Always Providing You With Ongoing Information

Posts tagged ‘Ransomeware’

Security Researchers Have discovered A”Vaccine” For The Huge Cyber-Attack

Snapshot_143

The creation of a single file can stop the attack from infecting a machine.

However, researchers have not been able to find a so-called kill switch that would prevent the crippling ransomware from spreading to other vulnerable computers.

By creating a read-only file – named perfc – and placing it within a computer’s “C:\Windows” folder, the attack will be stopped in its tracks.

 

Screenshot

“Even though it will make a machine ‘immune’,” explained computer scientist Prof Alan Woodward, “It is still a ‘carrier’ (to use the biological analogy).

“It will still continue as a platform to spread the ransomware to other machines on the same network.”For the vast majority of users, simply running an up-to-date version of Windows will be sufficient to prevent the attack taking hold, were it to infect your PC.

Researchers predict the spread of this new ransomware is likely to be much slower than last month’s WannaCry attack. Code analysis showed the new attack did not attempt to spread itself beyond the network it was placed on.

Several experts are predicting that the attack will not spread significantly further than it did on Tuesday, unless it is modified.”There is low risk of new infections more than one hour after the attack,”

gold3_001

WannaCry ransomware that claimed hundreds of thousands of victims across 150 countries has hit speed and intersection cameras in Victoria Austrailia, Radio 3AW has reported.

According to the radio station, 55 cameras in the state belonging to vehicle monitoring and enforcement service Redflex were infected with the ransomware after a rogue USB was inserted by someone performing maintenance on the now-infected cameras.

It is understood that the infection came as a result of “human error” rather than a targeted attack aimed at holding the Australian state to ransom.

The cameras are not connected to the internet, however, which means the ransomware has not been spread throughout the field, 3AW told its listeners on Thursday.

Reporting or Avoiding Malware/Ransomware

knickers3_001

What you should Do

  • Contain the attack: Disconnect infected devices from your network to keep ransomware from spreading.
  • Restore your computer: If you’ve backed up your files, and removed any malware, you may be able to restore your computer. Follow the instructions from your operating system to re-boot your computer, if possible.
  • Contact law enforcement: Report ransomware attacks to the Internet Crime Complaint Center, FBI’s Cyber Division (CyWatch@ic.fbi.gov or 855-292-3937) or an FBI field office. Include any contact information (like the criminals’ email address) or payment information (like a Bitcoin wallet number). This may help with investigations.

Install Reputable Security Software: Your computer should have anti-virus and anti-spyware software, and a firewall. Viruses can be planted in emails or attachments to emails, in programs or files that you download, and even in Web sites that you visit. These viruses have the potential to wipe out your computer files.  Anti-virus software scans everything that enters your computer, looking for these viruses. Spyware is software that tracks your computer activity, gathering information without your knowledge. Anti-spyware software blocks or removes spyware. You may obtain the anti-virus and anti-spyware software separately or as a package. For lists of security tools from legitimate security vendors, visit staysafeonline.org.

Use a Firewall: A firewall is a virtual barrier between your computer and the Internet. Everything coming into or leaving your computer must go through the firewall, which blocks anything that doesn’t meet specific security criteria. Before purchasing separate firewall hardware or software, check your operating system to see if there is a built-in firewall and whether it is turned on.

Update Operating System and Software Frequently: Computer and software companies frequently update their programs to include protection against new security threats. Update your operating system and software whenever new versions become available gives you an added measure of security. If available, activate automatic security updates so you will be alerted when updates are issued.

Avoid “Free” Security Scans: Be suspicious of an offer of a “free security scan,” especially when faced with an unexpected pop-up, email, or an ad that claims “malicious software” has been found on your computer.

Create and Protect Strong Passwords: Create strong email passwords and protect them with the following tips:

  • The longer the password, the tougher it is to crack.  Use at least 10 characters.
  • Mix letters, numbers, and special characters.  Try to be random – don’t use your name, birthdate, or common words.
  • Don’t use the same password for different accounts.  If it’s stolen from you, it can be used to take over all your accounts.
  • Don’t share passwords on the phone, in texts or by email.  Legitimate companies will not send you messages asking for your password.
  • Keep your passwords in a secure place, out of plain sight.

Use a Pop-up Blocker: Don’t click on links or open attachments in emails unless you know what they are, even if the emails seem to be from friends or family.

Use the Spam Filter: Utilize your email program’s automatic spam filter, which reduces the number of unwelcome email messages that make it to your inbox. Delete, without opening, any spam or “junk mail” that gets through the filter.

Backup Important Data: Copy important files onto a removable disc or an external hard drive, and store it in a safe place. If your computer is compromised, you’ll still have access to your files.

 

 

 

White House homeland security adviser Thomas Bossert said “the best and the brightest are working on” tracking who was behind the ransomware cyberattack.

 

Michael Reynolds/European Pressphoto Agency

White House homeland security adviser Thomas Bossert said “the best and the brightest are working on” tracking who was behind the ransomware cyberattack.

Security researchers have discovered digital clues in the malware used in last weekend’s global ransomware attack that might indicate North Korea is involved, although they caution the evidence is not conclusive.

An early version of the ‘‘WannaCry’’ ransomware that affected more than 150 countries and major businesses and organizations shares a portion of its code with a tool from a hacker group known as Lazarus, which researchers think is linked to the North Korean government.

John Bambenek, a research manager at Fidelis Cybersecurity says “This implies there is a common source for that code, which could mean that North Korean actors wrote ‘WannaCry’ or they both used the same third-party code,’’

White House homeland security adviser Thomas Bossert said Monday that investigators were still working to determine who was behind the attack. The best and the brightest are working on it.

Several security researchers studying ‘‘WannaCry’’ on Monday found evidence of possible connections to the crippling hack on Sony Pictures Entertainment in 2014 attributed by the US government to North Korea. That hack occurred in the weeks before Sony released a satiric movie about a plot to kill North Korean leader Kim Jong Un.

However, Bambenek cautioned that the links are circumstantial. ‘‘It could be a freak coincidence,’’ he said. ‘‘The code in question is not a large portion of the overall Wannacry malware so it’s plausible that the attackers got it from somewhere else.’’

The spread of the WannaCry virus has slowed as new cyberdefenses have been put in place and some eight to 10 U.S. entities, including a few in the health-care sector, reported possible “WannaCry” infections to the Department of Homeland Security, a US official said.

Factories, hospitals, and schools were disrupted in China by the attack, the spread of the virus appeared to be slowing. State media said 29,000 institutions had been hit, along with hundreds of thousands of devices.

South Korea reported that just five companies were affected, including the country’s largest movie chain.

Researchers discovered a ‘‘kill switch’’ on the virus that stopped its spread from computer to computer, potentially saving tens of thousands of machines from further infection.

The ransomware program, which is spread through e-mail, encrypts computer files and then demands the bitcoin equivalent $300 to unlock them.

The attack hobbled operations at Russia’s Interior Ministry, Spanish telecommunications giant Telefónica, and Britain’s National Health Service.

 

 

 

WannaCry Ransomeware

wannacrypt ransom note

The worm called WannaCry infected  200,000 computers in more than 150 countries, tied the UK health service in knots, took out the Spanish phone company, made train travelers in Germany chaotic, and took big swipes out of FedEx, Renault, a reported 29,000 Chinese institutions, and networks all over Russia—including the Russian Interior Ministry.

Can you get infected by Wanna Cry Ransomeware?

No. MalwareTech defanged the malware. Although there are a few extraordinary situations where the threat persists (in particular if your network blocks access to one odd website), for most people, WannaCry has been out of commission since late Friday.

Well Do I  need to worry about it right now?

Yes. There have been reports from Matt Suiche of a new WannaCry variant that’s been sinkholed with 10,000 infections logged. The clones are coming, and many of them won’t be easy to stop. You have to get your Windows PC patched now.

Tag Cloud

%d bloggers like this: