Devirusare si recuperare fisiere la GANDCRAB

Devirusare si recuperare fisiere la GANDCRAB

Malwarebytes poate detecta și elimina Ransom.GandCrab fără alte interacțiuni cu utilizatorul.

Descărcați Malwarebytes pe desktop.


Faceți dublu clic pe mb3-setup-consumer- {version} .exe și urmați instrucțiunile pentru a instala programul. Apoi, faceți clic pe Finalizare. După actualizarea completă a programului, selectați Scan Now (Scanare acum) de pe tabloul de bord. Sau selectați opțiunea Scanare amenințare din meniul Scanare. Dacă este disponibilă o altă actualizare a definițiilor, aceasta va fi implementată înainte de restul procedurii de scanare. Când scanarea este finalizată, asigurați-vă că ați selectat toate amenințările și faceți clic pe Eliminare selectată. Reporniți computerul când vi se solicită acest lucru.

Luați notă, totuși, că eliminarea acestui ransomware nu vă decriptează fișierele. Puteți obține numai fișierele din back-up-urile pe care le-ați făcut înainte ca infecția să se fi întâmplat sau utilizand 

BDGandCrabDecryptTool Decryptor

mai multe informatii aici: how-to guide.

Malwarebytes is a champion of National Cybersecurity Awareness Month

Malwarebytes is a champion of National Cybersecurity Awareness Month

Posted: October 1, 2018 by 

October is here. For most of us in the US cybersecurity industry, it’s the month when we commemorate National Cybersecurity Awareness Month (NCSAM). For those who are unfamiliar with this campaign, NCSAM generally aims at driving awareness for safe Internet use, whether you’re a regular consumer or top security executive. Protecting the Internet and keeping it safe is our shared responsibility.

And that’s why we at Malwarebytes not only pledge to provide the best protection for our home and business customers. We also commit ourselves to fostering cybersecurity education and awareness for all. Labs security researchers and writers are on the front lines every day, scouring the Internet for threats and reporting them, as well as how you can stay safe against them, here on the blog. We hope you continue to feel safe knowing we will always do our best to stop attacks, stomp out dangerous malware, and swat away annoying scammers.

In its 15th iteration, this year NCSAM will attempt to address current cybersecurity challenges, focusing on securing families and their homes, building a robust, cyber-aware workforce, and securing critical infrastructures. As such, themes assigned for each week of the month have been aligned according to this year’s objectives.

Below are the themes per week, a brief overview of each, and helpful links we recommend you, dear reader, start perusing.

Week 1: October 1–5

Theme: “Make Your Home a Haven for Online Safety”

NCSAM kicks off its campaign by going back to basics. Parents and caregivers, it’s time to brush up on your cybersecurity know-how and get your kids and the entire family involved. Check out these helpful Malwarebytes Labs posts if you need some inspiration:

Week 2: October 8–12

Theme: “Millions of Rewarding Jobs: Educating for a Career in Cybersecurity”

As that song goes, “I believe the children are our future.” And we believe that they can make a difference—for better or for worse—on the state of cybersecurity and the future of the Internet as we know it. Schools and teachers play a significant role in shaping the way our kids view and respond to the world, both in their real and digital lives. By molding young minds to be good citizens of the Internet and encouraging careers that honor that code, you can help clear the way for a better online experience for generations to come. Here are some references you may want to read up on:

Week 3: October 15–19

Theme: “It’s Everyone’s Job to Ensure Online Safety at Work”

The shortage of cybersecurity professionals is a genuine problem, especially for businesses that rely on a tight-running and secure ship to keep profit flowing and customers happy. A way to address this shortage is to change the tide by educating current personnel about the importance of taking cybersecurity seriously and how to respond in the event of a cyberattack. Small, medium, and enterprise-sized businesses can pilfer useful nuggets of wisdom from these blog posts:

Week 4: October 22–26

Theme: “Safeguarding the Nation’s Critical Infrastructure”

The uncovering of Stuxnet nearly a decade ago completely changed the way we see our critical infrastructures. Since then, there has been an active call to secure the 16 sectors that literally keep a nation running—and for a good reason. Lives are at stake.

While protecting our critical infrastructure may seem like a specialized topic dedicated to a particular audience, it’s not. Those working in the financial, health, and communications sectors, as well as in energy, electricity, and other utilities can contribute by taking on the seemingly impossible task of securing their organizations.

Note that good security hygiene is a start, but efforts shouldn’t stop there. We’ll explore this topic in depth come November, when we’ll be looking at election security and commemorating Critical Infrastructure and Resilience Month. For now, you can read through these posts for helpful insights:

If you or your organization want to take part in NCSAM, it’s never too late to register. You can visit the StaySafeOnline website and navigate to the Become a Champion menu link. After registering, you or your organization will be listed in the 2018 Champions page and receive helpful resources to educate yourself and spread awareness to others.

As always: Stay safe, everyone!


Senior Content Writer, Malwarebytes Labs

Knows a bit about everything and a lot about several somethings. I write about those somethings. Usually in long-form.

Malwarebytes is a champion of National Cybersecurity Awareness Month


Badgelife: A Defcon 26 retrospective

Badgelife: A Defcon 26 retrospective

Posted: August 22, 2018 by 

One more year gone, one more Defcon completed.

Defcon is the longest-running security conference in existence and one that I have been attending since Defcon 18. It is an opportunity to see and interact in real life with industry peers that would forever remain a digital persona otherwise. It is the place where you hear about the newest attack techniques, the coolest hacks, and the most spectacular security failures. A giant melting pot of hackers, security professionals, various three-letter agency employees, lawyers, students, black hats, grey hats, white hats, IT admins, help desk warriors, journalists, activists, reversers, cypherpunks, scary pentesting voodoo red team experts, and stoic blue team defenders.

Defcon is the conference of conferences. There’s even a LineCon, consisting of the impromptu discussions that take place while waiting to register or waiting to get into a room to see a presentation. And let’s not forget HallCon, where you strike up a conversation with random strangers and never, not once, have them roll their eyes when you start talking about security.

Villages, such as the LockPick village, exist where volunteers demonstrate just how illusionary the protection a physical lock provides. Then there are various hardware hacking villages, where routers, Wi-Fi repeaters, or anything containing a small computer is picked apart. Soldering irons abound, and disassembling is encouraged. Warranties are gleefully broken and tamper mechanisms are ignored or defeated in an undetectable manner. There’s the car hacking village, drone hacking, the social engineering events. The list goes on and on in a cornucopia of coolness.

And let’s not forget the swag. Oh the swagiest of swag! Epic t-shirts, cool and weird stickers, army backpacks with a bajillion pockets, personalized hotel cards, challenge coins, and the crown jewel of them all…The coveted unofficial electronic badges.

Defcon has the best badges—in part out of necessity, I theorize. How do you combat counterfeit badges when the vast majority of your attendees know about plastic card printers, have a passing familiarity with photo editing software, and perhaps a flexible moral code?

An example of an early Defcon badge. (Photo acquired on the Internet)

You step up your game. Early examples were embossed, then made of laser-cut plexiglass, and even metal! Very soon, functionality was thrown into the mix. It started slowly, with blinking LEDs, and rapidly progressed. As badges started including crypto challenges, greater and greater functionality was added. The rationale behind this enhancement was to foster collaboration between attendees with different skill sets when attempting to solve the puzzles contained within.

As badge functionality grew, enterprising conference attendees started modifying them. The Defcon 16 badge included a “TV-B-GONE” function, to the great chagrin of the Las Vegas restaurants and sports bars owners. A Defcon 17 attendee even added a Breathalyzer to his badge.

Official Defcon badges of yesteryears.

Eventually, the Defcon organizers settled into a cadence. One year was a crypto challenge with an artistic style of badge; the alternating year an electronic one. This was probably a logistical decision, as the electronic badges became more and more intricate, requiring longer and longer development time due to their complexity.

Around this time, Defcon attendees witnessed the birth and rise of unofficial Defcon badges. Built by attendees, these unofficial badges became the most sought-after object to wear around your neck: a prestigious status symbol, confirming your “leet-ness.” A visual confirmation that had the guile necessary to acquire them. You knew the right people, or had the skills to create your own.

Unofficial Defcon badges, including: the Whiskey Pirates badge, a MK1 Bender badge, the Ides of Defcon, and a VoidDC24 badge.

Defcon 26 saw a veritable explosion of unofficial badges, as more and more groups of enterprising con attendees started making their own badges with a dizzying array of features. Here is a selection of unofficial badges acquired this year.

A DC801 badge, a Furcon Badge, a Fale badge, a Linecon2018 badge, and an LHC badge.

With the explosion of unofficial badges, a standard was developed known as the “SAO.” This standard allowed for add-on mini badges that were much easier to make and gave the opportunity to less experienced badge makers to wet their feet. These mini badges also allowed for much brisker badge trading, as they tended to be simpler in design and scope.

A custom red-eyed pickle Rick SAO made by @reanimationxp @tr_h and @ssldemon

A selection of the SAO mini badges acquired through trade, beverage exchange, or monetary transactions.

All of these are but a small sampling of what was available. The project I was involved with was Defcon Drone badge (Hi Bl1n7!) and our team frantically flashed badge operating systems and assembled kits into the late hours of the night. I got to learn about the Arduino IDE as I flashed the base firmware on the Kickstarter pledged badge packages. I also took the opportunity to hone my soldering skills and repair electronics. The suite where all these activities took place was most thoroughly equipped with microscopes, soldering stations, classic sci-fi movies in the background, and a bevy of delicious snacks!

Defcon is what you make of it, and this year I elected to make it all about the badge life. You can find out more about badgelife here, courtesy of Hackaday.


Senior Security Researcher

Incorrigible technophile who loves to break stuff and habitually voids warranties.

Badgelife: A Defcon 26 retrospective


The enemy is us: a look at insider threats

The enemy is us: a look at insider threats

Posted: August 20, 2018 by 

They can go undetected for years. They do their questionable deeds in the background. And, at times, one wonders if they’re doing more harm than good.

Although this sounds like we’re describing some sophisticated PUP you haven’t heard of, we’re not.

These are the known attributes of insider threats.

Insider threats are one of a handful of non-digital threats troubling organizations of all sizes to date. And—to bang on the hype—the danger they pose is real.

When once companies thought that risks to their high-valued assets can only come from outside actors, they’re slowly realizing that they are also facing potential dangers from within. The worst part is no one can tell who the culprits are until the damage is done.

In the Osterman Research white paper entitled White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime, it is found that insider threats account for a quarter of the eight serious cybersecurity risks that significantly affect private and public sectors. To put it another way, an organization’s current and former employees, third-party vendors, contractors, business associates, office cleaning staff, and other entities who have physical or digital access to company resources, critical systems, and networks are collectively ranked in the same list as ransomwarespear phishing, and nation-state attacks.

The majority of insiders who have caused their employers a headache didn’t necessarily have technical backgrounds. In fact, they didn’t have the desire or the inclination to do something malicious against their company to begin with. In the 2016 Cost of Insider Threats [PDF], a benchmark study conducted by the Ponemon Institute, a significant percentage of insider incidents within companies in the United States was not caused by criminal insiders but by negligent staff members.

This finding remains consistent with the 2018 Cost of Insider Threats [PDF], where coverage also includes organizations in the Asia-Pacific region, Europe, Africa, and the Middle East. The insider’s general lack of attention and misuse of access privileges, coupled with little-to-no cybersecurity awareness and training, are some of the reasons why they’re dangerous.

Understanding insider threats

Many have already described what an insider threat is, but none as inclusive and encompassing as the meaning put forward by the CERT Insider Threat Center, a research arm of Carnegie Mellon University’s Software Engineering Institute (SEI). They have defined an insider threat as:

…the potential for individuals who have or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.

From this definition, we can classify insiders into two main categories: the intentional and the unintentional. Within those categories, we’ve described the five known types of insider threats to date. The are as follows:

Intentional insiders

They knowingly do harm to the organization, its assets, resources, properties, and people.

The malicious insider 

This type has several names, including rogue agent and turncoat. Perhaps its main differentiation from the professional insider (as you will see below) is that not one insider of this type started off with malicious intent. Some disgruntled employees, for example, may decide to compromise the company’s network if they perceive that their company has done them wrong by planting malware, deleting company files, stealing proprietary intellectual property to be sold, or even withholding essential accounts and data for ransom.

In certain circumstances, employees go rogue because they want to help their home country. Such is the case of Greg Chung, who was found guilty of supplying China with proprietary military and spacecraft intel during his tenure in Rockwell and Boeing by stealing nearly three decades worth of top-secret documents. The number of boxes of files retrieved from his home was not disclosed, but we can assume it to be in the hundreds.

Employees who are coerced or forced to perform malicious acts on behalf of one or more entities also fall under this type.

The professional insider

This type is usually referred to as a spy or mole in an organization. They enter an organization generally as employees or contractors with the intent to steal, compromise, sabotage, and/or damage assets and the integrity of the company. They can either be funded and directed by nation states or private organizations—usually a competitor of the target company.

When the Jacobs Letter was made public, a 37-page allegation penned by former Uber employee Ric Jacobs, it seemed that the civil suit between Google and Uber was no longer your usual intellectual property theft case. In this letter, Jacobs claimed that Uber ex-CEO Travis Kalanick was the mastermind behind the theft, with Anthony Levandowski as the actor. Although this allegation has yet to be substantiated, Levandowski would fit this type if found true.

The violent insider

Acts that negatively impact organizations don’t start or end in the abuse, misuse, and theft of non-physical assets. They can also include threats of a violent nature. Peopleware is as essential as the software and hardware an organization uses, if not even more crucial. So, what negatively affects employees in turn affects the organization, too.

Therefore, it’s imperative that organizations also identify, mitigate, and protect their staff from potential physical threats, especially those that are born from within. The CERT Insider Threat Center recognizes workplace violence (WPV) as another type of insider threat, and we categorized it under intentional insiders.

WPV is defined as violence or threat of violence against employees and/or themselves. This can manifest in the form of physical attacks, threatening or intimidating behavior and speech (written, verbal, or electronically transmitted), harassment, or other acts that can potentially put people at risk.

This author hopes that CERT and/or other organizations looking into insider threats expand their definition to include workplace bullying, domestic violence (e.g. when an abusive partner comes after his/her abused partner in the workplace), and other actions that put employee safety at risk or negatively impact their emotional and psychological well-being.

Read: Of weasels, snakes, and queen bees

Insider Threat Researcher Tracy Cassidy of CERT has identified [PDF] the following indicators that enable an employee to fall under this type:

  • History of violence
  • Legal problems
  • Loss of significant other
  • Conflict with supervisor
  • Potential loss of employment
  • Increased drinking
  • Concerning web searches

In 2015, Vester L. Flanagan II (aka Bryce Williams) shot and killed two of his former colleagues in WDBJ7, a local TV station in Roanoke, Virginia, during a live interview. Flanagan later posted a clip of the shooting on Facebook and on Twitter, claiming that his victims wronged him.

Two years after the Flanagan incident, Randy Stair was posting troubling videos and messages on Twitter about his plot to kill his co-workers at the Weis supermarket in Pennsylvania. No one was entirely sure of his motive, but investigations revealed that he disliked his manager and was showing signs of extreme loneliness days before the incident.

Unintentional insiders

They have no ill intent or malice towards their employer, but their actions, inactions, and behavior sometimes cause harm to the organization, its assets, resources, properties, and people.

The accidental insider

They are also called the oblivious, naïve, or careless insiders. This type is perhaps the most overlooked and underestimated regarding their potential risk and damage to organizations. Yet, multiple studies confirm that accidental insiders account for a majority of the significant breaches that make headlines. Insiders under this type are relatively common.

Incidents, like unknowingly or inadvertently clicking a link in an email message of dubious origin, accidentally posting or leaking information online, improperly disposing sensitive documents, and misplacing company-owned assets (e.g., smartphones, CDs, USBs, laptops), even if they only happen once, may not seem like a big deal. But these actions increase an organization’s exposure to risk that could lead to its compromise.

Here’s an example of an accidental insider’s potential for damage: A publicly-accessible Amazon Web Service (AWS) account was used by hijackers to mine cryptocurrencies. Security researchers from Redlock investigated the matter and found misconfigurations in the AWS server. This gave hijackers access to credentials that could allow anyone to open the S3 buckets where sensitive information was stored. It turned out that the account belonged to someone at Tesla, so the researchers alerted them of the breach.

The negligent insider

Employees under this type are generally familiar with the organization’s security policies and the risks involved if they’re ignored. However, they look for ways to avoid them anyway, especially if they feel such policies limit their ability to do their work.

data analyst working for the Department of Veterans Affairs downloaded and took home the personal data of 26.5 million US military veterans. Not only was this a violation of the department’s policies, but the analyst was also not authorized to do this. The analyst’s home was then burglarized, and the laptop was stolen. The data included names, social security numbers, and dates of birth.

Steps to controlling insider incidents

While cybersecurity education and awareness are initiatives that every organization must invest in, there are times when these are simply not enough. Such initiatives may decrease the likelihood of accidental insider incidents, but not for negligence-based incidents, professional insiders, or other sophisticated attack campaigns. Organizations must implement controls and use software to minimize insider threat incidents. That said, organizations must also continue to drive education and awareness, as well as provide professional and emotional support for employees to mitigate potential damage from accidental, malicious, or violent insiders.

Get executive support. As more and more organizations realize the risks insider threats pose, it also becomes easier to get executive buy-in on the idea of lessening insider threat incidents happening in the workplace. Gather and use information about incidents that occurred within the organization (especially those the C-suite may not even be aware of) before pitching the idea of creating an insider threat program.

Build a team. If an organization is employing thousands, it would be ideal to have a team that exclusively handles the insider threat program. Members must track, oversee, investigate, and document cases or incidents of insider threats. This team must comprise of a multidisciplinary membership from security, IT security, HR, legal, communication, and other departments. If possible, the organization should also bring in outside help, such as a workplace violence consultant, a mental health professional, and even someone from law enforcement, to act as external advisors to the team.

Identify risks. Threats of insiders vary from one industry to another. It is vital that organizations identify what threats they are exposed to within their industry before they can come up with a plan for how to detect and mitigate them.

Update existing policies. This is assuming that the organization already has a security or cybersecurity policy established. If not, creating one now is essential. It’s also important for the team to create a plan or process for how they should respond to incidents of insider threats, especially on reports of workplace violence. The team should always remember that there is no one-size-fits-all approach to addressing insider threat incidents of a similar nature.

Implement controls. An organization that has little-to-no controls isn’t secure at all. In fact, they are low-hanging fruit for external and internal actors. Controls keep an organization’s system, network, and assets safe. They also minimize the risk of insider threats. Below are some controls organizations may want to consider adopting. (Again, doing so should be based on their risk assessment):

  • Block harmful activity. This includes the accessing of particular websites or the downloading and installation of certain programs.
  • Whitelist applications. This includes file types of email attachments employees can open.
  • Disable USB drives, CD drives, and follow-based email programs.
  • Minimize accessibility of certain data. Organizations should focus on this, too, when it comes to their telework or remote workers.

Read: How to secure your remote workers

  • Provide the least level of access to privileged users.
  • Place flags on old credentials. Former employees may attempt to use the credentials they used when they were still employed.
  • Create an employee termination process.

Install software. Many organizations may not realize that software helps in nipping insider threats in the bud. Below is a list of some programs the organization may want to consider using:

  • User activity monitoring software
  • Predictive/data analytics software (for looking for patterns collected from employee interactions within the organization’s network)
  • Security information and event management (SIEM) software
  • Log management software
  • Intrusion detection (IDS) and prevention (IDP) software
  • Virtual machines (for a safe environment to detonate or open potentially harmful files)

It’s important to note that while software, controls, and policies designed to aid organizations in stopping insider risks are in place, insider threat incidents may never be eradicated entirely. Furthermore, predicting insider threats is not easy.

“To be able to predict when an insider maliciously wants to harm an organization, to defraud them, to steal something from them—it’s really hard with the technology alone to identify someone who is doing something with malicious intent,” said Randy Trzeciak, director of Carnegie Mellon University’s CERT program, in an interview with SearchSecurity.Com. “You really do need to combine the behavioral aspects of what might motivate somebody to defraud an organization, or to steal intellectual property, or to sabotage a network or system, which is usually outside of the control of what a traditional IT department is and what they do to prevent or detect malicious activity by insiders.”

Additional reading:


Malware Intelligence Analyst

Technical writer, researcher, and marketing fellow fascinated by psychology, architecture, and supercars. A habitual night owl.

The enemy is us: a look at insider threats


Pin It on Pinterest

Share This