Ransomware

Thu
29
Jun

Petya Ransomware - TCS Prevention and Recovery Advisory

Petya Ransomware - TCS Prevention and Recovery Advisory
On 27th June, 2017, a new worm like ransomware called Petya / NotPetya has affected organizations around the world. After the infection the malware, using the password harvesting utility, ETERNALBLUE exploit and ETERNALROMANCE exploit, infects all computers on the local network. Despite the fact that Petya / NotPetya virus actively uses these two exploits to infect as many computers as possible, it does not spread through the Internet, it hits computers only on the local network (where the virus first penetrated).
 
Petya / NotPetya encrypts entire hard drive, by encrypting the system volume, Master File Table and Master Boot Record, Petya / NotPetya prevents the system from booting normally and hooks it into Petya's own bootloader with the ransom note displayed on the screen. This prevents attempts at file recovery using standard forensic techniques such as booting to a LiveCD or other OS.
 
Tue
27
Jun

Petya (Petwrap) Ransomware Attack

There is another major ransomware attack named "Petya" which is spreading quickly and affecting various countries globally. Ransomware is a malicious malware, which typically restricts users' access to machine until a said ransom is paid to get the key and unlock it.
 
Petya ransomware reboots victim's computer, encrypts master file table including rendering the master boot records (MBR) of infected Windows computer, thus making the affected computer unusable. Present reports indicate that the ransomware exploit vulnerabilities in Server Message Block (SMB).
 
Please read the attached document for more details on this ransomware.
Mon
12
Jun

Ransomware: How Much You Knew and What You Need to Know!

Ransomware: How Much You Knew and What You Need to Know!
Ransomware is a type of malware that infects by locking or by encrypting users hard drives unless ransom fee is paid. It holds victim information by asymmetric encryption. Asymmetric encryption (public-private key) is cryptography that use a pair of key to encrypt and decrypt a file.
 
These both keys is uniquely generated by the attacker for the victim. Private Key is used to decrypt the locks or file but that key is stored in attacker server. This private key available to the victim only after the ransom amount paid to the attacker. Without private key, it becomes a big challenge to decrypt the files that are being held to ransom.
 

Types of  Ransomware

There are two main forms of Ransomware in circulation today:
 
Wed
31
May

What Lessons Can Be Learned From WannaCry?

What Lessons Can Be Learned From WannaCry?
With a spread across 150 countries, WannaCry has made itself the most widespread ransomware till date. Its spread and impact has been significant which is evident from the fact that it has been an alarming news across the globe. There is a rough estimation that nearly 200,000 computers have been affected by this program.
 
If we look minutely at this attack, there are certain unique aspects to observe. Firstly, this has been the largest ransomware attack globally. Countries across continents have been affected. There had been instances of ransom demanding hackers in the past, however, they had been endemic to certain entities only. The Cyber world got alarmed with the way this ransomware burgeoned across computers, encrypted and locked the resources. Such global attack had not been thought to be practical until the news break in.
 
Mon
15
May

Prevention to Ransomware Attacks

The article has divided the ransomware preventions steps into two categories: The first category describes the strategy on the system level. The second strategy is depends on human factors, one has to implement and practice these to build the sixth sense in term of information security.

Strategy I (On the System)

1.       Data Backup (Online and Offline): This is the most important task that everyone must do. It is highly recommended to take data backup on both online (cloud etc.) and offline (local HDD backup etc.) mode on regular basis to protect your data for any further ransomware attack and destruction.

Fri
07
Oct

Ransomware - Are we doing enough to prevent ?

Ransomware - Are we doing enough to prevent ?

Ransomware are malicious code designed to block access to a computer system, executes a crypto-virology attack that adversely affects files until a sum of money is remunerated. They act like a hostage kidnapper, makes you pay a ransom cash towards freeing the system back. The average ransom demanded today is about 500$ to 1000$. Most ransomware either restrict the application access of the legitimate user or are of encrypting type. Ransomware hackers demand payment mostly is the form of bitcoins, ensuring anonymity.

Wed
13
Jul

Ransomware - Are you safe?

Ransomware - Are you safe?

In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's data and demands payment for the decryption key. 

Tue
17
May

How to prevent mobile malware?

How to prevent mobile malware ?

Malware is short for Malicious softWare, which is designed to damage or even disrupt the computer. The array of malware ranges from spyware to key loggers; some are for financial malware and includes ransomware. Protection against Malware is ‘anti-malware’ products in the simplistic terms, and there we have it.  Not much of an article though is it!! So let’s dig deeper into the subject mobile malware prevention.

Vendors such as Sophos, Trend, MacAfee, Symantec or Kaspersky give deeper ways into the prevention. Equally, the ‘User’ must use common sense and it’s down to ‘ownership’ of the problem.

Insight onto the problem

To precise, in 2015 Kaspersky identified the following:

Tue
12
Apr

Ransomware - a growing threat , more and more stories day by day

Ransomware - a growing threat , more and more stories day by day

Kidnapping for money is something common in various parts of the world today. In Cyber Security too, we are facing this in the form of Ransomware, a new way of kidnapping and some people call this as Digital kidnapping.  Here the Cyber criminals kidnap our valuable data and hold them as a hostage. Think about a situation where an organization’s entire system is held as hostage by an outside party and are unwilling to release it until a ransom is paid.  Not only valuable data, in this IoT era where we use Smart TV’s, smart watches, smart fridges, and we already witnessed car hacks, a cyber criminal can hack those and ask ransom to get it back. Imagine a situation where you are driving a car and a criminal gets your vehicle control and asks for ransom to give you back the vehicle control.  Day by day, we are hearing a lot of ransomware stories, most of them targeting health care organizations.

Wed
02
Sep

Apple: sour or still sweet? KeyRaider infects 'jailbroken' Apple iPhone users in 18 countries

Apple: sour or still sweet? KeyRaider infects 'jailbroken' Apple iPhone users in 18 countries

Recently, a malware 'KeyRaider' has compromised 225,000 Apple iPhone users accounts. This is considered to be one of the biggest attack against the firms user base. KeyRaider, a new strain of malware identified by researchers at Palo Alto Networks, affects only jailbroken devices, researchers at Palo Alto Networks said. The traces of distribution of this malware has been found in 18 countries so far. This malware is also acting as a ransomeware. It can send notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple's push server.

Pages

Subscribe to RSS - Ransomware