Category: Ransomware

Watch Out for SuperB

Ransomware

A new ransomware threat has been discovered making the rounds and once again the idea here is to separate victims from their cash.

Introducing SuperB

SuperB is a computer virus that encrypts files and appends .enc extension to all encrypted files. Attacker warned victims that paying the ransom is the only key to restore their data.

SuperB is a file-encrypting virus. This malware forbid users to open their files like images, videos, databases, and other personal and sensitive data. It adds .enc extension to all encrypted files. Then SuperB virus shows a ransom note stating that your important files are encrypted.

The Malware creator claims that the only way to get back access to your data is through decryptor software or the private key. But, to be able to get the correct key, you have to first pay the ransom. The amount being demanded is $300 that must paid in Bitcoin currency. The attacker then instructs the victims to download TOR browser and visit SuperB’s web site for more information.

It is highly advised not to contact cyber criminals and not even think about paying the ransom. The creator of SuperB virus will not really decrypt your files even after payment is made. Dealing with them is surely a waste of time and your money.

SuperB virus is merely created to extort money from its victims. Giving their demand is like letting them or tolerating these people to profit from this scheme. So you better not to deal with them. The only thing you can do to bring back your files now is through your backups.

SuperB and most ransom virus use a number of tricky methods to spread it widely. This virus commonly hit its target machine by serving as a malicious email attachment. Some ransom virus may comes bundle with malicious downloadable programs. And some can sneak into the computer by finding the system vulnerability.

What To Do If SuperB Invades Your PC

The ransomware infection has been mainly designed with the purpose to scare users and trick their money. It take your files on hostage and demand ransom to return your important data. But now the question is what you can do when your system got infected by SuperB ransomware virus? Here are some option that you can use to get rid of this nasty infection.

Don’t Panic – Well the first thing is Don’t panic and then completely check out your system for any working files. If you got any working files then copy it to USB drive.

Pay Ransom – Other option is you can pay the ransom and wait to get your files back. (this is really a very bad option)

Use Backup – Clean you entire system files, remove the infection completely from your PC and restore your files with any backup.

Remove Infection – You can also delete SuperB ransomware virus using malware removal tool and remove all the infected files. You can later recover all your data by using any data recovery tool. (In case you don’t have backup of your files.) – Recommended Method.

Reinstall Windows – The last option is reinstall your Windows OS. It will completely remove all your data as well as infection. You will get a completely new infection free PC.

 

Leave a comment

Outlawing Ransomware?

Ransomware, Security

Legislation has yet to catch up with technology. Perhaps – finally legislators will begin to understand that they have some power to actually protect consumers where new technologies are concerned. There is hope coming out of California where tech law is concerned.

State legislation to outlaw ransomware is drawing broad support from tech leaders and lawmakers, spurred by an uptick in that type of cybercrime and a series of recent attacks on hospitals in Southern California.

The bill, authored by state Sen. Bob Hertzberg (D-Van Nuys), would update the state’s penal code, making it a felony to knowingly use ransomware, a type of malware or intrusive software that is injected into a computer or network and allows a hacker to hold data hostage until money is paid.

Ransomware has become a lucrative industry over the last three years, affecting schools, police departments and healthcare businesses. Trojans that work like viruses, such as CryptoLocker — which began appearing in 2013 — can be unleashed by users with few technical skills and reel in profits.

Proponents say the proposed ransomware law is the right step to counter attacks difficult to prosecute under existing statutes that are not tailored to combat computer crime. But some question just who will get caught in the dragnet, as such incidents are tough to trace and culprits are often overseas.

Victims nationwide lost more than $209 million in ransomware payments in the first three months of 2016 alone, compared with $25 million in all of 2015, according to the FBI.

But no arrests were made. Nor were arrests made in more than half a dozen of ransomware incidents investigated by the Cyber Investigation Response Team of the Los Angeles County district attorney’s office, which is a co-sponsor of the bill.

 

Ransomware Defined

Ransomware attacks are instigated when a person clicks on a compromised website or opens an infected email. The programs encrypt files, such as photographs, videos or documents, and they cannot be accessed without an encryption key.

Security researchers first saw similar attacks in 1989, when the so-called AIDS Trojan virus locked people out of their files if they clicked through a quiz about their sexual and drug habits. Ransomware has evolved over the last decade with the creation of “police screen lockers,” pop-up screens that appear to be created by law enforcement agencies that fraudulently order people to pay fines after accusing them of downloading pirated movies or child pornography.

At the federal level, prosecutors can use the Computer Fraud and Abuse Act to target ransomware. But state prosecutors typically must pursue such cases under laws against extortion, or those that target threats to injure a person or property that have not been acted upon.

Leave a comment

Beware Locky

Ransomware, Security

The internet can be a very scary place.

Over the past week, computers throughout Europe and other places have been hit by a massive email spam campaign carrying malicious JavaScript attachments that install the Locky ransomware program.

Antivirus firm ESET has reported a spike in detections of JS/Danger.ScriptAttachment, a malware downloader written in JavaScript that started on May 22 and peaked on May 25.

Many countries in Europe have been affected. The company’s telemetry data also showed significant detection rates for this threat in Canada and the U.S.

JS/Danger.ScriptAttachment can download various malware programs, but recently it has been used to primarily distribute Locky, a widespread, malicious program that uses strong encryption to hold users’ files hostage.

While Locky doesn’t have any known flaws that would allow users to decrypt their files for free, security researchers from Bitdefender have developed a free tool that can prevent Locky infections in the first place. The tool makes the computer appear as if it’s already infected by Locky by adding certain harmless flags, which tricks the malware into skipping it.

The use of JavaScript-based attachments to distribute Locky began earlier this year, prompting Microsoft to post an alertabout it in April.

The attachments are usually .zip archive files that contain .js or .jse files inside. These files with will execute directly on Windows without the need for additional applications.

However, it is very uncommon for people to send legitimate applications written in JavaScript via email, so users should avoid opening this kind of file.

Will Locky make it to the United States in a big way? I hope not. However be sure to be aware of it and use all of the security tips we have recommended in the past.

Leave a comment

Protect Yourself Against Ransomware

Ransomware, Security

If you are a regular reader of this fine technology blog you must know that ransomware is dangerous, malicious and becoming more widespread with each passing day.  You do not need to panic because there are steps you can take to minimize the risk that your computer will be infected.

Update Often

Make sure that your software, operating system and plug-ins like Java and Flash are kept up-to-date by turning on their automatic update feature.

Some hackers are exploiting vulnerabilities in those programs to install ransomware automatically when consumers visit hacked websites.

Back-Up Your Data

If your files are locked by ransomware, the only way to recover them without paying the ransom is from backup copies. If you are not yet doing regular backups, you should start.

Even if you are doing regular backups – beware. Some ransomware can find and encrypt files on anything that looks like an attached drive, including external hard drives you may have connected, drives you may have on your local network or cloud services like Dropbox and OneDrive

To protect yourself use cloud backup services like Carbonite or Mozy in addition to an external hard drive that you disconnect after each backup. You should back up your data in multiple places or on to multiple drives.

Run Anti-Virus Software

First please keep it up-to-date and have it set to scan for viruses automatically. Anti-virus software can usually detect and block known ransomware.

However be aware that anti-virus programs typically struggle to identify and protect your computer from new versions of ransomware, so they are not a perfect solution. Some anti-malware programs can act as a kind of backup, allowing you to undue changes ransomware and other malware have done to your computer.

Think Before You Click

This bay me one of the most important tips here. Be skeptical of links or documents sent to you in email and be wary of clicking on them. A good rule here is that if you did not specifically request the links or documents contact the sender directly (in person or by phone) and verify the legitimacy of the email before clicking on anything.

Leave a comment

Beware New Pony Ransomware

Ransomware, Security

A new wave of crypto ransomware is hitting Windows users courtesy of some poorly secured websites. Those websites are infected with Angler, the off-the-shelf, hack-by-numbers exploit kit that saves professional criminals the hassle of developing their own attack.

The latest round is especially nasty because before encryption, the drive-by attacks first use malware known as Pony to harvest any login credentials stored on the infected computer.

The Details of Pony

The campaign is carried out by installing a cocktail of malware on the compromised PC. The first payload consists of the notorious data thief Pony, which systematically harvests all usable usernames and passwordsfrom the infected system and sends them to a series of Control & Command servers controlled by the attackers.

The purpose of this action is to abuse legitimate access credentials to web servers and CMS systems used by websites and to inject the malicious script in these websites so that the campaign achieves the largest possible distribution.

In the second phase, the drive-by campaigns unfolds via the victim being moved from the legitimate website, which has been compromised, to a heap of dedicated domains which drop the infamous Angler exploit kit.

The Angler exploit kit will then scan for vulnerabilities in popular third-party software and in insecure Microsoft Windows processes, if the system hasn’t been updated.

Once the security holes are identified, Angler will exploit them and force-feed CryptoWall 4.0 into the victim’s system.

To consider just how insidious attacks like these are, consider this: earlier this week it was  reported that the Reader’s Digest website was actively infected by Angler. A reader promptly replied that someone in his organization had visited the site in early November, four weeks before the article was published and was infected by CryptoWall after reading an article. The target’s only mistake, it seems, was failing to update one of several apps.

Crypto ransomware came to the world’s attention in the second half of 2013 with malware calling itself CryptoLocker. Since then, there have been a dozen or so copycat titles and a steady stream of refinements to further befuddle targets. People should be sure to keep operating systems, browsers, and browser plugins updated with the latest security patches and strongly consider uninstalling Flash and Java.

Leave a comment

Cyber Threat Shifts from Spam to Malware

Fake News, malware, Ransomware, Security

There may finally be some good news in the war against spam. The overall percentage of spam among e-mail messages dropped an amazing 49.7 percent last month, the lowest level since 2003. This is the first time the figure has been below 50 percent in more than a decade, according to a new study by Symantec.

spam email

Symantec reported these figures in its “Symantec Intelligence Report” for the month of June. Enterprises in the mining sector had the highest spam rate, at 56.1 percent, according to the report. The manufacturing sector was a close second at 53.7 percent. The finance, real estate, and insurance sectors had the lowest of any industry, at 51.9 percent.

It is apparent that spammers treat all businesses the same with regard to size. On average, companies experienced a spam rate of between 52 percent and 53 percent no matter the number of employees. The only variance to this pattern was companies with 251-500 employees, which experienced a 53.2 percent spam rate.

Spam Appears on the Decrease While Malware Increases

Despite the good news with spam, there were several troubling observations I found in Symantec report. There was a grand total of 57.6 million new malware variants reported in June, up from 44.5 million created in May and 29.2 million in April. The increase in malware variants indicate, something that many of us already knew. Hackers are changing tactics and shift to the very dangerous cybercrime tool of malware, as opposed to spam and phishing,

In addition to the increase in malware variants, ransomware attacks were up in June, with over 477,000 detected during the month. While still below the levels seen at the end of 2014, June represented the second month in a row that ransomware attacks increased since reaching a 12-month low in April. Crypto-ransomware was also up in June, reaching the highest levels since December.

On social media, meanwhile, hackers continued to rely primarily on manual sharing attacks, which require victims to propagate the scam by sharing content themselves.

Leave a comment

Beware Careto

malware, Ransomware, Security, Spware

A new, extremely sophisticated malware of totally unknown origin has hit the web. It poses as your favorite news site and attempts you to click on intriguing links, then subsequently steals all of your sensitive information.

Recently malware tends to focus on one thing: it attempts to gain control of your personal information. Sadly, the days of 1995′s cyberpunk classic Hackers – where the whole point of malware was to be a nuisance and could be thwarted by typing the word “cookie” into a prompt — are over. For better or worse malware is no longer disguised as Cookie Monster’s face munching around a computer monitor, but are now disguised as your favorite sources of news.

Kaspersky Labs released an extensive report (PDF) regarding this new kind of malware. Dubbed Careto, the malware begins life as a phishing attempt, posing as an email from popular news websites. Once you click on the link, you’re brought to a website that scans your rig for vulnerabilities, then attempts to inject an infection through one of the newly discovered holes.

This time around, Mac users can’t deploy their infamous line regarding Macs not getting viruses, because there is a tailored Careto version for each major operating system — OS X, Windows, and Linux. Kaspersky also suspects that there are iOS and Android versions of Careto on the loose.

As I have said many time to protect yourself from these cyber attacks try sticking to these simple rules:

  • Only go to reputable websites.
  • Do not click on links on websites or email without making sure it is legitimate.
  • As far as email goes, only click on links or open attachments that you specifically asked for. If you are in doubt contact the sender directly and “ask before clicking”.
  • When you receive message prompts on your computer take the time to read what it is “saying it will do” before clicking “OK” or “next”.
Leave a comment

Crypto Locker Warning

malware, Ransomware, Security, Spware

It seems like I write monthly about computer security but if you needed a reminder to be careful about the emails and attachments you open, it’s now. The Crypto Locker virus that is going around is said to be one of the worst ever and is infecting computers with the Windows OS all across the United States. The virus, also called “ransomware,” works by holding your files hostage until you pay a fee.

The Crypto Locker virus is passed around in emails that have innocent enough looking senders, such as UPS or FedEx, but they’re not really from these corporations, of course. Instead, when you open the attachment, your computer becomes infected and the virus locks all your files until you pay a ransom. Check out a picture of what the Crypto Locker demand screen looks like:

Ransomware causes your computer files to be non-accessible and when that happens you have two choices. You can recover if you have a backup which I hope you do or pay the ransom within 100 hours. If you do not pay the ransom you will lose all of your data.

The Crypto Locker email pretends often pretends to be from a financial institution like a bank or Pay Pal and reports that it has dire news for you and that the attachment is important. readers of these emails often panic and open the attachment and then it’s too late. The PC is infected and the files are encrypted which means you cannot open your own files. The attachment will often disguise itself as JPEG images, as PDF files, as Microsoft Office files and many other file types.  After the computer becomes infected, users are usually given 100 hours to pay a fee between $100 and $700 to get the files decrypted.

This Is Important – Follow These Rules

1.  If you get an email from somebody you do not know, especially if it has attachments, do not open anything with it, just delete the email.

2.  If you did not specifically ask for an attachment do not open it. If you are curious reach out to the send by phone before opening anything. If you cannot contact the send do not open it!

Backing Up Your Files is More Important Then Ever

Make sure you have all of your files backed up both on a local disconnected USB hard drive and in the cloud. There are many free and affordable cloud services available so there is really no excuse not to do this. If your PC gets infected with the Crypto Locker virus you backup may be your digital salvation.

Leave a comment

Avoid Ransomware At All Costs

Ransomware, Security

During the past year many people I know have had their PCs infected with the form of malware that is now being called “ransomware”. But what is “ransomware”?

Ransomware is the big brother of an older type of malware known as “scareware”. When infected with “ransomware” your pc the rogue program begins to threaten to destroy your files if you don’t pay up. The “ransomware” then starts erasing your stuff if you don’t provide a large fee to some account that is provided by the “ransomware”. Other variants claim that you have child pornography on your PC and proceeds to threaten to report you unless you pay. These blackmail scams are why the name “ransomware” is used.

Both “scareware” and “ransomware” are huge problems because they use trickery and social engineering to get around anti-virus programs. They use false messages to fool people into clicking links on pop-ups. These pop-ups then trigger rogue JavaScript present on web pages that you are sent to after clicking the pop-up message. The pop-up messages can be confusing because they are specifically designed to look like a warning from your own anti-virus program. If you fall for this trick and click on the link you will bypass your anti-virus program and provide the malware permission to install. Once installed these malicious programs are very difficult to get rid of, even for experts. This is because they disable your anti-virus defenses. An example of a phony warning is shown below. Click on this and you really are infected.

Many times the only way of dealing with this sort of infection is to reformat the disk and re-install the operating system and programs. You will then need to restore your personal files from your latest backup. This can be very costly because if you do not know how to do this you will need to pay an expert.

Leave a comment