Monday, August 29, 2016

The smartest way to stay unaffected by ransomware? Backup!

blog_main_backup


Here at Emsisoft, we know that ransomware is now the most consistently problematic type of malware to effect internet capable devices and businesses. As a security software vendor you might expect that with this blog post we would try to sell you our product as the ultimate solution against ransomware. A quality anti-malware program is vital. Our software in fact is specialized in finding and blocking ransomware, but there is one additional layer of protection you need to consider.


What would you do if an attacker gained admin access to your computer and disabled your antivirus/anti-malware software? They have cleared the way to load the encryption part of their ransomware onto your machine and now your data is lost to you. Anti-malware software detects malicious files very well, but it can’t prevent you from opening your doors to invite the bad guys in.


In the recent past our lab has dealt with many ransomware victims who’s computers were infected manually by using leaks in old, non-patched software to get admin access. So you should always have a Plan B at hand. If someone manages to disable your protection software, you need to have a backup.


Firstly, what is ransomware?


An exploitative crime, ransomware is a kind of malware that encrypts your personal data or locks your entire PC. If infected you will be asked to pay a “ransom” via an anonymous service (such as a Bitcoin page) in order to unlock your computer and free your data.

Ransomware makes up a huge part of today’s active threats as it turned out to be one of the easiest and highest income earners for attackers. All other malware makes its developers money indirectly (by using or selling your computer power), but ransomware directly asks you (the victim) for cash by putting you in a situation in which you feel forced to pay.


The key to protecting your data from a ransomware attack lies with preparedness.


It’s all about Plan B


If you have all of your data stored somewhere else, uninfected, a ransomware attack will not be such a problem for you. In fact, in most cases you will only need to wipe your computer and start again. By keeping an updated backup, you can reinstall your operating systems, programs and personal data. This applies to businesses too. If a daily backup becomes part of your daily closing procedure, customer databases, accounts and book-keeping files will always be up-to-date in case of emergency.


What should I backup?


Let’s start with the most important. First and foremost, you need to back up your personal files. Your personal data is irreplaceable. Think of it this way. If your house was burning down, aside from your loved ones, what would you want to save?

Backup any personal documents such as copies of birth certificates or saved bank statements. Your photos, home videos, and any other data such as your work files should be backed up regularly. Those can never be replaced. If you’ve spent hours ripping audio CDs to build your dream MP3 library, you may want to back those files up too.

Your operating system, programs, and other settings should also be backed up. Though it’s not necessary, it can make your life easier if your entire hard drive fails. Particularly if, like me, you are the type of person that likes to play around with program files, regularly update your hardware and run partitions for linux, having a full system image backup may be very useful for you.

Since ransomware also targets corporate users, customer information systems and databases should be backed up regularly.


blog_content_breaker_backup


Backup Options


Before choosing a backup option, the first and most important step is to take some time to properly label and organize your files into well-named and easy to follow directories. If it gets too overwhelming, try starting it on paper.


Seagate offers excellent advice on how to organize your files with a back-up master plan. Decide on the frequency with which you will back up, then consider what your best backup option is.


External hard drives are a good option as the drive can be kept physically separate to your machine and can be locked away for safe keeping. However, external hard drives only work as a backup option if the device is kept physically disconnected from the machine. If it remains plugged in, it is as susceptible to ransomware as the hard disk of your computer. So, keep your backup separate. Keep it updated. And consider encrypting both your computer’s hard disk and the portable hard drive. We explore the benefits of file encryption here.


Backing up online with a cloud service like CrashPlan can be an excellent option to protect against natural disaster, fire or any other kind of physical threat to your data.


CrashPlan is a reputable online backup service with equally popular competitors such as BackBlaze, Carbonite and MozyHome. These programs will run in the background, updating your files in the programs web storage. Keep in mind this option usually requires a monthly fee and the first backup can take quite a long time, particularly if you have a lot of data.


Cloud safety is becoming more and more undermined by cybercriminals who, rather than hacking computers directly, hack the main servers of cloud services. This means your data could still be held to ransom, just on a much larger scale among thousands of other users.


So, when considering an online backup option, look carefully for a service that supports revisioning where old versions of files are kept and are accessible if your backup files are also infected with ransomware. This table compares online backup options based on the different features they offer. If you choose an option that does not support revisioning, please ensure the service does not remain constantly connected to your main computer as even these files can be corrupted. With no alternative versions of your files, you will still lose your data.


By regularly updating with revisioning, all versions will be more recent and your loss can be minimised drastically. If ransomware changes the most recent backup, older versions should remain unchanged.


In summary: avoid infection


  • Keep your software and operating systems up to date.

  • Do not install applications from unfamiliar sources or untrusted websites.

  • Read permissions closely when requested by programs or apps.

  • Back up data and devices frequently.

  • Install and regularly update a quality anti-malware product such as Emsisoft Anti-Malware. Our software has a proven ability to capture and eliminate ransomware. Read about our performance against ransomware here with our behaviour blocker technology.

  • If infected, take every possible step to avoid paying. Every bitcoin in the hands of a cybercriminal increases the profitability and spread of this kind of malware. Emsisoft does not profit from emergencies. If you ever have a problem, please contact us.

Have a great (malware-free) day!



Related Posts:


  • Ransomware took a company’s data hostage and almost…

  • Special: backup software for free with your order at…

  • How it’s done right: Emsisoft’s Behavior Blocker

  • Warning: File Encrypting Ransomware, Now on Android

  • Ransomware for Hire: 3 Steps to Keeping Your Data Safe




The smartest way to stay unaffected by ransomware? Backup!
Posted by at No comments:

Tuesday, August 23, 2016

Free decryption keys for CryptXXX Ransomware

blog_main_cryptxxx


BleepingComputer has long been working on helping users effected by CryptXXX Ransomware. This week, they published an article uncovering a bug on the CryptXXX ransomware’s payment server where victims are logging in and receiving their decryption key for free.


Free Decryption Key



These free keys are only being offered for certain versions of CryptXXX, namely those that add the .Crpyz and .Cryp1 extensions to encrypted files.


Though it is unknown why this is occurring – Bleeping Computer suggest it is a malfunction of the payment server- a detailed list of keys are available.


Keys being offered for free


.CRYPZ EXTENSION (ULTRADECRYPTOR)

Ransom Note Name: ![victim_id].html

Ransom Note Name: ![victim_id].txt


Example TOR Url: http://xqraoaoaph4d545r.onion.to

Example TOR Url: http://xqraoaoaph4d545r.onion.cab

Example TOR Url: http://xqraoaoaph4d545r.onion.city


.CRYP1 EXTENSION (ULTRADECRYPTOR)

Ransom Note Name: ![victim_id].html

Ransom Note Name: ![victim_id].html


Example TOR Url: http://eqyo4fbr5okzaysm.onion.to

Example TOR Url: http://eqyo4fbr5okzaysm.onion.cab

Example TOR Url: http://eqyo4fbr5okzaysm.onion.city


Does Not Provide a Free Key


.CRYPT EXTENSION (ULTRADECRYPTER)

Ransom Note Name: [victim_id].html

Ransom Note Name: [victim_id].txt


Example TOR Url: http://klgpco2v6jzpca4z.onion.to

Example TOR Url: http://klgpco2v6jzpca4z.onion.cab

Example TOR Url: http://klgpco2v6jzpca4z.onion.city


.CRYPT EXTENSION (GOOGLE DECRYPTOR)

Ransom Note name: !Recovery_[victim_id].html

Ransom Note name: !Recovery_[victim_id].txt


Example TOR Url: http://2zqnpdpslpnsqzbw.onion.to

Example TOR Url: http://2zqnpdpslpnsqzbw.onion.cab

Example TOR Url: http://2zqnpdpslpnsqzbw.onion.city


RANDOM EXTENSION (ULTRADECRYPTOR)

Ransom Note Name: @[victim_id].html

Ransom Note Name: @[victim_id].txt


Example TOR Url: 2mpsasnbq5lwi37r.onion.to

Example TOR Url: 2mpsasnbq5lwi37r.onion.cab

Example TOR Url: 2mpsasnbq5lwi37r.onion.city


NO EXTENSION (MICROSOFT DECRYPTOR)

Ransom Note Name: README.html

Ransom Note Name: README.txt


Example TOR Url: http://ccjlwb22w6c22p2k.onion.to

Example TOR Url: http://ccjlwb22w6c22p2k.onion.city


Have a great (ransomware-free) day!



Related Posts:


  • VaultCrypt ransomware offers fake customer support

  • Strong indications that ransomware devs don’t like…

  • Apocalypse: Ransomware which targets companies through…

  • Copycat Ransomware “Locker” Emerges

  • RAA, a new Ransomware variant using only JavaScript




Free decryption keys for CryptXXX Ransomware
Posted by at No comments:

Monday, August 22, 2016

The alarming state of computer security in healthcare

Life support machines can be the difference between the recovery of a patient and the loss of a life. Imagine the implications of a poorly coded worm causing a respirator to turn on and off intermittently while connected to a loved one.


This issue was all too real for an American hospital when malware was injected through the neo natal intensive care unit to gain back access to a hospital network. The poor coding in the worm caused an error with a system of heart monitors. Premature babies went unmonitored for potentially fatal periods of time.


blog_main_medical


Why would anyone attack a hospital?


The data stored within healthcare networks remains a primary target for attackers on a global basis. By accessing a hospital network through a medical device, such as the neonatal intensive care ward heart monitors, attackers can infect medical devices with malware, then move laterally through hospital networks to steal confidential data.


Once criminals have hold of the data, they can easily keep that data hostage. Large ransoms are demanded in order to release this patient data and to unlock vital administrative systems. Hospitals have no choice but to pay if they wish to continue to offer any services.


An unfortunate outcome of these kinds of malware attacks is the unpredictable affect the worm will have on the machines they infect, such as turning heart rate monitors on and off again without warning.


According to IBM, healthcare has become the #1 most attacked industry in 2015, replacing financial services, which was the leader just two years ago. Data held for ransom is incredibly lucrative for cyber criminals. A prime example of how stolen patient data can provide a huge payday comes from the news that a hacker dubbed “thedarkoverlord” is reportedly trying to sell 655,000 patient records on an illegal online data market.


The problem with medical devices is that these kinds of hardware need to be in use for 10-20 years to pay off, but hardly any operating system is supported that long. Many of these devices were built as a static machine back then. Not as a changing or updating OS like that which we have today. If a device was to be continually updated, each update could kill the hardware drivers for the actual device so they are typically not touched or updated at all. The problem here is that once a hacker is in a network (with enough administrative rights) they can basically do anything they want such as stealing patient data and holding it for a large ransom. If these outdated machines must still be used, they have to be kept disconnected from the internet at any price.


Modern equipment comes with modern safety features


The presence of medical devices on healthcare networks creates high vulnerability. These medical devices will make these networks much more susceptible to a successful cyber attack. But, this is not only an issue in the healthcare industry. Attacks on medical devices are a prime example of what can happen if you continue to operate your business or work at home on out-of-date hardware with old software.


blog_content_breaker_medical


What can you do to avoid incidents like this?


Ask questions of your medical professionals. How do they protect client data? It’s unlikely that they will tell you anything but asking the right people might at least get those with the power to change things to start thinking about their vulnerabilities.


Have a great (malware-free) day!



Related Posts:


  • US hospitals to use AC power probes to treat malware on…

  • The big ‘R’: Ransomware. Why businesses and institutions

  • The malware landscape has shifted – These online…

  • U.S. Healthcare.gov Sick with Malware

  • Cleaning vs. Protection – Why you shouldn’t rely




The alarming state of computer security in healthcare
Posted by at No comments:
Subscribe to: Posts (Atom)