Tag Archives: Ransomware

Posted on Author Atlantic Computer Services Categories Blog

Ransomware Now Sends Malicious Texts Through Mobile Device

If you own an Android device, there’s a new threat to be at least moderately concerned about.  It takes the form of a new ransomware family that spreads from one victim to the next with text messages that contain poisoned links to every contact on an infected device.

The ESET research team that found the software had this to say about it:

“Due to narrow targeting and flaws in both execution of the campaign and implementation of its encryption, the impact of this new ransomware is limited.

If your system is infected, the first thing it will do is raid your contacts list and send SMS text messages to everyone on it.  Anybody who clicks on the link in the SMS message will also be infected.

After sending a flurry of messages, the malware will turn its attention to your device itself. It will then set about the task of encrypting most of the files on your device.  Fortunately, the people behind this new threat prove themselves to be new to the game.”

ESET continues:

“After the ransomware sends out this batch of malicious SMSes, it encrypts most user files on the device and requests a ransom.  Due to flawed encryption, it is possible to decrypt the affected files without any assistance from the attacker.”

All in all, this issue is only of minor concern.  It’s annoying, and certainly time consuming to restore your files. However, it’s not an especially dangerous malware strain – yet, and that’s the problem.

Whomever is behind this new threat certainly has the right idea, even if they lack the technical chops to pull it off.  Skills, however, can be learned and honed.  As a first try, this effort is disturbing because it’s clever.  The moment the people who wrote the code get the technical skills to pair with that cleverness, they’re going to be genuinely dangerous.

0
Posted on Author Atlantic Computer Services Categories Blog

Florida City Paid Big Bucks To Hackers Using Ransomware  

The city of Riviera Beach, Florida is the latest high-profile victim of a ransomware attack.

Recently, the city council voted to pay more than $600,000 to a hacking group to regain access to data that had been locked and encrypted via ransomware nearly a month ago.  That is in addition to the $941,000 the city will be paying for new computers.

An investigation into the hack revealed that the trouble began when a Riviera Beach police department employee opened an email from an unrecognized, un-trusted sender.  That’s all it took to bring the entire city government network to its knees. Since May 29th, all city services have been suspended except for 911 services, which have been able to continue in limited fashion.

The city council didn’t initially plan to pay the hackers off.  Their first move was to vote to spend the money to get new computers and rebuild their IT infrastructure.  Since that time, however, the city’s IT staff has been unable to decrypt the files on their own.  In light of the lack of progress, the city council reconvened and voted 5-0 to pay 65 Bitcoins to the hackers (which amounts to a little over $600,00 USD at the time this piece was written).

Riviera Beach, a suburb north of Palm Beach, Florida, isn’t the only local government to fall victim to hacking groups or ransomware attacks.  Earlier this year, officials in Jackson County, Georgia paid more than $400,000 to regain access to their files.   To date, the highest ransom paid to hackers employing this tactic was $1.14 million USD, paid by South Korean web hosting firm Internet Nayana.

Last year was a record-setting year for the number of successful hacks.  This year is on track to beat it by a wide margin.  Your company could be next.

0
Posted on Author Atlantic Computer Services Categories Blog

New Ransomware Looks Like An Anti-Virus Installation

Dharma is a highly successful ransomware strain.

It recently has been made even more successful by a change in the way the hackers controlling it are deploying it.

The first part of their latest campaign remains unchanged.  They rely on well-crafted phishing emails to lure employees in.

The key difference, however, lies in the particulars of the newly crafted emails.

In a nutshell, the group has begun imploring email recipients to protect their systems by installing the latest antivirus software.  The emails include a helpful link to the antivirus, which of course doesn’t point to antivirus software at all. Rather, it is the ransomware they’re trying to deploy inside corporate networks.

Worst of all, the emails claim to be from Microsoft, one of the biggest, most recognizable and most trusted names in the industry. So, there’s a good chance that at least one of your employees will take the bait. In a bid to be good, proactive employees, they will seek to install what they think is antivirus software.

Once they start the installation, the damage is done.  It will lock every file on the victim’s system, demand ransom, and seek to spread itself to as many other systems inside your network as it can reach.

Raphael Centeno, a security researcher at Trend Micro had this to say about the new twist on the malware strain:

“As proven by the new samples of Dharma, many malicious actors are still trying to upgrade old threats and use new techniques.  Ransomware remains a costly and versatile threat.”

As ever, the best way to guard against this type of threat starts with employee education.  Employees should not be in the habit of installing their own antivirus software in the first place, so a gentle reminder to that effect should go a long way toward limiting the threat, but it still pays to be very much on your guard.

0
Posted on Author Atlantic Computer Services Categories Blog

2019 Sees A Huge Rise In Ransomware Attacks

According to FBI statistics, in 2013 there were 991 tracked incidents of ransomware attacks against business, resulting in losses slightly exceeding half a million dollars.

The number of incidents steadily increased through 2016 when they reached 2,673 for the year, with total losses just shy of two and a half million dollars.

During the 2017-2018 period, the overall number of ransomware attacks declined from their high-water mark, even as the total losses continued to increase.  This was a consequence  of the hackers targeting larger networks with bigger payoffs. It led some to believe that interest in ransomware was beginning to wane in the hacking community in preference for other forms of attack.

That conclusion seems to have been premature.  According to the statistics gathered so far for 2019, there has been an enormous increase in the total number of ransomware attacks.  Businesses have borne the brunt of the surge, reporting an increase in excess of 500 percent.  While there are no hard figures yet for the total damages, one can expect that the 2019 figures will be as record shattering as the total number of attacks themselves.

Of interest, in the same period, ransomware attacks targeting consumers is down markedly. They are down to the point that it’s no longer even in the top ten most common cybercriminal threats that consumers face.  That’s good news for the consumer, but businesses are paying the price.

As a business owner, this is valuable information to know because if you are attacked, it’s much more likely that the attack will come in the form of ransomware.  Not to say you shouldn’t be on your guard for other types of attacks, but give the reality of scarce IT resources, it pays to know what the biggest threats are.

 

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Now Using Remote Desktop Services For Ransomware

Ransomware continues to be the weapon of choice for hackers around the world, but their distribution methods are evolving.  Recently, a new strain of the ransomware known as CryptoMix was found in the wild, sporting a new distribution methodology.

Hackers are beginning to target publicly exposed remote desktop services and installing their poisoned software manually.

In the case of the remix of CryptoMix, once installed, the malware appends the .DLL extension to all encrypted files and predictably demands a ransom from the victim to get his or her files back. Despite the evolving delivery method, the threat remains the same, so perhaps it’s time for a review.

Here are several things your staff can do to minimize your risk of being taken offline by a ransomware attack:

  • Back your data up religiously. This isn’t so much a prevention strategy as it is an insurance policy.  It should go without saying, but too many SMBs don’t do this, so we wanted to list it first.
  • Make sure your employees are absolutely phobic when it comes to opening attachments from people they don’t know and trust. Even in cases where they recognize the sender, it’s always best to take the step of phone verification before actually opening the file.
  • All attachments should be scanned with a robust antivirus tool before opening
  • Be sure your people know not to connect Remote Desktop Services directly to the internet. Everyone using such services should do so via a VPN.
  • Make sure all Windows updates and security patches are installed in a timely fashion. Many a problem can be avoided simply by keeping your software up to date.
  • If you’re not using some type of security software that relies on behavioral detection or white list technology, you’re not doing your company any favors.

None of these things (even taken together) will absolutely ensure that you don’t fall victim to a determined hacker, but they will dramatically reduce your risk.

0
1 14 15 16 17