COVID-19 Alert – Ransomware Attacks up by 800% - Our CEO speaks with CBS
monster-cloud-logo-transparent

Coronavirus Alert – Ransomware Attacks up by 800%

Coronavirus Alert - Ransomware Attacks up by 800%

Cybercriminals are taking advantage of the coronavirus crisis.

Cyber counter-terrorism expert Zohar Pinhasi says his cybersecurity firm, MonsterCloud, has had an 800 percent increase in calls since the virus forced many Americans to work from home.

Those remote connections are not always secure, Pinhasi said, giving hackers easy access to devices and networks.

“From those criminals’ perspective, it’s heaven,” he said. “They have stepped on a gold mine.”

Hackers will often send bogus emails called phishing or spear-phishing emails.

The recipient can be tricked into clicking and opening the email because it appears as it could be from someone they know and trust – or be about an important subject — like the coronavirus.

Once they have infiltrated the network, the hacker can hold it hostage and demand ransom payments.

And ransomware attacks aren’t the only tactic.

“Those criminals converted ransomware to something called doxware,” said Pinhasi.

“If you’re not going to pay us, we will sell your data and in addition to that, notify your customers that you were hacked and their data was compromised. This is a game changer since the Coronavirus started – we’ve seen it in the past, but not to that degree.”

Pinhasi said there are several steps individuals, businesses, and government agencies can take to prevent a cyber attack — even with so many remote workers.

  • Make sure everyone is using a VPN, or a virtual private network, to do office work from home.
  • Require devices to have two-factor authentication, which verifies a person’s identity before logging in.
  • Only use WiFi networks that are password protected.
  • Companies should maintain a reliable back up for their data on a different network.
  • Organizations should make sure their antivirus software is up to date.
  • Everyone should think before they click on links and emails.

“Think before you click is major here,” he said, adding he is “extremely worried” about the level of cybersecurity businesses and governments have during this Coronavirus crisis.

Source: CBS12

WannaCry is Far from Dead – What You Need to Know?

WannaCry is Far from Dead - What You Need to Know?

Nearly one and a half years ago, the world experienced probably the biggest cyberattack in its history. The attack was carried out through a ransomware script called WannaCry. The ransomware infiltration spread like the Biblical plague. Within a week, WannaCry affected millions of computers in more than 140 countries. There are no exact figures to corroborate this claim, but it is said that billions of dollars have been spent on ransomware removal and for the recuperation of the all the tangible and intangible losses inflicted by the ransomware.

There is a perception among many users that WannaCry was sen into oblivion after this unprecedented wide-scale attack. However, that’s not quite true. According to the developer of a killswitch at Kryptos Logic, WannaCry is still thriving in the cyberspace. The kill switch was particularly developed to neutralize the encryption component of WannaCry. This means users with the Killswitch on their devices won’t lose their data even if they get affected by a WannaCry ransomware attack.

Nevertheless, the Killswitch can’t entirely wipe out the cryptovirological strain. So, professional ransomware removal services are still required. WannaCry keeps on running in the background and continuously tries to connect with a Killswitch to see whether it is still active.

Kryptos Logic’s head of security and threat intelligence, Jamie Hankins, has recently revealed the figures regarding the Killswitch activity. Those numbers clearly indicate that WannaCry is still alive and kicking.

As per Hankins, their kill switch domain for WannaCry still detects over 17 million connections within a week. It was also found that these beacons are coming from over 600 different IP addresses from all corners of the world. This stat only shows the activity of WannaCry on devices with kill switch domains. The actual figure of its attempts is definitely way more than that.

3 Recent Ransomware Attacks in Healthcare Industry

healthcare attacks

Last week has been pretty bad for the healthcare industry as it was involved in the following ransomware attacks.

RISE WISCONSIN

RISE Wisconsin revealed recently that it was attacked on June 7 by a ransomware. More than 3500 patients’ data has been compromised. The data consisted of personal information like names and addresses as well as health related information including patient’s history and diseases.

It took RISE 24 hours to detect the ransomware and it then proceeded to shut down its systems. RISE has not acknowledged whether it paid any ransom or not though they have hired security analysts to remove ransomware.

AFLAC

Meanwhile a week earlier AFLAC also found out a breach and estimated  the number of clients’ exposed as 10,000 while reporting to Office for Civil Rights (OCR). AFLAC believes that these clients might have been attacked when Microsoft Office 365 email accounts in the hands of third parties were hacked.  Some data that was exposed was Protected Health Information (PHI) while some was Personally Identifiable Information (PII).

AFLAC then moved towards implementing security measures in order to remove ransomware by the isolation of these email addresses and communicating to the affected third parties about the breach.

Michigan’s Health Equity

Moreover, Michigan’s Health Equity was also found out to be compromised and they revealed it on June 12. The attack was made possible by the hacking of an employee’s account through which the attacker was able to gain access to Protected Health Information.

Unlike the previous ransomware attacks, experts found out while ransomware removal that the data exposed was not related to patients. Instead it was related to employees of Health Equity as their employees’ names, Identity Document (ID), Social Security numbers and other data was exposed.  

Moreover, it was found out while removing ransomware that the attack happened two months back on April 11 while Health Equity was able to detect it on April 13. One of the first steps taken by its security team during ransomware removal was to eliminate the account of that hacked employee and then the team began to check for the ramifications of the ransomware.

 

Michigan Declares Possession of Ransomware a Punishable Offense

Michigan Declares Possession of Ransomware a Punishable Offense

This Monday, the governor of Michigan approved two bills introduced by the state legislators to deter the ongoing prevalence of ransomware attacks. Both of the bills were formulated to severely criminalize ransomware and associated activities. According to the new cyber legislation of Michigan, any person possessing ransomware can be punished to up to three years of jail time as per the nature and extent of his activity.

Initially the lawmakers wanted to set 10 year prison time for ransomware offences. However, after several discussions on the floor, it was cut down to three years.  According to the main sponsor of the Bill, House rep. Brandt Iden, these bills were introduced to fix a legislative ambiguity where law can only punish perpetrators for introducing ransomware, but not for owning it.

As per the new bill, any arrested cyber criminal can end up in jail if a ransomware is found in his possession whether it was used to infect any system or not. Both the bills received overwhelming support from the both houses of the state’s parliament.

Experts think that it will make it easier for law enforcement agencies to chase down the alleged cyber criminals involved in the development of ransomware codes and their affiliates. Some are also hopeful that the criminalization of ransomware possession will also help in curbing the burgeoning business of Ransomware-as-a-Service (RaaS).

Read Also: “Ransomware-as-a-service Playing Crucial Role in the Prevalence of Ransomware Attacks”

Felony of ransomware possession will be treated like any other crime where prosecutors have to prove the false intent of the alleged individual before charging him for ransomware possession.

Moreover, Michigan lawmakers have put some thought while devising the bills unlike their Georgian counterparts and allows the possession of ransomware by security experts for research works. Aside from performing ransomware repairs, it seems like digital security experts will now also help the state to prove the malicious intent of cyber criminals caught with ransomware.

According to the statistics furnished by the Federal Bureau of Investigation, in 2017 individuals and enterprises in Michigan experienced more than 1,300 ransomware attacks resulted in the losses of $2.6 million including ransomware repairs.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal. 

Ransomware-as-a-service Playing Crucial Role in the Prevalence of Ransomware Attacks

Ransomware-as-a-service Playing Crucial Role in the Prevalence of Ransomware Attacks

Ransomware attacks are getting bigger and better in their scope. Wide-reaching destructions of NotPetya and WannaCry are some recent examples where ransomware attacks have even brought about tensions between countries.

Moreover, a research report indicates that nearly half of the companies were hit by ransomware attacks last year and majority of them were targeted more than once. The research was conducted by a British security software company Sophos on the current state of endpoint security of digital systems. Businesses that got affected by ransomware in 2017 had to spend $133,000 on average to deal with the fallout of these attacks.

According to experts, the availability of ransomware-as-a-service (RaaS) is one of the reasons why ransomware attacks are becoming so regular and universal.

Ransomware programs are not run-of-the-mill malware codes. Only highly skilled and experienced cyber criminals can devise an ingenious ransomware attack. Therefore, ransomware activities stay beyond the scope of amateurs. However, RaaS enables all such ambitious cyber criminals who don’t have the prowess to carry out their own ransomware attacks to get the services of third-party developers from the criminal world of dark web. The catch of using RaaS by novices is to get a good sum of money for encryption key from the affected parties to restore ransomware files. Research team at Sophos studied one such ransomware kit available on the dark web for least skilled cyber criminals to work out their ransomware outings on the template of that kit.

Expert cryptovirologists are also exploring new methods to make their ransomware programs undetectable because it will add value to RaaS. For instance, they are now using built-in features such as non-executable malware code to get around the detection from endpoint protection code.

This unannounced collaboration between cyber criminals in the form of RaaS is indicative of the fact that more trouble is yet to come for organisations that are completely reliant on digital systems for their operations. We have already discussed how robots might be the next target of ransomware operators. Similarly, in future owners of smart homes and cars may also need ransomware removal services to get back the control of their valuables.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal. 

26 Percent of Enterprises Got their Data After Paying Ransomware Operators

26 Percent of Enterprises Got their Data After Paying Ransomware Operators

Ransomware attacks are getting bigger and severe in their scope by time. We can see the evil prowess of ransomware attacks at display in Atlanta where the city’s municipal system has become a hostage to the attackers virtually.

Demanding a sum of money for ransomware decrypt is the main catch for the instigators of such attacks. Therefore, there is a perception that by paying a ransom you can restore the ransomware files. However, reality is quite contrary to that, as claimed by a report from Software Company SentinelOne surveying hundreds of US businesses.

According to the report, companies that pay the hackers in the wake of ransomware attack often experience a double whammy i.e. they don’t get their encrypted files back and become victim of ransomware attacks again.

The report says that only 26 percent of the companies paid at least one ransom had their files unlocked. Moreover, they are two-third chances that the companies paying the ransom again become the target of ransomware.

Therefore, The US department of Homeland Security advises against paying a ransom since this trend can lead into forming a business model for organized crimes. But still tech industry seems divided on the issue. For many, paying ransom is the shortest and easiest way to restore ransomware files.

The report also highlights another trend in paying the ransom money to the attackers. Security professionals from more than 500 companies reported that half of the times employees paid the ransom without consulting IT security teams and experts. For that matter, the average ransoms paid by US companies are higher than the global average.

Another worrying fact established by the report is the average amount of business loss, which is closing on to one million dollars. Ransom, loss of work and time consumed in tackling the situation are factored in to estimate this cost. On average, 44 work hours are spent in tackling a ransomware attack.

Regarding the vulnerability that led to the attack, more than half of the companies think incompetence of legacy antivirus protection was the reason. Reviewing the report, VP of SentinelOne thinks that ransomware attackers are only treating companies as their teller machines.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal. 

Atlanta Ransomware Attack Still Unresolved

It’s being considered one of the most significant cases of ransomware attack in recent memory. The city government’s spokesperson reiterated last week that the situation was under control. He further said that they would soon gain back control but it appears as if despite help from Microsoft and Cisco, they still haven’t. For two weeks, the city of Atlanta has been held hostage by a ransomware which was able to infect its city district office computers and effectively accomplish two tasks.

First, it as encrypted the city district’s entire database which means right now none of the city officials have any access to information regarding millions of its own citizens. Secondly, the perpetrators of this ransomware might have accessed confidential data files about the city’s citizens, such as criminal, medical and insurance records. There have multiple ransomware removal attempts that have all failed.

On Saturday, rumors began circulating that the city had given in to the hackers’ demands and paid the $51,000 ransom demanded. However, the city district’s headquarters’ computers remain encrypted which has resulted in speculation that the hackers had gone back on their promise. The mayor has so far declined to comment on the authenticity of the rumor.

As per the last update, the city officials were coordinating with the Feds, Microsoft and Cisco to repair ransomware files on some of the more vital PCs, but there has been no news about success in any of these cases.

The ransomware decryption of the city district has led to some vital services being disrupted such as the Department of Public Works and its website, ATL311. Some of the citizens have recorded their fears about this ransomware expanding to other such necessary services, such as 911. As a preventive measure, the officials at the city district have been advised not to turn on their computers. Hospitals and the Sherriff’s office have similarly turned off their servers temporarily.

The life in the city has come to a cyber standstill as citizens are being advised against using the public networks unless absolutely necessary. Officials are claiming that efforts to remove ransomware have been going round the clock and will continue until a breakthrough is made.

While it is possible to remove the Dharma Ransomware virus from your system, it isn’t possible to decrypt the encrypted files without the keys.

Thanatos Ransomware becomes the first to use Bitcoin cash

Thanatos Ransomware becomes the first to use Bitcoin cash

Ransomware developers are constantly releasing new and improved variations of ransomware. Though most of the time, IT experts are able to come up with a secure protection tool, ransomware developers can hold data hostage for as little as 3 hours before they decide to remotely erase everything. The fear factor has been able to extract extraordinary sums from victims.

Just this week, it has emerged that an obscure ransomware like SamSam had made $850,000 since December 2017, while the total cash accumulated by ransomware attacks for 2017 was close to $16 million worldwide, according to a research report.

Money has always been the primary factor behind any ransomware attack. However, since the beginning of 2017 the definition of money has undergone a significant change as well. This has become even clearer after the recent Thanatos ransomware attack which has left thousands of users infected, with a ransom note demanding payment in bitcoins. Bitcoin has effectively become the currency of choice for ransomware developers.

However, greed has also become a notable factor in these instances. What makes Thanatos unique is not its impact but its flaws. The ransomware is full of bugs and broken code. There is no ransomware removal technique that can remove ransomware that is itself broken. It infects the computer but due to its bugs, it cannot be properly decrypted either by the Unique Key or ransomware removal tool.

There is another aspect that makes Thanatos unique; it is the first ransomware that officially accepts Bitcoin Cash. The ransomware also accepts Bitcoin and Etherum but the added option of Bitcoin Cash is the first that has been noted in the years since cryptocurrency gained popularity among ransomware developers.

The ransom note for this ransomware is generated via an autorun key called “Microsoft Update System Web-Helper”. A readme.txt file will be generated where the user can find instructions on how to make the $200 Bitcoin cash payment.

To remove ransomware of this kind, it is recommended that you use System Restore as the bugs in the ransomware make it impossible to crack. Keeping a regular backup of your files makes it easier to perform a System Restore or even a Windows reinstallation.

For assistance with file recovery and ransomware removal, please contact MonsterCloud – cyber security experts for a professional ransomware removal.

CBS Credits MonsterCloud for Predicting the Global Cyber Attacks

A Massive Cyber Attacks causes problems in dozens of countries. Twenty-two year old cyber security researcher registered a domain accidentally helping to spread that cyber attack around the world shutting networks at hospitals, banks and even government agencies. Zohar Pinhasi, the MonsterCloud CEO predicted the cyber attack 3 weeks ago on CBS.