Feeds:
Posts
Comments

Posts Tagged ‘Ransomware’

There’s big business in finding and exploiting the software flaws we seem to hear about nearly every day now.

Google pays bounties of $200,000 to hackers who find holes in its software, and payouts of $20,000 or more are said to be common.  Companies like Google, Microsoft and others would rather pay this one-time bounty to the best of the hackers then risk the damages implicit in an exploit from ‘the bad guys.’

Last fall, a company called Zerodium boosted the rate they’ll pay for exploits that hack the iPhone from half a million to 1.5 million dollars.  According to The Economist (5-20-17), mundane exploits for web browsers that a few years ago earned $5,000 now sell for many tens of thousands.

Oftentimes, today’s brokers will buy hacks themselves from freelance hackers who make it a profitable hobby.  They then sell these to someone who can use them.  Government agencies in the U.S. and Europe are eager customers.

On the other hand, messages on WikiLeaks show that at least one broker called ‘The Hacking Team’ sold exploits to Egypt, Russia, Sudan and UAE among others.  It’s a complicated market.

As one can imagine, there’s a big demand in the shadow markets, where many customers are simply criminals.  The most recent famous ransomware hack, called WannaCry, is said to have been exchanged in this way.  Often, “someone will sell you an exploit,” notes The Economist, “so someone else will sell you a warning.”

A firm in Phoenix, AZ called CYR3CON produces reports of possible threats based on its online scraping of posts and blogs in 15 languages from hackers involved in the field.

In fact, just ahead of the WannaCry attack which froze data on Windows PCs around the world, CYR3CON’s software “picked up chatter about exploits designed for just that task.”  It later noted that over 60,000 computers had had the exploit installed but not yet activated.  Many were medical facilities that had previously paid up “without unnecessary conversations.”  Those subscribing to CYR3CON’s services could take precautions.  Others, Economist’s editors point out, “were not so lucky.”

People increasingly seem to have a fundamental disregard for security, nots independent security expert Bruce Schneier, despite the fact that worms and other malware infections caused billions of dollars of damage in the previous decade.  The defenses keep getting better but, it seems, so do the hacks.

 

Read Full Post »

ransomwareRecently, two of our clients were the victims of an increasingly common Internet scam known as a ransomware attack.  These situations typically occur when a user inadvertently or unknowingly downloads a malicious form of software that can cause a PC or network’s files to become locked, encrypted or otherwise unavailable to their authorized users.  It’s typically accompanied by a demand for “ransom” which, if paid, promises to release your system and files unharmed.

Several high profile cases have been in the news, including a couple of hospitals which ultimately paid to have their files released.

In the case of our clients, neither paid.  The most effective solution, it should be noted, is to have a recent, full, off-site (or off-network)  backup of your critical programs and data, which can then be restored to bring you back to, say, yesterday’s status.  In one case, the client was not creating daily backups, and so had to restore a week’s worth (i.e., hundreds) of transactions through manual entry.  (They’re now making sure to backup daily.)

The other client was using remote desktop access to another server that effectively provides a firewall, an added layer of protection.

The internet is loaded with information and tips, including a couple from Microsoft we thought worth sharing today below.  (You can read more from Microsoft here.)

How did ransomware get on my PC?  In most instances ransomware is automatically downloaded when you visit a malicious website or a website that’s been hacked.

I cannot access my PC or my files.  Should I just go ahead and pay to regain access?  There is no one-size-fits-all response if you have been victimized by ransomware. There is no guarantee that handing over the ransom will give you access to your files again. Paying the ransom could also make you a target for more malware.

How to recover your files depends on where your files are stored and what version of Windows you are using.  Before you try to recover files, you should use Windows Defender Offline (a free tool from Microsoft) to fully clean your PC.  You need to have turned on File History (in Windows 10 and Windows 8.1) or System Protection for previous versions (in Windows 7 and Windows Vista) before you were infected.  Some ransomware will also encrypt or delete the backup versions of your files. This means that even if you have enabled File History, if you have set the backup location to be a network or local drive your backups might also be encrypted.  Backups on a removable drive, or a drive that wasn’t connected when you were infected with the ransomware, might still work.

And to circle back to our clients’ situation, perhaps the most important reminder of all: The best advice for prevention is to ensure company-confidential, sensitive, or important files are securely backed up in a remote, un-connected backup or storage facility.

An ounce of prevention always being worth a pound of cure, and all that.

 

Read Full Post »