Large Scale Ransomware Attacks

The ransomware threat is on the rise as almost 40% of businesses reported an attack in the previous year according to a recent survey.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack. It’s the downtime caused by the ransomware rather than the cost of paying the ransom that does the most damage to a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses ceased operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

The most common source of ransomware infections is via email – links to scammer websites or malware loaded attachments.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

May 18, 2022

UK Gov Cyber Essentials 10 Step Plan

This is a summary of the UK Government 10 step plan for Cyber Essentials, which is designed for organisations looking to protect themselves in cyberspace.

1. Risk Management

Embed an appropriate risk management regime across the organisation. This should be supported by an empowered governance structure, which is actively supported by the board and senior managers. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.

2. Secure Configuration

Identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. Develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities.

3. Network Security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding. Your organisation’s networks may use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult.

4. Managing User Privileges

All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed.

5. User Education and Awareness

It’s important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.

6. Incident Management

Invest in establishing effective incident management policies and processes to help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

7. Malware Prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall ‘defence in depth’ approach.

8. Monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies.

9. Removable Media Controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

10. Home and Mobile Working

Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers.

https://www.ncsc.gov.uk/guidance/10-steps-cyber-security has further information.

Do you have an opinion on this matter? Please comment in the box below.

May 16, 2022

What is Jesus Oil?

There are a variety of scams claiming secret knowledge from the Bible to heal ailments and one of the most common is “Jesus Oil” or “The Oil of God”..

The emails claim that Jesus used a special type of cannabis oil, known as Kaneh-bosm, to cure various debilitating illnesses.

There isn’t really any secret in this as for thousands of years people all over the world have used plant based medicines including sometimes extracting oil to make a more concentred form of the medicine. This process is far more advanced nowadays but essential oils are still extracted by the same though more sophisticated version of the method.

These oils and their various chemical components have been known to science for a long time and some are the active ingredients in modern medicine. Some are anti-bacterial such as Cypress and such are inflammatory or pain relievers such as Frankincense and Juniper and so on.

What the scammers are actually selling is either their own poor quality version of the medicinal oils or often nothing – you pay and receive nothing.

Before buying any such products – do always check on their effectiveness and don’t be swayed by claims of Godlike powers, Jesus or other religious connections.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

May 15, 2022

How Come Celebrities Stay So Skinny?

“One of the country’s top addiction specialists just shared a shocking secret with the public”.

That’s the tagline to get you interested in the scam email.

It goes on about a single hormone causing addiction, but that no-one ever talks about.

“This secret has nothing to do with drugs”.

“And while no-one in weight loss ever talks about it”.

This is just the scammer’s fantasy.

Then the sales pitch is that a specialist has found a way to silence the craving hormone, leading to some “shocking” results e.g. a woman who lost 52 pounds.

The scammer invoked the idea of celebrities in the email title so goes on to state that celebrities learn this secret by paying tens of thousands of dollars – but you can know it now by clicking the link below.

It’s all rubbish of course – there are endless fat celebrities even though the industry of celebrity tries to push them to be skinny and those that are skinny typically make money by publishing their diet tips etc.

Just another pathetic scammer.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

May 14, 2022

Time-Wasters Update

An email claiming to be from Santander bank tells me they are doing spot security checks and they suspect an unauthorized transaction on my account, so I need to login to check it. An obvious scam message actually from support @emio-inc.com. Also, I don’t have a Santander bank account.

Another typical scam email arrives, offering a magical way to lose weight without changing your diet. This one claims there is a secret mineral that boosts your fat burning by 650%. The email says this is a forgotten mineral but then also says that everyone is talking about it. Seems somewhat contradictory. ‘Nancy lost 82 pounds with just one scoop of this mineral per day’. Pathetic rubbish as always from these criminals.

A message from newsletter @airpay.co.in says there are 3 voice mail messages waiting for me. The scammer doesn’t know who the message is going to so doesn’t even put Dear Sir or Madame or anything similar. The attached file I am supposed to click on is a .html file so it’s a web page. Dumb.

George Bridham’s email claims that a 4,000 year old herb is the most powerful anti-oxidant ever discovered and it can cure cancer and 119 other unnamed diseases. Not sure what a 4000 year old herb is supposed to be as most plants have been around for hundreds of thousands of years if not longer. A lot of people seem to think that anti-oxidants are somehow magical and do wonderful things to your health, but they are not. Your body produces anti-oxidants and maintains the level in your system. If you eat stuff containing a lot of anti-oxidant then your body simply produces less for a while. This isn’t magic and doesn’t transform health. Just a dumb scammer throwing around buzz words.

Lots of scammers target people needing pain relief and this latest one says “Eating so called superfoods doesn’t work… reducing inflammation doesn’t work…watch this video to see the truth”. Typical scammer lies and a pointless video to watch for which the scammer gets paid and you get nothing – just fake hope.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

May 13, 2022

Project Zero at Google

Project Zero is the name of a team of security analysts employed by Google, tasked with finding zero-day vulnerabilities in commercial software. This means bugs in other people’s software that can lead to security problems. They have no interest in everyday bugs that affect people’s work but not security.

After finding a number of flaws in software used by many end-users while researching other problems, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by its users. It’s establishment fits into the larger trend of Google’s counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden.

Responsible Disclosure

When serious security bugs are found in software, should the world be informed or just the software maker?

Bugs found by the Project Zero team are reported to the manufacturer and only made publicly visible once a patch has been released or if 90 days have passed without a patch being released.

This is Google’s way of implementing responsible disclosure, giving software companies 90 days to fix a problem before informing the public so that users themselves can take necessary steps to avoid attacks.

Notable Discoveries

On 30 September 2014 Google detected a security flaw within Windows 8.1 which allows a normal user to gain administrative access. Microsoft was notified of the problem immediately but did not fix the problem within 90 days, so the information about the bug was made publicly available on 29 December 2014. Releasing the bug to the public brought a response from Microsoft that they were working on the problem.

On 19 February 2017 Google discovered a flaw within Cloudflare, which caused their edge servers to run past the end of a buffer and return memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data.

On 27 March 2017 Project Zero discovered a vulnerability in the popular password manager LastPass and four days later LastPass announced they had fixed the problem.

Project Zero was involved in discovering the Meltdown and Spectre vulnerabilities affecting many modern CPUs, which were discovered in mid-2017 and disclosed in early January 2018.

Keep up the good work!

Do leave a comment on this post – click on the post title then scroll down to leave your comment.