Tag Archive for: ransomware

Ransomware to begin self-propagation

2016June9_Security_COne of the biggest fears security experts have may be coming true: self-replicating ransomware. Viruses that have the ability to copy and spread themselves to new systems are nothing new, but until now ransomware attacks have been targeted campaigns. The best way to protect your network from a security threat is to understand it, here’s everything you need to know about this latest development.

Ransomware, the malware that locks up infected systems and demands payment to return access to users, has been steadily increasing its infection rate over the course of this year. Enigma Software reported that, “After staying steady for the last six months of 2015, ransomware detection has begun to climb; February saw a 19 percent increase over January, while March had almost a 10 percent increase over February. Then, in April, infections more than doubled.”

And as if that wasn’t frightening enough, Microsoft announced last week that a recently detected ransomware software was found copying itself onto USB and network drives. The ransomware, titled ZCryptor, disguises itself as either an Adobe Flash installer or a Microsoft Office file to trick users into opening it.

Once opened, it displays a prompt that says “There is no disk in the drive. Please insert a disk into drive D:”. If you see this after opening a suspicious file, it is most likely ZCryptor trying to distract you while it works in the background to add a registry key that buries itself deep in your system and begins to encrypt your files.

Although previous ransomware iterations like Alpha Ransomware had the ability to find and encrypt files on shared network drives, security experts believe this is the first time a ransomware variant has included self-replication via removable drives into its framework.

When it was first detected in May, Microsoft found ZCryptor singling out 88 different file types for encryption. However, later on a security expert analyzed the ransomware and found 121 targeted file types — inferring that creators of the malware were continuing to develop its source code.

It’s commonplace for ransomware to demand payment to be made in Bitcoins as they’re an almost totally untraceable online currency. ZCryptor is no different, demanding 1.2 Bitcoins (500 USD) unless payment is more than four days after infection — then it increases to five Bitcoins (2,700 USD).

Compared to other more complex security threats, ransomware is still relatively easy to avoid. Always verify the source of email attachments and website downloads before opening files, disable macros in Microsoft Office programs, maintain regular backups and update your security software.

Still concerned about security at your SMB? It doesn’t have to be as difficult and draining as you may think. Contact us today for advice on keeping your network protected around the clock.

Published with permission from TechAdvisory.org. Source.

/by

Chimera ransomware’s scary tactics

Female hand giving a bribe to businessman - closeup shotThe threat of being infected by malicious software is part and parcel of spending time on the internet, and no sooner have the antivirus and security software programs released an update or new patch than cyber criminals are scrambling for ways to circumvent them. In addition, as end users become savvier to the tricks and scams used to steal our data, money or identities, new tactics are employed to try and fool us. And that includes Chimera, a new strain of ransomware which has recently been uncovered.

Business is booming in the world of cyber crime, and scammers, extortionists, phishers and hackers are constantly on the lookout for new ways to exploit our fears and naivety in order to boost their bank accounts, steal our data, or simply cause us mayhem for their own twisted pleasure. One of worst types of malware for playing with our emotions – and therefore increasing the likelihood of us capitulating to its demands – is ransomware. If you don’t know how this program works, read on for an introduction.

If your computer has been infected by ransomware, the first sign that something is wrong is normally discovering that you are unable to open one or more of your files. That’s because the malware encrypts them, rendering them completely inaccessible. The next thing you see will be a ‘ransom note’, either in the form of an email or a notice that appears directly on your screen. You will be told that if you want to see your files again you will need to pay a sum of money. After making payment you will (allegedly) be sent a code that will allow you to decrypt your files.

Some types of ransomware up the fear factor even further by pretending that the FBI, CIA or other national law enforcement or government agency is behind the ‘kidnapping’. You will be told that your files are being held hostage because you have downloaded pirated software or files, or visited an illegal or illicit website – such as those depicting extreme pornography or threatening national security. Regardless of whether or not you are guilty of any of the above – be it a visit to an x-rated website, or downloading a pirated copy of the latest episode of The Walking Dead, your first instinct is probably to panic. The thought of no longer having access to any of our information, files or data is enough to make most of us break out into a cold sweat. If you haven’t backed up, everything from your vacation pictures to your company’s data could be lost for good.

The problem for ransomware creators, however, is that many users have wisened up to their tactics, and are refusing to pay, instead calling in an IT specialist to try and restore their encrypted files. This has left cyber criminals needing to find a way to boost ‘trade’. And that is where Chimera comes in. Christened by the Anti-Botnet Advisory Centre – a part of Germany’s Association of the Internet Industry – unlike previous forms of ransomware, which were indiscriminate when choosing their victims, this latest threat primarily targets businesses.

An employee will receive an email, purporting to be an application for a job within your firm, or some kind of corporate deal. This email will include a link ostensibly to the applicant’s resume or to details of the offer, but will in fact go to an infected file stored in Dropbox. Chimera then infects the user’s computer and encrypts any local files. Once the PC has been rebooted, the ransom note will be displayed on the desktop. Payment is usually set at around $680 USD, which must be paid in Bitcoins. And in order to further scare the victim into paying, the note will also state that failure to make payment will result in the user’s files being published online.

If there is a slight silver lining to the Chimera cloud, it is that the Anti-Botnet Advisory Centre has not found any proof that files have been published – at least not yet. In fact, it is still unknown whether the ransomware does actually take the encrypted files or if it is just an empty threat. Regardless, it is still a threat which could easily convince many users to pay the ransom. And should Chimera make good on its threats, the ramifications for a business are huge – and that’s without taking into consideration the nightmare of having your files encrypted in the first place. With Chimera targeting businesses of all sizes, and random employees within the business at that, isn’t it time you took another good look at your organization’s security posture?

Contact us today and talk to one of our security experts. We’ll be more than happy to help ensure that your small or medium-sized business isn’t taken hostage by Chimera or any other type of ransomware.

Published with permission from TechAdvisory.org. Source.

/by

Scenarios that might require BCP action

BusinessContinuity_Dec7_CDo you know when to invoke your Business Continuity Plan? A lot of business owners assume they know when it will be required, but the reality is that it can be hard to determine when a BCP is really necessary. It’s important you are able to assess what is taking place, and make an informed decision with regard to putting your continuity strategy into action. Here are few things you need to consider when it comes to invoking your plan.

When a disaster happens, your first thoughts will likely revolve around how it will affect your business and the services it provides. Depending on what occurs, you might be required to call your Business Continuity Plan (BCP) into action to ensure your company remains operational and that any Recovery Time Objectives are met.

Unfortunately, too many business owners fail to properly prepare themselves for taking this action, by viewing disasters as two-dimensional events. Realistically, a disaster has many possible outcomes and is not as black and white as you may think. For instance, think about how a flood can disrupt your company.

The logical conclusion for most business owners is to picture their office underwater. While that is one possibility, several others may also exist that could require you to consider implementing your BCP. A flood may not disturb your office, but what if it strikes an off-site storage facility where you keep digital or paper data? This is likely to have just as great an impact on your business, and necessitate your BCP coming into action.

Here we’ll take a look at a few other disasters that can happen, and which factors you need to consider before implementing your BCP.

Fire

If a fire takes place at your business, invoking your BCP is a fairly obvious decision. However, what do you do if a fire occurs in the same building as your office, or next door to you? It can be a problematic situation as you may not know what, if any, damage has occurred. Smoke travels fast and can leave behind soot, which may render your servers inoperable or highly unstable. There may be health issues at play as well, and sometimes it is not be feasible to have your employees working in the office in the immediate aftermath of smoke damage.

Before invoking your BCP in this situation, you will want to speak with fire crews on the scene about when they will let you back into your office and what kind of damage has been done. This should give you the necessary information on how to proceed, and enable you to decide whether your BCP needs to be put into action.

Civil unrest

It can be hard to gauge what to expect in times of civil unrest. We have witnessed large protests that remained peaceful, but we have also seen ones that have become unruly and destructive. Several business owners had to halt or significantly reduce services in places like Missouri and Baltimore because of the latter. Only time will tell if they are able to recover, or end up having to shut their doors for good.

Due to the volatility of these events, it is impossible to fully prepare yourself, since you can never completely know how the situation will pan out. Instead make sure you and your staff are prepared to invoke your BCP should the situation deteriorate. Even if something were to happen at your premises, if you’re diligent and paying attention you should be able to act quickly and prevent a large-scale service disruption.

Security threats

Most people don’t put things like viruses and security breaches in the realm of disasters, and that in and of itself can be disastrous. Let’s use one of the fastest growing security threats to small businesses, ransomware, as an example. It could be downloaded to your network by a deceptive email and opened by an employee. When ransomware makes it way onto your network, it will encrypt or block all access to your data until you pay a sum of money.

Because ransomware can appear suddenly, often business owners get flustered and either pay the ransom or suffer a long period of downtime trying to figure out how to fix the problem. Either way, money is lost. If ransomware or any other security breach occurs, it’s important to quickly analyze the situation and determine whether you need to invoke your BCP, which should allow you to avoid both downtime and ransom payments.

It’s important to remember that a disaster can appear in many different ways, shapes and forms. If you need help on determining when it is appropriate to initiate your BCP, or have any other questions about how a BCP would help your business, give us a call.

Published with permission from TechAdvisory.org. Source.

/by