Ransomware

0

Hacking-Ransomware Attack of 27 June 2017

Posted on by Rubayat M.
Ransom-Message-27-June-2017

A new global cyber attack took place in 27 June, 2017. The attack was originated in Ukraine.A tax accounting software company named M.E.Doc become the initial victim. Then ransomware spread to at least 64 countries. Though Ukraine seems to have been particularly badly hit this time round.

Ransom Message

The computers affected by the attack showed a message of red text on a black screen: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”

List of Affected Business

Aircraft manufacturer Antonov, and two postal services
Rosneft (Russia’s biggest oil producer)
Danish shipping company Maersk
Pennsylvania hospital operator (Heritage Valley Health System)
Mondelez (Spanish food giant)
TNT (Netherlands-based shipping company)
St Gobain (French construction materials company)
Merck (Pharmaceutical Company)

Companies are paying. A bitcoin wallet associated with the outbreak has received several payments since the outbreak began.

Author – Rubayat M.

0

Massive Ransomware Attack Hits Computers in 99 Countries

Posted on by Rubayat M.
NHH-Ransomeware-Lock-Screen

A massive cyber-attack other wise known as the Ransomware has been infected computer systems in 99 countries. Countries are UK, US, China, Russia, Spain, Italy and Taiwan. So far more then 74,000 computer system has been identified as infected.

This is Huge

UK : The UK’s National Health Service (NHS) has been hit. Some hospitals and doctor’s have been unable to access patient data. Some surgeries has been cancelled.

Russia : Reports confirmed Russia had seen more infections than any other country. In
Germany: Some local railway ticket system is down.

Spain : Communication(Telefonica), utility (Iberdrola, Gas Natural).

Portugal : Communication(Portugal Telecom).

Other Companies : FedEx.

Attack Tools and Who is Behind the Attack

At this point it is not sure who is behind this attack.) Attack tools known as WannaCry believed to have been developed by the NSA (National Security Agency of US) has struck organizations around the world.

Our Ransomware Posts

http://www.linkmeshin.com/blog/home/ransomware-what-is-it-why-it-matters-what-is-the-next-level-how-to-get-protection/

http://www.linkmeshin.com/blog/home/mobile-malware-gooligan-infected-millions-of-devices-and-google-accounts/

http://www.linkmeshin.com/blog/home/beware-of-godless-mobile-malware/

http://www.linkmeshin.com/blog/home/carleton-university-of-canada-is-the-latest-victim-of-hacking-attack/

Writer – Rubayat M.

75

Ransomware what is it, why it matters, what is the next level, how to get protection

Posted on by Rubayat M.

antivirus-icon

What is it
Ransomware is a malware. What is does is hijack computer, encrypt its file system and then demand payment in exchange for the decryption or unlock key to its owner. It was a popular subject around the people who worked in the computer security sector – until recently this “bug” bites the mainstream news. A well-known hospital in California – Hollywood Presbyterian Medical Center had to paid $17,000 as ransom money in order to get their service restored.

Why it matters
Ransomware can attack any computer system – from someone’s personal computer to business computer. If not handle properly – computer owner can lost their data. And if business computer get infected then business can lose data and money . In the case of Hollywood Presbyterian Medical Center,  human life was in risk as patient’s medical report was not accessible by the doctor. And the hospital authority had to pay money in order to restore their normal operation.

This particular bug is getting sophisticated every day and attacking new computer systems. Anybody can be its next victim.

List of computer system it attacked
Microsoft Windows – the most common operating system that get attacked by ransomware.
Mac OS – Very few incident but numbers are increasing due to growing popularity of Mac. In July 2013, an OS X ransomware was identified. Although this was not a typical ransomware attack and was not able to encrypt the files.
Mobile device(android, i-os, BB, windows)-Mobile devices has auto backup option. User’s data is backed up in the devices cloud storage. Even if the mobile devices got attacked by ransomware – users can always get the original content back from the cloud. So ransomeware attacker cannot make money from this.

How to get protection
Advanced preparation is the best defense. Zero day vulnerability is a well-known term in the world of computer security. Zero day vulnerability refers to a hole in the software that is unknown to the vendor or the owner.

Large business organizations have layers of protection like firewalls, anti-virus, intrusion detection, web monitoring and will most likely stop the attack before it hit the computers in the network. Most of these organizations use thin client and perform back up on a regular basis. So even if there is any attack, organizations can restore their service shortly.

Most personal computer users do not have large organization like computer network. So it is easy to attack these systems. Here are few steps that can be taken –

Step 1 : Backup…backup…back up…your data – either in an external hard drive or in cloud based system.
Step 2 : Update your operating system’s system file. So your operating system will have the latest patch.
Step 3 : Install a good security software. If needed – pay for it.
Step 4 : If you have a home network – with Wi-Fi capability – please beef up your Wi-Fi security.
Step 5 : Avoid using unknown or open Wi-fi connection. This is one of the most common ways of getting infected with malware.

The Next Level
The people behind the ransomware is updating their tools regularly. In 2015 the group started ransomware-as-a-service and was hosted on the tor network. The group start using virtual currencies like bit coins for payments. This will help newer cyber criminals to use the tools and attack unsuspecting user.

New horizon for ransomware is the cloud storage and mobile devices. This means android, ios, blackberry, windows and other systems are in security risk.

December 2014, one financial company’s website was compromise. First a general website out of service message was displaying in the website. Then the financial company received a ransom note. Company’s database was encrypted by the ransonmware attacker. One security company was able to retrieve the encryption key and was able put the service back again. This type of attack is on the rise.

** as a service – primary application is hosted centrally. Client use a standard web browser to access the service. Primary application is maintained by the application developer.

Perpetrator
No specific groups have not been identified yet as perpetrator. The people or groups behind the common ransomware campaigns are going for quick money and targeting mostly the people or organizations of rich countries. In August 2012 FBI issued a warning message about ransomware on their website.
Warning link – https://www.fbi.gov/news/stories/2012/august/new-internet-scam/new-internet-scam

Final thought
No security or operating system is 100% foolproof. So nothing can give us complete security. Staying alert is the best action that we can take.

Writer – Rubayat M.