Wanna Cry Ransomware
, , , , ,

Worldwide Ransomware Crisis – Self Inflicted?

Wanna Cry Ransomware

By now, most people would have heard about the Worldwide Ransomware attack that employed the virus called Wanna Cry.

Some 200,000 computers across many counties worldwide have been affected including the NHS in Britain, the National Railway in Germany, FedEx in the USA and Spain’s National Railway system.

It has caused mayhem among some very large Institutions like those I have mentioned.

How did this happen?

Well it would seem to me that this is largely self inflicted. Microsoft released a Patch back in March that addressed the vulnerability that allowed this virus to be effective. So all supported Operating Systems, Windows Vista and on, had they been patched, were protected. But there were many PC’s still running Windows XP that were targets. Now you tell me, when Microsoft ended support for Windows XP, there were plenty of warnings and messages that support was ending. So why in the world would you continue to use obsolete, unsupported software for Critical Systems?

Like I said, self inflicted. And I suspect that those in charge of IT at some of these places will have a lot to answer for and may well lose their jobs.

Let’s look at the Home User now.

Much the same applies. You must always download, and install the Patches released by Microsoft. They release these Patches for a reason. In addition, do not continue to use PC’s with outdated Operating Systems like Windows XP. Let’s face it, we had a pretty good run with Windows XP. It first appeared in August 2001, and it was supported right up until April 2014. So people certainly got their money’s worth. Now it’s time to move on.

But if you MUST have Windows XP because of some software you run will only work on XP, then at the very least, do not have it connected to the Internet. But if you absolutely and positively need it connected to the Internet, then please make sure you have good Security Software installed and you don’t go downloading dodgy things or visit dodgy websites, and certainly be very careful about opening or even using email on that PC.

Cyber Attacks
, , , , ,

Cyber Attacks – are you prepared?

Cyber AttacksI recently read a quote that was meant to apply to Businesses, but equally applies to anyone online. And it went like this:

When you are attempting to secure your business, you have to be right 100 percent of the time. The hacker only has to be right once.

This quote highlights the ever increasing issues we all have, but in particular businesses. A business that is the focus of a successful Cyber Attack can quickly accrue costs that can, at worst, send the business bankrupt. If you lose access to your data through a Ransomware Attack and you don’t have a recent backup, or even a backup at all, you will quickly find it difficult to run your business, and you will lose customers. Not to mention the costs involved removing the threat, and securing your systems.

Cyber Attacks are in epidemic proportions. Just in the last two weeks there were two high profile incidents. One was on the Queensland State Government, and more recently, the National Census Website. Although the latter is probably more about the websites inability to cope with the traffic, nonetheless, it was subject to what is known as a DDoS (Distributed Denial of Service) Attack, designed to bring down a website and potentially expose security holes.

The Cost of Cyber Attacks

The average total cost of a data breaches world wide is around $3.79 million. The costs from cyber attacks include, remediation costs, lost productivity, legal fees, lost data and lower stock prices.

When Pokémon Go was released, Hackers created bogus versions of the App that was infected with malware which enabled the Hackers to access mobile phones and accounts. Just imagine how many businesses were put at risk from the millions of compromised smart phones. In 2014, a WordPress Plug-in allowed an estimated 50,000 websites to be hacked that allowed Hackers to upload PHP files to the Server and control the website.  And it allowed the infection of all the other websites Hosted on the same Server. 

The total cost to the world economy for computer and network cyber crime is $445 billion!!!

So what can you do to protect your Business?

  1. Be proactive, not reactive. Don’t wait until something goes wrong. Have someone in your organisation that is responsible for ensuring that all PC’s have good Security Software, and that it is up to date. They must also ensure that all Windows Updates, Java, Adobe Flash and Adobe Reader updates are carried out as they become available.
  2. Talk to your employees. Make sure that all your employees are up to speed on doing, and not doing certain things. Things like not opening email attachments they shouldn’t, particularly if they are in .zip format. But any email attachments that seem odd or out of character. Train them to recognise what bogus emails look like. For example, the typical Phishing emails from the Banks, Australia Post, Courier Companies etc. Your employees are the first line of defence, but also the weakest component if they don’t understand what to look out for.
  3. Keep your website secure. If you have a Website, particularly if it is based on the WordPress and Joomla platforms, it is imperative that the platform, and all Plug-in’s, are kept up to date. Equally important is the use of security Plug-in’s to help mitigate any Cyber Attacks. Keep your website secure!!
Ransomware
, , , ,

Ransomware – What can you do about it?

RansomwareRansomware has been on the rise over the last six months.

I have noticed a huge increase in the number of inquiries from people who have been infected with viruses that have encrypted the data on their Hard Drives.

This article gives you some options for decrypting your data without paying the ransom.

These viruses, collectively know as “Ransomware”, encrypt your files (Documents, Photos and other files) and then attempt to extort you by requesting payment to unlock those files.

Up until recent times, my advice has been that there is little choice other than to wipe the Hard Drive and reinstall Windows and software, and if available, restore a backup of your files.

Recently however, a couple of other options have come to my attention.

Ransomware Decryption Tools

The first comes from AVG. They have released six Decryption Tools that (if you’re lucky) may help with decrypting your data.

The six methods of encrytion that these tools target are:

[unordered_list style=”tick”]

  • Apocalypse,
  • BadBlock,
  • Crypt888,
  • Legion,
  • SZFLocker, and
  • TeslaCrypt.

[/unordered_list]

You can access these decryption tools here.

The second option is in the form of other decryption tools from a website setup by Europol.

These tools attempt to decrypt the following:

CoinVault

The National High Tech Crime Unit (NHTCU) of the Netherlands’ police, the Netherlands’ National Prosecutors Office and Kaspersky Lab, have been working together to fight the CoinVault and Bitcryptor ransomware campaigns.

RannohDecryptor

The RannohDecryptor tool is intended to be used to decrypt files encrypted by:

[unordered_list style=”tick”]

  • Rannoh,
  • AutoIt,
  • Fury,
  • Crybola,
  • Cryakl, and
  • CryptXXX versions 1 and 2 (files encrypted by Trojan-Ransom.Win32.CryptXXX version 3 are detected, but not decrypted).

[/unordered_list]

RakhniDecryptor

The RakhniDecryptor tool is intended to be used to decrypt files encrypted by:

[unordered_list style=”tick”]

  • Rakhni,
  • Agent.iih,
  • Aura,
  • Autoit,
  • Pletor,
  • Rotor,
  • Lamer,
  • Lortok,
  • Cryptokluchen,
  • Democry, and
  • Bitman (TeslaCrypt) version 3 and 4.

[/unordered_list]

ShadeDecryptor

ShadeDecryptor can decrypt files with the following extensions: .xtbl, .ytbl, .breaking_bad, .heisenberg.

You can access these decryption tools here.

Prevention is better than cure

Of course it goes without saying that prevention is better than cure.

The reason you will get one of these viruses normally stems from opening an attachment in a Phishing email.

A Phishing email is one that is constructed to look like it comes from a reputable source.

Examples are:

[unordered_list style=”tick”]

  • The Bank;
  • An Energy supplier. ie. AGL, Origin etc;
  • Australia Post;
  • A Courier. ie DHL, Toll etc.

[/unordered_list]

Also, the prevailing advice is never pay the ransom.

By paying cybercriminals, you only confirm that ransomware works, but more importantly, there is no guarantee that you will receive the encryption key you need to unlock your data.