malware

Thu
29
Jun

Petya Ransomware - TCS Prevention and Recovery Advisory

Petya Ransomware - TCS Prevention and Recovery Advisory
On 27th June, 2017, a new worm like ransomware called Petya / NotPetya has affected organizations around the world. After the infection the malware, using the password harvesting utility, ETERNALBLUE exploit and ETERNALROMANCE exploit, infects all computers on the local network. Despite the fact that Petya / NotPetya virus actively uses these two exploits to infect as many computers as possible, it does not spread through the Internet, it hits computers only on the local network (where the virus first penetrated).
 
Petya / NotPetya encrypts entire hard drive, by encrypting the system volume, Master File Table and Master Boot Record, Petya / NotPetya prevents the system from booting normally and hooks it into Petya's own bootloader with the ransom note displayed on the screen. This prevents attempts at file recovery using standard forensic techniques such as booting to a LiveCD or other OS.
 
Tue
27
Jun

Petya (Petwrap) Ransomware Attack

There is another major ransomware attack named "Petya" which is spreading quickly and affecting various countries globally. Ransomware is a malicious malware, which typically restricts users' access to machine until a said ransom is paid to get the key and unlock it.
 
Petya ransomware reboots victim's computer, encrypts master file table including rendering the master boot records (MBR) of infected Windows computer, thus making the affected computer unusable. Present reports indicate that the ransomware exploit vulnerabilities in Server Message Block (SMB).
 
Please read the attached document for more details on this ransomware.
Mon
15
May

A Note on WannaCry/WanaCrypt0r Ransomware

Ransomware is a malicious software that encrypts the files and locks device, such as a computer, tablet or smartphone and then demands a ransom to unlock it. Recently, a dangerous ransomware named 'Wannacry' has been affecting the computers worldwide creating the biggest ransomware attack the world has ever seen. This has affected computers in India also.
 
About the Wanacrypt0r Ransomware
 
Wanacrypt0r is a ransomware that infects windows systems by exploiting a vulnerability called EternalBlue.  The exploit allows access to a remote machine via SMBV1 protocol. Microsoft patched this flaw in March as MS17-010. Wanacryptor is also known as “wannacry, wcry and wannacrypt.
 
How does Wanacrypt0r work?
 
Fri
07
Oct

Ransomware - Are we doing enough to prevent ?

Ransomware - Are we doing enough to prevent ?

Ransomware are malicious code designed to block access to a computer system, executes a crypto-virology attack that adversely affects files until a sum of money is remunerated. They act like a hostage kidnapper, makes you pay a ransom cash towards freeing the system back. The average ransom demanded today is about 500$ to 1000$. Most ransomware either restrict the application access of the legitimate user or are of encrypting type. Ransomware hackers demand payment mostly is the form of bitcoins, ensuring anonymity.

Thu
06
Oct

Mirai - A botnet resposible for largest DDoS attack

Mirai - A botnet resposible for largest DDoS attack
Mirai is a botnet that was responsible for the largest DDoS attack in botnet history. On 20 September 2016, the biggest security news website KrebsOnSecurity.com was targeted by 650 Gbps attack and later the French internet hosting site OVH reported being targeted by 1.1 Tbps DDoS attack. Mirai was responsible for the largest DDoS attack recorded till date despite not being the biggest botnet in the world.
 
Mon
12
Sep

Malvertising - A rising menace

Malvertising a rising menace

Malvertising or Malicious advertising is a technique which uses ads to spread malware. Instead of tricking users to visit malicious website, malvertising uses advertising networks to distribute malware in trustworthy websites. The distributed malware can be a spyware, ransomware, anything that can benefit the attacker.

Malware + Advertising (Malvertising) acts as a carrier for cyber criminals to open up a covert channel to launch an attack on the system. It always targets popular websites, where the traffic is high because these high trafficked websites often outsource the advertising space to ad sellers (ad networks). Advertisers bid for ad space in popular websites and the ad sellers serves the winners in bidding process with the space.

Tue
17
May

How to prevent mobile malware?

How to prevent mobile malware ?

Malware is short for Malicious softWare, which is designed to damage or even disrupt the computer. The array of malware ranges from spyware to key loggers; some are for financial malware and includes ransomware. Protection against Malware is ‘anti-malware’ products in the simplistic terms, and there we have it.  Not much of an article though is it!! So let’s dig deeper into the subject mobile malware prevention.

Vendors such as Sophos, Trend, MacAfee, Symantec or Kaspersky give deeper ways into the prevention. Equally, the ‘User’ must use common sense and it’s down to ‘ownership’ of the problem.

Insight onto the problem

To precise, in 2015 Kaspersky identified the following:

Tue
12
Apr

Ransomware - a growing threat , more and more stories day by day

Ransomware - a growing threat , more and more stories day by day

Kidnapping for money is something common in various parts of the world today. In Cyber Security too, we are facing this in the form of Ransomware, a new way of kidnapping and some people call this as Digital kidnapping.  Here the Cyber criminals kidnap our valuable data and hold them as a hostage. Think about a situation where an organization’s entire system is held as hostage by an outside party and are unwilling to release it until a ransom is paid.  Not only valuable data, in this IoT era where we use Smart TV’s, smart watches, smart fridges, and we already witnessed car hacks, a cyber criminal can hack those and ask ransom to get it back. Imagine a situation where you are driving a car and a criminal gets your vehicle control and asks for ransom to give you back the vehicle control.  Day by day, we are hearing a lot of ransomware stories, most of them targeting health care organizations.

Wed
24
Feb

How to Perform Basic Static Malware Analysis Using Open Source Tools ?

How to Perform Basic Static Malware Analysis Using Open Source Tools ?

The recent Malware attacks on banks, financial institutions, and payment processors are a validation of the increasing technical expertise of cyber-criminals and their ability to cause significant damage while orchestrating remotely. From mobile malware to banking Trojans, and point-of-sale (POS) and retail breaches, the threat landscape continues to evolve.  According to anti-malware product vendors, the average time to resolve a malware attack ranges from 18-26 days, resulting huge business down-time. In addition, the average cost of cleanup, cost of investigation, increased manifold.  The two reasons for this pathetic situation are:

Mon
11
Jan

A quick thought on how good Sandboxing technologies are ?

A quick thought on how good Sandboxing technologies are?

These days we hear lot about Advanced Persistent Threat (APT) mitigation techniques and the solutions that could protect us from Zero Day Attacks. Last couple of years the main focus was on Sandboxing solutions. We normally place firewall, IPS/IDS, HIPS, Antivirus solutions as a part of Defence in Depth principle. The limitation in this is most IPS/IDS, HIPS or Antivirus solutions detect and block known malwares as most of them are signature based security solutions. If they don’t have a corresponding signature, then the attack will go unnoticed and will result in exploiting vulnerabilities. I always believe in a principle – Prevention is better than cure.

Pages

Subscribe to RSS - malware