PSA: Malware / Ransomware

[JohnR]

A lot of targeted malware \ ransomware is going out, particularly via email. The ransomware essentially locks up your computer, encrypts all of your files so you cannot access them, and request 500 to several thousand dollars to restore them. You either Pay or restore from Backup. No way around it.

The email is very normal looking, might be from your boss, or company owner, may be from a local name or even a customer you have worked with before. You open the email and infect your system and usually connected systems.

I have had almost all of my clients targeted with this and fortunately most not successful due to training and filtering but there have been some instances where it has happened.

What can you do? Not run as local administrator on your machine helps, but have good backup, run your system and application updates (JAVA, FireFox, Flash are crucial).

If you are a small biz (5-300employees) in RI, Eastern CT, Norfolk/WCTR county Mass I can put you in touch with my company or deal directly.

For home: BACKUP BACKUP BACKUP. Go get Carbonite or BackBlaze and have your computer files and photos backup up offline. This is the minimum and allows you top at least get some of your files back.
Better: Get an external drive or two, a copy of ShadowProtect and do full system image backups locally AND run offsite to Carbonite/BackBlaze

[ThrowingTimber]

Seeing some targeted (phishing) emails directed/ tailored to suit individuals based on their social media ie. you posted juniors little league opening day was today he plays for the providence Mets. Email pops up at your @work email address with hyperlink to @Providence mets final schedule changes league approved etc, you click link = bad news for your network

[JohnR]

Quote:

Originally Posted by ThrowingTimber

Seeing some targeted (phishing) emails directed/ tailored to suit individuals based on their social media ie. you posted juniors little league opening day was today he plays for the providence Mets. Email pops up at your @work email address with hyperlink to @Providence mets final schedule changes league approved etc, you click link = bad news for your network

Yep. Targeted. Spear Phishing.

[ecduzitgood]

Quote:

Originally Posted by ThrowingTimber

Seeing some targeted (phishing) emails directed/ tailored to suit individuals based on their social media ie. you posted juniors little league opening day was today he plays for the providence Mets. Email pops up at your @work email address with hyperlink to @Providence mets final schedule changes league approved etc, you click link = bad news for your network

Thanks for the translation, I was going to ask my niece but now I understand. (Insert blushing smiley thingy here...lol)
Posted from my iPhone/Mobile device

[FishermanTim]

Imagine how many people, particularly elderly and not-so-computer-savvy individuals that may be affected?

[jeffsod]

John do the emails you mention have some kind of attachment or is it just a link?

By the way we did receive a couple at my office that were caught. A scan of the attachment by IT found it was loaded with either malware or ransomware.

[JohnR]

Quote:

Originally Posted by jeffsod

John do the emails you mention have some kind of attachment or is it just a link?

By the way we did receive a couple at my office that were caught. A scan of the attachment by IT found it was loaded with either malware or ransomware.

Both - usually an attachment but often enough a link to an infected site.

[Headhunter]

How about if you open it on an Iphone?

[JohnR]

Quote:

Originally Posted by Headhunter

How about if you open it on an Iphone?

The ransomware / malware payload is mostly engineered to a specific desktop / network operating system such as Windows/Mac/Linux but there are some variants in phones. This particular type doesn't make as much sense to target phones due to less critical information and phones are lucrative from other forms of financial crime.

[Headhunter]

So wouldn't it make sense to open all your emails from your phone to see if they make sense, then if they have subject mater that is pertinent you know its ok?

[RickBomba]

I've seen ransomware that can infect iOs. The editor from Wired that said his accounts were so secure got hacked like that...somebody SE'd Apple support, added a credit card, then got in that way.

Phones are pretty safe, though. It pays to have great anti-virus, good web-based backup or a hard drive backup that's encrypted, and I just never open attachments.

[Fly Rod]

I had some sort of attack a couple weeks ago...looking something up on computer and wham up pops this notice with microsoft heading... kept flashingflashing call this number tried clicking off a dozen times would not undo....called number they wanted to sell me a Defender product for 500 bucks...told them i would call them back....all I did was restart computer everything was fine....had to B a scam.... mentioned to friends at coffee and one said he got it too on business computer, he paid and thought for a minute and called bank to cancel the payment...he got money back.....

[afterhours]

are any of these #^&#^&#^&#^&wads ever caught and prosecuted ? never seem to heard of any being so. do they run rampant until the anti v's catch on and update ?

[ThrowingTimber]

Quote:

Originally Posted by afterhours

are any of these #^&#^&#^&#^&wads ever caught and prosecuted ? never seem to heard of any being so. do they run rampant until the anti v's catch on and update ?

They actually run their code through checks like virus total to ensure their stuff makes it through/ past anti virii. Make no mistake, this is a business to them. Support helpdesks, the more you buy you get percentages off, they have dev. Cycles. This is not some twit running scripts. Theyre basically "companies"

Some, caught sure. In a coordinated effort (attack) a concerted effort was organized and set of their encryptions keys was stolen and made public. (Fight fire with fire sort if deal)

Krebs on security has an excellent view on security and finger on the pulse of what is happening if you'd like to keep informed 😃 Its not over wordy and easy to read. (Interesting actually)
Posted from my iPhone/Mobile device

[basswipe]

After reading threads like this I thank myself for switching to a Linux distro back in '06.

[Cool Beans]

Just saw this from SecurityWeek

3.2 million devices exposed to ransomware attacks: Cisco.
Security researchers from Cisco Talos discovered that approximately 3.2 million computers were
vulnerable to file-encrypting ransomware due to out-of-date software after an Internet scan on already
compromised devices revealed that more than 2,100 backdoors across 1,600 Internet Protocol (IP)
addresses were associated with governments, schools, aviation companies, and other organizations. Cisco
advised administrators to disable external access to infected machine to keep attackers away.
Source: http://www.securityweek.com/32-milli...-attacks-cisco

[Duke41]

thanks John