Posts Tagged Web Security

Understanding Clop Ransomware

Clop is a ransomware-type virus that belongs to the CryptoMix family. The word ‘Clop’ itself means ‘bug’ in Russian. The virus is mostly aimed at English-speaking users and tends to target complete networks instead of individual users.

Clop ransomware infects systems running on the Microsoft Windows platform. It has been designed to encrypt data and rename every file by appending the ‘.clop’ extension. After successful encryption of files, Clop generates a text file containing the ransom message and places its copy in every existing folder. Another unique character of Clop ransomware is the string ‘Dont Worry C|0P’ included in the ransom note. The decryption keys are stored on a remote server controlled by cyber criminals. This makes it necessary for every victim to pay the ransom in order to get the decryption key.

What Is The Payload Used For Clop Ransomware?

Transmission:

The Clop ransomware is distributed in the form of an executable that has been a code-signed digital signature. It makes the executable appear more legitimate and helps it in bypassing the system security.

The virus infection is spread through a macro or JavaScript attachment in a spam email. Sometimes, the virus may be delivered as a downloadable link in an email. Other ways of spreading the Clop ransomware include exploit kits, malwertizement, and compromised websites.

Execution:

After infection, the virus first stops the Windows services and programs to ensure the disabling of antivirus software such as Windows Defender etc. Additionally, it closes all the files so that they are ready for encryption. For disabling the Windows Defender, the virus configures various Registry values that disable behavior monitoring, real time protection, sample uploading to Microsoft, Tamper protection, cloud detections, and antispyware detections. In the case of older computer systems, Clop uninstalls Microsoft Security Essentials to surpass the security.

After terminating processes, it creates a batch file, which is executed soon after the ransomware is launched. The batch file disables windows automatic Startup repair. The ransomware then starts encrypting the files on the victim system and adds the ‘.Clop’ extension to the name of encrypted files.

The ransom note is created under the name ‘ClopReadMe.txt’ and a copy is placed in every folder.

How To Stay Protected?

  • Use an updated version of antivirus.
  • Scan the spammed mails.
  • Avoid clicking on unidentified links, advertizement or websites.
  • Create regular backups of the files.

For more information on how to secure your network for various threats, contact Centex Technologies at (254) 213 – 4740.

 

, , , ,

No Comments

Common Website Security Issues

September 29, 2016

Website security is one of the major issues faced by businesses of all sizes. Even a minor mistake in website coding may increase the risk of unauthorized access by the hackers. Without proper security measures in place, there are higher chances that the database may be manipulated or the hacker may infiltrate the restricted parts of the website.

Listed below are some common website security issues that business owners need to watch out:

SQL Injection

Structured Query Language (SQL) injection is one of the most prevalent attack vectors used by the cybercriminals. In this, a malicious code is injected to delete important data, steal payment card details, insert spam links into your website or alter sensitive information stored in the back-end database.

Cross-Site Scripting (XSS)

It can be defined as a technique in which the hackers inject a malicious client-side script, usually JavaScript, directly into the website. Once the user visits the infected URL, the code gets executed and allows the hacker with access to the browser’s session tokens as well as cookies or redirect the user to other malicious websites.

Cookie Tampering

Cookies are a vital part of website development that allow users to log in to a website, view personalized ads and promotional offers as well as manage items in a shopping cart. Cookies can also be tampered or hijacked by the cybercriminals to create fake user accounts and capture information of the logged in users. This can ultimately evoke serious consequences for your website, particularly if you do not have any set criterion to validate cookies.

Cross-Site Request Forgery (CSRF)

In a cross-site request forgery, the user is tricked to perform a malicious action when he is logged in to the website. The attack mainly involves two stages – attracting the logged-in users to another malicious website and using their online identity to post spam comments or collect confidential data. Social media websites, online banking portals and web-based email clients are the most common targets for a cross-site request forgery.

Email Form Header Injection

This form of vulnerability is not much common and often overlooked by web developers. It occurs when the hacker injects a malicious code into the website’s contact form to send out bulk emails. This can eventually cause your website, email address and web server to be blacklisted for sending spam emails.

Contact Centex Technologies for complete website security solutions for your business firm in Central Texas.  We can be reached at (855) 375 – 9654.

,

No Comments