KnowBe4 Security Awareness Training Blog

CyberheistNews Vol 5 #16 Apr 21, 2015 - Scam Of The Week: IRS Refund Ransomware

Posted by Stu Sjouwerman on Apr 21, 2015 9:13:00 AM

*|CyberHeistNews|*  

        Scam Of The Week: IRS Refund Ransomware                                                                  
                   
              
                                                                                                               

CyberheistNews Vol 5 #16 Apr 21, 2015  

                                                       
                            
                                                                                                                                       

Scam Of The Week: IRS Refund Ransomware

Many of us waited till the last moment before the April 15 tax deadline and  are now holding our collective breath in expectation of that possibly  rewarding refund. The problem is that cybercriminals are very aware of  this anticipation and use social engineering tactics to trick tax payers.

Knowing that many in America are waiting for word from the Internal Revenue  Service concerning pending refunds, the cyber mafia is working hard to get  in first with a massive phishing attack that has a ransomware attachment.

The attachment is an infected Word file, which holds a ransomware payload  and encrypts the files of the unlucky end-user who opens the attachment,  and all connected network drives if there are any.

I suggest you send this Scam Of The Week to all your friends, family and  employees with something like the following message (Feel free to  copy/paste/edit:)

"Cyber criminals are preying on American tax payers that have made the  April 15th deadline and are now waiting to hear about their refund. There is  a massive phishing scam going on right now which tries to trick you into  opening a Microsoft Word attachment. But if you do, all your files will  get hijacked and encrypted. If that happens, you only get your files back  after paying around $500 ransom. Remember, think before you click, and  do not open any attachments you did not ask for!"

Step employees through effective security awareness training, it is how to stay  safe out there on the Wild, Wild, Web. Here is what the email looks like:
http://blog.knowbe4.com/scam-of-the-week-irs-refund-ransomware

New TeslaCrypt Ransomware Uses More Exploit Kits As Infection Vector

The new Internet Security Threat report from Symantec shows that the growth  of file-encrypting ransomware attacks expanded from 8,274 in 2013 to 373,342  in 2014. This is 45 times more crypto-ransomware in the threat landscape  within a one-year span. 

Combine that with the new Verizon Breach Investigations Report last week  which showed that you’ve got one minute and 22 seconds to save your files  from being encrypted and you see the problem. Verizon calculated 82 seconds  as the median time it takes for an employee to open a phishing email that lands  on a company’s network and in their inbox.

TeslaCrypt is one of the latest copycat ransomware strains which has ripped  off the CryptoLocker brand, and is now infecting user's workstations through  multiple exploit kits.

Apart from a laundry list of file types that ransomware normally encrypts,  TeslaCrypt also tries to cash in on the $81 billion game market and encrypts  over 40 file types associated with popular computer video games, like Call  of Duty, Minecraft, and World of Warcraft as well as files related to iTunes.  In other words: "all your files are belong to us". 

Instead of phishing attacks with attachments, the TeslaCrypt strain uses  multiple exploit kits. An exploit kit (EK) is crimeware that gets sold on  the dark web, and allows cyber gangs to infect legit websites. The  workstation of the employee who clicks through to or visits that infected website gets exploited when it is not updated with the latest patches. 

TeslaCrypt started out with the Angler EK, but recently also the Sweet Orange  and Nuclear EKs. The Nuclear kit is used in a campaign right now. Employees that click on a link in a phishing email are being redirected to compromised  Wordpress sites that have this EK installed. 

Brad Duncan, security researcher at Rackspace observed April 16th that in one  case the kit successfully exploited a vulnerability in an out-of-date  version of Flash player (13.0.0.182). 

Once the workstation is infected, the delivered ransomware still uses the  Cryptolocker branding. However, when the victim visits the payment site that  instructs them on how to pay the ransom, it becomes obvious you are dealing  with TeslaCrypt, which is the screen shot you see in our blog which has the links to the reports mentioned above as well:
http://blog.knowbe4.com/new-teslacrypt-ransomware-uses-more-exploit-kits-as-infection-vector

The payment process is run through a website located in the TOR domain. Each  instance of the ransomware has its own Bitcoin BTC address. The files are  encrypted by using the AES cipher, and encrypted files gain the .ecc extension.

What To Do About It

 

  • The rule "Patch Early, Patch Often" still applies, but these days,  better to "Patch Now" all workstations for both OS fixes and popular third  party apps that are part of your standard image rolled out to end-users. A  product like Secunia can scan for all unpatched third party apps.
  • Make sure your Backup/Restore procedures are in place. Regularly TEST,  TEST, TEST if your restore function actually works. The latter is often overlooked.
  • The TeslaCrypt strain uses social engineering to make a user click on a  link in a phishing email (It does not use email attachments). Also, this  type of ransomware can use malicious ads on legit websites to infect  workstations. End users need to be stepped through effective security  awareness training so that they are on their toes with security top of mind  when they go through their email or browse the web.

 

Find out how affordable this is for your organization today. You will be  pleasantly surprised.
http://info.knowbe4.com/kmsat_get_a_quote_now

A Serious Legal Liability: Bad or No Security Awareness Training

If you have trouble getting budget for employee security education, please read this article and then forward it to the head of your legal  department and/or or the person in your organization who is responsible  for compliance. 

The Department of Health and Human Services has stated that bad or no  security awareness training is a main cause for compliance failures.  This is true for not only health care, but all kinds of industries like  banking, finance, manufacturing, and surprisingly, high-tech.

It does not stop with mere compliance failures causing regulatory fines.  Trend Micro reported that 91% of successful data breaches started with  a spear-phishing attack. The problem is that to be "letter of the law"  compliant, you only need to herd your users once a year into the break  room, keep them awake with coffee and donuts, and give them a "death by  PowerPoint" awareness update. However, ineffective security awareness  training could turn out to be a serious legal liability. 

Why? Cybercrime goes after the low-hanging fruit: your users. Why spend  time exploiting complicated software vulnerabilities when you can easily  social engineer an end-user to click on a link? So your end-user did not  get effective awareness training and falls for the hacker trick. Their  workstation gets infected with a keylogger, the hacker now knows their  login and password, and with that penetrates your network.

Three Scenarios

Simply put: if it's the Eastern European cyber-mafia, their focus is to  transfer out money from your operating account over a long weekend.  If it's the Chinese, they will steal your intellectual property. If it's  independent hackers, your customer database and credit card transactions  are exfiltrated and sold on dark web criminal sites.

In all three cases you run the risk of a lawsuit:

 

  • You might sue the bank for negligence, and they might sue you back.  Massive legal fees are inevitable. If it is found out the attackers came  in by social engineering a user, your case is significantly weakened.  Go to Brian Krebs' site and search for Patco Construction, a nightmare  scenario. Here it is:
    http://www.krebsonsecurity.com
  • If the Chinese steal your intellectual property and you are exposed  to a shareholder lawsuit, there will be a lengthy and costly discovery  period. If it is found out the attackers came in by social engineering  a user, your case is significantly weakened.
  • If hackers get into your network, and an investigative journalist  like Brian Krebs discovers a website that has all your customer records  and credit card transactions, a class action lawsuit is not far away.  (This is the legal profession's biggest growth industry). If it is found  out the attackers came in by social engineering a user, your case is  significantly weakened.

 

See the trend here? Not scaling your training to a level that effectively  mitigates the risk you are exposed to is a severe legal liability. We have  a whitepaper called "Legal Compliance Through Security Awareness Training"  written by KnowBe4 and Michael R. Overly, Esq., CISA, CISSP, CIPP, ISSMP,  CRISC. He explains the concept of acting "Reasonably" or taking "Appropriate"  or "Necessary" measures.

Reading this whitepaper will help you to prevent violating compliance  laws or regulations. In it, there are some examples of the Massachusetts  Data Security Law and HIPAA to explain what is required. I strongly  recommend you download this whitepaper if you have not already:
http://info.knowbe4.com/whitepaper-overly-kb4

Quotes Of The Week

 

Quotes of the Week:

" There are none so blind as those who will not see.  "  - John Heywood, ca. 1546

" If you light a lamp for someone else it will also brighten your path. "  - Buddha (563 - 483 BC)

" As my friend said to me, and I say to others, "There are two types of people  in the world: Those who have had a major disk failure and those who are  about to... "  - John Harper

 


 

 

Thanks for reading CyberheistNews!

Please forward to your friends. But if you want to unsubscribe, you can do that right here.

 

 

Security News

 

 

Compliance In Half The Time At Half The Cost

I'm sure you will agree, compliance has become a major headache. It is  a HUGE burden on already limited IT resources. Yearly audits have become  major projects. They are expensive in both dollars and your IT staff time.

Imagine an environment in which your organization is completely compliant  24/7/365. We have a new product, KnowBe4 Compliance Manager (KCM), that  can help you to achieve that state. It is an IT compliance workflow  automation tool that allows you to:

 

  • Manage all of your specific regulatory requirements in one location    (PCI-DSS, HIPAA, GLBA, SOX, etc...).
  • Eliminate duplication of effort.
  • Assign the Directly Responsible Individual (DRI) for a control.
  • Direct your auditors to one location for evidence of compliance controls being in place and up to date.
  • NEW: Auditor Role, your auditor can log in remotely and save you billable hours.

 

Go to this link for more info and to request a web demo:
http://info.knowbe4.com/_kcm_pci_30-0

Example Of Whaling: Super Sophisticated Social Engineering

My staff tried to social engineer me the other day, trying to catch me  as a prank. It was a 2-stage attack, trying to get me to reveal my   credentials.

They spoofed our Director of HR, and sent me the email below. This is an  example of very high operational sophistication, typical of top-tier  "whaling" attacks, those cases when an individual is subjected to  spearphishing attempts because they hold valuable information or wield  influence within an organization. They had done their homework and knew I was active on the SpiceWorks forum for IT admins. 

 

HR@knowbe4.com
10:45 AM (1 hour ago)
to: stus 

Stu,

I noticed that a user named securitybull72 (claiming to be an employee) in  a security forum posted some negative comments about the company in general  (executive compensation mainly) and you in specific (overpaid and incompetent).  He gave detailed instances on his disagreements, and doing so, may have  unwittingly divulged confidential company information regarding pending  transactions.

The post generated quite a few replies, most of them agreeing with negative  statements. While I understand that the employee has the right to his opinion,  perhaps he should have vented his frustrations through appropriate channels  before making this post. The link to the post is located here (it is the  second one in the thread):

www.spiceworks.com/forums/security/234664/2345466.

Could you please talk to him?
Thanks.

 

Nine out of ten would fall for something like this. The only thing that saved me was the fact that when I hovered over the link I saw that the domain was one I had created myself for simulated phishing attacks. But it was a close call! One more second and I would have been pnwned. Yikes.

The Wall Street Journal has woken up to the the threats of spear phishing and ransomware and have a good video about this I suggest you  send to your management levels. This will be real and understandable to them:
http://www.wsj.com/video/who-will-cybercriminals-target-next/0BA10566-7557-4DB0-9A45-22D15FE909B3.html?mod=wsj_video_email

90% Of Security Incidents Trace Back To PEBKAC and ID10T Errors

Don't have time to read through the massive Verizon report mentioned in the Editor's Corner? Here is a great summary; 90% of security incidents  are still caused by PEBKAC and ID10T errors, according to Verizon's 2015  Data Breach Investigations Report. Phishing attacks are a prime example  of how the Problem Exists Between Keyboard And Chair as the DBIR said it  takes a mere one minute and 22 seconds after a phishing email is sent  before the first victim clicks on the tainted link. At ComputerWorld:
http://www.computerworld.com/article/2910316/90-of-security-incidents-trace-back-to-pebkac-and-id10t-errors.html 

Top 10 Tips To Involve Employees In Cyber Security

IT might be accountable for cyber security, but every employees needs  to be responsible for protecting the organization's computing resources. While while technology is good, and quite necessary, it can't work in a  vacuum. People are still the weakest link in the security chain. For  this reason, Kaspersky Lab has published a short e-booklet with Top 10  Tips for Educating Employees about Cybersecurity. Utilizing these tips  along with good security technology will go a long way in helping protect  your business from security events. Read the complete story at NetworkWorld:
http://www.networkworld.com/article/2910746/security0/tips-for-involving-workers-in-cyber-security.html

While you were offline, this droid stole the Internet. BB-8 on the stage at  Star Wars Celebration 2015. This is one heck of a new cool droid, check it out!
https://www.youtube.com/watch?v=ABzjUf3E_0c

SpaceX just delivered an espresso machines to the International Space Station, including a Zero Gravity Coffee Cup. NASA shows the science of it. Cool!
https://youtu.be/nZYsOG60dKQ

Astronaut's Daughter Sends Message To Her Father With The Help Of 11 Cars:
http://www.flixxy.com/astronauts-daughter-sends-message-to-her-father-with-the-help-of-11-cars.htm?utm_source=4

Why We Don't Have Teleportation Yet. Hint: It's all Volkswagen's fault!
http://www.flixxy.com/why-we-dont-have-teleportation-yet.htm?utm_source=4

What is the ability of the human body combined with fantasy? Wheelman  will demonstrate extraordinary things with a smile on his face:
http://www.flixxy.com/wheel-man.htm?utm_source=4

Phone out of juice again? Never again with IKEA's Wireless Charging  collection of furniture, which has built-in Qi-enabled wireless chargers:
http://www.computerworld.com/article/2910324/ikea-releases-its-line-of-wireless-charging-furniture.html

Wendy the 'talking, meowing and singing dog' and her human, Marc Métral,  amazed the audience and judges of Britain's Got Talent 2015:
http://www.flixxy.com/wendy-the-dog-talks-meows-and-even-sings-britains-got-talent-2015.htm?utm_source=4

Learn how to quickly and easily peel an orange - it only involves  three cuts of a knife:
http://www.flixxy.com/fastest-and-easiest-way-to-peel-an-orange.htm?utm_source=4

A couple takes off in an inflatable 'flyfish' banana boat somewhere in Brazil:
http://www.flixxy.com/flying-banana-boat.htm?utm_source=4

Goalkeeper cat is the best goalie ever!:
http://www.flixxy.com/goalkeeper-cat.htm?utm_source=4

Out of the archives: The first car ever that can drive on land, on water and  underwater. I still want one!
http://www.flixxy.com/worlds-first-underwater-car-rinspeed-squba.htm?utm_source=4

And one last Classic Charlie Chaplin - The Lion's Cage. For theses scenes  with the lion, Chaplin made some 200 takes, in many of which he was actually  inside the lion’s cage!:
http://www.flixxy.com/charlie-chaplin-the-lions-cage.htm?utm_source=4

                                                                       
                                                                   
                                                       
                    
     
                                                                                                                                                           
           Copyright © 2014-2015 KnowBe4 LLC, All rights reserved.                                                      Our mailing address is:  601 Cleveland St. Suite 930, Clearwater, Florida, 33760                                                        
                                                        Unsubscribe here                                                                                                                      
                                                           
                                                                                                               
                       
Read More

The 5 Security Awareness Training Generations [CARTOON]

Posted by Stu Sjouwerman on Apr 19, 2015 1:41:00 PM

Today, your employees are frequently exposed to advanced phishing and ransomware attacks. Your users are the weak link in your IT security. There are 5 ways (generations) to train end-users:

Read More

Scam Of The Week: IRS Refund Ransomware

Posted by Stu Sjouwerman on Apr 19, 2015 12:44:44 PM

Many of us waited till the last moment before the April 15 tax deadline and are now holding our collective breath in expectation of that possibly rewarding refund. The problem is that cybercriminals are very aware of this anticipation and use social engineering tactics to trick tax payers. Knowing that many in America are waiting for word from the Internal Revenue Service concerning pending refunds, the cyber mafia is working hard to get in first with a massive phishing attack that has a ransomware attachment. Here is how the email looks:

Read More

90% of phishing incidents trace back to PEBKAC and ID10T errors

Posted by Stu Sjouwerman on Apr 19, 2015 9:43:14 AM

Don't have time to read through the massive Verizon's 2015 Data Breach Investigations Report? Here is a great summary; 90% of Security incidents are still caused by PEBKAC and ID10T errors, according to Verizon.

Read More

New TeslaCrypt Ransomware Uses More Exploit Kits As Infection Vector

Posted by Stu Sjouwerman on Apr 17, 2015 2:07:00 PM

The new Internet Security Threat report from Symantec shows that the growth of file-encrypting ransomware expanded from 8,274 in 2013 to 373,342 in 2014. This is 45 times more crypto-ransomware in the threat landscape within a one-year span.

Combine that with the new Verizon Breach Investigations Report last week which showed that you’ve got one minute and 20 seconds to save your files from being encrypted and you see the problem.

Verizon calculated 80 seconds is median time it takes for an employee to open a phishing email that lands on a company’s network and in their inbox. TeslaCrypt is one of the latest copycat ransomware strains that has ripped off the CryptoLocker brand, and is now infecting user's workstations through multiple exploit kits. 

Apart from a laundry list of file types that ransomware normally encrypts, TeslaCrypt also tries to cash in on the $81 billion game market and encrypts over 40 file types associated with popular computer video games, like Call of Duty, Minecraft, and World of Warcraft as well as files related to/from iTunes. In other words: "all your files are belong to us".

Instead of phishing attacks with attachments, the TeslaCrypt strain uses multiple exploit kits. An exploit kit (EK) is crimeware that gets sold on the dark web, and allows cyber gangs to infect legit websites. The workstation of the employee who clicks through to or visits that website gets exploited when it is not updated with the latest patches.

TeslaCrypt started out with the Angler EK, but recently also the Sweet Orange and Nuclear EKs. The Nuclear kit is used in a campaign right now. Potential victims are being redirected to compromised Wordpress sites that have this EK installed. 

Read More

If You Think Security Awareness Training is Expensive, Try Ignorance

Posted by Stu Sjouwerman on Apr 15, 2015 11:02:00 AM

Facts surrounding spear phishing all point to employees as the most cited culprits and security awareness training as the most effective remedy. Yet all training programs are not equal.

Recent research sponsored by KnowBe4 shows email spear phishing is now the number one source of data breaches with human error at the bottom of it all. A new study released from Osterman Research says 67% of respondents say malware has successfully penetrated their corporate networks through email with web surfing a close second at 63%. Another 23% say malware has infiltrated their networks but they still don’t know how.

Read More

CyberheistNews Vol 5 #15 Apr 14, 2015 New Ransomware CrypVault Evades AV With Simple Batch Scripts

Posted by Stu Sjouwerman on Apr 14, 2015 9:37:00 AM

 
                                 
                                                                                                               

CyberheistNews Vol 5 #15 Apr 14, 2015  

                                                       
   
                    
                                                                                                                                       

New Ransomware CrypVault Evades AV With Simple Batch Scripts

A new ransomware strain dubbed CRYPVAULT is being spread as an email  attachment. It's beta testing in Eastern Europe and is making its  way to Europe and America.

It's a novel approach. In an attempt to bypass any and all endpoint  protection, the user is social engineered to open an attached Javascript  file. The phishing attack does not have an executable as a payload. Next,  the malware uses the command box to run a batch file that encrypts the files.

According to a post by Michael Marcos, threat response engineer with Trend  Micro, CRYPVAULT encrypts the files and then makes them appear to the  end-user as if they were quarantined, by giving them the .vault extension.

Adam Greenberg at SCMagazine said: "The act of disguising the users' encrypted  files as quarantined files possibly aims to raise urgency for users to take  action on their files," Marcos told SCMagazine.com in an email correspondence,  going on to add, "Appending a .vault file extension can also be used as a  marker for the malware to know that the file is already encrypted."

"The ransomware is written in a batch script (the script is executed line  per line in the command line/MS-Prompt)," Marcos said. "It did not import  any libraries or can create functions. The commands were executed from  top to bottom."

What To Do About It

Two things: First, check your edge devices (Firewall, spam filters, proxy  servers etc.) to make sure that any .js file extensions are found, and  quarantined or the whole e-mail deleted.

Second: It is clear that more and more Eastern European cyber mafias are  jumping on the ransomware bandwagon, and that employees need to be trained  within an inch of their lives not to fall for these types of social  engineering attacks. Find out how affordable this is today:
http://info.knowbe4.com/kmsat_get_a_quote_now

There is much more technical detail, including a schematic of the infection chain at the KnowBe4 Blog here:
http://blog.knowbe4.com/new-ransomware-crypvault-makes-files-look-like-they-are-quarantined

So, What Is The Real Reason The White House Got Hacked?

According to a new CyberEdge research survey of 19 sectors including  government, spearphishing is the biggest concern to IT security pros,  more worrisome than even malware. And only 20 percent of officials  expressed confidence their organizations have invested enough in educating  employees how to avoid falling for phishing attacks.  

You may know that for months now, the State Department has struggled  to keep Russian hackers out of its networks, despite periodic shutdowns  of email for maintenance and a massive endeavor to re-issue credentials,  according to officials. The White House maintains the intruders did not  breach classified material, but CNN reports they had access to sensitive  data such as confidential updates on President Barack Obama's schedule.

State even provided an online cyber training course, to train employees  to be careful about the personal and professional information they post  on social media. Social engineering was the topic of the lecture. One  of the subjects covered, according to State's website, was "organizational  risk to social engineering through email and social media."

"No one at the White House took the course," White House deputy press  secretary Shawn Turner told Nextgov. Well, that will get you hacked.  Kevin and I are giving the White House a second chance, step through our  training...for free. Mr President, call us anytime! :-D

If you want to know what your phishing attack surface is, you can find out  at no cost. We will send you your Email Exposure Check (EEC) with all email  addresses belonging to your domain that are out there on the Internet for  the bad guys to find:
http://info.knowbe4.com/free-email-exposure-check-CTA-GEN

NEW: This Week's Five Most Popular HackBusters Posts

Here are this week's five most popular hackbusters posts:

 

  1. Hacked French Network Exposed Its Own Passwords During TV Interview:
    http://www.hackbusters.com/news/stories/301995-hacked-french-network-exposed-its-own-passwords-during-tv-interview
  2. How to Run Linux Kernel on Canon DSLRs Cameras:
    http://www.hackbusters.com/news/stories/300053-how-to-run-linux-kernel-on-canon-dslrs-cameras
  3. John Oliver Sits Down With Edward Snowden:
    http://www.hackbusters.com/news/stories/299575-john-oliver-sits-down-with-edward-snowden
  4. Anonymous Hackers Target Israeli Websites and Leak Credentials:
    http://www.hackbusters.com/news/stories/300249-anonymous-hackers-target-israeli-websites-and-leak-credentials
  5. NSA and CIA Analysts Watching Porn, A Lot of Porn, More Than You Could Ever:
    http://www.hackbusters.com/news/stories/299750-nsa-cia-analysts-watching-porn-a-lot-of-porn-more-than-you-could-ever

 


Warm Regards,
Stu Sjouwerman



Quotes of the Week:

" Life should not be a journey to the grave with the intention of arriving  safely in a pretty and well preserved body, but rather to skid in broadside  in a cloud of smoke, thoroughly used up, totally worn out, and loudly  proclaiming "Wow! What a Ride!  "  - Hunter S. Thompson

" A purpose is the eternal condition of success. "  - Theodore T. Munger

 


 

 

Thanks for reading CyberheistNews!

Please forward to your friends. But if you want to unsubscribe, you can do that right here.

 

 

Security News

 

 

NEW Whitepaper: Best Practices for Dealing with Phishing and Next-Generation Malware

Can users be your first line of defense?

Phishing and malware threats are skyrocketing as cybercriminals become more  adept, stealthier, and more able to penetrate your IT security defenses.

The consequences of even a single attack penetrating your network can be  devastating, resulting in enormous potential losses. Large amounts of dollars  stolen directly out of your corporate financial accounts, your CEO first  reading about your data breach in the morning paper, the loss of intellectual  property like trade secrets, and possibly the bankruptcy of your organization.

To combat phishing attempts and next-generation malware, this new Osterman  Research white paper gives you a list of high-priority actionable items, all  related to IT security. One of these is to learn how users can be mobilized  as your first line of defense using effective security awareness training.  Download Now:
http://info.knowbe4.com/whitepaper-osterman-bp-phishing-15-04-14

So, You "Don’t Believe In" Security Education?

Joe Ferrara, CEO of our friends at Wombat Security posted an excellent editorial at the DarkReading site. He's taking on awareness training  naysayers and methodically shows why they are in the minority. I like his analytical approach pointing out why they are wrong, and comes up with a lot of actionable ammo in a short post. Recommended Reading!
http://www.darkreading.com/endpoint/so-you-dont-believe-in-security-education-/a/d-id/1319793?#msgs 

Mass Police Pay Ransom After Ransomware Phishing Attack

Last December Police in Massachusetts confronted a new and growing  frontier in cybercrime when the CryptoLocker ransomware virus infected  the department’s network, encrypting essential department files until  the town paid a $500 Bitcoin ransom.

In total, police systems were down between four and five days as the department  worked with the FBI, Homeland Security, Massachusetts State Police, as well as  private firms in an effort to restore their data without paying the ransom.

The problem? The last good backup tape was 18 months old. Ouch.

According to the U.S. Department of Homeland Security’s Computer Emergency  Readiness Team (US-CERT), CryptoLocker is a malware campaign that initially  surfaced in 2013. CryptoLocker is a new variant of ransomware that restricts  access to infected computers and demands the victim provide a payment to the  attackers in order to decrypt and recover their files. As of this time, the  primary means of infection appears to be through phishing emails containing  malicious attachments, phony FedEx and UPS tracking notices, and even through  pop-up ads.

Police Chief Timothy Sheehan told the Town Crier that Tewksbury was hit with  a newer form of CryptoLocker, for which authorities did not have the key.  Though initially infected sometime on December 7, the department became  aware of the malware on December 8, 2014. 

A recent KnowBe4 survey of more than 300 IT professionals found that 88 percent  of respondents said security awareness training provides the most effective  protection from ransomware. More at esecurityplanet:
http://www.esecurityplanet.com/malware/police-department-pays-cybercriminals-following-ransomware-infection.html

How Data Breaches Break Down By State And Sector

Morgan & Morgan, a personal injury law firm, has compiled data that shows 930  million records have been breached since 2005. In 2010, if you received a  notification of a data breach, your chances of becoming a victim of fraud  were one in nine. By 2012, those odds had shrunk to one in four. Now, in  2014, it’s one in three. Here is a breakdown by state and sector of the data  breaches in the past 10 years. This is an interesting and scary slide show:
http://www.csoonline.com/article/2907517/data-breach/how-data-breaches-break-down-by-state-and-sector.html?

Identifying and Disrupting Crypto-Ransomware

Adam Cramer posted something interesting at the SANS digital forensics blog. It's a new idea how to stop ransomware and destructive malware from causing  too much damage, by monitoring file handles and see if there is abnormal  activity. He even wrote some free code you can experiment with. It's all here:
http://digital-forensics.sans.org/blog/2015/04/03/identifying-and-disrupting-crypto-ransomware-and-destructive-malware

Indiana Jones in Real Life! In 4K. This looks like a BLAST. Never mind the bruises...
https://youtu.be/qPKKtvkVAjY

If your life flashes before your eyes, make sure you've got plenty to watch!:
http://www.flixxy.com/close-escape-virgin-atlantic.htm?utm_source=4

No man can mess with this blonde in heels at a 1947 self-defense class. FUN!
http://www.flixxy.com/women-self-defense-in-1947.htm?utm_source=4

Wingsuit Precision Flight. Wow, this guy is good!
https://youtu.be/uRGaIK51LWc

Unified Weapons Master Video - high-tech armor that looks pretty cool:
https://youtu.be/bK8BCdhsCF8

SketchSHE Parody By Russian Comedy Group Bonya And Kuzmich. This is hilarious if you have a warped sense of humor:
http://www.flixxy.com/sketchshe-parody-by-russian-comedy-group-bonya-and-kuzmich.htm?utm_source=4

Diver Saves Sea Turtle And Gets A Hug:
http://www.flixxy.com/diver-saves-sea-turtle-and-gets-a-hug.htm?utm_source=4

Two small dogs howl, bark, and bother a cat next to a swimming pool. Check out what this smart cat does next!!:
http://www.flixxy.com/cat-pushes-dog-into-swimming-pool.htm?utm_source=4

Welcome to the chaotic and flabbergasting magical world of Lennart Green - grand master of close-up card trickery. The man is a genius. Great for a lunch break!:
www.flixxy.com/card-magic-with-a-twist-lennart-green.htm?utm_source=4

                                                                       
                                                                   
                                                       
                                           
                                                                   
                                                                                                                                                                                                                       
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               
                                                                                                                                                           
                                                            Copyright © 2014-2015 KnowBe4 LLC, All rights reserved.                                                            
                                                                                                                       
                                                           
                                                            Our mailing address is:                                                            
                                                            601 Cleveland St. Suite 930, Clearwater, Florida, 33760                                                        
                                                        Unsubscribe here                                                                                                                      
                                                           
                                                                                                               
                                           
                                                                   
                   
Read More

Ransomware Infects 30-PC network of health care company

Posted by Stu Sjouwerman on Apr 13, 2015 5:08:00 PM

In this Wednesday, April 1, 2015 photo, Jeff Salter, CEO of Caring Senior Service, poses for a photo in his company office building in San Antonio. Last December, the network of nearly 30 computers at Caring Senior Service were invaded by ransomware, software hackers use to try to extort money from people and businesses that can’t open or use documents, pictures, spreadsheets and other files. (AP Photo/Matthew Busch)

Ransomware is one of the fastest-growing forms of hacking, cybersecurity experts say. Anyone from a home computer user to a Fortune 500 company can be infected. It can also attack smartphones. The smaller the users, the more vulnerable they are to losing their files — unless they have a secure backup for their system or go through the complicated process of paying cybercriminals.

Read More

Wall Street Journal Video About Ransomware and Botnets

Posted by Stu Sjouwerman on Apr 13, 2015 2:56:00 PM

Wall Street Journal Video About Ransomware and Botnets


The WSJ asked itself: Who Will Cybercriminals Target Next?
(click on the picture to see the video at the WSJ website).

Cybercriminals will exploit vulnerabilities in new technology as they figure out how to make money from such activities, a group of security experts tell the WSJ. This video is great for any non-tech executive who controls IT Security budget strings and needs to understand about ransomware and botnets.
Read More

So, What Is The Real Reason The White House Got Hacked?

Posted by Stu Sjouwerman on Apr 11, 2015 9:58:00 AM

According to a new CyberEdge research survey of 19 sectors, including government, spearphishing is the biggest concern to IT security pros, more worrisome than even malware. And only 20 percent of officials expressed confidence their organizations have invested enough in educating employees how to avoid falling for phishing attacks.

You may know that for months now, the State Department has struggled to keep Russian hackers out of its networks, despite periodic shutdowns of email for maintenance and a massive endeavor to re-issue credentials, according to officials. The White House maintains the intruders did not breach classified material, but CNN reports they had access to sensitive data such as confidential updates on President Barack Obama's schedule.

Read More

Subscribe to Our Newsletter!

Subscribe to Blog

Follow Me