Tag: ransomware

Snatch Ransomware

Ransomware is software that infects computers in businesses and in homes, then it encrypts files and threatens that unless a ransom is paid (usually by Bitcoin) that the decryption key necessary to restore the files will not be provided. Many people and businesses have been caught out by this and in some cases lost a great deal of money and/or valuable documents, photos etc.

Now, there is a nastier than usual form of this software called Snatch Ransomware.

This ransomware uses a trick to bypass antivirus software and is able to encrypt files without being detected.

The trick they use causes the computer to reboot into safe mode without any anti-virus protection then the ransomware can go about encrypting files without being blocked.

Safe mode on a PC is designed for when the computer is not running correctly and it enables testing, fixing and restore.  However, the criminals behind Snatch are using this mode to prevent anti-virus protection running.

The Snatch criminals use legitimate systems tools to access badly protected systems.  This is unusual as most ransomware criminals access as quickly as possible, encrypt whatever files can be found and move on.

The number of Snatch victims so far appears to be very small. Coverware is a company that specializes in extortion negotiations between ransomware victims and attackers and they have handled ransom payments for Snatch ransomware infections on 12 occasions between July and October 2019. The payments ranged from $2,000 to $35,000.

Keep your protection up to date.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Ransomware Targets

Ransomware is where software is downloaded (against your wishes) to your computer and blocks you from using the computer until you pay a ransom, usually in Bitcoins to unlock the device or decrypt the files.

You may think that Ransomware would be targeted at rich businesses, but that’s not generally the case. Ransomware scammers sometimes target home users, because they probably have little cyber security, don’t keep regular backups and wouldn’t know what to do if hit by ransomware.

Plus, there’s a lot more people than there are businesses.

Ransomware scammers may target businesses because:

  • That’s where the money is
  • Attackers know that a successful infection can cause major business disruptions, which will increase their chances of getting paid
  • Computer systems in companies are often complex and prone to vulnerabilities that can be exploited through technical means
  • Ransomware can affect not only computers but also servers and cloud-based file-sharing systems, going deep into a business’s core systems and data
  • Cyber criminals know that business would rather not report an infection for fear or legal consequences and brand damage.

Ransomware scammers may target public institutions because:

  • Public institutions, such as government agencies, manage huge databases of personal and confidential information that cyber criminals can sell
  • Budget cuts and mismanagement frequently impact the cybersecurity departments
  • Public institutions often use outdated software and equipment, which means that their computer systems are packed with security holes that can be exploited
  • A successful infection can cause huge disruption

The following blog post tells you how to stay safe from ransomware. https://fightback.ninja/test/how-to-stay-safe-from-ransomware/

If you have any experiences with ransomware do let me know, by email.

Fightback Ninja Signature

How to Stay Safe from Ransomware

Ransomware is when a hacker gets software onto your computer that can lock you out or encrypt the data files. Once the attack has succeeded, the hacker puts up a message screen on the computer announcing the attack and demanding a payment be made in order to get the decryption key or password to unlock the files.

Most of these attacks are the encrypting type and examples include CryptoLocker, Locky and CrytpoWall.

Ransomware commonly uses multiple evasion techniques to avoid being found by anti-virus programmes and is often able to spread from one computer to another on the same network.

The primary protection against ransomware is up to date anti-virus and anti-malware software and regular backups. Plus, you can consider the following:-

  • If your anti-virus or anti-malware has anti-ransomware options then enable that protection
  • Do regular scans of all drives
  • Ensure any important files and data are also copied onto Internet storage or other external storage
  • Never click on links in emails unless you are sure they are safe
  • Never open email attachments that you do expect
  • Delete spam emails and anything suspicious
  • Beware dodgy websites that may download drive-by malware.

In conclusion, ransomware is a real problem – don’t be caught out with out of date backups.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Radio Station Defeats Ransomware Attack

 

 

The radio station was hit by ransomware, some PCs ruined, a lot of music tracks gone and a lot to recover, but if you take precautions then the problems can be dealt with.

 

One computer displayed this message:-

Your information has been ransomed.

Your data has been encrypted and you cannot recover it unless you pay a ransom.

You will pay the ransom in Bitcoins and the longer you leave it before calling the higher the cost will be.

Checking PCs showed it wasn’t a hoax, there had been such an attack.

It’s a simple choice – do you pay and possibly get the decryption key or do you ignore the criminals and work to restore your systems? The chairman decided not to pay, on principle and he called the Police to report the crime.

The IT experts determined that while some encryption had taken place and hence those files were unusable, almost everything was intact despite the attackers warning. Only a few PCs had been attacked and the rest were untouched.

The Method of Attack

The means of attack was identified and the security loophole blocked at the firewall.

The criminals had used a flaw in Microsoft remote control desktop to access the systems without needing a password.  The software was then deleted off all computers.

The Recovery Process

Now the bad guys could no longer access the systems, it was safe to start purging the encrypted data and restore from backup.  Without appropriate backups things would have been much worse.

Key Lessons

  1. Comprehensive regular backups are absolutely essential, including off site backups
  2. Any connections to the Internet must be well protected
  3. Only run systems and services through an external firewall if essential and ensure these are well protected
  4. Ensure all security patches are installed ASAP
  5. Take regular security audits
  6. Be prepared for such an attack and plan for how to deal with the aftermath

For the more detailed version of this story go to http://www.fightbackonline.org/index.php?id=112:radio-station-fights-off-ransomware-attack

For an introduction to ransomware, look at https://fightback.ninja/test/ransomware-what-is-it-2/

Or at https://www.fightbackonline.org/index.php/guidance/12-explanations/19-ransomware-what-is-it-and-how-do-i-protect-against-it

Do Share this post on social media

Fightback Ninja Signature

How Common are Ransomware Attacks

“Ransomware threat on the rise as almost 40% of businesses are attacked”.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack.

The downtime caused by the ransomware rather than the cost of paying the ransom is what can kill a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses had to cease operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

For many, the source of ransomware is unknown and infections spread quickly. For 27 percent of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices.

The most common source of ransomware infections in U.S.-based organizations was related to email use. Thirty-seven percent of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Cyber Attack Costs Reckitt Benckiser £100 Million

Reckitt Benckiser is not a household name but it is a huge international company that makes Dettol and Durex amongst other things.

The Petya ransomware attack in June 2017 affected many companies and governments  but Reckitt Benckiser had 15,000 laptops, 2000 servers and 500 computer systems rendered unusable within an hour.

This ransomware is very similar to the Wannacry ransomware attack in May 2017 that caused havoc at the NHS.

Petya gets into a system through email – someone opens an email that they shouldn’t and then the ransomware can spread from computer to computer using a technique that Microsoft issued a security patch for a long time ago.  So it appears that Reckitt Benckiser did not keep their system up to date for security.

Once in the systems and spreading it is very hard to contain without simply turning all of the computers off and cleaning them of the problem one at a time.

Reckitt and Benckiser were particularly badly hit because the virus got into their manufacturing systems and halted production at numerous factories around the world.

“Consequently, we were unable to ship and invoice some orders to customers prior to the close of the quarter,” a Reckitt Benckiser spokesperson said in a statement.

The cost of £100 million is mostly the drop in the share price rather than day to day costs.

Businesses have to become much more aware of the dangers in the cyber world and their responsibility to secure their customers information and their systems.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.