at SolarWinds has some helpful points to share with companies that don’t have enough money to set up an entire department to look over their cyber security.

It is important to keep on with the latest software patches. It is an essential security measure against cyber threats including ransomware and doesn’t cost much.
Organizations can increase their cyber hygiene without spending a buck by educating their employees regarding several basics of online security.

These two measures can be implemented without exhausting your budget. Otherwise, be prepared to pay a good sum of money to remove ransomware from your devices and network.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.