WannaCry is Far from Dead – What You Need to Know?

January 4, 2019

Nearly one and a half years ago, the world experienced probably the biggest cyberattack in its history. The attack was carried out through a ransomware script called WannaCry. The ransomware infiltration spread like the Biblical plague. Within a week, WannaCry affected millions of computers in more than 140 countries. There are no exact figures to corroborate this claim, but it is said that billions of dollars have been spent on ransomware removal and for the recuperation of the all the tangible and intangible losses inflicted by the ransomware.

There is a perception among many users that WannaCry was sen into oblivion after this unprecedented wide-scale attack. However, that’s not quite true. According to the developer of a killswitch at Kryptos Logic, WannaCry is still thriving in the cyberspace. The kill switch was particularly developed to neutralize the encryption component of WannaCry. This means users with the Killswitch on their devices won’t lose their data even if they get affected by a WannaCry ransomware attack.

Nevertheless, the Killswitch can’t entirely wipe out the cryptovirological strain. So, professional ransomware removal services are still required. WannaCry keeps on running in the background and continuously tries to connect with a Killswitch to see whether it is still active.

Kryptos Logic’s head of security and threat intelligence, Jamie Hankins, has recently revealed the figures regarding the Killswitch activity. Those numbers clearly indicate that WannaCry is still alive and kicking.

As per Hankins, their kill switch domain for WannaCry still detects over 17 million connections within a week. It was also found that these beacons are coming from over 600 different IP addresses from all corners of the world. This stat only shows the activity of WannaCry on devices with kill switch domains. The actual figure of its attempts is definitely way more than that.

3 Recent Ransomware Attacks in Healthcare Industry

June 28, 2018

Last week has been pretty bad for the healthcare industry as it was involved in the following ransomware attacks.

RISE WISCONSIN

RISE Wisconsin revealed recently that it was attacked on June 7 by a ransomware. More than 3500 patients’ data has been compromised. The data consisted of personal information like names and addresses as well as health related information including patient’s history and diseases.

It took RISE 24 hours to detect the ransomware and it then proceeded to shut down its systems. RISE has not acknowledged whether it paid any ransom or not though they have hired security analysts to remove ransomware.

AFLAC

Meanwhile a week earlier AFLAC also found out a breach and estimated the number of clients’ exposed as 10,000 while reporting to Office for Civil Rights (OCR). AFLAC believes that these clients might have been attacked when Microsoft Office 365 email accounts in the hands of third parties were hacked. Some data that was exposed was Protected Health Information (PHI) while some was Personally Identifiable Information (PII).

AFLAC then moved towards implementing security measures in order to remove ransomware by the isolation of these email addresses and communicating to the affected third parties about the breach.

Michigan’s Health Equity

Moreover, Michigan’s Health Equity was also found out to be compromised and they revealed it on June 12. The attack was made possible by the hacking of an employee’s account through which the attacker was able to gain access to Protected Health Information.

Unlike the previous ransomware attacks, experts found out while ransomware removal that the data exposed was not related to patients. Instead it was related to employees of Health Equity as their employees’ names, Identity Document (ID), Social Security numbers and other data was exposed.

Moreover, it was found out while removing ransomware that the attack happened two months back on April 11 while Health Equity was able to detect it on April 13. One of the first steps taken by its security team during ransomware removal was to eliminate the account of that hacked employee and then the team began to check for the ramifications of the ransomware.

Michigan Declares Possession of Ransomware a Punishable Offense

April 5, 2018

This Monday, the governor of Michigan approved two bills introduced by the state legislators to deter the ongoing prevalence of ransomware attacks. Both of the bills were formulated to severely criminalize ransomware and associated activities. According to the new cyber legislation of Michigan, any person possessing ransomware can be punished to up to three years of jail time as per the nature and extent of his activity.

Initially the lawmakers wanted to set 10 year prison time for ransomware offences. However, after several discussions on the floor, it was cut down to three years. According to the main sponsor of the Bill, House rep. Brandt Iden, these bills were introduced to fix a legislative ambiguity where law can only punish perpetrators for introducing ransomware, but not for owning it.

As per the new bill, any arrested cyber criminal can end up in jail if a ransomware is found in his possession whether it was used to infect any system or not. Both the bills received overwhelming support from the both houses of the state’s parliament.

Experts think that it will make it easier for law enforcement agencies to chase down the alleged cyber criminals involved in the development of ransomware codes and their affiliates. Some are also hopeful that the criminalization of ransomware possession will also help in curbing the burgeoning business of Ransomware-as-a-Service (RaaS).

Read Also: “Ransomware-as-a-service Playing Crucial Role in the Prevalence of Ransomware Attacks”

Felony of ransomware possession will be treated like any other crime where prosecutors have to prove the false intent of the alleged individual before charging him for ransomware possession.

Moreover, Michigan lawmakers have put some thought while devising the bills unlike their Georgian counterparts and allows the possession of ransomware by security experts for research works. Aside from performing ransomware repairs, it seems like digital security experts will now also help the state to prove the malicious intent of cyber criminals caught with ransomware.

According to the statistics furnished by the Federal Bureau of Investigation, in 2017 individuals and enterprises in Michigan experienced more than 1,300 ransomware attacks resulted in the losses of $2.6 million including ransomware repairs.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.

Ransomware-as-a-service Playing Crucial Role in the Prevalence of Ransomware Attacks

April 2, 2018

Ransomware attacks are getting bigger and better in their scope. Wide-reaching destructions of NotPetya and WannaCry are some recent examples where ransomware attacks have even brought about tensions between countries.

Moreover, a research report indicates that nearly half of the companies were hit by ransomware attacks last year and majority of them were targeted more than once. The research was conducted by a British security software company Sophos on the current state of endpoint security of digital systems. Businesses that got affected by ransomware in 2017 had to spend $133,000 on average to deal with the fallout of these attacks.

According to experts, the availability of ransomware-as-a-service (RaaS) is one of the reasons why ransomware attacks are becoming so regular and universal.

Ransomware programs are not run-of-the-mill malware codes. Only highly skilled and experienced cyber criminals can devise an ingenious ransomware attack. Therefore, ransomware activities stay beyond the scope of amateurs. However, RaaS enables all such ambitious cyber criminals who don’t have the prowess to carry out their own ransomware attacks to get the services of third-party developers from the criminal world of dark web. The catch of using RaaS by novices is to get a good sum of money for encryption key from the affected parties to restore ransomware files. Research team at Sophos studied one such ransomware kit available on the dark web for least skilled cyber criminals to work out their ransomware outings on the template of that kit.

Expert cryptovirologists are also exploring new methods to make their ransomware programs undetectable because it will add value to RaaS. For instance, they are now using built-in features such as non-executable malware code to get around the detection from endpoint protection code.

This unannounced collaboration between cyber criminals in the form of RaaS is indicative of the fact that more trouble is yet to come for organisations that are completely reliant on digital systems for their operations. We have already discussed how robots might be the next target of ransomware operators. Similarly, in future owners of smart homes and cars may also need ransomware removal services to get back the control of their valuables.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.

26 Percent of Enterprises Got their Data After Paying Ransomware Operators

March 31, 2018

Ransomware attacks are getting bigger and severe in their scope by time. We can see the evil prowess of ransomware attacks at display in Atlanta where the city’s municipal system has become a hostage to the attackers virtually.

Demanding a sum of money for ransomware decrypt is the main catch for the instigators of such attacks. Therefore, there is a perception that by paying a ransom you can restore the ransomware files. However, reality is quite contrary to that, as claimed by a report from Software Company SentinelOne surveying hundreds of US businesses.

According to the report, companies that pay the hackers in the wake of ransomware attack often experience a double whammy i.e. they don’t get their encrypted files back and become victim of ransomware attacks again.

The report says that only 26 percent of the companies paid at least one ransom had their files unlocked. Moreover, they are two-third chances that the companies paying the ransom again become the target of ransomware.

Therefore, The US department of Homeland Security advises against paying a ransom since this trend can lead into forming a business model for organized crimes. But still tech industry seems divided on the issue. For many, paying ransom is the shortest and easiest way to restore ransomware files.

The report also highlights another trend in paying the ransom money to the attackers. Security professionals from more than 500 companies reported that half of the times employees paid the ransom without consulting IT security teams and experts. For that matter, the average ransoms paid by US companies are higher than the global average.

Another worrying fact established by the report is the average amount of business loss, which is closing on to one million dollars. Ransom, loss of work and time consumed in tackling the situation are factored in to estimate this cost. On average, 44 work hours are spent in tackling a ransomware attack.

Regarding the vulnerability that led to the attack, more than half of the companies think incompetence of legacy antivirus protection was the reason. Reviewing the report, VP of SentinelOne thinks that ransomware attackers are only treating companies as their teller machines.

For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.

Atlanta Ransomware Attack Still Unresolved

March 29, 2018

It’s being considered one of the most significant cases of ransomware attack in recent memory. The city government’s spokesperson reiterated last week that the situation was under control. He further said that they would soon gain back control but it appears as if despite help from Microsoft and Cisco, they still haven’t. For two weeks, the city of Atlanta has been held hostage by a ransomware which was able to infect its city district office computers and effectively accomplish two tasks.

First, it as encrypted the city district’s entire database which means right now none of the city officials have any access to information regarding millions of its own citizens. Secondly, the perpetrators of this ransomware might have accessed confidential data files about the city’s citizens, such as criminal, medical and insurance records. There have multiple ransomware removal attempts that have all failed.

On Saturday, rumors began circulating that the city had given in to the hackers’ demands and paid the $51,000 ransom demanded. However, the city district’s headquarters’ computers remain encrypted which has resulted in speculation that the hackers had gone back on their promise. The mayor has so far declined to comment on the authenticity of the rumor.

As per the last update, the city officials were coordinating with the Feds, Microsoft and Cisco to repair ransomware files on some of the more vital PCs, but there has been no news about success in any of these cases.

The ransomware decryption of the city district has led to some vital services being disrupted such as the Department of Public Works and its website, ATL311. Some of the citizens have recorded their fears about this ransomware expanding to other such necessary services, such as 911. As a preventive measure, the officials at the city district have been advised not to turn on their computers. Hospitals and the Sherriff’s office have similarly turned off their servers temporarily.

The life in the city has come to a cyber standstill as citizens are being advised against using the public networks unless absolutely necessary. Officials are claiming that efforts to remove ransomware have been going round the clock and will continue until a breakthrough is made.

While it is possible to remove the Dharma Ransomware virus from your system, it isn’t possible to decrypt the encrypted files without the keys.

Thanatos Ransomware becomes the first to use Bitcoin cash

March 29, 2018

Ransomware developers are constantly releasing new and improved variations of ransomware. Though most of the time, IT experts are able to come up with a secure protection tool, ransomware developers can hold data hostage for as little as 3 hours before they decide to remotely erase everything. The fear factor has been able to extract extraordinary sums from victims.

Just this week, it has emerged that an obscure ransomware like SamSam had made $850,000 since December 2017, while the total cash accumulated by ransomware attacks for 2017 was close to $16 million worldwide, according to a research report.

Money has always been the primary factor behind any ransomware attack. However, since the beginning of 2017 the definition of money has undergone a significant change as well. This has become even clearer after the recent Thanatos ransomware attack which has left thousands of users infected, with a ransom note demanding payment in bitcoins. Bitcoin has effectively become the currency of choice for ransomware developers.

However, greed has also become a notable factor in these instances. What makes Thanatos unique is not its impact but its flaws. The ransomware is full of bugs and broken code. There is no ransomware removal technique that can remove ransomware that is itself broken. It infects the computer but due to its bugs, it cannot be properly decrypted either by the Unique Key or ransomware removal tool.

There is another aspect that makes Thanatos unique; it is the first ransomware that officially accepts Bitcoin Cash. The ransomware also accepts Bitcoin and Etherum but the added option of Bitcoin Cash is the first that has been noted in the years since cryptocurrency gained popularity among ransomware developers.

The ransom note for this ransomware is generated via an autorun key called “Microsoft Update System Web-Helper”. A readme.txt file will be generated where the user can find instructions on how to make the $200 Bitcoin cash payment.

To remove ransomware of this kind, it is recommended that you use System Restore as the bugs in the ransomware make it impossible to crack. Keeping a regular backup of your files makes it easier to perform a System Restore or even a Windows reinstallation.

For assistance with file recovery and ransomware removal, please contact MonsterCloud – cyber security experts for a professional ransomware removal.

NY TIMES: Quotation of the Day: In Computer Attacks, Clues Point to Frequent Culprit: North Korea

May 16, 2017

“This is what happens when you give a tiny little criminal a weapon of mass destruction. This will only go bigger.”

ZOHAR PINHASI, the chief executive of MonsterCloud, which handles ransomware attacks like the one that struck dozens of countries last week

CBS Credits MonsterCloud for Predicting the Global Cyber Attacks

May 16, 2017

A Massive Cyber Attacks causes problems in dozens of countries. Twenty-two year old cyber security researcher registered a domain accidentally helping to spread that cyber attack around the world shutting networks at hospitals, banks and even government agencies. Zohar Pinhasi, the MonsterCloud CEO predicted the cyber attack 3 weeks ago on CBS.

MonsterCloud Helps Solve an Issue that Can Bring a Company to it’s Knees

May 16, 2017

Zohar Pinhasi learned about security intelligence in the Israeli military and now helps companies fight ransomware.

Zohar Pinhasi has no doubt that hackers—whoever they are—dictated the outcome of the 2016 presidential election. They’re that good.

But, he’s quick to add, so is he.

“If it’s a computer, you can manipulate it,” says Pinhasi, CEO and founder of Miami-based MonsterCloud. “We bought a voting machine online, just to understand how the device works, and we hacked it in five minutes. I even hacked a computer that was 100 percent unplugged from the internet. The thought that any computer cannot be manipulated is absolutely outrageous.”

It might sound like bragging, but Pinhasi, 40, has the goods to back up the big talk.

Born and education in Israel, he sharpened his skills in the Israeli military, focusing on security intelligence. Discharged at age 22, he started a business to help communications companies fight telecom fraud—hackers squeezing extra minutes out of SIM cards. At the time, it was a serious problem, costing the industry millions of dollars.

Yet what Pinhasi discovered after moving to Miami in 2002 and starting another company, PC USA, that provided information technology services to small businesses, dwarfed any scam he’d seen the internet bad guys running before.

It was ransomware—online fraud taken to a new level.

He calls it today’s No. 1 threat facing large and small companies alike, governments and even individuals. Years earlier, Pinhasi had battled a problem costing companies millions. Ransomware, he says, today is a billion-dollar specter hanging over the heads of all computer users, and the problem is destined to get worse.

With a single click on a malicious email, Pinhasi explains, a sophisticated ransomware program can infect a single PC or a large company running thousands of computers and hundreds of servers. In the blink of an eye, it encrypts every file. Perpetrators demand ransom for the key to unlock the system.

“Ransomware today is a global problem that affects every person on planet Earth,” Pinhasi says. “No matter who you are, no matter what kind of business or government you are, you can be affected. It’s beyond insane.”

Pleas for help have come from one of the nation’s largest pharmaceutical companies, an Indiana police department and computer users everywhere between. Often, it’s an organization’s own IT specialist calling, frantically seeking a way to deal with an attack he or she never has seen before.

“When they call us, they’re having a panic attack,” he says.

That’s where MonsterCloud’s 70 employees are helping 7,000 customers around the world. It’s taken up to four days to get some big companies up and running again, drawing on its own cybersecurity unit and its database of cyber threats, built from monitoring ransomware activity around the world.

“This problem went from computers to servers to smartphones to TVs, then to smart thermostats, and now criminals are locking databases,” Pinhasi says. “Sometimes we get hundreds of calls a day.”

And while MonsterCloud’s calls have seen an uptick once “Russian hacking” became ubiquitous water-cooler chatter, the inquiries that begin with “How can I protect myself or my business” end up with an education.

“If you get hit, we have a lot of knowledge you cannot find online,” Pinhasi says. “What do you do? How do you recover your files? How did they get in? It’s part of the process of recovering, and just as important: We want to ensure you will never be in that position again.”

Still, Pinhasi points out, dealing large-scale with ransomware remains a challenge because no one really knows its scope. According to the FBI, it’s less than a $1 billion annual scam, but Pinhasi says only about 20 percent of victims report their attacks.

By the end of this year, he predicts, ransomware could cost computer users more than $10 billion.

“I won’t be surprised if losses from ransomware increase five to 10 times before the end of 2017,” he says. “We’re all more vulnerable as the bad actors get better.”

Source: sfbwmag.com