Tag Archive for Ransomware

Cryptocurrencies

CryptocurrenciesThe attackers behind last month’s WannaCry ransomware were planning to extort $300 in Monero cryptocurrency to unlock encrypted files. Until this crisis, who had ever heard of Monero? How could you even buy Moneros to unlock your PC, if you wanted to take that chance? More people are probably aware of Bitcoin (BTC). The Visual Capitalist explains that Bitcoin is the original cryptocurrency, and its meteoric rise has made it a mainstay of conversation for investors, media, and technologists alike.

cryptocurrencyDespite its shady history, Bitcoin has spawned over 800 new markets and cryptocurrencies. While Bitcoin is the dominate cryptocurrency, with a market cap of $37.2 billion, the rest of the cryptocurrencies are worth even more, in combination they are worth nearly $40 billion. The leaders of the altcoin movement are:

Ethereum (ETH) launched in 2015, is the second largest by market capitalization. It is also quite different from Bitcoin. The Visual Capitalist explains that while Bitcoin is designed to be a payments protocol first, Ethereum is designed to work as a blockchain-based computing platform for developers to build and deploy decentralized applications, while also enabling smart contracts. The tokens used to power the network are called Ether, but they can also be traded online. At time of writing, Ethereum’s market capitalization is $15.4 billion.

Ripple logoRipple (XRP) is the native currency of the Ripple Protocol – a broader catch-all for an open-source, global exchange according to the Visual Capitalist. Ripple is aiming to be a settlement protocol for major banks, It’s already being used by banks such as Santander, Bank of America Merrill Lynch, UBS, and RBC. Ripple has a market cap of $10.9 billion.

Ethereum Classic (ETC) The Ethereum network actually split into two in 2016.The Visual Capitalist says it’s a complicated situation. You can read about the hack v. hack battle here. Ethereum Classic is based on the original Ethereum blockchain, and has a market capitalization of $1.4 billion.

Litecoin logoLitecoin (LTC) is one of the first altcoins, and it is nearly identical to Bitcoin after being “forked” in 2011. Litecoin aims to process blocks 4x faster than Bitcoin to speed up transaction confirmation time, though this creates several other challenges as well according to the Visual Capitalist. At time of writing, Litecoin’s market capitalization is worth $1.3 billion.

Monero (XMR) is an open-source, privacy-oriented cryptocurrency launched in April 2014. It is the result of a fork of the Bytecoin cryptocurrency According to CoinDesk, Monero is private by default, and it has achieved the widespread adoption of those interested in using cryptocurrencies to remain anonymous. Monero has a market capitalization of $6.2 million.

Coin Market Cap Monero chartThe price of Monero’s XMR has experienced significant volatility at times, climbing more than 1,300% since it began trading on CoinMarketCap. Since its start, the cryptocurrency has fluctuated between roughly $0.25 (in January 2015) and close to $60 (in May 2017).

Monero leverages ring signatures and stealth addresses to obscure the senders and recipients identity. Ring signatures combine or ‘mix’ a user’s account keys with public keys obtained from Monero’s blockchain to create a ‘ring’ of possible signers, meaning outside observers cannot link a signature to a specific user.

Monero logoOriginally, ring signatures obscured the senders and recipients involved in a Monero transaction without hiding the amount transferred. However, an update called RingCT implemented a new ring signature that concealed both the value of each transaction and the senders and recipients identities to make transaction tracking harder.

In addition to leveraging ring signatures, Monero also enhances anonymity through stealth addresses, which are randomly generated, one-time addresses created for each transaction on behalf of the recipient. With this feature, recipients publish a single address and transactions they receive go to separate, unique addresses. As a result, Monero transactions cannot be linked to the published address of the sender or recipient.

By providing a high level of anonymity, Monero offers fungibility, meaning that each individual unit of a currency can be substituted for another. Another way of putting this is that every coin has equal value.

Due to Monero’s untraceable nature, no two coins are distinguishable from one another, and they are both equal in the eyes of merchants. Without this level of fungibility, a vendor that accepts cryptocurrency might refuse a unit of one of these assets because of its past possibly illegal transaction history.

CoinDesk points out that Monero has enjoyed a steady increase in adoption since its release. This adaption seems to be led by Dark web marketplaces like AlphaBay and Oasis which have embraced it, reportedly due to popular demand.

For those who want to purchase Monero’s, to pay a ransom or for other reasons, can purchase them at an exchange. The Monero market operates like that of many other cryptocurrencies. Those interested in buying the cryptocurrency can get it through exchanges including Poloniex, Bitfinex and Kraken.

Bitfinex, offers XMR/USD and XMR/BTC exchanges along with deposits and withdrawals of Monero. Kraken offers the same options as Bitfinex as well as XMR/EUR.

Other cryptocurrencies in the altcoin universe include NEM, Dash, ByteCoin and Golem.

rb-

If the fraudsters who set off the WannaCry crisis were expecting to make a fortune in cryptocurrenncy, it didn’t work. Apparently there have only made approx. BTC 50.91735344 or just under $150,000 on 320 payments world-wide according to a twitter bot actual_ransom from @collinskeith which is watching the bitcoin wallets tied to the ransomware attack.

I dunno know – Until somehow cryptocurrencies break their implied link to illegal activities online, they will be relegated to the black market. 

The value of cryptocurrencies are really hard to pin down because no one really knows how much they should be worth. Unlike a company there are no assets or revenues that can be used to assess a predictable valuation. So they are subject to wide swings in valuations because they operate without any tangible value behind it.

The underlying technology of blockchain seems to have a brighter future

 

Related articles

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

 

Visual Capitalist The Coin Universe Keeps Expanding

Schools Face RansomWare Risk

Schools Face RansomWare RisKMore than 2,000 machines at K12 schools are infected with a backdoor in unpatched versions of JBoss that could be used at any moment to install ransomware such as Samsam. TargetTech defines ransomware as malware designed for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment in Bitcoins for the decryption key.

TolosRansomware has typically been spread through drive-by downloads or spam emails with malicious attachments. One of the latest victims of Samsam was MedStar Health, a not-for-profit organization that runs 10 hospitals in the Washington, D.C., area.

PCWorld reports that the Cisco (CSCO) Talos threat-intelligence organization, announced that roughly 3.2 million machines worldwide are at risk. The article says that many of those already infected run Follett’s Destiny library-management software, used by K12 schools worldwide. According to Cisco, Follett responded quickly to the vulnerability,”Follett identified the issue and immediately took actions to address and close the vulnerability”.

JBossIn a presser, Follett offers patches for systems running version 9.0 to 13.5 of its software and says it will help remove any backdoors. The author states that Follett technical support staff will reach out to customers found to have suspicious files on their systems. Follett even offers SNORT detection rules on the presser page.

Snort is a highly regarded open-source, freeware network monitoring too which detects attack methods, including denial of service, buffer overflow, CGI attacks, stealth portscans, and SMB probes. When suspicious behavior is detected, Snort sends a real-time alert to syslog, a separate ‘alerts’ file, or to a pop-up window.

BitcoinJBoss the vulnerable underlying system is described as an open-source Red Hat product which serves as an application server written in Java that can host business components developed in Java. Essentially, JBOSS is an open source implementation of J2EE that relies on the Enterprise JavaBeans specification for functionality.

PCWorld reports that compromised JBoss servers typically contain more than one Web shell. Talos advises that it is important to review the contents of a server’s jobs status page. “This implies that many of these systems have been compromised several times by different actors,” the company said.

Backup your filesWeb shells are scripts that indicate an attacker has already compromised a server and can remotely control it. The list of those associated with this exploit are listed in Talos’s blog post.

Companies that find a Web shell installed should begin by removing external access to the server, Talos said in the article. The security firm recommends quick action.

Ideally, you would also re-image the system and install updated versions of the software … If for some reason you are unable to rebuild completely, the next best option would be to restore from a backup prior to the compromise and then upgrade the server to a non-vulnerable version before returning it to production.

rb-

I have worked with a number of customers on their library automation projects. The cost of these systems is as usual in the data. There is a great deal of time and effort that goes into creating the proper MARC records, especially for books that are out of print and kiddie books. If these files get locked up by the ransomware, the system is useless and expensive to replace.

K12 schools are notoriously cheap, but the advise is the same as always,

  1. Keep your software UP TO DATE
  2. Use a real virus scanner on your servers and administrative stations
  3. Back Up – Back Up – Back Up – With a good backup, you can just blow the machine away, re-install and restore the data. and be back in business.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

9 Emails You Should Never Open

9 Emails You Should Never OpenThe increasing pace of life coupled with mobile computing which bombard us with messages, from more sources and across more devices than ever before has created what Proofpoint calls a generation of trigger-happy clickers.

CybercriminalsTrigger-happy clickers are falling more and more for fake emails from cybercriminals. These fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link according to the article. To put that into context a legitimate marketing department typically expects <2% click rate on their advertising campaigns.

So, despite the best efforts of security professional, too many people are still falling prey to email scams at home and work. Whether it’s a get-rich-quick scheme or a sophisticated spearphishing attack, here are some emails to steer clear of:

1. The government scam. These emails look as if they come from government agencies, such as the IRS, FBI, or CIA. If these TLA’s want to get a hold of you, it won’t be through email.

Facebook friends2. The “long-lost friend.” This scammer tries to make you think you know them, but it might also be a contact of yours that was hacked.

3. The billing issue. These emails typically come in the form of legitimate-looking communications. If you catch one of these, log into your member account on the website or call the call center.

4. The expiration date. A company claims your account is about to expire, and you must sign in to keep your data. Again, sign in directly to the member website instead of clicking a link in the email.

Fake anit-virus5. You’re infected. A message claims you’re infected with a virus. Simple fix: Just run your antivirus and check. In a recent twist, scammers claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.

Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans, and send alarming messages to try to convince you that your computer is infected with malware. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.

But wait it gets worse – If you paid for their “tech support” you could later get a call about a refund. The refund scam works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund.

Or the caller may say that the company is going out of business and providing refunds for “warranties” and other services.

The scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account.

Foreign lottery6. You’ve won. Claims you won a contest you never entered. You’re not that lucky; delete it. It’s illegal to play a foreign lottery. Any letter or email from a lottery or sweepstakes that asks you to pay taxes, fees, shipping, or insurance to claim your prize is a scam.

Some scammers ask you to send the money through a wire transfer. That’s because wire transfers are efficient: your money is transferred and available for pick up very quickly. Once it’s transferred, it’s gone. Others ask you to send a check or pay for your supposed winnings with a credit card. The reason: they use your bank account numbers to withdraw funds without your approval, or your credit card numbers to run up charges.

7. The bank notification. An email claiming some type of deposit or withdrawal. Give the bank a call to be safe.

Scams8. Playing the victim. These emails make you out to be the bad guy and claim you hurt them in some way. Ignore.

9. The security check. A very common phishing scam where a company just wants you to “verify your account.” Companies almost never ask you to do this via email.

What To Do Instead of Clicking Links

In the case of your bank or other institution, just go to the website yourself and log in. Type in the address manually in the browser or click your bookmark. That way you can see if there’s something that needs taken care of without the risk of ending up on a phishing site.

In the case of your friend’s email, chances are that they copied/pasted the link into the message. That means you can see the full address. You can just copy/paste the address into the browser yourself without clicking anything. Of course, before doing that make sure you recognize the website and that it’s not misspelled.

Proofpoint’s bottom line is that unless you explicitly know and trust it, avoid it. That’s all there is to it. Make this a habit and you can avoid one of the biggest mistakes in internet safety.

 

Ralph Bach has been in IT for over fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

What is Ransomware?

What is Ransomware?Ransomware, is a nasty form of malware, also known as data kidnapping that locks up your computer by encrypting the your data and then demanding you pay a fee, usually in Bitcoins, for the decryption key which may unlock your files. Ransonware can be terrifying after all, we rely so completely these days on our PCs that to stare helplessly at yours—often with a racy image on the screen—is frustrating and crippling to your productivity.

The cyber criminals may use one of several tactics to extort money from their victims:

1. After a victim discovers he cannot open a file, he receives an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if the ransom is not paid by a certain date, the private key will be destroyed and the data will be lost forever.

2. The victim is duped into believing he is the subject of an police inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.

3. The attackers sneaks malware on to a computer, usually by a drive-by download, which encrypts the victim’s data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites.

Here are tips that cut your risk of becoming a victim.

Malware1. Avoid sketchy websites, searches, and downloads. You know the old expression “You can’t cheat an honest man”? Well, many (though not all) ransomware infections begin when a user surfs to pornographic or gambling websites, while others start with a click on a suspicious link. Steer clear of sites known to house malware, and never click a link in an email unless you know it is legit.

2. Back up your data. Experts stress that the single biggest thing that will defeat ransomware is having a regularly updated backup. That way, if you are beset by ransomware, you can restore your system while losing relatively little work.

Update your computer3. Update your software regularly. Ransomware, like most malware threats, may sneak onto your PC through a known flaw in your operating system or other software program. And hackers often rely on people running outdated software with those known vulnerabilities. You can definitely decrease the potential for ransomware if you make a practice of updating your software often.

4. Use a reputable security suite. It is always a good idea to have both anti-malware software and a firewall to help you identify threats or suspicious behavior. Malware authors often send out new variants, to try to avoid detection, which is why it’s important to have both layers of protection.

Anti-malware vendor Webroot provided this infographic that shows the  prevalence of ransomware and the methods IT professionals use to deal with it.

Webroot Ransomwear infographic

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Internet of Things Full of Holes

Internet of Things Full of HolesThe Internet of Things, is big and heading towards huge. The Internet of Things (IoT) is a system where unique identifiers are assigned to  objects, animals or people. These “Things” then transfer data over a network without requiring human-to-human or human-to-computer interaction. Whatis.com says IoT evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS) and the Internet.

BI IoT device prediction Business Insider believes that the IoT will be the biggest thing since sliced bread. They claim there are 1.9 billion IoT devices today, and 9 billion by 2018, which roughly equal to the number of smartphones, smart TVs, tablets, wearable computers, and PCs combined. Gartner (IT) predicts that there will be 26 billion IoT devices by 2020. Based on a recent article on InfoSecurity Magazine is a very scary thing.

The InfoSecurity article says HP (HPQ) found 70% of the most common IoT devices have security vulnerabilities. HP used its Fortify On Demand testing service to uncover the security flaws. HP detected flaws in IoT devices like TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers as well as their cloud and mobile app elements according to the new  study.

HP then tested them with manual and automated tools HP then tested them with manual and automated tools and assessed their security rating according to the vendor neutral OWASP Internet of Things Top 10 list of vulnerability areas. The author concludes that the results raised significant concerns about user privacy and the potential for attackers to exploit the devices and their cloud and app elements. Some of the results are:

  • A total of 250 security concerns were uncovered across all tested devices, which boils down to 25 on average per device,
  • 90% of devices collected at least one piece of personal information via the device, the cloud or its mobile application,
  • 80% of devices studied allowed weak passwords like 1234 opening the door for WiFi-sniffing hackers,
  • 80% raised privacy concerns about the sheer amount of personal data being collected,
  • 70% of the devices analyzed failed to use encryption for communicating with the Internet and local network,
  • 60% had cross-site scripting or other flaws in their web interface vulnerable to a range of issues such as the Heartbleed SSL vulnerability, persistent XSS (cross-site scripting), poor session management and weak default credentials,
  • 60% didn’t use encryption when downloading software updates.

Mike Armistead, VP & General Manager, HP Fortify, explained that IoT opens IoT opens avenues for the attackersavenues for the attackers.

While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface … With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.

HP urged device manufacturers to eliminate the “lower hanging fruit” of common vulnerabilities. They recommend manufacturers, “Implement security … so that security is automatically baked in to your product … Updates to your product’s software are extremely important.”

Antti Tikkanen, director of security response at F-Secure, told InfoSecurity said the problems HP uncovered in this report were just the tip of the iceberg for IoT security risks.

One problem that I see is that while people may be used to taking care of the security of their computers, they are used to having their toaster ‘just work’ and would not think of making sure the software is up-to-date and the firewall is configured correctly … At the same time, the criminals will definitely find ways to monetize the vulnerabilities. Your television may be mining for Bitcoins sooner than you think, and ransomware in your home automation system sounds surprisingly efficient for the bad guys.

rb-

I covered the threats that IoT or “smart” devices presented back in 2012. I don’t know where HP (or the rest of the security community) have been.

The current generation of “smart” devices do not seem to have any security. Most likely the manufacturer did not consider basic security or worse calculated it was better to ignore secure design in their rush to gain market share.

It is also annoying that HP did not reveal the details on the products they tested.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.