alt tag

Posts Tagged ‘CryptoWall’


The “Seven Deadly Sins” of Ransomware

Wednesday, June 29th, 2016

 

seven-1181077_640

Readers of our blog over the past few years know we were among the first in the Bay Area to warn our customers about the growing threats of ransomware—from the emergence of CryptoLocker and CryptoWall to our federal government’s startling admission that they’re virtually powerless to stop it.

Mostly originating from sophisticated cyber-gangs in Eastern Europe, ransomware may be the most profitable organized crime scheme in the world today.

We weren’t exactly surprised, then, when we received 2016 Will Be the Year Ransomware Holds America Hostage,” a 40-page report from The Institute for Critical Infrastructure Technology (ICIT), a non-profit cybersecurity think tank.

The ICIT report is a comprehensive review of the ransomware landscape—from its earliest origins to the major active strains “in the wild” to the likeliest targets (particularly American small businesses). Today we’d like to highlight the seven delivery channels of ransomware and other malware infections—what we refer to as “The Seven Deadly Sins.”

1. Traffic Distribution Systems (TDS)

If you visit a website and suddenly see an annoying pop-up ad, it’s because the website sold your “click” to a TDS vendor, who contracted with a third-party advertiser. Pop-up blockers have rendered most pop-up ads obsolete, but some of the shadiest TDS vendors contract directly with ransomware groups to spread exploit kits and “drive-by downloads.”

2. Malvertising

As we discussed last July, even trusted web pages can include third party ads embedded with malware-inducing code. One click on a bogus ad can wreak havoc.

3. Phishing Emails

From phony bills and résumés to bogus “unsubscribe” links in annoying spam, email recipients can be tricked into clicking a link allowing an instant viral download of ransomware. Research reveals that despite strong security training, up to 15% of employees still get duped by phishing schemes.

4. Gradual Downloaders

Exploit kits and ransomware can be discreetly downloaded in “segments” over time, evading detection by most anti-virus defenses.

5. Social Engineering

Also known as simple “human ignorance,” a user can be tricked into downloading a phony software update or other trusted download link—even ignoring warning messages (as happened to a friend of ours) only to allow a costly malware infection.

6. Self-Propagation

Once inside a single computer, the most sophisticated ransomware strains can automatically replicate through an entire network via the victim’s address book. ICIT expects that self-replicating ransomware will evolve to infect multiple devices within the Internet of Things.

7. Ransomware as a Service (RaaS)

ICIT predicts that the largest ransomware creators will syndicate “retail versions” of their products to less sophisticated criminals and lower-level hackers who’ll perform the day-to-day grunt work of hunting down new victims around the world. The creator collects a percentage of every successful ransom payment.

In the coming weeks, we’ll continue to examine ransomware and other cyberthreats our customers need to defend against. For more on how to protect your company, contact us.

Prepare Now or Pay Later: More Ransomware Attacks in the News

Thursday, April 7th, 2016

euro-76015_640

We’re only a few months into 2016, but we’ve already seen two high-profile ransomware attacks—where cyber-crooks heavily encrypt a victim’s computer files before demanding payment for a decryption key only they can provide. Two notable incidents grabbed headlines:

  • In January, Israel’s Electricity Authority was hit by what officials termed “a severe cyber attack.” What early media reports described as a possible terrorist plot to knock out Israel’s national power grid turned out to be a multiple ransomware infection that crippled the agency’s IT network—most likely triggered by a employee falling for a phishing scam (as little as clicking a link in a bogus email). The Israeli government didn’t reveal whether they’d paid off the crooks in order to restore the network.
  • Closer to home, one month later Hollywood Presbyterian Medical Center in Southern California gave in to hackers’ demands for 40 Bitcoins—a little under $17,000—to restore access to their ransomware-encrypted network. With patient care potentially in the balance, the hospital decided the quickest solution would be to simply pay the ransom.

Pay or Don’t Pay: Where Do You Stand?

A recent study from anti-virus maker Bitdefender indicates that over half of all U.S. ransomware victims have actually paid off their attackers, while 40% of respondents said they most likely would pay to restore access to their data files if necessary.

This leads us back to the central ransomware conundrum: To pay or not to pay.

As we recently discussed, the FBI considers their hands tied against ransomware attacks (almost all are suspected to be launched from Eastern Europe) and shockingly recommends victims simply cough up the Bitcoins. But there are still very logical reasons why paying off cyber-extortionists is never a wise idea:

  • You’re an instant patsy. A quick ransom payment indicates you’ll give in without a fight—an ideal victim. Expect your attackers to remember that when they run low on cash—or share that knowledge with other cyber-gangs looking for their next “easy mark.”
  • The demands will grow bigger. Think of ransomware attacks in terms of simple economics—the “seller” charges what the market will bear. Today’s most lethal strain of ransomware, CryptoWall 4.0, currently charges victims a standard flat rate of 1.83 Bitcoin ($700). If most readily paid $700 for their precious data today, why wouldn’t they pay $900 tomorrow—or even more?

Protect Your Company Now

  • Back up your entire network regularly. Most ransomware will seek out external backup drives (connected to a computer via a USB port) and infect those files as well—unplug the drive after every manual backup.
  • Make sure all software is fully updated and patched. Ransomware and other viruses seek out vulnerabilities in all common office apps.

The middle of a robbery is too late to create your anti-robbery plan! Contact us to help design and implement your company’s strategy against ransomware and other emerging cyber-threats.

New Ransomware Good Reminder to Practice Thorough Data Backup

Wednesday, February 17th, 2016

close-159133_640

A new combination of a sophisticated password-stealing Trojan, powerful exploit kit, and content-encrypting ransomware is making its way around the Internet infecting Windows users. If it hits your business, you’re looking at a considerable loss of time and finances.

It’s estimated that businesses worldwide spent around $491 billion in 2014 managing the blowback from data breaches and malware infections. Making sure your business is ready to minimize the amount of damage a ransomware attack can do is the best course of action for dealing with cyber threats like these.

Ransomware Refresher

Ransomware has taken system-disabling malware to a whole new level by trying to extort money in exchange for returning control.

Ransomware that employs data encryption programs like Cryptolocker and CryptoWall uses a complex encoding algorithm that locks off important data on the computer—so removing the ransomware will not restore the data.

In many cases, paying the $24 to $600+ demanded to decrypt the information ends up being practical, because restoring the lost data would end up costing more. However, it is possible that even after you’ve paid the ransom the hackers will not restore access to your system. So pay at your own risk.

Kicking You When You’re Down

The new malware fusion doesn’t just lock a user out of their computer or try to steal login credentials; it does both, and tries to use some of that stolen information to hijack websites the user has admin access to (and propagate itself across more systems). According to PCWorld, the new disastrous malware mix uses the “Angler” exploit kit, the credential-stealing “Pony” Trojan, and the “CryptoWall 4” ransomware. If any of your business’s computers are hit with this malware campaign, you’ll have to deal with compromised account login information, possible FTP and SSH website access breaches, and all the data on the infected computer is as good as lost. So you’re not only looking at the expenses for changing passwords, locking down websites, and replacing lost information, but also the dozens of hours redoing lost work.

The Best Defense

Even though malware finds new ways to compromise systems, it is still a best security practice to keep your antivirus and system software up to date to protect your information. However, keeping everything updated can be problem for some companies, as vital software may not work correctly following an update. Additionally, businesses should avoid using computers running old, outdated operating systems like Windows XP that are no longer receiving security updates.

Making sure your important information is also saved in off-device storage (like an external hard drive or on a cloud service backup) is one of the best things your business can do to minimize the amount of damage caused by a system-disabling malware attack. If the system is infected, the backed up data will still be up to date—and instead of losing months of work, you’re looking at a few hours or days instead. Moving work to cloud-based applications with online storage is another good way to prevent loss from malware. If an employee’s computer gets hit with ransomware, any work they’ve been storing or working on through a cloud service is still safe and secure.

Need advice on backing up your data? Get in touch with a local MSP today.

Ransomware Is Getting Even Worse… and The Feds Can’t Stop It

Thursday, January 21st, 2016

money-bag-400301_640

As chaos reigns across much of the Middle East, our government steadfastly insists that “the United States does not negotiate with terrorists—because it will only encourage them in the future.” Meanwhile, visitors to our National Parks are warned never to feed bears and other wildlife—because those hungry bears may come to demand their next meal from campers!

Yet if cyber-gangsters in Eastern Europe hijack an American company’s data with an encryption virus before charging a hefty ransom to remove it, our same government recommends to “go ahead and pay them.” What’s going on here?

“Don’t Say We Didn’t Warn You…”

Over two years ago, we first talked about CryptoLocker and other ransomware—probably the most dangerous cyber-threat to businesses today.

This isn’t just another “nuisance” cooked up by a hacker in his dorm room. International organized crime syndicates have used sophisticated ransomware schemes to extort removal fees—typically between $200 and $10,000, paid in untraceable Bitcoin—from companies in the U.S. and around the world.

The newest strain of ransomware to be spotted “in the wild” is CryptoWall 4. Spread via email attachments and malicious websites, CryptoWall 4 is a “double-whammy”—not only encrypting vital hard drive data, but also scrambling filenames, making it impossible to tell which files have actually been infected.

It’s been determined that CryptoWall’s source is inside Russia—the malware is cleverly designed to ignore computers using Cyrillic-Russian keyboard language (Russian authorities are quick to prosecute Russian-on-Russian cybercrime, while the rest of the world is apparently “fair game”). Previous versions of CryptoWall alone have already robbed victims of an estimated $325 million—in Bitcoin ransom payments as well as lost productivity and residual costs (including legal fees).

Uncle Sam to Victims: Sorry We Can’t Help

What can our government do to bring justice to the victims of ransomware? As we’ve discussed, not much. Given our frosty relations with Vladimir Putin’s regime, Russian law enforcement is in no hurry to cooperate. At October’s Cyber Security Summit in Boston, Joseph Bonavolonta, Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program, confessed: “The ransomware is that good… to be honest, we often advise people to just pay the ransom.”

In other words, imagine being robbed at gunpoint on a busy street corner in broad daylight—while the cops watch and shrug. Yes, it’s that scary.

How Can You Protect Yourself?

  • Bitdefender is offering a free downloadable CryptoWall 4 “vaccine” to prevent infection.
  • Ensure all your PCs are always fully updated (Windows, anti-virus, firewalls, browsers) with the latest security patches.
  • Enable pop-up blockers on all browsers, and disable plugins from running automatically.
  • Backup all your data, all the time. Consider backing up the backups.

For more ideas on how to protect your company from ransomware and other emerging threats, contact us.