Ramsomware - Hollywood Presbyterian Hospital pays $17,000 to unlock computers. ABC news reports.

Hollywood Presbyterian Hospital pays $17,000 to unlock computers

I have previously written posts regarding Ransomware.  Ransomware is malware that once on your system encrypts your data preventing you from being able to open or use your files.  Files targeted include Microsoft Office documents, PDFs, your pictures (jpeg) files and many more.  You will then see a message that your files have been locked and that you must pay a ransom to receive the key to unlock them.

I had reported previously about ransomware after seeing in the regional news about local businesses and police departments that had been hit by ransomware.  This past week ABC national news reported the news that Hollywood Presbyterian Hospital had paid $17,000 to a hacker to stop an attack on it's computer system.

http://abcnews.go.com/Health/hospital-hack-spotlights-medical-devices-systems-risk/story?id=37032717

One ransomware threat that has been in the news quite a bit lately is Crytolocker.  I have witnessed this attack twice at 2 different clients.  It often arrives via email disguised as a PDF or Zip file.  The people behind this attack have been emailing it to large numbers of people and it often arrives with a variety of other bad news, backdoor trojans, downloader, spammers and password stealers.  However email is not the only way these threats spread.

Another way the spread of Ramsomware is accomplished is by hacking a website and uploading a script which automatically generates hidden frames within a visitor's browser, this acts as a gateway between the visited site and a server that contains the Exploit Kit.  Wordpress and now Joomla, two open source web publishing tools have been exploited to spread the ransomware payload.

Once you receive the message it is too late.

http://www.theregister.co.uk/2016/02/22/ranscomware_scum_add_joomla_to_their_list/

https://en.wikipedia.org/wiki/Joomla

https://en.wikipedia.org/wiki/WordPress

Things you can do to protect yourself is to be sure you have a well thought out backup plan that includes having multiple dates of backup, i.e. if you are backing up to the same media and overwriting the previous days backup that is no good.  If you are hit by a cryptovirus and don't catch it prior to the backup you may end up having a backup of worthless data.

It is advisable to unplug external drives from the computer after a backup if that is your method.

Check your anti-virus and make sure your subscription is current and definitions are up to date.

The following link contains more detailed/technical info on protecting yourself.

https://www.linkedin.com/pulse/11-things-you-can-do-protect-against-ransomware-including-bill-hearn

Be proactive with your security and vigilant when surfing the internet.

New 6th Generation Intel Processors

30x Better 3D graphics vs. a 5 year old PC

2.5x Better productivity vs a 5 year old PC

Get Creative, Play Harder,striking visuals in higher resolution, faster frame rates, Ultra HD 4K multimedia experiences.  With a 6th generation Intel® Core™ processor inside, you can watch, play, and game like never before.  Bring the action to life.

Kaspersky Lab Details New Banking, ATM Attack Campaigns and other Tech News February 2016 - Kaspersky "Safe Money" PDF

Kaspersky Lab Details New Banking, ATM Attack Campaigns

Kaspersky Labs has reported 3 major threats to financial institutions, One Carbanak, is an evolution of an attack first reported in 2015, the other two (Metel and GCMAN) are new, "metel" translates to "snowstorm" in Russian.  Each threat is independent of each other although the later two are copycats of the Carbanak attack.

http://www.eweek.com/security/kaspersky-lab-details-new-banking-atm-attack-campaigns.html

Kaspersky first revealed the operations of Carbanak in February 2015, and the same group using the same tools created Carbanak 2.0, Golovanov said. After Kaspersky first reported on Carbanak, the group went under the radar but reappeared later in the year with functionality that allowed it to attack point-of-sale (POS) targets. 

"Carbanak 2.0 also has a different victim profile, moving beyond banks to target budgeting and accounting departments, using the same [advanced persistent threat]-style tools and techniques," Golovanov said.

The Metel attack campaign is also targeting financial institutions, though it has specific functionality for ATM withdrawals. Metel is able to roll back an ATM transaction automatically so that an attacker can steal money from a victim's account, but the rollback will reset the victim's account balance, tricking the bank into thinking that an account balance is unchanged, even after an attacker has made a withdrawal.

The initial infection malware has the primary goal of gathering information about a targeted system. The malware sends out info about the computer, processes and even takes screenshots to help cyber-criminals evaluate the value of a target.

While Metel uses malware to infect its victims, the GCMAN financial campaign is using legitimate penetration testing tools to exploit banks. Among the tools used by GCMAN are Meterpreter, a payload delivery tool that is part of the open-source Metasploit penetration testing framework.

The combined effect of the three attacks are having an impact on financial firms in Russia.  So far no attacks outside of Russia has been identified but experts think the exploits are much more widespread and financial firms around the globe are advised to check for infection.

Google's Chrome Browser May Soon Mark HTTP Sites Unsafe

This is really a good thing.  Too many users are infected by malware while happily surfing the web by visiting unsecured websites. Malware is uploaded to a compromised website and then delivered to the user by duping them into a download or slipped to them without their knowledge.  Always be vigilant when browsing the internet.

http://www.eweek.com/security/googles-chrome-browser-may-soon-mark-http-sites-unsafe.html

Google Discloses Flaws in Avast, Comodo and Malwarebytes Products

A lot of security firms are using the open source Chromium project to build their own browsers similar to Kaspersky's Safe Money add-in product.

http://www.eweek.com/security/google-discloses-flaws-in-avast-comodo-and-malwarebytes-products.html

For Avast, Google security researcher Tavis Ormandy reported that the Avastium browser, which is based on Google's open-source Chromium project, is at risk from a remote attacker.

Security vendor Comodo also has sparked the ire of Ormandy for its fork of Chromium, dubbed Chromodo.  In his bug report on Comodo, Ormandy wrote that Chromodo "disables all Web security." He called out the fact that Chromodo disables Chromium's Same Origin Policy, which is a key security feature.

"Malwarebytes fetches their signature updates over HTTP, permitting a man-in-the-middle attack," Ormandy warned.

Malwarebytes has issued its own advisory on the issue and is pledging to provide users with a patched update.

For more information on Kaspersky "Safe Money", visit the following link.

http://www.kaspersky.com/downloads/pdf/kaspersky_lab_whitepaper_safe_money_eng_final.pdf


New 6th Generation Intel Processors

30x Better 3D graphics vs. a 5 year old PC

2.5x Better productivity vs a 5 year old PC

Get Creative, Play Harder,striking visuals in higher resolution, faster frame rates, Ultra HD 4K multimedia experiences.  With a 6th generation Intel® Core™ processor inside, you can watch, play, and game like never before.  Bring the action to life.