Posts Tagged Cybersecurity

Understanding Clop Ransomware

Clop is a ransomware-type virus that belongs to the CryptoMix family. The word ‘Clop’ itself means ‘bug’ in Russian. The virus is mostly aimed at English-speaking users and tends to target complete networks instead of individual users.

Clop ransomware infects systems running on the Microsoft Windows platform. It has been designed to encrypt data and rename every file by appending the ‘.clop’ extension. After successful encryption of files, Clop generates a text file containing the ransom message and places its copy in every existing folder. Another unique character of Clop ransomware is the string ‘Dont Worry C|0P’ included in the ransom note. The decryption keys are stored on a remote server controlled by cyber criminals. This makes it necessary for every victim to pay the ransom in order to get the decryption key.

What Is The Payload Used For Clop Ransomware?

Transmission:

The Clop ransomware is distributed in the form of an executable that has been a code-signed digital signature. It makes the executable appear more legitimate and helps it in bypassing the system security.

The virus infection is spread through a macro or JavaScript attachment in a spam email. Sometimes, the virus may be delivered as a downloadable link in an email. Other ways of spreading the Clop ransomware include exploit kits, malwertizement, and compromised websites.

Execution:

After infection, the virus first stops the Windows services and programs to ensure the disabling of antivirus software such as Windows Defender etc. Additionally, it closes all the files so that they are ready for encryption. For disabling the Windows Defender, the virus configures various Registry values that disable behavior monitoring, real time protection, sample uploading to Microsoft, Tamper protection, cloud detections, and antispyware detections. In the case of older computer systems, Clop uninstalls Microsoft Security Essentials to surpass the security.

After terminating processes, it creates a batch file, which is executed soon after the ransomware is launched. The batch file disables windows automatic Startup repair. The ransomware then starts encrypting the files on the victim system and adds the ‘.Clop’ extension to the name of encrypted files.

The ransom note is created under the name ‘ClopReadMe.txt’ and a copy is placed in every folder.

How To Stay Protected?

  • Use an updated version of antivirus.
  • Scan the spammed mails.
  • Avoid clicking on unidentified links, advertizement or websites.
  • Create regular backups of the files.

For more information on how to secure your network for various threats, contact Centex Technologies at (254) 213 – 4740.

 

, , , ,

No Comments

Things To Know About Online Coronavirus Scams

The sudden outbreak of Coronavirus infection has taken the world by surprise. In order to fight against the disease, people are trying to keep themselves updated on any news related to the same. However, cybercriminals are using this as an opportunity to lure people into their scams.

Here is a concise guide to help you understand more about online Coronavirus scams:

What Is A Coronavirus Scam?

Coronavirus scams are similar to other malware scams. The attackers trick the users into opening infected documents and files under the pretext of offering more information about the virus. Once a user clicks to open these files, the malware is downloaded and installed.

What Are The Commonly Used Pretexts?

The scammers may pose as healthcare officials and offer information related to symptoms or prevention of the coronavirus infection. Alternatively, some scams use the disguise of documents offering update information on the number of infection cases or death tolls across the globe. The scammers use threat headlines that state the viral infection has spread to the victim’s home city and motivate the victim to enter his details for reading more information.

Some scammers are preying on the people’s willingness to provide support to infected patients. Such scam emails may be titled “URGENT: Coronavirus Spreads – Can we count on your support today?”

How Do These Scams Operate?

There are two main types of scams being launched by cybercriminals: Email scams and website scams.

  • Email Scams: The scammers send out emails that may offer more information about the coronavirus infection or provide a link to donate for supporting the affected patients. In either case, the email includes a disguised link for further information. The link usually starts with ‘HXXP’ instead of ‘HTTP/ HTTPS’. Once the victim clicks on the link, it opens a form or application page. This form is programmed with malicious code to steal personal information and credit card details.
  • Website Scams: A simple example of a website based scam was recently discovered. The website purported to provide an updated number of coronavirus cases on a global map. However, it was embedded with an info-stealer. The code had a hidden file with the name ‘corona.exe’. Further research indicated that this malware is a variant of the malware AzoreUlt.

Irrespective of the mode of infection (email or website), the malware is focused on stealing personal information or gaining remote access to the victim’s computer system.

How To Secure Yourself Against Coronavirus Scams?

  • If you receive an email, check the sender’s email domain and other URLs included in the email to see if they match the name of the organization that the sender claims to be associated with. You should not be clicking on the URLs without verifying the geniunity.
  • Be wary of login pages with unfamiliar URLs.
  • Instead of clicking any hyperlinks provided in the email, copy and paste the URLs into your browser.
  • If any email or website creates a pressure on you to act immediately, refrain from it.

For more information on Online Scams and how to stay alert, call Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

Points To Consider While Securing MSPs

PDF Version: Points-To-Consider-While-Securing-MSPs

, , ,

No Comments

Marketing Your Brand In A Cyber-Secure Way

With a rising number of social media users across the globe, social media has become a popular marketing platform among organizations. It allows marketing professionals to reach out to a wide spectrum of customers and customize their campaigns accordingly. Despite an array of benefits offered by social media or digital marketing, businesses need to be very cautious before moving along this path.

Main reason behind the required caution is that social media marketing is susceptible to cyber threats. Lack of thorough consideration and security may lead to damaged brand image, loss of data, alienated customers and financial loss.

Following are some points to consider to market your brand in a cyber-secure way:

Be Cautious Of Who Manages Your Social Accounts: Careless handling of social media accounts can lead to both financial as well as credibility damages. A popular example of social account mishandling is the hacking of the Burger King social media account in 2013. The attackers hacked the twitter account of Burger King and changed its profile picture to McDonald’s logo. You would certainly not want your customers to think of your competitor when viewing your account or advertizement. In addition to harming your reputation, a hacked social media account results in leakage of your customer’s data such as social media username/password. For securing your brand’s accounts, assign a dedicated admin to a social media account, set up a secure password and limit access to intruders.

Careful Posting: Create guidelines for governing social media posting on behalf of your organization. The guidelines should clearly state the kind of content to be shared, the type of wording that can’t be used, and the information that needs to be kept confidential. Also, make sure that any link shared by or to your account is secure. Establish a verification process for every post before uploading it on your social media account.

Manage Vulnerabilities: Make it a point to take care of in-house vulnerabilities. Although social media can act as a gateway for social media hackers, you can stop the hackers if your company has additional security. For managing in-house vulnerabilities, take account of the following steps:

  • Update your firewall and antivirus software regularly.
  • Make sure that your servers are updated and encrypted.
  • Back up your data on an off-shore location or cloud.

Educate your employees on following proper security measures while posting on the company’s social media posts using a mobile device.

To know more about how to keep your applications secure, contact Centex Technologies at (254) 213 – 4740.

, , ,

No Comments

Tech Support Scams: Everything You Need To Know

Tech Support Scams is a million-dollar industry that is known to be existing since 2008 and is at its all-time peak. It targets innocent people into spending hundreds of dollars by tricking them with non-existent computer problems. In order to secure yourself from ever-rising Tech Support Scams, it is important to understand what these scams are and how do they operate.

What Are Tech Support Scams?

Tech support scams trick people by making them believe that their computers have encountered a technical problem. The scammers motivate the victims to make a payment in order to get rid of the problem.

How Do Tech Support Scams Operate?

The tech scammers implement a variety of tricks to target the victim. Following are some of the common ways used by the scammers:

  • Cold Calls From Fake Agents: The scammers operate from discrete locations and call random numbers from a phone directory. The scammers use VoIP technology to hide their actual number and location. They pose as technical agents from software companies such as Microsoft, Windows, etc. They take control of the victim’s computer and send fake error reports. Once the victim is convinced, they collect money for mending the error. The best way to secure yourself against these scams is to ignore such fake calls.
  • Toll-Free Numbers From Fraudulent Tech Support Companies: These companies advertize heavily on popular search engines or heavy traffic websites to build trust and attract customers. Once a customer calls these technicians for a minor service such as software activation, these technicians introduce fake pop-ups on the customer’s computer stating that the system is infected. Thus, the customer ends up paying hundreds of dollars for ‘Windows Support’. In order to protect yourself from such scammers, it is imperative to be careful while choosing a technician or tech support company.
  • Screenlockers: This method has gained popularity recently. The scammers spread malware with the purpose of locking the user out of his own system. The malware poses as an installer for legitimate software. Once installed it may either result in a ‘Blue Screen Of Death’ or show a message that you are using an expired software. In the case of BSOD, the screen will show a few numbers for seeking help. If the message indicates an expired software, it will ask for a license key. The message may include a number and some links for popular remote assistance sites/software such as TeamViewer. The scammers ask the user to install the software and share the access id in lieu of gaining access to rectify your computer’s problem. The underlying motive is to sell you overpriced solutions and ‘service contracts’.

What To Do If You Have Given Access To The Scammers?

In case you have already granted remote access to the scammers, follow these steps to reduce the impact of the scam:

  • Revoke the access or restart your system to expire the session and remove the scammers from your system.
  • Run a malware scan as the scammers may have installed malicious software like password stealers in your system.
  • Change all your passwords and update your security protocol.
  • Run a ‘System Restore’ to restore any missing files or software from your system.

For more information on new Tech Support Scams, call Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments