Second Annual State of Ransomware Report

Second Annual State of Ransomware Report

Join Marcin Kleczynski, Malwarebytes CEO, Adam Kujawa, Director of Malware Intelligence, and Michael Osterman, President of Osterman Research, as they discuss the “Second Annual State of Ransomware” global report from Osterman Research sponsored by Malwarebytes. 

 

To view the full Second Annual State of Ransomware Report, visit  https://go.malwarebytes.com/OstermanRansomware2017_PRSocial.html

Back to school cybersecurity tips for parents and kids

Back to school cybersecurity tips for parents and kids

The time to start the new school term is just around the corner. And for parents, the excitement and anxiety may be palpable, especially if it’s their kid’s first time attending a new school. Ads for back-to-school gear start as early as July, increasing in frequency and urgency until the kiddos step foot on the bus. And while they may not be begging you for new pencils and erasers, chances are they’ll turn on the puppy dog–eyed charm when it comes to new tech.

Handing your young one their very own mobile device—a laptop, usually—that they can use in their studies almost seems like a rite of passage. In their hands is the first step toward independence. It’s also a way of letting them take on some responsibilities for themselves. Parents, this isn’t to say we’re leaving them entirely to their own devices. It’s important to lay down some ground rules—especially when it comes to security.

To that effect, we’re providing you with a cybersecurity checklist you can use to prepare your children for the coming school year.

  • Watch out for too-good-to-be-true software and device sales. Is that Facebook ad really promising a brand-new Mac laptop for $200 if you just click here and fill out your personal info? Think hard before you jump on a back-to-school online ad that seems fiendishly cheap. It could be adware, it could be a scam, or it could lead you to a malicious page that will later infect your own computer.
  • Ensure that they have security software and tools installed on their new device. Antivirus with anti-phishing features, firewalls, script blockers, ad blockers, password managers, anti-theft apps, anti-malware and ransomware—you name it. Cyberattacks can come from all sides these days, so it pays to have at least one of each of these software programs and/or extensions installed on their computer, phone, or tablet. And if you think your child’s Mac is bulletproof from these attacks, think again.
  • Stress the importance of physical security, too. Physically securing devices is just as important as securing the data inside of them. We’re not just talking about using a padded bag for laptops, or shock-absorbent cases and shatterproof screen covers for phones and tablets. We’re talking about locking cables and USB port blockers, actual things that thwart theft and unauthorized access, respectively, while they’re in school.
  • Instill in them the habit of locking computers when they have to move away from them for a while. Locking screens is another way to prevent others from, say, flipping your child’s screen upside down, snooping around, and looking at files they shouldn’t be looking at. Beware the “hacked” social media posts that reveal false, embarrassing information about their users!
  • Disable the autorun functionality of their OS. As you may know, malware can be stored in and transported via USB sticks. If your child’s computer automatically runs what’s inside it once slotted into the machine’s port, then this is a real problem. Thankfully, there are a number of ways one can disable autorun. For Windows users, Microsoft has dedicated a page just for that.
  • Introduce them to multi-factor authentication (MFA). The most common and widely used MFA is two-factor authentication (2FA). In order for them to know and understand what it is, you might show them how it works using your own phone and computer. That way, if they are asked to sign up for online programs that store their data at school, they can raise their hand and ask if the program has MFA. By educating your child on this security procedure, he or she can educate the school in turn.
  • Discourage rooting/jailbreaking. If your child is old enough to figure out how to root or jailbreak a device, chances are they’ll probably be tempted to do this. Jailbreaking opens devices to custom modifications and the unrestricted download and use of apps from third-party sources. These can be quite handy if your child wants one that cannot be found in the official app store. However, jailbreaking and rooting increases the success rate of a hacking attempt, as these overwrite the device’s inherent security settings, making devices more vulnerable and susceptible to threats.
  • Update game console firmware. All work and no play makes Jack a dull boy. Isn’t your little gamer glad that back-to-school gadgets are not limited to calculators, headphones, and keyboards? Gaming consoles are becoming more like computers as they evolve. Although it’s rare for them to catch malware (at least for the time being), there are still ways hackers can circumvent their security to perform other malicious acts, such as gaining access to gaming accounts. So for now, update the gaming console’s firmware—and do this on a regular basis—before handing it to your child.

Youngsters should also play a part in securing their computing devices and protecting data. An important and particularly relevant piece of knowledge is basic computer hygiene, which might come in even more handy than algebra. Here are a few more cybersecurity tips to include in your child’s expanding mental knowledge base.

  • Ask your children to familiarize themselves with the school’s Information and Communication Technology (ICT) Acceptable Use Policy (AUP). If at this point you’ve glazed over, we understand. An ICT AUP is generally a set of rules the schools (and organizations) enforce for the proper use of the Internet. It’s for staff and students alike, so they must agree to this before they can use the school’s network. Unfortunately, many educational establishments don’t have such a policy, but if theirs does—great! Get your child acquainted with it so they can be sure they won’t be called out for misusing resources.
  • Talk to them about shoulder surfers. Some say it’s only normal for people to glance over your shoulder while you’re on your laptop, tablet, or phone. But let us not be too quick in giving this behavior a pass. Shoulder surfing is a serious security and privacy risk, and a lot of users may be in danger of compromise by unknowingly letting the person behind them watch as they key in their account password with their user name in full view.
  • Learn about encryption. The availability of information and today’s technology has made it possible for anyone, even young children, to learn about encryption. Suffice it to say—yes, there’s an app for that.

Many families have back-to-school preparation routines. From purchasing new clothes and gear to adjusting back to a more rigid activity and sleep schedule. Make learning about basic computer hygiene and securing devices a part of yours.

The state of ransomware among SMBs

The state of ransomware among SMBs

In a report conducted by Osterman Research and sponsored by Malwarebytes, more than 1,000 small and medium-sized businesses were surveyed in June 2017 about ransomware and other critical security issues. What we discovered was surprising—ransomware authors aren’t only targeting enterprise businesses for big payouts. They’ve got their greedy gaze on businesses of all sizes. In fact, 35 percent of SMB organizations surveyed were victims of a ransomware attack. And while the ransom demands weren’t always large, the impact on productivity made a sizable dent in revenue.

To learn more about the results of the report, take a look at the infographic we’ve compiled below.

Click here for the full version.

infographic ransomware small businesses

Posted: July 27, 2017 by 

 

ABOUT THE AUTHOR


Senior Content Writer

Masters in Journalism from Stanford, but don’t let that fool you. Expert in writing down what other people say and typing it up.

The state of ransomware among SMBs

7 tips to stay cyber safe this summer

7 tips to stay cyber safe this summer

You’ve probably already seen the back-to-school ads on TV and rolled your eyes a little bit. We’re with you: There’s still plenty of summer left. That’s why we want to remind you about some of the cybersecurity pitfalls you might encounter during the remainder of the summer season.

Whether you’re home with the kids or heading out on vacation, here are some ways you can tighten up your security profile and avoid spending the rest of the summer reclaiming your identity or filing credit card insurance claims.

1. Monitor your children’s Internet habits during summer break.

Without homework and extracurricular activities for young students, summer days and nights are often spent lounging around on a tablet, cell phone, or laptop, browsing the Internet for funny cat videos or swapping faces on social media platforms. Parents may already enforce safe surfing habits during the school year, but with a more lax schedule may come a more lax attitude.

Be sure to set limits for Internet usage, whether that’s hours spent, sites visited, or apps and video games allowed. It’s also important to discuss online predatory behaviors, from cyberbullying to sexual exploitation (with an age-appropriate audience). Don’t just send your kids off to a room to Internet with abandon. Give them the skills (or possibly the parental controls) to navigate the online world safely.

2. Beware of fraudulent hotel booking sites.

Planning a trip to cap off an incredible summer? Make sure you’re using reputable booking sites for travel. A 2015 study by the American Hotel & Lodging Association found that about 15 million hotel bookings are impacted by rogue travel scams each year. Fraudulent websites or call centers often pretend to have an affiliation with certain hotels, when in fact they have none. This can result in being charged for hidden fees, losing rewards points, incorrect accommodations, fake reservations, and more.

The safest way to avoid being scammed is to book directly through a hotel’s website. Use third-party sites as resources to see available options. If you do want to consider a third-party site, call up the hotel directly to inquire if they are, in fact, affiliated. In addition, be wary of sites that urge you to book one of the last remaining rooms or don’t allow you to see a breakdown of fees.

3. Research hotels’ security policies before you book.

According to cybersecurity expert Matt Suiche, hotels are being targeted more frequently by criminals. Guest credit cards are kept on file for room charges and opportunities for additional spending at spas, restaurants, bars, and shops on premise make these properties attractive targets. In April 2017, InterContinental said that 1,200 of its franchise hotels in the United States, including the Holiday Inn and Crowne Plaza, were victims of a three-month cyberattack aimed at stealing customer payment card data. Also this year, 14 Trump hotels were targeted by hackers raiding personal data such as credit card numbers, expiration dates, and security codes, as well as some phone numbers and addresses of hotel customers.

When booking your hotel, you can ask about privacy and security policies in place for protecting customer data. Does the hotel have cybersecurity software? Is data stored in a secure computer/network? Who has access to it? Their policy should cover this information and more.

4. Watch out for public wifi in airports and hotels.

Yes, free wifi is a wonderful thing. How else would you stream Netflix in your hotel room instead of watching the room service menu options on your TV? However, free wifi is also public, which means that any person in the hotel or airport can access that account with (or without) a simple password. Wifi that isn’t password-protected is especially vulnerable. Add thousands of people accessing it daily and you’ve got a recipe for data breach.

So what to do? Use up your mobile data? That’s one (expensive) way to deal with it. What we recommend, for the layperson, is to avoid sites where you need to login, sites with sensitive info (banking, healthcare, etc.), and especially stay away from making purchases over an unsecured connection. If you absolutely need to access sensitive info on this summer trip—perhaps it’s for business rather than pleasure—you’ll want to look into using a virtual private network, or VPN. In fact, if you are traveling for business and staying at a luxury hotel, you might be vulnerable to a spear-phishing campaign called DarkHotel if you use the in-house wifi network. Better get that VPN cracking.

5. Don’t announce to the world that you’ll be away from your house on vacation.

The lead-up to the vacation is almost as good as the vacation itself, no? It’s hard not to get swept up in the excitement and jump on Facebook to tell all your friends about your upcoming trip. Problem is, unless you are ruthlessly private about what you share (and social media platforms are constantly updating their policies, making it easier for people to find your information that you didn’t intend to), people who aren’t your friends will see that announcement, too. And really, how well do you know that girl you passed in the hallway in high school 30 years ago?

Discussing your travel plans (specifically the dates you’ll be gone) opens you up to a physical security issue. Criminals are known to watch social media in order to target homes they know will be vacant for robbery. So best to wait until you get back until you start posting those trip photos.

6. Look closely at ATM scanners and gas pumps.

Heading to a concert and need to gas up? Hitting up an ice cream truck at the beach and forgot your cash? Be extra careful when stopping at gas pumps or ATMs, especially those unaffiliated with a bank. ATMs and gas pumps are targets for cybercriminals, who might attach skimmers in order to pilfer bank account or credit card data (and eventually drain those accounts).

Before you swipe your card, give the card reader a good tug. If there’s a skimmer attached, it’ll likely pop right off the top. In addition, take a look around the ATM or gas pump for small cameras (smaller than your typical surveillance camera). They’d be pointing down at the keypad in order to capture your zip code or pin number.

7. Avoid credit card fraud.

Easier said than done, we know. This one is extra tricky when traveling abroad. Pick-pocketers steal wallets or credit cards might be accidentally left behind and lo and behold: someone’s charging $2,537.45 worth of train tickets. While many card companies can track fraud and refund you the charges, the hassle of reporting and waiting, especially when overseas, is probably the last thing you want to deal with while sunning yourself in Phuket.

A few ground rules for traveling with credit cards: don’t take them all. Select one or two with high credit limits and low foreign transaction fees. Make copies of the credit cards you’re bringing with you so you can see the numbers and customer service phone number. Leave one copy with a friend and bring another with you. (Just don’t store it in the same place as your credit cards.) And finally, make sure you alert your credit card company of your travel plans so they don’t freeze your account.

Summer is a time to kick back and enjoy. So don’t spend it on the phone with your bank and the IRS. Take these precautions and you can be sure to end this easy-breezy season on a light and carefree note.

Posted: July 21, 2017 by 


Senior Content Writer

Masters in Journalism from Stanford, but don’t let that fool you. Expert in writing down what other people say and typing it up.

7 tips to stay cyber safe this summer

Bye, bye Petya! Decryptor for old versions released.

Bye, bye Petya! Decryptor for old versions released.

Following the outbreak of the Petya-based malware in Ukraine, the author of the original version, Janus, decided to release his master key, probably closing the project. You can read the full story here.

Based on the released key, we prepared a decryptor that is capable of unlocking all the legitimate versions of Petya (read more about identifying Petyas):

  • Red Petya
  • Green Petya (both versions) + Mischa
  • Goldeneye (bootlocker + files)

In case if you have a backup of Petya-encrypted disk, this is the time to take it out from the shelf and kiss your Petya goodbye 😉

WARNING: During our tests we found that in some cases Petya may hang during decryption, or cause some other problems potentially damaging to your data. That’s why, before any decryption attempts, we recommend you to make an additional backup.

// Special thanks to @Th3PeKo , @vallejocc and Michael Meyer for all the help in testing!

Variants of the attack

As we know, depending on version Petya may attack your data by two ways:

1 – at a low level, encrypting your Master File Table. For example:

2 – at a high level, encrypting your files one  by one (like a typical ransomware). For example:

Fortunately, the released key allows for recovery in both cases. However the process of decryption will look a bit different.

Decryptors

We prepared two different builds of the recovery tool, to support the specific needs:

  1. Live CD
  2. Windows executable

In both cases, the tool decrypts the individual key from the victim ID.

After obtaining the key, you can use the original decryptors in order to recover your files. You can find the links here:

For Mischahttps://drive.google.com/open?id=0Bzb5kQFOXkiSWUZ6dndxZkN1YlE
For Goldeneyehttps://drive.google.com/open?id=0Bzb5kQFOXkiSdTZkUUYxZ0xEeDg

DISCLAIMER: Those tools are provided as is and you are using them at your own risk. We are not responsible for any damage or lost data.

Defeating the bootlocker

In both cases, you can obtain the key to your Petya by using a Windows Executable and supplying it your victim ID. Detailed instructions has been given here.

However, victim IDs are very long, and retyping them may be painful and prone to mistakes. That’s why, we prepared a LiveCD that will automatically read it from the encrypted disk. In order to use it, you need to download the ISO and boot from it your infected machine. Then, follow the displayed instructions:

After obtaining the key, you can use it to decrypt your Master File Table:

Decrypting files

In case if your files has been encrypted, i.e. by Goldeneye or Mischa, you can use the key decryptor released in form of a  Windows executable.

  1. Find your victim ID (“personal decryption code”). It will be in your ransom note:

In case if you don’t have the note, you can find the ID appended at the end of any of your encrypted files:

2. Save the ID in a file:

3. Use our tool to decrypt your key:

3. Copy the obtained key. Download the original decryptor, appropriate for your version:

For Mischahttps://drive.google.com/open?id=0Bzb5kQFOXkiSWUZ6dndxZkN1YlE
For Goldeneyehttps://drive.google.com/open?id=0Bzb5kQFOXkiSdTZkUUYxZ0xEeDg

Choose one of your encrypted files:

Supply the key obtained from the key decoder:

Decrypt the file and check if the output is valid. If everything is fine, you can use the same key to decrypt rest of your files. Supply the extension to the decryptor, and it will find them automatically:

Conclusion

The presented tools allow you to unlock all the legitimate versions of Petya that are released up to now by Janus Cybercrime Solutions. It cannot help the victims of pirated Petyas, like PetrWrap or EternalPetya (aka NotPetya). It matches the announcement made by Janus on twitter:

Is it the end of Petya’s story? Probably yes, however, the future will learn.


This was a guest post written by Hasherezade, an independent researcher and programmer with a strong interest in InfoSec. She loves going in details about malware and sharing threat information with the community. Check her out on Twitter @hasherezade and her personal blog: https://hshrzd.wordpress.com.

 

Posted: July 24, 2017 by 

Bye, bye Petya! Decryptor for old versions released.

Pin It on Pinterest

Shares
Share This