Posts Tagged ‘Ransomware’

On more than one occasion we’ve had to help customers who’ve been hacked for ransom to get things as back to normal as we can.  Frankly, that’s not even what we do for a living, but hacking, phishing and general cybersecurity issues are so prevalent these days that none of us can avoid dealing with them at some level.

And for that reason, none of us can afford to ignore them.

Recently, The Wall Street Journal’s Chris Kornelis interviewed Andreas Luning, founder of Germany’s G Data Software, one of the first publishers of an anti-virus software (named Anti-Virus Kit) which Luning’s firm released thirty years ago.  That’s about how long viruses have been an issue.

When Kornelis asked Luning what’s different today, that is to say… “What does the public still not understand about viruses and cybersecurity?”… Luning responded: “The speed.”

He went on to say that “People can’t see or get an awareness of what computers can do in milliseconds.”  He added that if you get a “good computer virus” that tries to steal data or accumulate money… you won’t see this virus on your computer.  They work in the background – no sirens or alarms he notes – and they do everything to keep what they do in the background.  Thus, you have “no chance to see if your computer is affected by something.”

This, from a guy who has been dealing with this stuff since 1987 (the year our own company came to life), and even before there was an internet.  Luning got his first virus, he says, from an Atari gaming disk, and it was a miniscule 400 bytes.  It made itself persistent in memory and eventually copied itself on to all his other disks.  This, he says, “made me feel uncomfortable.”  He and a partner eventually found a way to detect the virus code and as a result, a company was launched.

Back then, Luning notes, the hackers just wanted to see how far they could go, what they could get away with.  They might go so far as to flicker your screen or maybe even start to crash your computer.  Mostly, it was slightly nefarious programmer-hackers just showing off.

However, viruses went from being silly to dangerous in the late 90’s, and there’s been no let-up ever since.  Today, criminal-minded people don’t even need to be hackers any more.  They can just exploit things found on the dark net, and in ready-to-use clickable baits for creating ransomware.  You don’t even need to be technical any more.  Just criminal.

So the next time you consider whether or not to purchase and/or update your anti-virus software, just remember that Andreas Luning has warned you.



Read Full Post »

There’s big business in finding and exploiting the software flaws we seem to hear about nearly every day now.

Google pays bounties of $200,000 to hackers who find holes in its software, and payouts of $20,000 or more are said to be common.  Companies like Google, Microsoft and others would rather pay this one-time bounty to the best of the hackers then risk the damages implicit in an exploit from ‘the bad guys.’

Last fall, a company called Zerodium boosted the rate they’ll pay for exploits that hack the iPhone from half a million to 1.5 million dollars.  According to The Economist (5-20-17), mundane exploits for web browsers that a few years ago earned $5,000 now sell for many tens of thousands.

Oftentimes, today’s brokers will buy hacks themselves from freelance hackers who make it a profitable hobby.  They then sell these to someone who can use them.  Government agencies in the U.S. and Europe are eager customers.

On the other hand, messages on WikiLeaks show that at least one broker called ‘The Hacking Team’ sold exploits to Egypt, Russia, Sudan and UAE among others.  It’s a complicated market.

As one can imagine, there’s a big demand in the shadow markets, where many customers are simply criminals.  The most recent famous ransomware hack, called WannaCry, is said to have been exchanged in this way.  Often, “someone will sell you an exploit,” notes The Economist, “so someone else will sell you a warning.”

A firm in Phoenix, AZ called CYR3CON produces reports of possible threats based on its online scraping of posts and blogs in 15 languages from hackers involved in the field.

In fact, just ahead of the WannaCry attack which froze data on Windows PCs around the world, CYR3CON’s software “picked up chatter about exploits designed for just that task.”  It later noted that over 60,000 computers had had the exploit installed but not yet activated.  Many were medical facilities that had previously paid up “without unnecessary conversations.”  Those subscribing to CYR3CON’s services could take precautions.  Others, Economist’s editors point out, “were not so lucky.”

People increasingly seem to have a fundamental disregard for security, nots independent security expert Bruce Schneier, despite the fact that worms and other malware infections caused billions of dollars of damage in the previous decade.  The defenses keep getting better but, it seems, so do the hacks.


Read Full Post »

ransomwareRecently, two of our clients were the victims of an increasingly common Internet scam known as a ransomware attack.  These situations typically occur when a user inadvertently or unknowingly downloads a malicious form of software that can cause a PC or network’s files to become locked, encrypted or otherwise unavailable to their authorized users.  It’s typically accompanied by a demand for “ransom” which, if paid, promises to release your system and files unharmed.

Several high profile cases have been in the news, including a couple of hospitals which ultimately paid to have their files released.

In the case of our clients, neither paid.  The most effective solution, it should be noted, is to have a recent, full, off-site (or off-network)  backup of your critical programs and data, which can then be restored to bring you back to, say, yesterday’s status.  In one case, the client was not creating daily backups, and so had to restore a week’s worth (i.e., hundreds) of transactions through manual entry.  (They’re now making sure to backup daily.)

The other client was using remote desktop access to another server that effectively provides a firewall, an added layer of protection.

The internet is loaded with information and tips, including a couple from Microsoft we thought worth sharing today below.  (You can read more from Microsoft here.)

How did ransomware get on my PC?  In most instances ransomware is automatically downloaded when you visit a malicious website or a website that’s been hacked.

I cannot access my PC or my files.  Should I just go ahead and pay to regain access?  There is no one-size-fits-all response if you have been victimized by ransomware. There is no guarantee that handing over the ransom will give you access to your files again. Paying the ransom could also make you a target for more malware.

How to recover your files depends on where your files are stored and what version of Windows you are using.  Before you try to recover files, you should use Windows Defender Offline (a free tool from Microsoft) to fully clean your PC.  You need to have turned on File History (in Windows 10 and Windows 8.1) or System Protection for previous versions (in Windows 7 and Windows Vista) before you were infected.  Some ransomware will also encrypt or delete the backup versions of your files. This means that even if you have enabled File History, if you have set the backup location to be a network or local drive your backups might also be encrypted.  Backups on a removable drive, or a drive that wasn’t connected when you were infected with the ransomware, might still work.

And to circle back to our clients’ situation, perhaps the most important reminder of all: The best advice for prevention is to ensure company-confidential, sensitive, or important files are securely backed up in a remote, un-connected backup or storage facility.

An ounce of prevention always being worth a pound of cure, and all that.


Read Full Post »