Ransomware attack forces Michigan utility to shut down systems, phone lines, email

Last week was a busy week when it comes to ransomware. New victims included a utility company, visitors to a toymaker’s website, pirates sailing The Pirate Bay and many more. Some cyber crooks are now demanding gift cards for ransom instead of bitcoin.

While it wasn’t all bad news, there are new decryptors and detectors, the FBI published a new warning about the proliferation of increasingly sophisticated ransomware campaigns.

Utility company hit with ransomware

Lansing Board of Water & Light (BWL), a Michigan municipal utility, was hit with ransomware after an employee opened an email that had a malicious attachment. The ransomware spread, encrypting files on other computers on the internal network. BWL shut down its accounting system, email service for 250 employees and “phone lines,” including the customer assistance line for account inquiries and the line for reporting outages. “Printers and other technology” were also affected.

BWL General Manager Dick Peffley described the “virus” as “brand spanking new,” which is why up-to-date antivirus software didn’t quarantine it. The utility company learned that only three antivirus solutions could even detect this variant of crypto-ransomware.

Trent Atkins, BWL Director of Emergency Management, added, “This was a very sophisticated virus that blew right through a number of our security systems.”

Peffley also said, “In my time at the board of 40 years, I’ve never seen anything like it. Our time keeping, phones, computers, printers, everything that it takes to do the administrative work that the BWL does right now is shut down.”

At first BWL would not admit it was hit by ransomware, but later Peffley admitted the “virus” was ransomware. He declined to say what ransom was demanded allegedly because the Michigan State Police Crime Unit and the FBI were still investigating. BWL assured customers that “no personal information has been compromised.”

Toymaker website and The Pirate Bay serving up ransomware

Also last week, Malwarebytes reported the website for toymaker Maisto was serving up CryptXXX ransomware. That occurred a few days after Malwarebytes said The Pirate Bay was serving up Cerber ransomware via malvertising.

MalwareTech said there is a “huge” list of U.S. organizations, such as police departments, state governments and universities, showing up in a Cerber ransomware tracker.

NBC News took a look at police departments increasingly being hit with ransomware—even if law enforcement agency victims are trying to fly under the radar and keep the infection out of news. One police chief admitted his department had still been running DOS when it became a ransomware victim.

4 new ransomware variants

Proofpoint researchers warned, “The sheer number of new ransomware variants that have emerged in the wild in 2016 increases the chances that both businesses and individuals will encounter this type of malware.”

Proofpoint focused on four specific new ransomware variants—CryptFile2, ROI Locker, BrLock and MM Locker—to highlight code reuse and the growing global ransomware market. MM Locker comes with an interesting message to convince victims there is no choice but to pay the ransom and how to prevent future infections.

Rise of the gift card ransom demand

After Blue Coat researchers discovered “Dogspectus” ransomware targeting Android devices and demanding $200 in iTunes gift cards, ransomware thugs must have liked the gift card ransom idea. A few days later, AVG malware analyst Jakub Kroustek discovered “TrueCrypter” ransomware that accepts $115 in Amazon gift cards or .2 bitcoin. Fortunately, BleepingComputer reported that victims can easily decrypt their files by clicking on the TrueCrypter pay button. The newly discovered Alpha ransomware demands $400 in iTunes gifts cards, but there is already a decryptor available for victims.

Detect OS X ransomware, decrypt CryptXXX and TrueCrypter

The ransomware week in review was not all bad news, such as the TrueCrypter flaw that victims can take advantage of to decrypt their files for free. Synack security researcher Patrick Wardle released “RansomWhere?”—a generic OS X ransomware detector. Kaspersky updated its RannohDecryptor tool so it can now also decrypt CryptXXX ransomware.

The flipside is that ransomware is running so rampant and becoming so increasingly sophisticated that the FBI released a new warning. It also explained how ransomware can be delivered via malvertisting instead merely through email. The article includes tips on how to avoid becoming a victim in the first place.

Source: http://www.networkworld.com/article/3063773/security/michigan-utility-shuts-down-systems-phone-lines-email-after-ransomware-attack.html?utm_content=buffere3097&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer#tk.rss_all

 

Categories: Application Security, Cybercrime, Data Privacy, Data Protection, Encryption, hacking, Infection, Internet Safety, Malware, Ransomware, SecureData, Technology, Uncategorized | Tags: Cybercrime, cyberdefense, cybersecurity, Hacked, hacking, Malware, ransomware, SecureData, Technology, Zero-Day | Permalink.

Mac ransomware caught before large number of computers infected

Article by Jim Finkle: http://finance.yahoo.com/news/apple-users-targeted-first-known-000918865.html#

(Reuters) – The first known ransomware attack on Apple Inc’s (AAPL.O) Mac computers, which was discovered over the weekend, was downloaded more than 6,000 times before the threat was contained, according to a developer whose product was tainted with the malicious software.

Hackers infected Macs with the “KeRanger” ransomware through a tainted copy of Transmission, a popular program for transferring data through the BitTorrent peer-to-peer file sharing network.

So-called ransomware is a type of malicious software that restricts access to a computer system in some way and demands the user pay a ransom to the malware operators to remove the restriction.

KeRanger, which locks data on Macs so users cannot access it, was downloaded about 6,500 times before Apple and developers were able to thwart the threat, said John Clay, a representative for the open-source Transmission project.

That is small compared to the number of ransomware attacks on computers running Microsoft Corp’s (MSFT.O) Windows operating system. Cyber security firm Symantec Corp (SYMC.O) observed some 8.8 million attacks in 2014 alone.

Still, cyber security experts said they expect to see more attacks on Macs as the KeRanger hackers and other groups look for new ways to infect Mac computers.

“It’s a small number but these things always start small and ramp up huge,” said Fidelis Cybersecurity threat systems manager John Bambenek. “There’s a lot of Mac users out there and a lot of money to be made.”

Symantec, which sells anti-virus software for Macs, warned on its blog that “Mac users should not be complacent.” The post offered tips on protecting against ransomware. (symc.ly/1puolix)

The Transmission project provided few details about how the attack was launched.

“The normal disk image (was) replaced by the compromised one” after the project’s main server was hacked, said Clay.

View gallery

An Apple iPhone is pictured next to the logo of Apple in Bordeaux, southwestern France, February 26, …

He added that “security on the server has since been increased” and that the group was in “frequent contact” with Apple as well as Palo Alto Networks, which discovered the ransomware on Friday and immediately notified Apple and Transmission.

An Apple representative said the company quickly took steps over the weekend to prevent further infections by revoking a digital certificate that enabled the rogue software to install on Macs.

Transmission responded by removing the malicious 2.90 version of its software from its website (www.transmissionbt.com). On Sunday, it released version 2.92, which its website says automatically removes the ransomware from infected Macs.

Forbes earlier reported on the number of KeRanger downloads, citing Clay.

(Reporting by Jim Finkle; Editing by Cynthia Osterman and Bill Rigby)

Source: http://finance.yahoo.com/news/apple-users-targeted-first-known-000918865.html#

Categories: Apple, Application Security, Cybercrime, Data Privacy, Data Protection, Device Security, hacking, Malware, Ransomware, SecureData, Security, Uncategorized | Tags: Cybercrime, cyberdefense, cybersecurity, Hacked, hacking, Malware, ransomware, SecureData | Permalink.

LA Hospital Hit By Ransomware Pays Hackers $17,000

We are seeing a massive rise in the amount of Ransomware attacks, and although security controls can be implemented to mitigate the risk, once you are hit it is often too late.

Be proactive and not reactive. Give us a call or pop us an email if you need assistance.

Here is an article of yet another target, this time its the Hollywood Presbyterian Medical Center:

After its computer system got taken over by hackers, the Hollywood Presbyterian Medical Center in Los Angeles has decided to pay a ransom of $17,000 in order to regain access.

The hospital was hit by ransomware — malicious software that locks computer systems until a ransom is paid to unlock it.

Media reports says the hackers were demanding the hospital to pay them 9,000 Bitcoins or about $3.4 million, but CEO and President Allen Stefanek confirmed [pdf] these were false. In the end, the hospital shelled out $17,000, which is equivalent to 40 Bitcoins.

Payment using Bitcoins require a particular level of anonymity, and they’re described as an “anonymous” form of currency.

Unfortunately, the Hollywood Presbyterian Medical Center is not the first institution hit by ransomware. Based on reports, ransomware attacks have become increasingly common in latest years.

Since January 2013, there had been 100,000 cases of recorded ransomware attacks. By the end of that year, the number skyrocketed to 600,000, according to antivirus software creator Symantec.

Apparently, hackers are moving from attacking individuals to targeting major institutions and companies.

Last year, a police department in Maine paid $300 to unlock hacked files. Boston-area police also paid $500 after their systems were hijacked by a computer virus.

Ryan Kalembar, senior vice president for cybersecurity strategy at Proofpoint, said the hack itself is a simple three-step process.

He said hackers send what appears like routine email — be it an invoice or a bill —with an attached file such as a Word document.

“People click on that,” said Kalembar. “They always click on it.”

By clicking on the attached document, an “enable content” yellow bar pops up. If that is clicked on, the malicious software starts to lock files with a password or key that cyber criminals or attackers hold.

RSA Network security senior director Peter Tran said Bitcoin is relatively untraceable and completely unregulated.

“We’ve moved beyond leaving a suitcase of money dropped onto a park bench and moving into more sophisticated means of taking people’s information hostage and asking for money,” said Tran.

Meanwhile, Kalembar said the hospital’s decision was the easy choice, but he wouldn’t consider it as the right one.

By surrendering to the hackers’ demands, the hospital finds itself in an awkward position of channeling funds into a potentially organized crime, he said.

“We’ve seen even terror groups finance their organizations by using operations like cybercrime and ransomware,” added Kalembar.

However, Tran somehow disagrees. He said that when a person is held hostage, the negotiators would typically say that it isn’t right to pay the ransom.

“With this kind of hack, you don’t have that kind of time,” said Tran. “The complete footprint of your entire life is being held for ransom. All of your information.”

Tran said they are moving towards more risk-based profile authentication and layering authentication — not just multi-factor authentication — to safeguard systems against attacks.

Article source: http://www.techtimes.com/articles/135310/20160222/la-hospital-hit-by-ransomware-pays-hackers-17-000-is-it-the-right-choice.htm

By Alyssa Navarro, Tech Times | February 22, 11:53 PM

Categories: Cybercrime, Data Protection, Encryption, hacking, Internet Safety, Malware, News, Ransomware, SecureData, Security, Targeted Attack, Threat Provention, Uncategorized | Tags: Cybercrime, cyberdefense, cybersecurity, Hacked, Malware, ransomware, SecureData | Permalink.

Don’t give in to ransomware – prepare your system

Ransomware is an increasingly popular way for malware authors to extort money from people, so a properly prepared system is critical.

Ransomware is malicious software that cyber criminals use to hold a user’s computer for ransom, demanding payment in order for the user to get control back, says Nathan Loftie-Eaton, Security Specialist at ESET South Africa.

Ransomware gets onto a victim’s machine through social engineering tactics or using software vulnerabilities to silently install.

A ransomware threat making headlines is Cryptolocker, which spread quickly via email and affects a user’s files that are on drives which are “mapped” or assigned a drive letter (e.g. D:, E:, F: ).

This includes external hard drives, USB drives, or a folder on the network or in the Cloud.

Paying the criminals may get your data back, but there are cases where the decryption key isn’t sent or doesn’t work.

Currently, tens of thousands of machines have been affected – with the criminals sending millions of emails.

What can you do about it?

Ransomware is intimidating, and encrypted files can be considered damaged beyond repair.

But if you have prepared your system, it is nothing more than a nuisance.

Here are a few tips on how to negate the threat of ransomware.

1. Backup

Having a regularly updated backup is step one.

If you are attacked with ransomware you may lose work-in-progress documents, but you can restore your system to an earlier snapshot.

Use an external drive or backup service, one that is not assigned a drive letter or is disconnected when not in use.

2. Show hidden file extensions

Ransomware frequently arrives in a file that is named “.pdf.exe”, counting on Window’s default behaviour of hiding known file extensions.

Disable the hiding of known file extensions option, making it easier to spot suspicious files.

3. Filter .exe in email

If your gateway mail scanner has the ability to filter files by extension, you may want to to deny mails sent with “.exe” files.

Also deny files that have two file extensions, the last one being executable (“*.*.exe” files, in filter-speak).

If you need to exchange executable files, you can do so with ZIP files or via cloud services.

4. Disable files running from AppData/LocalAppData folders

You can create rules within Windows or with intrusion prevention software to disallow behaviour used by Cryptolocker, which is to run its executable from the App Data or Local App Data folders.

If you have legitimate software that runs from the App Data area, you need to exclude it from this rule.

5. Use the Cryptolocker Prevention Kit

The Cryptolocker Prevention Kit is a tool created by Third Tier that automates the process of making a Group Policy to disable files running from the App Data and Local App Data folders.

It also disables executable files running from the Temp directory of unzipping utilities. Exemptions to these rules can be created.

This tool is updated as new techniques are discovered for Cryptolocker, so make sure you have the latest version.

6. Disable RDP

The Cryptolocker/Filecoder malware often accesses machines using Remote Desktop Protocol (RDP), a Windows utility that allows others to access your desktop remotely.

If you do not require the use of RDP, disable it to protect your machine from Filecoder and other RDP exploits.

7. Patch or Update your software

Malware authors rely on people running outdated software with known vulnerabilities, which they can exploit to silently get onto their system.

Updating your software often will help prevent this.

8. Use a reputable security suite

Have both anti-malware software and a software firewall to help you identify threats or suspicious behaviour.

Malware authors regularly send out new variants to try to avoid detection, so it is important to have two layers of protection.

New ransomware variants that get past anti-malware software may be caught by a firewall when it attempts to connect with its Command and Control (C&C) server to receive instructions for encrypting your files.

If you have run a ransomware file without performing the previous precautions, your options are more limited.

There are several things you can do to mitigate the damage, though, particularly if the ransomware in question is Cryptolocker:

9. Disconnect from Wi-Fi or unplug from the network immediately

If you run ransomware, but have not seen the ransomware screen, you can stop communication with the C&C server before it encrypts your files.

Disconnect from the network immediately, and you can mitigate the damage.

The technique is not guaranteed to work, but disconnecting from the network may be better than doing nothing.

10. Use System Restore to get back to a known clean state

Enabling System Restore on your Windows machine allows you to take your system back to a clean state.

New versions of Cryptolocker, though, have the ability to delete “Shadow” files from System Restore, which means those files will not be there when you try to replace your malware-damaged versions.

Cryptolocker will start the deletion process whenever an executable file is run, so you need to move quickly as executables may run without you knowing as part of Windows’ operation.

11. Set the BIOS clock back

Cryptolocker has a payment timer that is generally set to 72 hours, after which time the price for your decryption key increases.

At the time of writing the initial price was .5 Bitcoin or $300, which then goes up to 4 Bitcoin.

You can “beat the clock” by setting the BIOS clock back to a time before the 72 hour window is up.

This keeps you from having to pay the higher price, but its is strongly advised that you do not pay the ransom.

Source: http://mybroadband.co.za/news/industrynews/125548-dont-give-in-to-ransomware-prepare-your-system.html

Categories: Cybercrime, hacking, Malware, Ransomware | Tags: Cybercrime, cyberdefense, cybersecurity, ransomware, SecureData | Permalink.

Identifying Malicious Email

Ransomware is taking hold of South Africa and wreaking havoc with users devices, data, time and wallets ( For more info see , Ransomware) it is becoming so much more important to think twice before clicking on anything, via email or when you browse the internet.

User awareness is an absolutely crucial starting point for fending off unwanted and costly cyber-attacks. Nowadays, so much trust is put in the technology protecting us, and it does defend you, but only up to a certain point. It is becoming increasingly difficult for your antivirus system to keep up and needs to know about 24000 variants every minute to keep you safe. However, it cannot know every variant instantly, which is how we have the Zero-Day attack. This is especially true to the unbeknown user when hidden links and seemingly safe attachments pack a nasty bite.

Email in particular is often a hiding place as most Endpoint protection and Email spam solutions cannot read what’s inside your email. Following the guidelines below before you open any emails from new or unknown sources will help you identify what needs to be deleted or escalated to your IT guy

Confirm email address The first step to identify if an email is legitimate or not, is to simply checking the email address of the email received. By doing so, you will be able to tell if the email is from a recognizable domain that is linked to the actual sender name. For example, if an email is received from support@company.co.za the domain name “company.co.za” has to be confirmed as this will provide an indication if the email was sent from “company”.

Always verify any hyperlinks or URL’s. Malicious emails would always want the recipient of the email to open URLs in the email. You will always want to make sure the link is legitimate and uses encryption (https://). Do not follow any links in emails without verifying if the URL is legitimate. Hover your mouse over the link and confirm the address of the link.

Incorrect grammar or spelling A common practice of many hackers is to use misspelled words on purpose. While it may seem that this would easily reveal an illegitimate email, it is actually a tactic used to find less savvy users. Spammers have learned that if they get a response from a poorly written email, they are on to an easy target and will focus their efforts to bring that user down.

Plain text and absence of logos Most legitimate messages will be written with HTML and will be a mix of text and images. A poorly constructed phishing email may show an absence of images, including the lack of the company’s logo. If the email is all plain text and looks different from what you’re used to seeing from that sender, please contact your IT service provider to assist or delete the email.

Message body is an image This is a common practice of many spammers. Hover over the images in the email and view the URL before clicking on the image. Do not click on any image in an email before verifying the URL in the image.

Request for personal information One tactic that is commonly used by hackers is to alert you that you must provide and/or update your personal information about an account (e.g., ID number, bank account details, account password). Phishers will use this tactic to drive urgency for someone to click on a malicious URL or download an attachment aiming to infect the user’s computer or steal their information.

Suspicious attachments The majority of financial institutions or retailers will not send out attachments via email, High risk attachments file types include: .EXE, .SCR, .COM, .BAT, .LS, .PDF, .DOC, .DOCX, .HW, LZH, .RAR, and .ZIP. Staff members should know to look out for any suspicious emails, including those being transmitted from unfamiliar senders. If an individual does open a message of this kind, they should take care not to open any attached documents or links contained in the email as these likely contain malware.

Urgent or Too good to be true If an email seems too good to be true, it most likely is. Be cautious with any message offering to place money into your bank account by simply “clicking here”. Also, if the content places any kind of urgency as far as “you must click into your account now”, it is most likely a scam and should be marked as “junk”.

Email Reputation As the first line of defence, Email Reputation Services help prevent spam before it can flood your network, overload email gateway security, and burden your system resources. To identify the reputation of the email received please use Trend Micro Email Reputation to verify the reputation of the email:

https://ers.trendmicro.com/reputations/index

To view the IP address of the email received please do the below. If necessary request assistance from your IT service provider:

1. Start Microsoft Outlook

2. Double click on message header in order to open it in a window

3. Click File -> Properties

4. Under the Delivery options in the Internet Headers box you can see the mail header information.

NB! You will not be able to find the real IP address if the sender uses an anonymous proxy server, often an indication the email is from a dodgy source, If you are not sure, contact your IT Support

Categories: Compliance, Malware | Tags: cyberdefense, ransomware | Permalink.

Hackers Breaking New Ground With Ransomware

Found an interesting article from Vai Vijayan, source: http://www.darkreading.com/hackers-breaking-new-ground-with-ransomware/d/d-id/1319475 have a read:

The enormous success which hackers have had extracting millions of dollars from individuals and businesses using ransomware appears to be driving more sophisticated tools and tactics from them.

This week researchers sounded the alert on two recent ransomware families that break ground in different ways.

One of them dubbed Virlock is noteworthy because it not only locks the screen of compromised systems like other ransomware, but also infects files on the device. First noticed by security firm ESET in December, Virlock is also polymorphic, meaning the code changes every time it runs making it hard to detect using standard malware detection tools.

In an alert on Friday, security firm Trend Micro described Virlock as the first ransomware that includes file infection in its routine. Unlike most ransomware, which are distributed via botnets and phishing emails, Virlock spreads via infected files, the security firm said.

“Virlock variants may arrive bundled with other malware in infected computers,” Trend Micro security researchers Jaaziel Carlos, Jonh Chua, and Rodwin Fuentes said in their blog.

Once on a system, the malware creates and modifies registry entries to obfuscate itself and then locks the screen and disables several critical functions on the compromised system. Virlock checks for specific file types on the infected system, including executable files and document types such as “.doc”, “.xls” and “.pdf”. It also looks for archive files like “.zip” audio and video files with extensions like “.mp3” and image files such as “.jpg” and “.gif.”

After Virlock locates such files it encrypt them and then embeds them in the body of the malware itself, the researchers said. Infected systems can be hard to clean and even a single infected file that remains undetected in a system can cause the malware to respawn the infection all over again.

“Once Virlock gets into a system network, it will be all over the place; it can infect a whole network system without notice,” the researchers said.

The other ransomware family that has attracted the attention of security researchers because it is different is, TeslaCrypt, a tool that is, for the first time, being used to go after video gamers, specifically. Operationally, the malware is similar to other ransomware, in that it encrypts data on the victim’s computer and then demands a ransom to unlock it.

But by targeting gamers, hackers are increasing what is already a huge target base for ransomware campaigns, Vadim Kotov, a security researcher at Bromium said in a blog post Thursday.

Bromium’s research has shown that data files for more than 20 games are affected by the threat, including Call of Duty, Star Craft 2, Diablo, Minecraft, and online games like World of Warcraft.

“Encrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminals target new niches,” Kotov wrote.

Richard Blech, CEO of Secure Channels, says threats like these showcase the growing sophistication of the ransomware tools and tactics used by hackers to go after potential targets.

“What’s going on is that this is the new mainstream,” Blech says. “This isn’t some script kiddie in the basement,” targeting people with malware tools.  Increasingly, it is the highly sophisticated criminal groups using sophisticated tools that are behind major ransomware campaigns.

Perimeter defense tools like antivirus and anti spam products can help alleviate the threat somewhat by detecting and blocking ransomware where possible. But ultimately a lot of onus for dealing with the threat falls on the user. In most cases, ransomware tools end up getting installed on a system as the direct result of a user action, like clicking on a link in a phishing email.

“Someone has to do something,” to trigger ransomware in most cases. “There is a human factor,” Blech said.

Keeping files backed up is the best way to mitigate the threat posed by ransomware, Blech said. That way, even if data gets locked up or encrypted, it is easy to retrieve a backup copy.

“Be also careful with your DropBox (or other cloud services). If you have folders synchronized with an online storage – malware will get to them too.” Kotov said in his blog post.

Andrew Brandt, senior threat researcher at Blue Coat Systems said ransomware has become a growing threat not just because of how it is distributed but also because it’s ability to destroy data has evolved dramatically.

Small businesses and governments in particular have reason to be concerned about the trend, Brandt said in emailed comments to Dark Reading. “Small business and local government agencies are most likely, out of the panoply of potential commercial or enterprise victims, to lack any kind of integrated IT security infrastructure,” he said.

Dealing with ransomware requires the same kind of rigor as dealing with any malware he said. Machines or instance, need to be kept up to date, and software needs to be properly patched and updated.

“Networks on which these computers operate can be proxied through devices that prohibit communications with known-bad network addresses,” he said. “And the end users themselves need to be a little less credulous and treat email with greater care and a degree of mistrust.”

Categories: Data Protection, hacking, Ransomware | Tags: Cybercrime, cyberdefense, cybersecurity, hacking, ransomware, SecureData | Permalink.

Chicago Police Department Pays $600 Cryptoware Ransom to Cybercriminals

Cyber criminals have started targeting government enforcement of the Ransomware in an attempt to extort money. Recently, the police department of the Midlothian Village in Illinois has paid a ransom of over $600 in Bitcoins to an unknown hacker after being hit by a popular ransomware attack.

The popular Ransomware, dubbed Cryptoware, disabled a police computer in Midlothian — located south of Chicago — by making it inaccessible through its file-encryption capabilities and forced them to pay a ransom in order to restore access to the important police records.

The Chicago Tribune reported that the department first encountered Cryptoware in January, when someone in the department opened a spear-phishing email that pointed to the malicious software.

Once opened, the email carrying the Cryptoware ransomware immediately encrypts the files on the computer and, in typical ransomware style, displays a message demanding money in exchange for a decrypt code that could free the device from Cryptoware.

Midlothian Police Chief Harold Kaufman confirmed the police department had been hacked, but declined further comment. Local IT professionals assured that the hacker didn’t get access to files in the police department’s database, rather the Cryptoware program only made certain documents inaccessible.

“It didn’t encrypt everything in the police department. It was just that computer and specific files, not the entire system,” Calvin Harden Jr., an IT vendor who works with the village and the police on overcoming this threat, told the Tribune.

Cybersecurity experts recommend business users routinely back up their data, but, according to Harden, the police officials were forced to make the payment because going after the hacker might have been more trouble than it was worth.

“Because the backups were also infected, the option was to pay the hacker and get the files unencrypted, which is what we decided to do,” Harden told the newspaper.

This isn’t the first time when hackers have targeted a government agency. Back in November, 2013, the cyber criminals had managed to encrypt the database of Massachusetts’ Swansea Police Department by CryptoLocker ransomware and forced them to pay $750 to restore their files.

Midlothian follows the city of Detroit and a sheriff’s office in Tennessee as Cryptoware victims within the last year. Forcing victims to pay via Bitcoin provides the hackers an easy method to collect money and moving on to future victims with little-to-no digital footprint

However, law enforcement succeeded in decreasing various ransomware attacks, but with the discovery of 2.0 versions, the ransomware even made it way to infect the mobile devices.

Previously known and popular Ransomware are as follow:

• CryptoLocker
• Cryptowall
• PrisonLocker
• and now Cryptoware is really a threat to online users.

The best defense against Ransomware is creating awareness within the organization and at home, as well as maintaining backups that are rotated regularly. Ensure that your systems are running the latest version of Antivirus software with up to date malware definitions.

Source: http://thehackernews.com/2015/02/cryptoware-ramsomware-bitcoin.html

Categories: Cybercrime, Data Protection, hacking, Ransomware | Tags: Cybercrime, cyberdefense, cybersecurity, hacking, ransomware, SecureData | Permalink.

Ransomware hits the smart phone market!

A new scam has hit, ransom-ware originally designed to target computers has now evolved to target the smartphone market.

Scammers have been publishing “fake applications” which, when installed, freeze your phone and render it useless until such time as you make a ransom payment. Various methods have been implemented whereby users may be presented with onscreen information informing them they have breached the law and must pay a fine in order to unlock their device; some of these messages are designed to appear as if they originated from the FBI, others are willing to state outright that you have been hacked:

To avoid this happening to you, ensure you only download applications from known sources, such as the App Store (Apple) or Google Play (Android), look at how old the application is as newer applications may not have been identified as malicious, view the number of downloads (less downloads may also have not been identified as malicious), use a passcode on your cell phone and avoid using public Wi-Fi. Anti-Virus and varying smart phone protection applications are also available to combat these attacks.

Should you become a victim of this type of attack you can regain access to your cell without paying, however, this will require a reinstall. Users are reminded to backup their data periodically, by backing up data to the cloud you can ensure your information can be retrieved should you fall victim to these types of attacks (or your cell phone is stolen).

Categories: Application Security, Cybercrime, Data Protection, Device Security, hacking, Ransomware, Security | Tags: Cybercrime, cybersecurity, Hacked, ransomware, SecureData | Permalink.