Ransomware

ITW 2017: Webair Offers Some Advice on Ransomware Protection

Computer crash

Chicago ITW 2017: Sagi Brody, Webair’s CTO is hoping that the recent wannacry ransomware attack brings to light the importance of disaster recovery. After all, disaster recovery is in Webair’s domain. The company has created a Disaster Recovery as a Service (DRaaS) offering aimed at helping businesses instantly recover from most any IT related problem. “The difference in our offering is that we allow our customers to recover individual applications, instead of forcing them into an all or nothing approach” said Brody. For today’s enterprises, that is a critical difference, especially since disasters come in all shapes and sizes.

Take for example last week’s wannacry attack, which rapidly spread and held companies for ransom, at least as far as access to their data was concerned. As a windows centric attack, not all infected sites had all applications impacted. “With an all or nothing approach, those impacted would have…

AMD’s Radeon GPUs are rare because they’re good at mining bitcoin copycats

Bitcoin and other cryptocurrencies may enable online threats like ransomware to spread, but they are also fueling demand for powerful and efficient new graphics cards.

It’s difficult to find an RX 500-series Radeon graphics card at retail or online right now in part because people are seeking them out to mine certain bitcoin-like cryptocurrencies, chip manufacturer AMD explained to CNBC. In April, AMD released its latest round of Polaris-powered GPUs which can render graphically intensive scenes without drawing excessive amounts of power. That combination of number-crunching capabilities and energy efficiency has attracted consumers who want to “mine” altcoin cryptocurrencies, which are alternatives to bitcoin.

“The gaming market…

Synaptics warns that fingerprint spoofing makes laptops vulnerable

In the wake of the WannaCry ransomware computer virus attack, here’s one more thing to worry about. The fingerprint identification systems that some modern laptops employ to recognize users can be easily compromised with a spoofing process.

Synaptics, which makes fingerprint identification sensors and touchpad technology, earlier this month issued a warning that some computer makers, seeking to save about 25 cents per machine, have chosen to use insecure smartphone fingerprint sensors instead of more secure laptop sensors, said Godfrey Cheng, vice president of product for the Santa Clara, Calif.-based company, in an interview with VentureBeat.

“Fingerprint identification has taken off because it is secure and convenient when it’s done right,” he said. “When it’s not secure all of the way through, then that’s an exposure that an attacker can exploit.”

The smartphone fingerprint sensors typically use unencrypted methods to store and send the fingerprint to a central processing unit (CPU) for processing. That makes the data vulnerable to snooping software and other hacks. Synaptics sensors, by contrast, use encryption and a secondary host processor to do the recognition work.

That encryption makes it a lot harder for hackers to copy the fingerprint and use it to unlock a computer remotely, Cheng said. Synaptics will demo the fingerprint insecurity at the Computex trade show in Taiwan this week.

The insecure fingerprint sensors are disturbing because modern laptop users are conditioned to believe that fingerprints are unique and are much safer than passwords. This is largely true, but a laptop manufacturer’s choice in sensors can potentially lead to the theft of your fingerprint image. That makes a user’s laptop secrets vulnerable, as well as those of an entire enterprise, if it’s a work computer.

“There are two types of fingerprint sensors in the notebook market today,” Cheng said. “Those that are encrypted and safe, and those that are unencrypted and unsafe.”

Cheng showed that thieves can use typical phishing methods to take control of your computer and can plant a software program to sniff out your fingerprint when you use the laptop’s fingerprint scanner. Once…

Economists have figured out how to extract the most profit from ransomware

Economists have figured out how to extract the most profit from ransomware

Ransomware is a type of malware that impairs the functionality of a computer (for example, by encrypting files on the hard drive), and then demands the victim pay a ransom in order to return their system to normal.

It’s frighteningly common. The term ‘Ransomware’ first entered the Oxford English Dictionary in 2012. We have seen several ugly and dangerous permutations of it, including CryptoLocker, CryptoWall, and most recently, WannaCry.

But it’s not the cash cow you probably think it is.

Take WannaCry, for example. This specimen devastated the UK National Health Service, as well as countless private sector businesses, like Spain’s Telefonica and Banco Santander. It took roughly a week for the Bitcoin wallets associated with the malware to reach $100,000 in payments. That’s not a huge amount when you compare it to the chaos it caused.

A recent paper from three University of Kent researchers, called “Economic Analysis of Ransomware” published in March of this year, makes several suggestions at how ransomware developers can increase their bottom line.

The researchers note that the money earned from ransomware is largely contingent upon people’s willingness to pay to recover their files. This is influenced…

How to Check for Windows Updates

Annoying as they might be, it’s important to keep Windows updated…just ask the victims of the latest ransomware attack. If you haven’t used your PC for a while or you just want to make sure you’re updated with the latest software, it’s easy to manually check and make sure in Windows.

Press the Windows button or Search button, and type “check for updates” in the box. Then, hit Enter or click on the first result. This will take you to the dedicated Windows Update page in the Windows 10 Settings application (or, if you’re using Windows 7, the Control Panel).

The display will show you the last time Windows connected to a Microsoft server to check for the latest updates. Click the “Check…

Victims Call Hackers’ Bluff as Ransomware Deadline Nears

With the clock ticking on whether a global hacking attack would wipe out his data, Bolton Jiang had no intention of paying a 21st-century ransom.

Since a week ago, when the malware first struck, Mr. Jiang has been busily fixing and replacing computers at the electronics company where he works in Shanghai. Paying is a bother, he said, and there was no guarantee he would get his data back.

“Even if you do pay, you won’t necessarily be able to open the files that are hit,” he said. “There is no solution to it.”

Tens of thousands of computer users around the world faced the same dilemma on Friday, their last chance to pay the anonymous hackers behind the ransomware attack known as WannaCry. The malicious software exposed the widespread vulnerability of computers and offered a peek at how a new type of crime could be committed on a global scale.

As part of the hacking, attackers demanded that individuals pay a fee to regain control of their machines, or face losing their data.

The latest strain of ransomware was particularly virulent, experts warned, because it had been based on software stolen from the National Security Agency. Law enforcement agencies in the United States and elsewhere have been hunting for the culprits, with attention focused on hackers linked to North Korea.

Despite a week of widespread disruption, the total ransom paid so far looks relatively modest. An online tracking system showed that the amount sent in the electronic currency Bitcoin to accounts listed by the attackers had begun to plateau on Wednesday, and had reached about $90,000 on Friday afternoon in Europe. Early estimates of what the virus could ultimately earn had ranged into the tens of millions or even hundreds of millions of dollars. Victims have seven days to pay from when their computers were originally infected, so the deadline will vary from case to case.

A number of people and companies have struck a defiant tone. The Japanese conglomerate Hitachi, which had been identified in the news media as a victim, declined to confirm those reports on Friday but said that it had no intention of paying a ransom and that it aimed to be fully secure against future attacks by Monday.

Nissan Motor, another Japanese industrial giant, also said it would not pay a ransom. Its factory in Sunderland, England, was affected, but the company said it had not lost data.

Owners of the more than 200,000 computers across the globe that have been hit by the malware face similar decisions. Those affected, including hospitals, government offices and universities, have lost access to business information, term papers and even medical records that could involve matters of life or death.

In Britain, whose National Health Service was one of the largest organizations affected by the ransomware, some medical institutions were…

22-Year-old Who Stopped Global Cyberattack Donates His Reward to Charity

The British youth who was awarded $10,000 for accidentally stopping an international cyberattack has just announced that he will be donating the cash to charity and education.

The 22-year-old, who goes by the pseudonym MalwareTech, shut down the spread of the malicious online program by activating the “kill-switch” last week after the cyberattack was reported in over 100 countries.

Organizations worldwide were infected by the malicious ransomware known as “WannaCry” – a program that encrypts the users files and holds them for ransom. If the user does not pay the several hundred dollar ransom in bitcoin on time, then all of the data and files stored on the computer are deleted. The National Health Organization, FedEx, Telefonica, and Nissan are all examples of corporate giants who were affected by the malware in addition to hospitals and businesses worldwide.

CHECK OUT: Man Saves 70 People From ISIS Sniper Fire Using His Bulletproof BMW

When MalwareTech and his friends heard of the epidemic, they started investigating the malware’s code. The 22-year-old Brit then found an unregistered domain name in the source of the code that acted as an “abort” button for the malware. When he registered the domain name, the attack ceased.

Though he has preferred to keep his…

Focus Turns to North Korea Sleeper Cells as Possible Culprits in Cyberattack

SEOUL, South Korea — They take legitimate jobs as software programmers in the neighbors of their home country, North Korea. When the instructions from Pyongyang come for a hacking assault, they are believed to split into groups of three or six, moving around to avoid detection.

Since the 1980s, the reclusive North has been known to train cadres of digital soldiers to engage in electronic warfare and profiteering exploits against its perceived enemies, most notably South Korea and the United States. In recent years, cybersecurity experts say, the North Koreans have spread these agents across the border into China and other Asian countries to help cloak their identities. The strategy also amounts to war-contingency planning in case the homeland is attacked.

Now, this force of North Korean hacker sleeper cells is under new scrutiny in connection with the ransomware assaults that have roiled much of the world over the past four days. Signs have emerged that suggest North Koreans not only carried out the attacks, but that the targeted victims included China, North Korea’s benefactor and enabler.

While there is still nothing definitive to link the attacks to North Korea, similarities exist between the ransomware used to extort computer users into paying the hackers and previously deployed North Korean malware codes.

Moreover, North Korea has in the past deliberately timed cyberattacks to coincide with its banned weapons tests — like the ballistic missile launched on Sunday — as a way of subtly flaunting the country’s technological advances despite its global isolation.

Unlike its missile and nuclear weapons tests, however, North Korea has never announced or acknowledged its computer hacking abilities — if anything, the country has denied responsibility for hacking and other forms of computerized crimes.

It also is possible that North Korea had no role in the attacks, which exploited a stolen hacking tool developed by the National Security Agency of the United States. Early Tuesday, the Shadow Brokers, the hacking group that spread the tool and is not believed to be linked with North Korea, threatened in an online post to start a “Data Dump of the Month” club, in which it would release more N.S.A. hacking methods to paying subscribers.

Security officials in South Korea, the United States and elsewhere say it is a well-known fact that the North Korean authorities have long trained squads of hackers and programmers,…

The Ransomware Attack Isn’t Over—Here’s How to Protect Yourself

If your computer’s running on Microsoft Windows, you need to take these steps—right away.

Here’s why: in case you haven’t heard, hackers exploited a vulnerability in older Microsoft Windows servers to execute a large-scale global cyberattack on Friday using ransomware — a malicious software that holds your computer hostage for ransom — and a hacking tool stolen from the U.S. National Security Agency (NSA). The massive attack left victims locked out of their PCs with a promise of restored access if $300 was paid in digital currency Bitcoin—and a threat of destroyed files if the ransom is not met.

Thus far, at least 200,000 computers have been infected in more than 150 countries, leaving everything from businesses and governments to academic institutions, hospitals and ordinary people affected.

How it works

The malware, which “spreads like a worm,” is transmitted through a phishing email containing a compressed, encrypted file. Since the file is encrypted, security systems do not identify the ransomware, called Wanna Decryptor, until after it is downloaded. Wanna Decryptor, a next-gen version of the WannaCry ransomware, gains access to a given device once the malware-filled file is downloaded: it then encrypts data, locks down the system and demands ransom.

Ransomware does not typically work this quickly. But thanks to a stolen NSA cyber-weapon called EternalBlue, which was made public last month by a hacking group known as the “Shadow Brokers,” the malware spread rapidly by exploiting a security flaw in Microsoft Windows servers.

What users need to do

Simply put: make sure your Microsoft Windows server is up to date. Microsoft issued a patch in mid-March to fix the hole in Windows 7 and other supported versions of Windows: Vista, Server 2008, Server 2008 R2, 8.1, Server 2012, RT 8.1, 10, Server 2012 R2, and Server 2016. But those who did not apply the software update were—and still are—left exposed to the hack.

In light of the attack, Microsoft rolled out patches to protect older versions of Windows that “no longer receive mainstream support” from the company like Windows XP, Windows 8, and Windows Server 2003. Those…

In Ransomware Attack, Where Does Microsoft’s Responsibility Lie?

SEATTLE — When malicious software first became a serious problem on the internet about 15 years ago, most people agreed that the biggest villain, after the authors of the damaging code, was Microsoft.

As a new cyberattack continues to sweep across the globe, the company is once again at the center of the debate over who is to blame for a vicious strain of malware demanding ransom from victims in exchange for the unlocking of their digital files.

This time, though, Microsoft believes others should share responsibility for the attack, an assault that targeted flaws in the Windows operating system.

On Sunday, Brad Smith, Microsoft’s president and chief legal officer, wrote a blog post describing the company’s efforts to stop the ransomware’s spread, including an unusual step it took to release a security update for versions of Windows that Microsoft no longer supports. Mr. Smith wrote, “As a technology company, we at Microsoft have the first responsibility to address these issues.”

He went on, though, to emphasize that the attack had demonstrated the “degree to which cybersecurity has become a shared responsibility between tech companies and customers,” the latter of whom must update their systems if they want to be protected. He also pointed his finger at intelligence services, since the latest vulnerability appeared to have been leaked from the National Security Agency.

On Monday, a Microsoft spokesman declined to comment beyond Mr. Smith’s post.

To prepare for fallout with customers, Judson Althoff, a Microsoft executive vice president, sent an email to the company’s field sales team on Sunday encouraging them to be supportive of businesses targeted by the attack, or even those who were simply aware of it.

“Our key direction to you is to remember that we are in this with our customers — we are trusted advisers, counselors, and suppliers to them,” he wrote. “More than technical guidance, I want you to make sure you are spending the time needed to understand the concerns they have and that they know we…