REMOTE ASSIST
Your IP: 18.237.68.85
SUPPORT
BOARD
ABOUT US
UNIVERSITY
CONTACT US
844-222-1221

Ransomware Delivery through Phishing Campaigns

Ransomware Delivery through Phishing Campaigns

A single biological virus strain from a single point of origin can infect hundreds and thousands of people. Ransomware infection also spreads like a medical virus. Ransomware delivery on a single device can affect numerous devices connected to the same server.

In other words, the success of a ransomware attack largely depends on how it is delivered to the targeted digital environment. Cryptovirological operators use several techniques to deliver the payload of ransomware to the intended targets, and phishing campaigns is one of them.

Phishing emails were initially used to steal confidential information and login credentials of the affected users. However, cybercriminals have upgraded and extended the use of phishing emails. Now, they are also used for the delivery of malware scripts including ransomware.

Why Cryptovirological Operators Use Phishing Campaigns?

By devising a phishing campaign, ransomware operators are able to target hundreds and thousands of users in a single go. This mass distribution actually ensures that more people become a victim of the malware, which in turn increases the chances for the attacker to rack more money in the name of ransomware removal.

Different Ransomware Distribution Methods through Phishing Mails

There are two definite ways in which ransomware can be distributed through phishing campaigns.

Malicious Attachments

Ransomware operators often use malicious attachments of zip files embedded with a cryptovirological script. As users download them out of curiosity, the malware payload is delivered on the device.

Infected URLs

Some phishing emails contain infected URLs and urge users to click them through several social engineering tactics. These URLs are already infected with ransomware. Upon clicking the link, the cryptovirological infection is automatically downloaded on the device.

If you don’t want to pay heavy extortion amounts for ransomware removal, make it certain that you are not clicking any link or attachment of a mail sent by an unknown user.

GandCrab Ransomware Operators Might have Racked 300 Million from Victims this Year

GandCrab Ransomware Operators Might have Racked 300 Million from Victims this Year

Like the preceding years, 2018 also saw the development of dangerous new ransomware strains. And it won’t be wrong to say that GandCrab ransomware might have won the race in inflicting the maximum amount of losses. A digital security company has analyzed the activity of GandCrab ransomware all through the year to come up with this assertion.

GandCrab operators have primarily focused on targeting large companies in the anticipation of big ransomware payouts. For instance, in one attack, the operators demanded extortion amount of whopping 0.7 million dollars to provide the ransomware removal key. The security firm has also reported that half of the reported victims resorted to ransom payment. According to the number of users affected by GandCrab ransomware, even the payment of least demanded ransom amount ($600) has made $300 million for its operators this year.

A solution for GandCrab Encryption is now Available

After months of malicious activity of GandCrab ransomware, Europol along with cybersecurity companies have come up with its ransomware removal decrypter. The solution is available for free. According to the numbers established by the Europol, GandCrab affected users have avoided paying nearly one million ransom amount because of its free decrypter.

Unreported Attacks are Not Taken into Account

There are always a large number of cyber attacks that go unreported. Many commercial entities don’t report such incidents because it can irreversibly damage their business reputation. The same can be said about the activity of GandCrab. The figure of $300 million only entails reported attacks. We still don’t know how all the unreported victims of GandCrab dealt with its encryption.

All things considered, the collective tangible losses caused by GandCrab can be way over half a billion dollar. Such immense monetary losses definitely make GandCrab one of the deadliest ransomware strains of the year 2018.

Ryuk Ransomware Activity Halts Printing and Delivery of Several US Newspapers

Ryuk Ransomware Activity Halts Printing and Delivery of Several US Newspapers

Ransomware attacks have been frequently happening in the last couple of years. The majority of attacks involve targeting corporate and public-sector entities. However, a unique ransomware activity happened over this weekend when one of the largest US newspaper publishers came under cryptovirological attack.

Tribune Publishing has experienced a major cyberattack over the weekend, which affected the publication of several of its newspapers in different states. It has been reported that the attack delayed the delivery of newspapers in many regions this Saturday and Sunday. Moreover, some of the affected newspapers also had to slash their regular number of pages.

Now, the report is coming in that the cyber attack on Tribune publishing was actually the infiltration of the Ryuk ransomware. An anonymous source from within the organization has told LA times that Ryuk ransomware was used to lock down the devices of Tribune Publishing.

The source couldn’t tell anything else about the attack. It is still not known whether the company has completed ransomware removal and recovery activities. Moreover, we still don’t know about the perpetrators behind the attack and what they demanded the ransomware removal key.

The attack has revealed another dangerous opportunity regarding the use of ransomware for disruption of services. A more severe ransomware infiltration could have actually turned into a complete publication blackout. Such ransomware prospects can be exploited in state-sponsored cyber warfare.

Ryuk Ransomware

Ryuk ransomware was first detected by security experts in the month of August. The code of Ryuk ransomware is pretty similar to that of Hermes ransomware. It also uses the combination of AES and RSA encryption to render regular ransomware removal efforts useless.

During the spurt of Ryuk ransomware activity in August and following months, its operators would ask for 0.5 Bitcoin to provide decrypter for ransomware removal.

Devising Initial Response to a Ransomware Attack

Devising Initial Response to a Ransomware Attack

Ransomware has become a buzzword in cybersecurity quarters over the last two years and rightly so. If you have suffered a cryptovirological attack, then how you deal with it at the onset will decide the extent of damages and subsequent ransomware removal and recovery measures. In this piece, we will try to discuss how one should devise their initial response to mitigate cryptovirological damages.

Stop the Lateral Movement

The majority of ransomware strains try to spread across the network to affect as many as devices as possible. For that matter, it is crucial to isolate the infection. The simplest way to do this is by disconnecting each and every device from the central network. Apart from disconnecting them physically, also check wireless connections (Wi-Fi, Bluetooth and near-field communication etc) and close them off. It is the least that you can do upon the detection of the cryptovirological script in your network to stop it from further proliferation.

Source Identification

Identifying the point of entry of the ransomware can eliminate half of your work, which entails the tracking down of the infection across the whole network. Subsequently, it will also help you to focus your ransomware removal measures in the right direction which will reduce the extended downtime. To detect the entry points, do this:

  • Check alerts on anti-malware and intrusion detection software
  • Look for suspicious email reports
  • Check web browsers (some cryptovirological payload are dropped through compromised websites)
  • Also, directly ask people since many times these attacks go unreported and undetected

Classification of ransomware

The third step of your initial response should be the classification of the cryptovirological script used in the attack. Find out what distribution technique and encryption module has been used to lock down the files. The expertise of ransomware removal experts can also come in handy here.

Security Think Tank: Focus on Malicious Use of AI in 2019

Security Think Tank: Focus on Malicious Use of AI in 2019

In the end of 2018, Security Think Tank was asked three fundamental questions that will paint a clearer picture of the malware landscape of 2019. What was the one thing that was predicted for 2018 but didn’t happen? What was the one thing that wasn’t predicted but did happen? And what the one thing that should happen in 2019, but probably will not?

Predicted, but Didn’t Happen

As ransomware removal problems had surfaced in 2017, it had been predicted that there will be an explosion of ransomware in 2018. Well, ransomware removal remained a huge problem in 2018, and even small to medium sized businesses struggled a lot. Even though this was the case, researches signified that 2017 saw 62% respondents experiencing attacks in 2017 and 45% respondents experiencing one in 2018.

Hardly an explosion, is it? These stats were so because of the fact that 73% of these people had ransomware removal strategies in place in 2018 – as opposed to a smaller 53% in 2017.

Happened, but Wasn’t Predicted

Even though the explosion of ransomware was predicted, another form of malware had been seen taking the throne for causing chaos – crypto mining.

Predicted, but Probably Won’t in 2019

Many experts in the field of AI had thought about the possible dangers of technology in terms of malware. This is because, given the speed at how this technology is progressing, Security Think Tank believes that this threat is not going to be a problem in 2019.

Don’t get us wrong though – it will happen. It won’t be possible anytime soon, but once it does become a reality, corporations should be geared enough to handle a whole new level of ruckus!

Ransomware: What is it? What are its Different Kinds?

Ransomware: What is it? What are its Different Kinds?

Nearly everyone in today’s age knows what is inside a mobile phone or a personal computer. Now we’re entering into a time where people are learning about what ransomware removal really is. Imagine if someone steals whatever is inside your mobile phone or personal computer and demand a ransom.

Security has always been a concern among companies that provide cybersecurity. Ransomware removal, on the other hand, is a completely new level of security. This is exactly why cybersecurity firms have one thing among their minds nowadays – ransomware removal.

Ransomware signifies a type of software that encrypts all the documents of the computer it enters. The victims of this threat can only regain access to their personal data once they have paid the ransom asked for by the cybercriminals.

Ransomware had made its way to the surface somewhere in 2017, but by an approximate growth of 748%, ransomware has now come to be known as a global issue. Let’s have a brief look at some of the basic kinds of ransomware.

1.   Bad Rabbit

Bad Rabbit was seen in Eastern Europe and Russia and was spread via a fake update for Adobe Flash.

2.   Crysis

Crysis targeted the network and removable or fixed drives when they were connected to the infected computer.

3.   Cerber

Cerber targeted users of the Office 365 cloud and millions of people had been affected.

4.   CryptoLocker

This aptly named ransomware works in a manner of using algorithms to search for files to encrypt in terms of priority.

5.   CryptoWall

CryptoWall spreads via exploit kits or spam, and it works in the same manner as the CryptoLocker variants

6.   Jigsaw

Jigsaw, which was named after a villain from a movie series, continues to delete files until the respective ransom isn’t paid.

Well, all of this doesn’t sound scary enough for those who don’t rely too much on technologies. For those who do, however, it’s an absolute nightmare!

Malwarebytes: Fileless Ransomware an Emerging Threat for the US

Malwarebytes: Fileless Ransomware an Emerging Threat for the US

Malwarebytes has brought forward a report which has introduced a whole new problem for ransomware removal companies. ‘Sorebrect’ has come forward as ransomware that is completely fileless and Malwarebytes says it is the very first of its kind.

Malwarebytes’ report named ‘Under the Radar: The Future of Undetected Malware, observes four major ransomware attacks in 2018 that were completely fileless. These include SamSam, TrickBot, Emotet, and now Sorebrect. These attacks have accounted for about 35% of all of the attacks in 2018 and were also known to be 10 times more successful than the traditional form – in terms of ransomware removal.

The director of Malware Intelligence, Adam Kujawa said that GandCrab was the most popular kind of ransomware because of its capabilities, but Sorebrect was a completely new evolution of malware. The main way it infects victims is via exploited scripts or MS Office documents. It then resides into the memory of the device in question and hangs around long enough to encrypt everything.

The director also said that as ransomware removal methods for this threat aren’t full proof as yet, enterprises should adopt behavioral detection and move beyond their signature-based detection methods. Other than this, Malwarebytes also went on to suggest that these corporations should focus their strengths on email messages with the help of security products that disable threats and remove them entirely from the system.

All of this should be done before this form of malware makes any advances. Adam Kujawa was quoted to have said that we are still lucky that this form of malware hasn’t spread as yet, which means that cybercriminals out there haven’t started forming copycats of Sorebrect as yet and bigger splashes from these can be expected soon enough.

Gear up people!

US charges a North Korean operative for involvement in WannaCry attack

wannacry

Cyber warfare among nation-states is also one of the realities of modern times. Countries are now settling scores on cyber battlefield. For instance, news channels are still covering the issue of Russian hacking of last US presidential elections. Last year, following the devastation of WannaCry ransomware, some high US officials pointed fingers towards North Korea for sponsoring and facilitating the attack. The Justice Department along with the help of federal agencies started the investigation to find the North Korean connection to a cyber attack that resulted in unwanted costs of ransomware removal for several US entities.

On Wednesday, the department formally charged a North Koran operator Park Jin-hyok for devising and launching a comprehensive multi-year assault including infamous Sony hack of 2014 and WannaCry attack of last year. The detailed charged sheet also includes the assertion that the Park did it on the behalf of the North Korean regime. Park has been formally charged for the felonies of extortion, cyber hacking and wire frauds.

The whereabouts of Park are not known to the authorities. So, an immediate extradition is not on the cards. Experts are calling the verdict a symbolic but important proclamation from the US. The North Korean administration hasn’t made any statement on the verdict so far. It will be interesting to see how North Korea would react to the formal accusation made by the US. Whether North Korea was behind the ransomware attack or not, it is true that countries now covertly act against each other via cyber sphere.

Such attacks have taken place in the past. For instance, the cyber infiltration in Ukraine’s Power Grid was also alleged as the part of the ongoing tension between Ukraine and Russia at that point. Similarly, Iran blamed the US for a cyber attack on its nuclear reactor.

Municipal office of a small Canadian town hit by a ransomware

municipal office

Midland is a small Canadian town located on Georgian Bay in Ontario. The municipal office of the town suffered a ransomware attack in the early morning of September, 1st. The attack has infected many municipal servers resulting in the disruption of many public services. Luckily, the emergency services of the town remain unscathed in the attack.

The incident is yet another addition to the growing list of ransomware attacks on municipal offices. This year, cryptovirological operators have shifted their focus on targeting digital facades of city and town administrations. From bringing down the municipal system of the entire city of Atlanta to targeting small suburban town of Midland, it is pretty clear that no local government network is safe from the shenanigans of cryptovirological operators.

The town administration has refused to pay the attacker for ransomware removal and started to resolve the issue with the help of cybersecurity experts. As teams are working on ransomware removal and restoration of the system, the town officials have also started the investigation into the attack.

According to the mayor of Midland town, they have reported the attack to the Ontario’s commissioner for Information and Privacy. Provincial law enforcement agencies have also offered their services to the town management to find out how the cryptovirological infiltration took place.

According to the press release issued by the town administration, it had acquired the cyber insurance policy before the attack. This means the cost of ransomware removal and system restoration will also be paid through insurance premiums. In addition, the IT department of the town’s municipal office was in the midst of implementing robust cybersecurity measures.

In a way, the attack has revealed the weak links in the digital network of the town’s municipal office. Now, IT experts can work on them.

Data Infiltration in ransomware attacks on healthcare facilities

infiltration

In contrast to data breaches, ransomware attacks largely centered on locking down the data instead of exfiltrating it. However, there is no set rule regarding this in the guidebook used by ransomware attacks. Also, no such guidebook exists. In short, you can’t tell if ransomware attack also entails the infiltration of data.

In the healthcare sector, the digital databases comprising of confidential patients’ data remains susceptible to cyber attacks.  The confidential health information and banking details of the patients stored in these databases are sold in a good deal on the black market.

Besides that, cybercriminals can effectively blackmail the targeted healthcare facility after seizing its classified databases. This usually happens in the instances of ransomware attacks where the operators demand a hefty sum of extortion money for ransomware removal to give back the access to confidential data.

During a cryptovirological activity, it is not easy to tell whether the attackers are stealthy infiltrating the comprised data as well. For that matter, it is important for the IT arms of healthcare facilities to put some measures in place. Keep in mind that ransomware removal measures can only decrypt the locked down files. They can’t help in stopping the infiltration of data.

Establishment of a robust logging mechanism

Continuously monitoring the user and network activities is critical for detecting any unauthorized infiltration of information. If a healthcare facility has a good logging and tracking system in place, then it becomes easier to detect infiltration during any ransomware attack.

Getting ransomware experts on board

To detect data infiltration during ransomware attack, it is important to have cryptovirological experts in the IT team. Aside from commencing ransomware removal activities, they know how to detect the ports and servers used to propagate the attack. They are also able to tell if an ongoing ransomware attack is being controlled by the operator’s command and control server.