Blog Archives - MonsterCloud

How to Manage Ransomware Threats?

May 30, 2019

Ransomware attacks have become stronger than ever as the internet has become increasingly vulnerable to these issues. Every day, at least 10 small or big businesses are hacked or systems are penetrated into by outsiders. Some get lucky and break through the firewall while others do not have good encryption to penetrate through a system. Hence, it is a matter of time before you will see something pop up on your screen too. How do you deal with it? Well, there’s no manual on it, but researchers and IT experts have come up with a few suggestions for companies and home-based users to be able to understand what they need to do.

Ransomware is the same all over the world. Whether they hack into your system and decrypt it or they send a worm which slowly infects your computer system. The methods are more or less the same and so are the modes of payment. It must be kept in mind that you are paying to get the data back. The recipient is a criminal and has no sympathy for you, your family or your company. So once you have paid, there’s no guarantee that data will be fully recovered. Moreover, as it may seem obvious to the hacker that your system is more vulnerable to these issues, he might want to give away your credentials to other hackers or use your current information to demand later on.

People who are the least interested in updating their software are the easiest targets. Their computers are easily hacked and they end up paying. System upgrades are the first step in trying to avoid these issues.

In case you have been a victim, do not pay the ransom. Retrieving your files may not be as easy as you think. This is because malware may have been designed by different attackers so the key to encrypt a file may be hard to find. In some cases, you might be able to crack the code. If this doesn’t work, then you might want to restore your entire system.

A restoration is an option which will clean your system and you will lose all your files. Another way is to disconnect your system from the internet and back up the files which are not affected and reboot the system.

You may also download and run security software to check and clear your system of any malware. Remember, if your system is not connected to the internet, it will lose contact with its own command and control server. This way it will remain idle and won’t harm the system.

If all fails, the best possible solution is to take the help of an IT specialist and let him get rid of the virus from your system.

To avoid all of these hassles, keep your system updated, install an antivirus and put up a firewall to protect your computer system from all sorts of attacks.

MonsterCloud’s CEO Zohar Pinhasi Talks about RYUK Ransomware on NBC

May 19, 2019

MonsterCloud's CEO Zohar Pinhasi Talks about RYUK Ransomware on WPTV

According to the FBI RYUK Ransomware is still a major threat. Regardless of Antivirus softwares, different strains continue to hit businesses and government entities causing damages for millions of dollars. Our CEO and Cybersecurity expert Zohar Pinhasi was invited by NBC to discuss the potential threat and possibly advice people on how to protect themselves.

RYUK Ransomware Protection

The protection from ransomware could be a complex operation but the important thing is for everyone to understand that the backups, and the education of employees and co-workers is crucial. Not investing enough in cybersecurity can end up being very costly as ransomware attacks can hit again after paying the ransom or decrypting the virus with other means.

See the interview with Zohar below and let us know what you think in the comments!

Ransomware Delivery through Phishing Campaigns

January 25, 2019

A single biological virus strain from a single point of origin can infect hundreds and thousands of people. Ransomware infection also spreads like a medical virus. Ransomware delivery on a single device can affect numerous devices connected to the same server.

In other words, the success of a ransomware attack largely depends on how it is delivered to the targeted digital environment. Cryptovirological operators use several techniques to deliver the payload of ransomware to the intended targets, and phishing campaigns is one of them.

Phishing emails were initially used to steal confidential information and login credentials of the affected users. However, cybercriminals have upgraded and extended the use of phishing emails. Now, they are also used for the delivery of malware scripts including ransomware.

Why Cryptovirological Operators Use Phishing Campaigns?

By devising a phishing campaign, ransomware operators are able to target hundreds and thousands of users in a single go. This mass distribution actually ensures that more people become a victim of the malware, which in turn increases the chances for the attacker to rack more money in the name of ransomware removal.

Different Ransomware Distribution Methods through Phishing Mails

There are two definite ways in which ransomware can be distributed through phishing campaigns.

Malicious Attachments

Ransomware operators often use malicious attachments of zip files embedded with a cryptovirological script. As users download them out of curiosity, the malware payload is delivered on the device.

Infected URLs

Some phishing emails contain infected URLs and urge users to click them through several social engineering tactics. These URLs are already infected with ransomware. Upon clicking the link, the cryptovirological infection is automatically downloaded on the device.

If you don’t want to pay heavy extortion amounts for ransomware removal, make it certain that you are not clicking any link or attachment of a mail sent by an unknown user.

GandCrab Ransomware Operators Might have Racked 300 Million from Victims this Year

January 21, 2019

Like the preceding years, 2018 also saw the development of dangerous new ransomware strains. And it won’t be wrong to say that GandCrab ransomware might have won the race in inflicting the maximum amount of losses. A digital security company has analyzed the activity of GandCrab ransomware all through the year to come up with this assertion.

GandCrab operators have primarily focused on targeting large companies in the anticipation of big ransomware payouts. For instance, in one attack, the operators demanded extortion amount of whopping 0.7 million dollars to provide the ransomware removal key. The security firm has also reported that half of the reported victims resorted to ransom payment. According to the number of users affected by GandCrab ransomware, even the payment of least demanded ransom amount ($600) has made $300 million for its operators this year.

A solution for GandCrab Encryption is now Available

After months of malicious activity of GandCrab ransomware, Europol along with cybersecurity companies have come up with its ransomware removal decrypter. The solution is available for free. According to the numbers established by the Europol, GandCrab affected users have avoided paying nearly one million ransom amount because of its free decrypter.

Unreported Attacks are Not Taken into Account

There are always a large number of cyber attacks that go unreported. Many commercial entities don’t report such incidents because it can irreversibly damage their business reputation. The same can be said about the activity of GandCrab. The figure of $300 million only entails reported attacks. We still don’t know how all the unreported victims of GandCrab dealt with its encryption.

All things considered, the collective tangible losses caused by GandCrab can be way over half a billion dollar. Such immense monetary losses definitely make GandCrab one of the deadliest ransomware strains of the year 2018.

Ryuk Ransomware Activity Halts Printing and Delivery of Several US Newspapers

January 18, 2019

Ransomware attacks have been frequently happening in the last couple of years. The majority of attacks involve targeting corporate and public-sector entities. However, a unique ransomware activity happened over this weekend when one of the largest US newspaper publishers came under cryptovirological attack.

Tribune Publishing has experienced a major cyberattack over the weekend, which affected the publication of several of its newspapers in different states. It has been reported that the attack delayed the delivery of newspapers in many regions this Saturday and Sunday. Moreover, some of the affected newspapers also had to slash their regular number of pages.

Now, the report is coming in that the cyber attack on Tribune publishing was actually the infiltration of the Ryuk ransomware. An anonymous source from within the organization has told LA times that Ryuk ransomware was used to lock down the devices of Tribune Publishing.

The source couldn’t tell anything else about the attack. It is still not known whether the company has completed ransomware removal and recovery activities. Moreover, we still don’t know about the perpetrators behind the attack and what they demanded the ransomware removal key.

The attack has revealed another dangerous opportunity regarding the use of ransomware for disruption of services. A more severe ransomware infiltration could have actually turned into a complete publication blackout. Such ransomware prospects can be exploited in state-sponsored cyber warfare.

Ryuk Ransomware

Ryuk ransomware was first detected by security experts in the month of August. The code of Ryuk ransomware is pretty similar to that of Hermes ransomware. It also uses the combination of AES and RSA encryption to render regular ransomware removal efforts useless.

During the spurt of Ryuk ransomware activity in August and following months, its operators would ask for 0.5 Bitcoin to provide decrypter for ransomware removal.

Devising Initial Response to a Ransomware Attack

January 15, 2019

Ransomware has become a buzzword in cybersecurity quarters over the last two years and rightly so. If you have suffered a cryptovirological attack, then how you deal with it at the onset will decide the extent of damages and subsequent ransomware removal and recovery measures. In this piece, we will try to discuss how one should devise their initial response to mitigate cryptovirological damages.

Stop the Lateral Movement

The majority of ransomware strains try to spread across the network to affect as many as devices as possible. For that matter, it is crucial to isolate the infection. The simplest way to do this is by disconnecting each and every device from the central network. Apart from disconnecting them physically, also check wireless connections (Wi-Fi, Bluetooth and near-field communication etc) and close them off. It is the least that you can do upon the detection of the cryptovirological script in your network to stop it from further proliferation.

Source Identification

Identifying the point of entry of the ransomware can eliminate half of your work, which entails the tracking down of the infection across the whole network. Subsequently, it will also help you to focus your ransomware removal measures in the right direction which will reduce the extended downtime. To detect the entry points, do this:

Check alerts on anti-malware and intrusion detection software
Look for suspicious email reports
Check web browsers (some cryptovirological payload are dropped through compromised websites)
Also, directly ask people since many times these attacks go unreported and undetected

Classification of ransomware

The third step of your initial response should be the classification of the cryptovirological script used in the attack. Find out what distribution technique and encryption module has been used to lock down the files. The expertise of ransomware removal experts can also come in handy here.

Security Think Tank: Focus on Malicious Use of AI in 2019

January 13, 2019

In the end of 2018, Security Think Tank was asked three fundamental questions that will paint a clearer picture of the malware landscape of 2019. What was the one thing that was predicted for 2018 but didn’t happen? What was the one thing that wasn’t predicted but did happen? And what the one thing that should happen in 2019, but probably will not?

Predicted, but Didn’t Happen

As ransomware removal problems had surfaced in 2017, it had been predicted that there will be an explosion of ransomware in 2018. Well, ransomware removal remained a huge problem in 2018, and even small to medium sized businesses struggled a lot. Even though this was the case, researches signified that 2017 saw 62% respondents experiencing attacks in 2017 and 45% respondents experiencing one in 2018.

Hardly an explosion, is it? These stats were so because of the fact that 73% of these people had ransomware removal strategies in place in 2018 – as opposed to a smaller 53% in 2017.

Happened, but Wasn’t Predicted

Even though the explosion of ransomware was predicted, another form of malware had been seen taking the throne for causing chaos – crypto mining.

Predicted, but Probably Won’t in 2019

Many experts in the field of AI had thought about the possible dangers of technology in terms of malware. This is because, given the speed at how this technology is progressing, Security Think Tank believes that this threat is not going to be a problem in 2019.

Don’t get us wrong though – it will happen. It won’t be possible anytime soon, but once it does become a reality, corporations should be geared enough to handle a whole new level of ruckus!

Ransomware: What is it? What are its Different Kinds?

January 11, 2019

Nearly everyone in today’s age knows what is inside a mobile phone or a personal computer. Now we’re entering into a time where people are learning about what ransomware removal really is. Imagine if someone steals whatever is inside your mobile phone or personal computer and demand a ransom.

Security has always been a concern among companies that provide cybersecurity. Ransomware removal, on the other hand, is a completely new level of security. This is exactly why cybersecurity firms have one thing among their minds nowadays – ransomware removal.

Ransomware signifies a type of software that encrypts all the documents of the computer it enters. The victims of this threat can only regain access to their personal data once they have paid the ransom asked for by the cybercriminals.

Ransomware had made its way to the surface somewhere in 2017, but by an approximate growth of 748%, ransomware has now come to be known as a global issue. Let’s have a brief look at some of the basic kinds of ransomware.

1. Bad Rabbit

Bad Rabbit was seen in Eastern Europe and Russia and was spread via a fake update for Adobe Flash.

2. Crysis

Crysis targeted the network and removable or fixed drives when they were connected to the infected computer.

3. Cerber

Cerber targeted users of the Office 365 cloud and millions of people had been affected.

4. CryptoLocker

This aptly named ransomware works in a manner of using algorithms to search for files to encrypt in terms of priority.

5. CryptoWall

CryptoWall spreads via exploit kits or spam, and it works in the same manner as the CryptoLocker variants

6. Jigsaw

Jigsaw, which was named after a villain from a movie series, continues to delete files until the respective ransom isn’t paid.

Well, all of this doesn’t sound scary enough for those who don’t rely too much on technologies. For those who do, however, it’s an absolute nightmare!

Malwarebytes: Fileless Ransomware an Emerging Threat for the US

January 11, 2019

Malwarebytes has brought forward a report which has introduced a whole new problem for ransomware removal companies. ‘Sorebrect’ has come forward as ransomware that is completely fileless and Malwarebytes says it is the very first of its kind.

Malwarebytes’ report named ‘Under the Radar: The Future of Undetected Malware, observes four major ransomware attacks in 2018 that were completely fileless. These include SamSam, TrickBot, Emotet, and now Sorebrect. These attacks have accounted for about 35% of all of the attacks in 2018 and were also known to be 10 times more successful than the traditional form – in terms of ransomware removal.

The director of Malware Intelligence, Adam Kujawa said that GandCrab was the most popular kind of ransomware because of its capabilities, but Sorebrect was a completely new evolution of malware. The main way it infects victims is via exploited scripts or MS Office documents. It then resides into the memory of the device in question and hangs around long enough to encrypt everything.

The director also said that as ransomware removal methods for this threat aren’t full proof as yet, enterprises should adopt behavioral detection and move beyond their signature-based detection methods. Other than this, Malwarebytes also went on to suggest that these corporations should focus their strengths on email messages with the help of security products that disable threats and remove them entirely from the system.

All of this should be done before this form of malware makes any advances. Adam Kujawa was quoted to have said that we are still lucky that this form of malware hasn’t spread as yet, which means that cybercriminals out there haven’t started forming copycats of Sorebrect as yet and bigger splashes from these can be expected soon enough.

Gear up people!

US charges a North Korean operative for involvement in WannaCry attack

September 19, 2018

Cyber warfare among nation-states is also one of the realities of modern times. Countries are now settling scores on cyber battlefield. For instance, news channels are still covering the issue of Russian hacking of last US presidential elections. Last year, following the devastation of WannaCry ransomware, some high US officials pointed fingers towards North Korea for sponsoring and facilitating the attack. The Justice Department along with the help of federal agencies started the investigation to find the North Korean connection to a cyber attack that resulted in unwanted costs of ransomware removal for several US entities.

On Wednesday, the department formally charged a North Koran operator Park Jin-hyok for devising and launching a comprehensive multi-year assault including infamous Sony hack of 2014 and WannaCry attack of last year. The detailed charged sheet also includes the assertion that the Park did it on the behalf of the North Korean regime. Park has been formally charged for the felonies of extortion, cyber hacking and wire frauds.

The whereabouts of Park are not known to the authorities. So, an immediate extradition is not on the cards. Experts are calling the verdict a symbolic but important proclamation from the US. The North Korean administration hasn’t made any statement on the verdict so far. It will be interesting to see how North Korea would react to the formal accusation made by the US. Whether North Korea was behind the ransomware attack or not, it is true that countries now covertly act against each other via cyber sphere.

Such attacks have taken place in the past. For instance, the cyber infiltration in Ukraine’s Power Grid was also alleged as the part of the ongoing tension between Ukraine and Russia at that point. Similarly, Iran blamed the US for a cyber attack on its nuclear reactor.