Nozelesn Ransomware

July 16, 2018

Ransomware removal experts have found a new ransomware gatehring speed on the horizon. The breach was found on July 1st, when Nozelesn Ransomware was found to be affecting users in Poland. Nozelesn is similar to other ransomwares like Leen, Omerta and others. These ransomwares are developed by different hackers but their basic function and motives are the same.

Since this ransomware is new, hence there is no exact number of the people known to have been attacked by it. However, ransomware removal experts think that the ransomware may have attacked a substantial number of individual users and companies already.

What is Nozelesn Ransomware?

Nozelesn is spread through spam campaigns where mass emails are distributed to several users on the internet. Nozelesn works similarly to other ransomware as it silently enters a computer system and encrypts’ computer’s files. Nozelesn Ransomware makes modifications in the Windows Registry to achieve control of the Windows Operating System. This is done so the user cannot try to remove ransomware by tinkering with the OS.

Afterwards, the ransomware focuses on the encryption process. After encryption; the files are unable to be accessed by the victims. Moreover, the extension of these files are modified and changed to “.nozelesn”. After encryption, a file of the format for HTML is added into the folders of the computer. This HTML file is the ransom note.

The HTML file states that the files of the users are encrypted and they will have to pay money in return for the access of their files. The ransom details include the procedures required to access TOR browser and pay the attackers.

Additionally, the ransom file also contains a password that can help the users to login in TOR. The ransom is priced at 0.10 Bitcoin. Time duration of 10 days is provided to the victims to pay ransom. Delay in ransom is threatened with the permanent loss of data.

So what to do if you are affected by Nozelesn Ransomware? Since it is a new ransomware, hence not much is known about it. However, as a general rule of thumb, avoid paying any ransom to the attackers as generally these cybercriminals are not to be trusted.

How is Ransomware Faring in Hawaii?

July 12, 2018

Ransomware attacks continue to increase with some ferocity. The security infrastructure of public offices in different states and cities are constantly under threat and trying to block, detect and remove ransomware.

Cyberattacks in Hawaii

Hawaii faces more than 10,000 cyberattacks daily. Last week, computer systems in Oahu, Hawaii were halted midway through operations and were unable to function. There were suspicions of a ransomware attack, but it was soon cleared that this was due to a maintenance problem.

According to Mark Wong, Director for the City and County of Honolulu’s Department of Information Technology, they had been extremely lucky to evade cybersecurity attacks despite cybercriminals trying continuously to infect governmental, public and private computers with malware and ransomware on a daily basis.

Moreover, he said that the numbers of these attacks are between 40 to 45 million as their security departments have been able to detect them in time and remove ransomware and other dangerous malwares.

A majority of the computer systems are able to succeed in evading cyber threats due to the presence of anti malware and anti ransomware tools. However, not all attacks can be contained through the use of these tools.

Phishing

Additionally, according to Mr.Wong, currently most of their investigative proceedings are related to attacks that involve phishing campaigns. Cybercriminals encourage people to type their login details and use these details to corrupt their PCs with malware and ransomware.

Mr. Wong’s department has countered this threat by testing people with fake phishing campaigns. This, way people can be educated about these attacks and learn how to deal with them in future when a real hacker tries to attack.

Security Measures

Employees in the department of the City and County of Honolulu do not have access to internet. Instead a proxy is used which helps to negate the infection of a cyberattack significantly. Moreover, all the systems of states’ departments have been separated. Thus, if a cyberattack manages to attack one department, then it will not succeed in proliferation of other departments.

According to ransomware removal experts, unluckily, not everyone had the same success with ransomware attacks as Hawaii. There are some towns in the country whose public data was compromised and hence they were forced to pay a great amount of money to cybercriminals.

Sigrun Ransomware: A Jingoistic Offering by Russian Operators

July 11, 2018

Aside from committing for monetary gains or to build a clout, cybercrimes has now also become a part of the cold war between nation-states. In last two years, the issue of Russian hackers manipulating the results of US presidential elections has been a regular item of headlines.

Besides, every so often we come to know about a malicious cyber activity allegedly instigated by state actors. For instance, last year, WannaCry ransomware attack jolted the users all around the year. The attacks affected hundreds and thousands of users in more than 140 countries. The US authorities blamed North Korea to harbor this damaging cyber attack resulting in ransomware removal and recovery activities of millions of dollars.

What we are trying to establish here is that there are some ransomware activities where nationalism also enter into the equation. For instance, in the first week of June, cybersecurity researchers came to know about a ransomware strain that goes with the name Sigrun. The operators of this cryptovirological strain only demands ransomware removal extortion money from non-Russian users.

Sigrun Operators Avoid to Target Russian Users

The researchers have found out that the operators of Sigrun deliberately avoid targeting Russian users. They have added a feature in the script of the ransomware to detect keyboard layout of the targeted computer. If it detects Russian layout, then the strain doesn’t initiate its encryption process and deletes itself.

However, not all Russian users are using that layout. So, there are chances that a Russian can be affected by the cryptovirological activity of Sigrun. For all those ‘wrongly targeted’ users, the operators come off as accommodating individuals and offer them free ransomware removal. It is worth noting that the same operators are asking for $2,500 in cryptocurrency from non-Russian victims.

The encryption process of Sigrun ransomware is quite similar to most of the cryptovirological strains. It appends every encrypted file with the extension ‘.Sigrun’ and leave an HTML and text files as ransom notes on the desktop. Barring few extensions, nearly every file is vulnerable to the activity of Sigrun. This means extensive ransomware removal activities will be required to disinfect the affected device.

How Ransomware Targets Employees

July 10, 2018

The recent rise of ransomware has shaken a fair amount of individuals as well as businesses. Many people try to counter it through the usage of security tools and techniques to remove ransomware. However people need to understand the psychology behind these attacks, especially in the case of employees in an organization.

Internet Behavior

Hackers do not fish for computer systems. The actual target is the employees of the organizations. Hackers try to analyze the activities and psychology of an employee. An employee is mindset is understood through his search queries, behavior on social media websites and other internet information.

Many employees trust their computer system as secure devices that cannot be monitored and hacked. Thus, companies should not only train their employees for security practices but also educate them to be responsible in their internet activities.

How Do They Make the Employee Pay

There are certain mindsets that the hackers try to play in ransomware removal cases.

Firstly, they try to deceive an employee by infecting his computer with a ransomware and threatening an authority about his illegal activities. The employee often caves in and pays the fake fines (ransom) in the fear of his bosses.

Secondly, they encourage the employees to pay in return of files. The employees are frightened about the prospect of losing their jobs. Hackers threaten the leak of data to public which forces employees to pay upfront.

Duplication of Data

The whole ransomware attack works because a cybercriminal withholds your company’s crucial data and you seem to think that there is no alternative except paying him. The situation is considered similar to a kidnapping situation where hostages are kidnapped by criminals and demand money.

However, you are missing an important point. Data is not a human body. It can be duplicated. Hackers cannot get any leverage over you if you have a duplicate of your important data in a portable hard disk or a cloud service. Therefore, having a duplicate can save you from paying any ransom if you are attacked with a ransomware and you can remove ransomware without any pressure and worries.

Ransomware Attack on Atlanta Police Department

July 9, 2018

A ransomware attack is at its most dangerous level when it is targeted at a government institution, especially the police department. Case in point; Atlanta’ Police Department’s failure to remove ransomware resulted in the loss of years of data recently.

The attack took place on 22nd March this year by a ransomware known as SamSam. $51,000 worth of Bitcoin was demanded in ransom, though it was not paid. The data consisted mainly of the footage of the dashboard camera on the police cars. When the news broke, many people feared that this may affect the ongoing as well as previous investigations. Special concern was raised for Driving under Influence (DUI) investigations as dashboard camera footage was thought to be crucial in these cases.

However, Atlanta’s Police Chief Ms.Shields reassured that no data has been compromised that could endanger police investigations. She elaborated that there are several factors in DUI investigations other than dashboard camera footages, including testimony from the officers in charge as well as those of the witnesses that are enough to implicate someone.

Moreover, she reiterated that while dashboard camera footage are an important part of police evidence, there are several components that are more crucial in an investigation and can help them charge criminals effectively. When asked about the possibility of the recovery of the dashboard camera footage through ransomware removal, she replied in the negative. She further clarified that footage from the cameras worn on the bodies of officers was not compromised.

However, it could have been much more. Fortunately, the Atlanta Police Department was able to remove ransomware in the initial stages of the attack as they were able to save other pieces of evidence from their investigations or else they would have met the same fate as the police departments in Ohio and Texas who were unable to remove ransomware at the right time, costing them crucial evidence and putting many of their investigations in jeopardy.

Since a police department is linked to other institutions like banks, judiciary and public records, consequently the impact of the attack is wide. Ransomware Removal is a tough situation and hence you need to enhance the security of your system.

Barriers to Organizational Digital Transformation and the Threat of Ransomware

July 6, 2018

Ransomware infiltrations are the leading cyber threat of last two years. Organizations, whether public or private, are not spared from the cryptovirological activity. Every year millions of dollars are used up in corporate ransomware removal and recovery measures. The ever-increasing importance of data has played a crucial role in making ransomware infiltrations dangerous.

But on the other hand, inefficient digital infrastructure and its slow transformation have also played its part in making ransomware attacks deadly. There are several barriers in the path of digital transformation.

Organizational Culture

Even if the company has enough resources to establish good defense shield against cyber attacks, particularly ransomware, they don’t go for it because of their established culture. For instance, a thriving brick and mortar store chain with a digital front don’t want to invest in intangible features.

Moreover, there are chances that majority of its working force is not tech-savvy making an organizational culture that doesn’t take cyber threats as serious as they actually are. As a result, they have to experience ‘intangible’ attacks such as ransomware that culminates to very tangible losses. We have seen it in many cases how a ransomware activity can cause losses of millions.

Cost

For many organizations, cost of digital upgrades restraint them from moving forward with the transformation, leaving them at constant risk of cyber inflictions. However, they have to go out of their way with their finances once the attack has happened. For instance, an organization has to pay whatever money for ransomware removal if the locked down data is pretty crucial in nature and there is no backup available.

The complexity of Technology and Skill Deficiency

Technological advancements happen at an exponential rate. For that matter, the complexity of cyber threats and corresponding responses has increased pretty much. Cryptovirological codes these days are written on the template of really complex encryption algorithms. Therefore, complex ransomware removal measures are also needed to neutralize them. But unfortunately, the majority of in-house digital security people are not equipped with adequate expertise to take care of all types of cyber threat without any help.

Verizon’s Report on Ransomware

July 5, 2018

Verizon’s 2018 Data Breach Investigations Report showed that ransomware removal cases account for 39 percent of malware cases. It was found that the objectives of hackers are changing. Initially, they used to target a single user by getting access to his personal information, but now, their strategies have evolved and they are more focused towards demanding ransom by hacking a wider range of networks.

Why Ransomware Attacks are Preferred

Verizon’s research into ransomware removal found out the reason behind this shift to be the easiness and convenience of ransomwares. In addition to being powerful, ransomware can be easily created and deployed. It does not require a high level of expertise, experience or knowledge of cyber security as there are several available platforms to develop a ransomware.

Moreover, the risks are lower while the returns are higher. Previously, hackers used to hack personal data of users and tried to use it to generate money themselves. However, with ransomware, the user is blackmailed directly for his data and is forced to pay.

Culprits

The ransomware removal report also provided some data about the attackers. 73 percent of attacks were found out to be from outsiders. This means that over 29 percent of the attacks were done by people within the network. Thus, it is difficult to protect your systems from this segment. 50 percent of the attacks traced their origins back to organized criminal gangs.

Silly Costly Mistakes

Criminal organizations or disgruntled employees were not always able to attack directly. 17 percent of the times, a security leak was created by the errors of the employees. These errors consisted of failure to properly dispose confidential data, misplacement of email addresses, and mishandling of the organization’s IT infrastructure.

Many of these mistakes were regular human errors; however, they provided cyber criminals with opportunities to infiltrate systems with ransomware. Furthermore, one of the most common mistakes was found to be falling into the traps of phishing campaigns. 4 percent of users were found to be clicking on phishing campaigns.

Verizon’s report has stated eye-opening facts regarding ransomware removal. People need to be aware of these attacks and carry out protective measures.

Satan Ransomware Rebrands to DBGer with New Additions

July 5, 2018

Ransomware removal experts recently found out that the popular ransomware known as Satan ransomware has recently undergone some major changes including rebranding as well as modified its operating nature. It has been renamed as DBGer ransomware. Similar rebranding can be expected from other ransomwares too in the near future.

Background of Satan Ranswomware

Satan ransomware first started its mayhem at the start of 2017. It is a Ransomware as a Service (RaaS). This means that any cybercriminals can modify it to create a customized ransomware. With its rebranding as DBGer, the ransomware has undergone a few changes according to ransomware removal experts.

How it Works?

The modus operandi of DBGer is to encode computer files including multimedia, databases and text documents through the use of Advanced Encryption Standard (AES). The algorithm encrypts these files and blocks any access from users to open and view them. According to ransomware removal experts, Mimikatz is then used to steal user’s login information.

Mimikatz is one of the most prominent changes in DBGer since its rebranding. Mimikatz is a password dumping utility. It dumps passwords and misuses login details to harm other devices. DBGer spreads through the use of a certain technology known as EternalBlue which spreads between computers systems by the distribution of malicious data. As this ransomware once corrupts a computer, various activities are performed by it.

After successfully corrupting the system, the attack provides a text document in the desktop that contains the details of the ransom. The ransom is usually a single Bitcoin in return of which they promise an encryption key that can help to decode the files and remove ransomware. The files that are encoded by the attacks are distinguished through an extension of “.dbger”. The duration given by attackers is three days to pay the ransom and failure to comply with it is threatened with the leak of data.

DBGer propagates through various distribution methods to its victims. A common mechanism is spam email campaigns with malicious attachments. Moreover, free software and files available on internet are also often corrupted with DBGer.

The Ramifications of a Ransomware Attack

July 3, 2018

When a company is hit upon by a ransomware attack, the damages that are processed are the amount of money that will go into a ransom and the expenses spent on the recovery of data. However, the costs related to restoration and recovery of computer systems go beyond these factors.

These organizations have to create cryptocurrency accounts to pay the cybercriminals. However, cryptocurrency accounts require a few days to become functional. Moreover, the cybercriminal will also need some days to validate the authenticity of these transactions. Furthermore, it takes significant time to decrypt the files. Thus, a lot of time is wasted in ransomware attacks which halt a company’s operations.

Costs in Recent Ransomware Attacks

The recent Atlanta ransomware attack required more than $2.5 million spent on things including crisis communication, incident response services and cloud services. It was less than the ransom demanded by the attackers which was just $50,000.

February 2018 saw Colorado’s transportation department damaged by a ransomware attack. The department spent almost $1.5 million to remove ransomware out of the $2 million assigned by the government. In order to limit the ransomware, the security team took another 14 days. More than 100 people were required to work in order to resume the operations of the systems.

Growing Damages to Remove Ransomware

Ransomware removal research from Cybereason indicated that ransomware attacks are on the rise again. Moreover, the resources spent on these attacks are expected to increase. The research also noted that while ransomware campaigns are not as active as they were three years ago but the resources spent in ransomware removal cases are nevertheless expected to grow in the coming years. In comparison to $325 million of damages on ransomware removal cases in 2015, the damages expected in 2019 are more than $11 billion.

Many companies comply with the demand of hackers and pay money in order to save their systems. However, law enforcement agencies have strictly discouraged doing so as this not only encourages the hackers to continue with further attacks to gain money but it also provides support to the ransomware industry.