alt tag

Posts Tagged ‘cryptolocker’


The “Seven Deadly Sins” of Ransomware

Wednesday, June 29th, 2016

 

seven-1181077_640

Readers of our blog over the past few years know we were among the first in the Bay Area to warn our customers about the growing threats of ransomware—from the emergence of CryptoLocker and CryptoWall to our federal government’s startling admission that they’re virtually powerless to stop it.

Mostly originating from sophisticated cyber-gangs in Eastern Europe, ransomware may be the most profitable organized crime scheme in the world today.

We weren’t exactly surprised, then, when we received 2016 Will Be the Year Ransomware Holds America Hostage,” a 40-page report from The Institute for Critical Infrastructure Technology (ICIT), a non-profit cybersecurity think tank.

The ICIT report is a comprehensive review of the ransomware landscape—from its earliest origins to the major active strains “in the wild” to the likeliest targets (particularly American small businesses). Today we’d like to highlight the seven delivery channels of ransomware and other malware infections—what we refer to as “The Seven Deadly Sins.”

1. Traffic Distribution Systems (TDS)

If you visit a website and suddenly see an annoying pop-up ad, it’s because the website sold your “click” to a TDS vendor, who contracted with a third-party advertiser. Pop-up blockers have rendered most pop-up ads obsolete, but some of the shadiest TDS vendors contract directly with ransomware groups to spread exploit kits and “drive-by downloads.”

2. Malvertising

As we discussed last July, even trusted web pages can include third party ads embedded with malware-inducing code. One click on a bogus ad can wreak havoc.

3. Phishing Emails

From phony bills and résumés to bogus “unsubscribe” links in annoying spam, email recipients can be tricked into clicking a link allowing an instant viral download of ransomware. Research reveals that despite strong security training, up to 15% of employees still get duped by phishing schemes.

4. Gradual Downloaders

Exploit kits and ransomware can be discreetly downloaded in “segments” over time, evading detection by most anti-virus defenses.

5. Social Engineering

Also known as simple “human ignorance,” a user can be tricked into downloading a phony software update or other trusted download link—even ignoring warning messages (as happened to a friend of ours) only to allow a costly malware infection.

6. Self-Propagation

Once inside a single computer, the most sophisticated ransomware strains can automatically replicate through an entire network via the victim’s address book. ICIT expects that self-replicating ransomware will evolve to infect multiple devices within the Internet of Things.

7. Ransomware as a Service (RaaS)

ICIT predicts that the largest ransomware creators will syndicate “retail versions” of their products to less sophisticated criminals and lower-level hackers who’ll perform the day-to-day grunt work of hunting down new victims around the world. The creator collects a percentage of every successful ransom payment.

In the coming weeks, we’ll continue to examine ransomware and other cyberthreats our customers need to defend against. For more on how to protect your company, contact us.

New Threat Targets Older Android Devices

Wednesday, May 11th, 2016

phone-716965_640

Smartphone users can be broken down into two camps: those who can’t live without lining up to buy the latest and greatest model the day it hits the stores, and those who hold on to their tried-and-true phone until it suddenly dies one morning.

There’s nothing wrong with sticking with “obsolete” hardware that still serves your purposes just fine.

But if your older Android phone (or tablet) is running an older version of the Android operating system (4.4/KitKat or earlier), you’re the designated target of this month’s new cyberthreat, dubbed Dogspectus by enterprise security firm Blue Coat.

Dogspectus combines elements of two types of malware we’ve already talked about: malvertising, passively spread through online ads, and ransomware, holding the victim’s data hostage until a fee is extorted.

“They Never Saw It Coming”—A Drive-By Download

Unlike most malware, which requires action by the victim (such as clicking on a phony link), a Dogspectus infection occurs by simply landing on a legitimate web page containing a corrupted ad with an embedded exploit kit—malicious code which silently probes for a series of known vulnerabilities until it ultimately gains root access—essentially central control of the entire device.

“This is the first time, to my knowledge, an exploit kit has been able to successfully install malicious apps on a mobile device without any user interaction on the part of the victim,” wrote Blue Coat researcher Andrew Brandt after observing a Dogspectus attack on an Android test device. “During the attack, the device did not display the normal ‘application permissions’ dialog box that typically precedes installation of an Android application.”

“Hand Over the Gift Cards, and Nobody Gets Hurt!”

A Dogspectus-infected device displays an ominous warning screen from a bogus government security agency, “Cyber.Police,” accusing the victim of “illegal” mobile browsing—and suggesting an appropriate “fine” be paid. While most ransomware demands payoff in untraceable Bitcoin, Dogspectus prefers $200 in iTunes gift cards (two $100 or four $50 cards) via entering each card’s printed access code (Apple may be able to trace the users of the gift cards—unless they’re being resold on the black market).

The device’s “kidnapped” data files are not encrypted, as with traditional ransomware strains such as CryptoLocker. But hijacked root access effectively locks the device, preventing any function—apps, browser, messaging, or phone calls—other than delivering payment.

The victim is left with two choices: shop for gift cards (Dogspectus conveniently lists national retail outlets!) or reset the device to its out-of-the-box factory state—erasing all data files in the process. Apps, music, photos, videos all gone.

Short of upgrading to a newer Android device, your best defense against Dogspectus and future ad-based malware is to install an ad blocker or regularly back up all your mobile data to another computer. For more on defending against the latest emerging cyberthreats, contact us.

New Ransomware Good Reminder to Practice Thorough Data Backup

Wednesday, February 17th, 2016

close-159133_640

A new combination of a sophisticated password-stealing Trojan, powerful exploit kit, and content-encrypting ransomware is making its way around the Internet infecting Windows users. If it hits your business, you’re looking at a considerable loss of time and finances.

It’s estimated that businesses worldwide spent around $491 billion in 2014 managing the blowback from data breaches and malware infections. Making sure your business is ready to minimize the amount of damage a ransomware attack can do is the best course of action for dealing with cyber threats like these.

Ransomware Refresher

Ransomware has taken system-disabling malware to a whole new level by trying to extort money in exchange for returning control.

Ransomware that employs data encryption programs like Cryptolocker and CryptoWall uses a complex encoding algorithm that locks off important data on the computer—so removing the ransomware will not restore the data.

In many cases, paying the $24 to $600+ demanded to decrypt the information ends up being practical, because restoring the lost data would end up costing more. However, it is possible that even after you’ve paid the ransom the hackers will not restore access to your system. So pay at your own risk.

Kicking You When You’re Down

The new malware fusion doesn’t just lock a user out of their computer or try to steal login credentials; it does both, and tries to use some of that stolen information to hijack websites the user has admin access to (and propagate itself across more systems). According to PCWorld, the new disastrous malware mix uses the “Angler” exploit kit, the credential-stealing “Pony” Trojan, and the “CryptoWall 4” ransomware. If any of your business’s computers are hit with this malware campaign, you’ll have to deal with compromised account login information, possible FTP and SSH website access breaches, and all the data on the infected computer is as good as lost. So you’re not only looking at the expenses for changing passwords, locking down websites, and replacing lost information, but also the dozens of hours redoing lost work.

The Best Defense

Even though malware finds new ways to compromise systems, it is still a best security practice to keep your antivirus and system software up to date to protect your information. However, keeping everything updated can be problem for some companies, as vital software may not work correctly following an update. Additionally, businesses should avoid using computers running old, outdated operating systems like Windows XP that are no longer receiving security updates.

Making sure your important information is also saved in off-device storage (like an external hard drive or on a cloud service backup) is one of the best things your business can do to minimize the amount of damage caused by a system-disabling malware attack. If the system is infected, the backed up data will still be up to date—and instead of losing months of work, you’re looking at a few hours or days instead. Moving work to cloud-based applications with online storage is another good way to prevent loss from malware. If an employee’s computer gets hit with ransomware, any work they’ve been storing or working on through a cloud service is still safe and secure.

Need advice on backing up your data? Get in touch with a local MSP today.

Malvertising: The Next Big Cyber Threat

Thursday, July 16th, 2015

road-sign-579554_640

We’ve spent plenty of time here talking about safeguarding your company against phishing and other forms of cyber-attack. As we’ve discussed, the first line of defense against phishing is to make sure your employees remain vigilant by avoiding email links and shady websites. But there’s a bigger threat on the horizon for anyone who simply surfs the Internet. Hidden malware delivered via online ads, or malvertising, is rapidly spreading across the web—including the most trusted news and entertainment sites millions of us visit every day.

Via banners, pop-ups, and animated ads, cybercrooks can embed hidden lines of code that instruct a web browser to automatically retrieve and install malware programs from an unseen URL—literally a “drive-by download,” undetectable by most common anti-virus programs. Some malvertising scams entice viewers to click on an ad (most often pop-ups offering “software updates”). Others infect a computer simply by loading the page.

Successful malvertising immediately renders a computer susceptible to any of the following:

  • Outright theft (identity, financial, or data) or extortion via ransomware, such as CryptoWall or CryptoLocker, a high-encryption virus which can’t be removed without paying off the crooks—usually in untraceable Bitcoin or wire transfer.
  • The computer can be hijacked into a botnet, a ring of “zombified” computers which are silently manipulated for criminal activities, such as repeatedly clicking on bogus pay-per-click ads, bilking websites out of artificially inflated profits.
  • The malvertising can leave behind a browser exploit kit, malicious code that constantly probes a computer for vulnerabilities within the browser as well as standard plug-ins including Adobe Flash Player, Java, and Microsoft Silverlight. When a weakness is found from the inside—as little as missing the latest security update—the door is open for even more lethal malware.

No Sheriff in Town

Most high-traffic websites outsource their advertising to third-party networks who sell space to advertisers—usually simply accepting ads from the highest bidder—and directly insert ad applets into a web page. You’d think these ad networks would bear the responsibility for screening ads against malvertising, but they’re simply not responding fast enough. Like so much of the Internet world, the frenzied volume of online advertising grew much faster than anyone’s ability to regulate it.

Everyone still assumes law enforcement can effectively police criminal activity in cyberspace… but there’s literally no sheriff in town.

How Can You Protect Yourself?

There are a number of measures you can take right now to defend your company against malvertising:

  • Keep your anti-virus and anti-malware software up to date, and make sure the software continues to update on a regular basis. Some manufacturers update their software daily to combat new threats.
  • Use a Firewall with an activated subscription service for UTM (unified threat management). UTM is a service should provide at least two forms of protection:
  1. Filtering out some viruses and malware as they attempt to pass through the Firewall into your office or home network (whether in an email or on a website).
  2. Prohibiting you and/or your users from visiting sketchy websites—the kind a phishing email might direct you to, with or without your knowledge, in an attempt to infect your computer.
  • Regularly check your browsers for the latest security patches.
  • Modify your browser settings to prevent Flash and Java-based animated ads from running automatically, as well as to flag suspicious website content.
  • Create multiple user accounts for each computer, including a “web surfing” account without administrative rights to install or modify software, and to block malicious exploit kits. Some firms have all desktop accounts for their employees configured without administrative rights for this reason.
  • Consider signing up with a Managed Services Provider (MSP) for a Managed Services Program that supplies anti-virus, anti-malware, and security patching, keeps these systems up to date, and manages the process for success—so you can focus on actually using your technology.

To learn more about the dangers of malvertising and other emerging cyber threats, contact us.

 

Important IT Security Message for MPA Networks’ Clients

Thursday, December 19th, 2013

One Malicious Email Could Cost you Thousands of Dollars and Take Down your Entire Network – Don’t be a Victim; Learn the Facts!

Ransomware viruses are on the rise and their explosive growth in the past few months has been startling.  We want to help our clients be up-to-date on this issue and understand exactly what we are doing to help protect you, but more importantly, help you understand what you must do to protect yourself.

(more…)

Quiz – Can you Find the Malicious Email?

Thursday, December 12th, 2013

Can you Spot the Malicious Emails/s?!

email-threats

After reading through our Cryptolocker and Ransomware blog series and learning how to identify a malicious email, it’s time to put your new virus sleuthing skills to the test.

Read through the list of email subject lines and from names below.  Which email/s  are scams, and which are safe? Please feel free to comment below. We will post the answers in our next blog post.

Note: These are all real emails we have either seen, received, or that have gotten stuck in our firewall – we did not make them up.

Warning: This is more difficult than you think!

(more…)

How to Identify a Malicious Email

Wednesday, December 4th, 2013

phishingContinuing our blog series about Cryptolocker and Ransomware virus attacks, it is necessary we explain the basic fundamentals of identifying a malicious email or attachment. Only through education and proper awareness can we effectively avoid Ransomware and other malware attacks.

Identifying a Malicious Email: The Fundamentals

Below is a list of five basic safeguards you should know and practice before opening email messages and attachments. These rules should become second nature to you.

(more…)

The Single Most Reliable Method for Preventing a Ransomware Attack

Tuesday, December 3rd, 2013

RansomwareLast week, we wrote about the rise of Cryptolocker and Ransomware viruses, the new breed of malware virus infecting host computers through malicious email attachments, and spreading rapidly through its use of commercial-grade RSA encryption and Bitcoin, a universal, virtual currency. Unfortunately, it looks as if the problem will continue to get worse before it improves, and the security industry does not yet have viable solutions to stop every one of the malware’s many variants from infiltrating networks. As the crooks hire the world’s top programmers to create hundreds of new variations on a daily basis, fighting back may seem like a truly daunting task.

(more…)

Cryptolocker & Ransomware – What You Need to Know

Friday, November 15th, 2013

cryptolocker

CryptoLocker

CryptoLocker is a new, and particularly malicious, breed of ransomware discovered only a couple months ago. CryptoLocker is a Trojan horse malware that encrypts and restricts access to the infected computer while demanding payment for the recovery and decryption of files, typically within a 72-hour deadline. CryptoLocker primarily infects computers (running Microsoft Windows) via malicious attachments found in phishing emails, which when opened, immediately infect the host computer.

But CryptoLocker is especially fierce because these phishing emails are designed to look and feel like an email from a trusted organization. They may be disguised as a harmless email from your bank urging you to check your account information by opening the attachment. They may even ask you to input a secure password to open the attachment, perhaps seeming more legitimate to the average person, but still as destructive.

(more…)