Watch Out for SuperB

A new ransomware threat has been discovered making the rounds and once again the idea here is to separate victims from their cash.

Image result for superb ransomware

Introducing SuperB

SuperB is a computer virus that encrypts files and appends .enc extension to all encrypted files. Attacker warned victims that paying the ransom is the only key to restore their data.

SuperB is a file-encrypting virus. This malware forbid users to open their files like images, videos, databases, and other personal and sensitive data. It adds .enc extension to all encrypted files. Then SuperB virus shows a ransom note stating that your important files are encrypted.

The Malware creator claims that the only way to get back access to your data is through decryptor software or the private key. But, to be able to get the correct key, you have to first pay the ransom. The amount being demanded is $300 that must paid in Bitcoin currency. The attacker then instructs the victims to download TOR browser and visit SuperB’s web site for more information.

It is highly advised not to contact cyber criminals and not even think about paying the ransom. The creator of SuperB virus will not really decrypt your files even after payment is made. Dealing with them is surely a waste of time and your money.

SuperB virus is merely created to extort money from its victims. Giving their demand is like letting them or tolerating these people to profit from this scheme. So you better not to deal with them. The only thing you can do to bring back your files now is through your backups.

SuperB and most ransom virus use a number of tricky methods to spread it widely. This virus commonly hit its target machine by serving as a malicious email attachment. Some ransom virus may comes bundle with malicious downloadable programs. And some can sneak into the computer by finding the system vulnerability.

What To Do If SuperB Invades Your PC

The ransomware infection has been mainly designed with the purpose to scare users and trick their money. It take your files on hostage and demand ransom to return your important data. But now the question is what you can do when your system got infected by SuperB ransomware virus? Here are some option that you can use to get rid of this nasty infection.

Don’t Panic – Well the first thing is Don’t panic and then completely check out your system for any working files. If you got any working files then copy it to USB drive.

Pay Ransom – Other option is you can pay the ransom and wait to get your files back. (this is really a very bad option)

Use Backup – Clean you entire system files, remove the infection completely from your PC and restore your files with any backup.

Remove Infection – You can also delete SuperB ransomware virus using malware removal tool and remove all the infected files. You can later recover all your data by using any data recovery tool. (In case you don’t have backup of your files.) – Recommended Method.

Reinstall Windows – The last option is reinstall your Windows OS. It will completely remove all your data as well as infection. You will get a completely new infection free PC.

Share This:

Avoiding EternalBlue

Have you hear about EternalBlue?

Tens of thousands of computers have been hit by two major ransomware attacks in recent months — WannaCry, which took down large parts of the NHS, and Petya/NonPetya, a suspected worm that’s still wreaking havoc across the globe.

At the center of these ransomware outbreaks is a Microsoft Windows security vulnerability called EternalBlue. To keep you up to speed on the exploit here’s everything known so far.

What is EternalBlue?

EternalBlue is the name given to a software vulnerability in Microsoft’s Windows operating system. The tech giant has called it EternalBlue MS17-010 and issued a security update for the flaw on March 14. The patch was issued before the WannaCry ransomware spread around the world and those who had updated early would have been protected.

trendmicrowmi2.png

The vulnerability works by exploiting the Microsoft Server Message Block 1.0. The SMB is a network file sharing protocol and “allows applications on a computer to read and write to files and to request services” that are on the same network.

Microsoft says the security update it issued is Critical and following WannaCry it released a rare Windows XP patch after officially ending support for the software in 2014.

Can I Check to See if I Have EternalBlue?

Multiple versions of Windows are vulnerable to EternalBlue. “The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability,” Microsoft says in a statement.

The company’s security page details version of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016 can all be impacted by the EternalBlue exploit.

The good news is that security group Eset has created a free tool that will check to see if the version of Windows you are running is vulnerable to EternalBlue. “The danger is not in the WannaCry ransomware itself, but in the EternalBlue exploit, which has been using the vulnerability in unpatched Microsoft systems to spread the infection to other unpatched computers,” the company explains.

How Can I Protect Against EternalBlue?

From what is known about both WannaCry and Petya, the MS17-010 vulnerability can be exploited in a number of ways. During WannaCry it was spread through emails and within Petya it is believed, although not confirmed, to have spread through a software update from a Ukrainian company.

The best way to be protected from EternalBlue is to install the Microsoft patch detailed above. This will stop the SMB protocol being exploited even if attempts are made to do so.

Other basic security advice should be followed, including not clicking on links from unknown email senders and not opening attachments where the source is dubious.

Share This:

Petya Hackers Now Demanding $250,000

Friends, we do indeed live in a digital world. The battleground is more and more taking it to our digital data and less to traditional battlefronts as you can see with the growing Petya threat.

The authors behind the recent Petya ransomware attack, which rocked computers around the globe last week, have spoken out for the first time. In a message initially spotted by Motherboard on a Tor site known as DeepPaste, the Petya hackers have demanded 100 Bitcoins, currently worth more than $250,000, in exchange for a private key to decrypt disks affected by the attack.

Hackers behind Petya attack demand ransom of more than $250,000

Along with the message, the hackers have also made their first moves to recover ransom funds that were paid as part of the initial attack. From Motherboard:

At 10:10 PM UTC, the hackers emptied the bitcoin wallet they were using to receive ransom payments, moving more than $10,000 to a different wallet. A few minutes earlier, the hackers also sent two small payments to the bitcoin wallets of Pastebin and DeepPaste, two websites that let people post text online and are sometimes used by hackers to make announcements.

According to Forbes, the hackers also provided proof that they were indeed behind the attack by providing a signature for Petya’s private key. Two security researchers confirmed to Forbes that it was real.

Following the attack last week, Microsoft noted in a post on TechNet that the Petya attack actually had far less reach than was originally expected. More than 70 percent of affected machines were based in Ukraine, where the attack started. That has led some to speculate that Petya was a state-sponsored attack intended to do damage to Ukrainian digital infrastructure.

Share This:

New Ransomware Threat Spreads Globally

Here is yet another security threat that only infects those who do not keep their computers up to date.

A new ransomware called Petya which is very similar to WannaCry, is using the Eternal Blue exploit developed by the U.S. National Security Agency (NSA) to spread across the world. Ukraine’s national banks, power companies, airport, metro services and several organizations are now under attack by Petya. The attack is spreading fast and security companies are seeing thousands of infection attempts at the moment. More than 80 companies in Russia and Ukraine are reportedly infected already. Even the Chernobyl nuclear power plant is now under attack and they have now switched to manual monitoring of radiation. As you can see in the image above, this ransomware demands $300 in Bitcoin similar to WannaCry to get the decryption code.

This Petya ransomware affects only old Windows PCs which are running without latest updates. If you are running latest Windows 7 SP1 or latest OS from Microsoft with recent updates, you don’t have to worry about this cyberattack.

Dedicated readers – I urge you to keep your computers up to date with patches & fixes provided by Microsoft.

Share This:

Qakbot Attacks

Another week, another cyber-threat threatens the security of both individuals and business alike. This latest one, Qakbot has a special emphases on taking down business networks. It is just the latest cyber-threat and you can be sure that there will be many more – even more destructive ones to come. These threats will continue until our behavior changes in respect to how seriously we treat internet services. Security solutions are incredibly important, however even the best security solution cannot be 100% effective in this ever changing tech world. Cyber-criminals are continually changing their modes of attack and security solutions are often playing catch-up. The way we interact with internet services is the key to not only protecting ourselves – but each other. I touch on some of my recommendations for protecting yourself at the end of this article.

Image result for malware trojan

Introducing Qakbot

On Tuesday, researchers from Cylance said that Qakbot, an information-stealing Trojan and backdoor malware that targets the Microsoft Windows operating system and 64-bit browsers with a a target against business/enterprise users is on the loose.

Qakbot is a self-propagating kind of malware that has been circulating for several years now. The Trojan can spread not only through networks and external drives and devices but also focuses on stealing valuable credentials and taking control of the networks it has infected.

There has been a resurgence of the malware, according to Cylance, which had been made even more evasive and persistent with new, polymorphic features that enable the malicious code to squat in business networks for longer and “easily thwart legacy endpoint security solutions” by the use of muddying code, as well as constantly-evolving file makeup and signatures.

The Evil Tricks of Qakbot

Once a system has been infected with Qakbot through exploit kit use, phishing campaigns or malicious downloads, the malware does not lock a system in order to hold a business to ransom.

Instead, Qakbot is able to lock out Active Directories and once credentials have been stolen, use these to spam neighboring hosts and disrupt corporate activities. In turn, this may result in the compromise of additional hosts and further spread or the user accounts related to the authentication attempts being locked out.

New samples of the malware suggest that Qakbot now also targets victims globally due to the inclusion of international character sets, and a recent surge in attacks means that companies should stay on their guard against suspicious downloads or activity and keep their systems up-to-date to prevent infection.

Protecting Yourself

I do not mean to sound like a broken record each time I report on the latest security attack, but I have no choice. Protecting yourself against most security intrusions is actually quite easy, and you will find these tips throughout this fine blog. In fact what you see below is copied from my earlier post regarding the Wannacry Ransomware threat on May 15, 2017.


It is incredibly important to do the following:

  • Always make sure that you install the latest updates & patches for your operating system, especially Microsoft Windows.
  • Make sure you have an up to date anti-virus program running on your computer.
  • Do not click on links or attachments in email unless you are 100% certain it is legitimate and that you have requested it. If you are not sure about a hyperlink or attachment contact the sender directly to ask about it.
  • Do not visit questionable able websites.
  • When you are browsing website be certain to read carefully any dialog box that pops up before clicking on it.

Last but not the least, make sure that you run a backup of your system files regularly. If your PC gets infected and your important files are encrypted, you can get them later.


Thanks to ZDNet for being on top of the Qakbot story which much of this information was attained.

Share This:

Important Security Patches Arrive for Apple Products

This past week Apple released multiple security upgrades yesterday for its iOS, watchOS, tvOS, and macOS systems, addressing dozens of security bugs across its devices. The iOS update fixes 41 security flaws, including some that could potentially allow a remote attacker to execute malicious code on an Apple mobile device.

The update is well-timed, as most of the world is still reeling from the latest WannaCry ransomeware attck that has been racing across the globe since late last week. While the ransomeware attack targets Windows systems, Mac users are likely to feel a little safer knowing they have the most recent security patches installed.

Mostly Security Fixes

Apple attributed almost half of the bug discoveries to Project Zero, Google’s internal security and bug-hunting initiative. The most significant patch Apple released last week was for macOS. The update includes several fixes to the operating systems kernel, some of which address security vulnerabilities that would allow an application to gain access to kernel privileges as well as execute arbitrary code with kernel privileges.

The iBooks application received several fixes for bugs that would have, among other things, allowed a maliciously crafted book to open Web sites on its own without user permission. Meanwhile SQLite, a relational database management system, received four separate patches for issues that could have given an attacker remote access to a user’s device.

Apple’s mobile operating system, iOS, also received a major security upgrade. Several of the fixes relate to similar problems as those addressed in the macOS patch, such as the SQLite vulnerabilities, and kernel and iBooks bugs. Another major component of the OS that was patched was WebKit, a component that helps power the Safari browser.

No New Functionality, But Some Glitches Fixed

The watchOS update includes improvements and bug fixes while the tvOS update provides bug fixes and other enhancements to the fourth-generation Apple TV.

WebKit received a whopping eight patches, including several that would have permitted hackers to attack a user’s device through malicious Web content. The upgrade also changes the way Wi-Fi network credentials are handled to prevent having a person’s username and password stolen when accessing a malicious hotspot.

The security fixes will likely be the foremost in users’ minds as they rush to update their devices, but they are not the only changes Apple rolled out yesterday. While the upgrades do not appear to include any major new functionality, they do address several performance issues that should make the user experience a bit more pleasant.

On the Macintosh platform that includes a fix for the problem where audio may stutter when played through USB headphones. The update fixes an issue affecting some enterprise and education clients that may cause the system date to be set to 2040, and also prevents a potential kernel panic from occurring when starting up from a NetInstall image. All of the updates can be downloaded over the air.

If you have any apple products you should take the time to update its operating system.

Share This:

Mastering Password Managers

With this past week’s WannaCry ransomware scare I thought I would take a little time, again to write about how incredibly important password management is to the security of your data. Passwords are of course, inconvenient, time consuming and memory challenging which is why many people do not handle them seriously. However without good password management you are seriously taking a chance with your security.

I also wrote earlier this week that Microsoft is looking to kill passwords altogether for their services, however we are not exactly sure when that is going to happen and Microsoft not withstanding passwords are going to be around for quite a while yet… so you might as well master them.

Here areof my favorite password management applications, each with a free option. My favorite is LastPass, however each will do the trick if you want to lock out the cyber-criminals from getting a hold of your data.


Image result for lastpass logo png

 

There are two versions of LastPass – free and premium. Both can store an unlimited number of account logins in a secure vault protected by a master password, will complete online forms for you automatically, and can employ multi-factor authentication.

The premium edition also syncs across multiple devices, stores passwords for desktop programs, and lets you share secured folders with other people. with customizable permissions.

One of LastPass’s best features is its ability to generate strong, unguessable passwords for all your accounts, which it then stores for you. There’s no need to remember long, awkward streams of characters, or re-use the same password for multiple accounts. It’s a class act.


Image result for dashlane png

Dashlane is LastPass’s most serious rival, and like LastPass it’s absolutely superb with strong password security, exceptional ease of use and ability to store notes for future reference.

In addition to the Windows desktop password manager, there are browser plugins and mobile versions, and as with LastPass there’s a premium edition of Dashlane that adds unlimited syncing and sharing.

The premium edition of Dashlane costs US$39.99 per year, but the free version provides all the essentials: you get the core password manager, autofill and digital wallet features, all of which work flawlessly.


 

Image result for roboform logo

RoboForm claims to be the world’s best password manager, though its free version only lets you store up to 10 logins and lacks the breadth of features offered by some of its rivals. If you need to store more passwords, a premium account costs US$9.95 for the first year, though the mobile apps are free.

It’s available for Windows, Mac, iOS and Android, and is a good option for anybody who wants a simple and secure way to sync passwords between desktop, laptop and mobile devices.

RoboForm doesn’t have quite the same features lists as Dashlane or LastPass, but it’s a very good tool nonetheless and the free mobile apps are excellent.


Image result for keepass logo png

It isn’t the prettiest password manager around, but KeePass Password Safe is both free and open source with strong security, multiple user support and a whole bunch of plugins to expand the app further.

The password manager is small enough to run from USB without installing on a PC, it can input from and output to a wide range of file formats and there are stacks of customization options to play with.

The fact that KeePass Password Safe is open source means anybody can inspect the code for potential weaknesses, which means that any security issues can be identified and fixed quickly. It’s a great little app, if a bit intimidating for absolute beginners.


Image result for sticky password logo

Sticky Password comes from the team behind AVG Antivirus, so you can be confident that security is its top priority.

There are two versions of Sticky Password: free and premium. The latter adds cloud syncing and backup, and costs US$29.99, £19.99 (about AU$40) a year. There’s also a lifetime license available for $149.99, £96.99 (about AU$200) – an option not offered by any other premium password manager.

The app works on PC, Mac, Android and iOS, supports fingerprint authentication on mobile, is available as a portable USB version and offers lots of synchronisation options including Wi-Fi syncing with local devices. It doesn’t support the Edge browser just yet but it will once the Anniversary Update introduces extension support.


There you go. Give these a try. Anyone of them will help you lock down your accounts, secure your data and perhaps prevent a security disaster from impacting you. The time you spend doing this will be well spent… believe me.

Share This:

Protecting Yourself Against WannaCry

The WannaCry 2.0 ransomware is turning out to be one of the biggest security threats of recent times. It has spread in over 150 countries and affected more than 200,000 computers. This situation could’ve been avoided if the users had downloaded Windows security patch released in March. Well, you can still download the update and follow some basic safety measures to keep yourself away from such attacks.

Image result for wannacry logo

Ransomware has seen an abrupt rise in the recent years, and the present-day developments are only making this threat more infamous. If you love to keep yourself updated with the latest developments in the tech world, you might have heard about the notorious WannaCry ransomware, which is locking down people’s computers. It also goes by the other names like WannaDecrypt0r, WCry, and Wanna Decryptor.

What is WannaCry Ransomware?

More than 150 countries have been affected by WannaCry ransomware, which exploits EternalBlue vulnerability and uses phishing emails. The NSA was the first to discover this flaw, and it was made public by ShadowBrokers in April. After taking over a computer, WannaCry locks down the machine and asks for about $300 as a ransom. If the user fails to pay the ransom, the price increases with time.

Microsoft did release a patch for this leaked vulnerability in April, but many computer users and network administrators didn’t update their systems. As a result, they are at risk.

Wanadecrypt0r

How to Prevent Getting WannaCry and Other Ransomware

This malware is primarily impacting businesses and spreading through their network to control an entire company. But, it doesn’t mean that everyone else is safe.

So, if you’re using a computer which runs Windows operating system, you must take a few precautionary steps.


It is incredibly important to do the following:

  • Always make sure that you install the latest updates & patches for your operating system, especially Microsoft Windows.
  • Make sure you have an up to date anti-virus program running on your computer.
  • Do not click on links or attachments in email unless you are 100% certain it is legitimate and that you have requested it. If you are not sure about a hyperlink or attachment contact the sender directly to ask about it.
  • Do not visit questionable able websites.
  • When you are browsing website be certain to read carefully any dialog box that pops up before clicking on it.

Last but not the least, make sure that you run a backup of your system files regularly. If your PC gets infected and your important files are encrypted, you can get them later.


Microsoft’s Response

While Microsoft quickly issued fixes for the latest versions of Windows last month, this left Windows XP unprotected. Many of the machines attacked today have been breached simply because the latest Windows updates have not been applied quickly enough, but there are still organizations that continue to run Windows XP despite the risks. Microsoft is now taking what it describes as a “highly unusual” step to provide public patches for Windows operating systems that are in custom support only. This includes specific fixes for Windows XP, Windows 8, and Windows Server 2003. You can read my report about this here.

If you want to learn more you can read many of my ransomware related articles here.

Share This:

Windows XP Gets an Emergency Patch

If you are still using Windows XP (which you shouldn’t be) Microsoft is actually releasing an emergency patch for the retired operating system.

Why is Microsoft doing this?

Microsoft has taken the unprecedented step of issuing patches for unsupported operating systems, including Windows XP  as a result of the massive WannaCrypt ransomware attacks against organisations across the globe.

wannacry-talos.jpg

Businesses, governments and individuals in 74 countries across the globe have been victims of more than 45,000 attacks by this one strain of Ransomware in the space of just a few hours.

What is Wannacrypt?

Wannacrypt ransomware demands $300 in Bitcoin for unlocking encrypted files – a price which doubles after three days. Users are also threatened with having all their files permanently deleted if the ransom isn’t paid in a week.

Hospitals across the UK have had systems knocked offline by the ransomware attack, with patient appointments cancelled and doctors and nurses resorting to pen and paper and NHS England declaring the cyberattack as a ‘major incident’ – a total of 45 NHS organisations are now own to be affected.

The Dangers of Ransomware

Cybersecurity researchers have suggested the ransomware attacks are so potent because they exploit a a known software flaw dubbed EternalBlue. This Windows flaw is one of many zero-days which was apparently known by the NSA before being leaked by the Shadow Brokers hacking collective. Microsoft released a patch for the vulnerability earlier this year, but only for the most recent operating systems.

I applaud Microsoft for taking the action of patching their retired operating systems which is an effort to protect all of us.

Share This:

Ransomware Rises

Ransomware attacks have increased by 50% since 2016 reports Verizon. This is bad news for all of us.

Image result for ransomware

Additional reports also recently reported that cyber-criminals have increasingly shifted from going after individuals to attacking entire organizations. Government organizations were the most frequent target of these ransomware attacks, followed by health care businesses and financial services.

Instances of ransomware attacks have grown along with the market for bitcoin, the digital currency that is most commonly how cyber-criminals demand ransoms.

An Old & Tried Threat Expands

While most malware is delivered through infected websites, increasingly criminals have been turning to phishing, which is the tactic of using fraudulent emails designed to get a user to download attachments or click on links to websites that are infected with malware to carry out attacks. A fifth of all malware raids began with a phishing email in 2016, while fewer than 1 in 10 did the year before, according to the report.

These “phishing” emails are often targeted at specific job functions, such as HR and accounting – whose employees are most likely to open attachments or click on links.

Same Threat – Bigger Target

While in the past most ransomware simply encrypted the data on the device where it was first opened criminal gangs have increasingly been using more sophisticated hacking techniques, seeking out business critical systems and encrypting entire data servers.

Caution Rules

As you can see by whats going on here the best defense is not clicking on links or attachments in email – unless you are 100% certain that the email is legitimate.

Share This:

1 2 3 4