Posts Tagged Ransomware

Gandcrab Ransomware

Generally distributed using RigEK toolkit, Gandcrab ransomware demands payment in DASH cryptocurrency. It utilizes “.bit” top level domain and when once it is injected into your computer system it encrypts the data & adds “.GDCB” extension to all the compromised files. For example, imagesample123.jpg (the original file) changes to imagesample123.jpg.GDCB (the infected file).  After encryption, the ransomware generates a “GDCB-DECRYPY.txt” file and places a copy in each existing folder and when the victim tries to open a file it shows up a message that contains information regarding their files being encrypted and instructs what needs to be done next.

The files can be decrypted using a unique key which is stored on a remote server that is controlled by developers of the ransomware. To get that key the victim is generally required to pay 1.5 Dash cryptocurrency which is equivalent to approximately $1130. However, there is no guarantee that your files will be decrypted even after you pay the ransom amount.

Most Common Ways Through Which The Ransomware Can Infect You

  • It can reach your system when you use third party software download sources.
  • Spam emails or emails sent from untrusted sources often contain malicious attachments which when opened install malware into your system.
  • Sometimes your system can get infected through Peer-to-Peer (P2P) networks which install malicious executables by masquerading them as legitimate software’s.
  • Victim often fall prey of fake software updaters which infiltrate into their system.
  • Trojans are another reason that can cause a ransomware attack. They exploit the system and also allow such malwares to be injected in the system.

How To Protect Yourself Against The Ransomware

  • Make sure that you backup your data on a regular basis because if once your files are decrypted by the ransomware, the chances of recovering your data even after paying the ransom amount are meagre.
  • If you are unsure about an email sent from an untrusted source then it is highly advisable to not download the attachments sent along.
  • Ensure that none of the computers are running remote desktop services and are connected to the internet directly. Instead, make sure that they can only be accessed by logging into a VPN first.
  • Download all the Windows updates as soon as they are launched since older versions might contain certain loopholes which may be exploited by the attackers.
  • Make sure that you do not use weak passwords. Also it is important to note that no matter how easy it might seem to have a single password for multiple logins, it should always be avoided as it opens the doors for such attacks in which your confidential data & files might be compromised.

For more information about Cyber Security, call Centex Technologies at (254) 213-4740

,

No Comments

More About Cerber Ransomware

Cybersecurity is a rising concern. The soaring high figures that represent cyberattacks have been a cause of worry for businesses as well as cybersecurity professionals.

Ransomwares and phishing attacks have been a great threat throughout. Cerber is a ransomware that came into picture when 150,000 window users were infected worldwide via exploit kits in July 2016 alone.

What Happens When An Attack Is Launched?

The victim receives an email which contains an infected Microsoft office document attached to it. A malware is injected as soon as the user clicks & opens it.

When a device is attacked by the ransomware, Cerber encrypts the user’s files and demands money to decrypt and get the access back. The malware encrypts files with RC4 and RSA algorithms and renames them with a .cerber extension.

How Do You Know That You Have Been Infected By Cerber?

You will come to know that you have been attacked by the ransomware, when you’ll find a desktop note the moment you log in. Ransom notes will also be left inside folders that have been encrypted by the malware.

Apart from giving a notice about your files being encrypted, it also provides instructions on how to send the ransom amount to the attackers. The amount keeps on increasing with time and ranges from few hundreds to a thousand dollars.

Is It Possible To Decrypt Files Encrypted By Cerber?

It may or may not be possible. Though decryption tools were available for previous versions of Cerber. However, there is very less scope of recovering encrypted files for the most recent versions. Even paying the ransom amount does not guarantee that you will be able to recover your files.

How To Prevent The Ransomware?

Once your files are encrypted it is very difficult to restore them. So it is best to take preventive measures well on time. Install a latest antivirus software. Also make sure that you do not open any link or attachment sent from an unknown source.

Backup your data regularly and educate your employees about cyber security.

What Is Distinctive About Cerber

It has certain features which you must take a note of:

  • It Talks – Surprisingly, it is a malware that talks and speaks to the victims. Some versions contain VBScript due to which you may hear audio alerts and messages informing that your files have been encrypted and you must pay the ransom amount to decrypt them.
  • Works Offline – People might think that disconnecting the device may prevent files from being encrypted. However, this is not true as cerber does not need an active internet connection to operate.

For more information about IT Security, call Centex Technologies at (254) 213-4740.

, , ,

No Comments

Everything About Jigsaw Ransomware

PDF Version : Everything-About-Jigsaw-Ransomware

, ,

No Comments

All You Need To Know About WannaCry Ransomware

PDF Version – All-You-Need-To-Know-About-WannaCry-Ransomware

,

No Comments

Bad Rabbit: How To Protect Yourself From The Ransomware Attack

13th Nov 2017

The economies worldwide are increasingly progressing towards digitalization with large number of business organizations marking their online presence. Everything and almost anything is there on the web which had made businesses more prone to cyber security threats. No industry seems to be immune, which is clearly evident in reports of Kaspersky Lab that states that every 40 seconds a company is hit by a ransomware.

Bad Rabbit is the latest of all and has hit over 200 organizations and consumers all across Russia, Bulgaria, Turkey as well as some parts of Europe. It started off on October 24 and has mainly targeted news and media websites. However, the real name of bad rabbit is Diskcoder.d and the malware is quite similar to Petya which was caused by Diskcoder.c.

How Does It Spread –

The malware enters the user’s network when the user installs Adobe Flash Player from a website that is hacked. Soon after the fake flash installer corrupted with malicious malware is run on the system and all files are encrypted.
A ransom note then appears on their screens and the users are asked to pay 0.05 bitcoins within 41 hours to get the decryption key. If the payment is not made on time, then the ransom amount increases and the user is forced to pay more.

Also the hackers behind Bad Rabbit seem to have great interest in Games Of Thrones as one can find trails of Viserion, Rhaegal, Drogon and the other characters based on the servies in the code. Also they select their targets and infect only intended systems.

How To Protect Yourself –

  • Create Shadow Copies – It is possible to recover the files if the shadow copies exist, as the malware does not delete or encrypt them. The files can be recovered through 3rd party utilities or by using Standard Windows Mechanism.
  • Password Protection – Do not use too simple usernames and passwords as they pose a serious threat to cyber security.
  • Software – Ensure that you have Windows Security Bulletins installed on your system.
  • File Extension – To save themselves from the malware users must block the execution of the file ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’
  • Anti-Virus – Install Anti- virus that can protect you against such malevolent malwares.
  • Back Ups – It is important to maintain back-up of all your important files which can be kept either offline or online. Also make sure that you update your systems every now and then.
  • Download From Trusted Sources – Do not execute or download any updates from an untrusted source. Often the ransomware is disguised as an Adobe Flash update but is actually a malware which is injected in the user’s system when once it is downloaded.
  • Restrict User Privileges – Grant minimum user privileges and give administrator rights to trusted employees only.
    It is advisable to take necessary preventive steps well in advance to avoid such cyber-attacks at the first place.

We at Centex Technologies, provide complete IT Infrastructure Security Solutions to Corporates. For details, call Us at (254) 213-4740 .

,

No Comments