CyberheistNews Vol 4, 42
Ransomware Hits Admin Workstation and Kills 7 Servers
Here is a tale of Ransomware that will make your blood run cold, very appropriate with Halloween around the corner. This is the real story of what happened last week, in their own words:
"We are a 250 employee non-profit and we heavily rely on our computer systems in almost everything we do. Yesterday, one of our admin workstations was hit with CryptoWall Version 2.0, and because this workstation had drives mapped to all our servers, and the administrator had permissions, all our seven servers got encrypted and we were dead in the water.
CryptoWall took just 55 minutes to encrypt 75 Gigs of information, and it had penetrated most of our network before we found out what was happening, isolate the workstation and get it disconnected from the network. We had backups of the seven servers but it would take days to restore those, so we opted to find out if we could decrypt the files first.
Luckily we had just signed up for KnowBe4’s Kevin Mitnick Security Awareness Training, which came with a crypto-ransom guarantee in case something like this would happen. We called them and got instant help with this very urgent problem.
They had bitcoins ready in a wallet and were able to pay the $500 ransom within hours. The CryptoWall criminals were actually also pretty quick, and we were issued our decryption key soon after. We immediately started to decrypt all the files with the provided decryption tool and pulled an all-nighter. It was amazing how long it took to get through all of the data. It finally completed at around 8:30 am. So we estimate about 18 hours of running the decrypt tool on our 75 gigs of data.
So far it only appears that one older database file was corrupted during the encryption, but we restored it from our backup and all is fine. I can’t say enough about KnowBe4’s quick response and support with this situation. We dodged a very big bullet here.
While only a portion of our staff have completed the training, something tells me more will complete the training requirement after this event. Thank you very much!" - Q.M. IT Director
As you can see, ransomware hitting a key employee like an admin or perhaps a CEO, controller, or CFO with a lot of access, can do immense damage. Having all employees step through security awareness training and sending them simulated phishing (and now also vishing) attacks, is an essential element of your defense-in-depth!
Why security awareness training? Ransomware, that's why! Find out how affordable this is for your organization. Get a quote now:
P.S. Ransomware goes Prime Time. This week's episode of The Good Wife has a whole office infected with ransomware that throws them into turmoil. Great for a lunchbreak and to forward to management:
Scam of the Week: Ebola Phishing Grows in Volume
I have warned before that Ebola phishing attacks would be more and more prevalent, as a result of the mass-media spending increasing amounts of time covering this threat.
And sure enough, it was only a matter of time until you could see phishing and malware attacks using social engineering to trick users into clicking on links or opening attachments.
The US-CERT (United States Computer Emergency Readiness Team) has issued a warning about it, and they advise users to keep an eye out for fraudulent emails of this kind, in order to stay safe from malicious cyber campaigns.
I would use this CERT notification and send the link to your users. It's short, easy to understand, and it's official so it may make a bigger impression than normal. Feel free to copy/paste/edit this blurb:
"I would like to alert you all of a recent increase in scams related to Ebola. Please double check anything you receive via email or see on social media related to Ebola, like emailed warnings, web-alerts, news updates and possibly even videos. The only way to get news about this is straight from a reputable source. Also, do not fall for fake websites that solicit online donations for Ebola victims. Verify the site is legit before you donate anything. I have said it before and I am saying it again: "Think Before You Click!"
Here is an official message from the U.S. Government about Ebola scams:
No Time to Figure Out Sandworm and Poodle?
Paul Ducklin at Sophos issued a one-minute video where he quickly describes what these vulnerabilities are, illustrated by a little graphic. Very handy to know and a great service from Sophos:
Quotes of the Week
"If everything seems under control, you're just not going fast enough." - Mario Andretti
"You don't burn out from going too fast. You burn out from going too slow and getting bored." - Cliff Burton
Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here
You can read CyberheistNews online at our Blog!:
New PCI 3.0 Rule - Needs to Be Continuous All Year
Heads-up. This quote is straight from the NEW PCI 3.0 standard:
"To ensure security controls continue to be properly implemented, PCI DSS should be implemented into business-as-usual (BAU) activities as part of an entity’s overall security strategy. This enables an entity to monitor the effectiveness of their security controls on an ongoing basis, and maintain their PCI DSS compliant environment in between PCI DSS assessments."
This is exactly what KnowBe4 Compliance Manager allows you to do.
Most organizations track PCI compliance using spreadsheets, word processors or proprietary self-maintained software. This is inefficient, error prone, costly, and a risk in itself. Keep your PCI compliance in real-time with KnowBe4 Compliance Manager™.
Get PCI 3.0 compliant in half the time and half the cost. Fill out the form for a live web-demo:
Russian Cybercrime Rakes In $2.5 Billion These Last 12 Months
There is a Russian computer forensics outfit called Group-IB. They released a report October 15th which goes into great detail on how Russian cybercrime makes its money. The picture is not pretty but very interesting.
Russian cybercrime raked in $2.5 billion between mid 2013 and mid 2014, and the biggest contributor to that revenue stream was the Target hack. Why? While financial fraud is still a big earner -- accounting for $426 million -- it's being surpassed by the simple buying and selling of credit card data. The carding business brought in a whopping $680 million. Here is a backgrounder on why all this Russian cybercrime.
A short summary of other bad news: ATM hacks are on the rise. Spamming still pays well. New criminal groups are hitting the scene, specializing in mobile threats. And POS attacks will only get worse, because they can deliver data that's 10 times more profitable than your average plaintext credit card number.
Sara Peters, Senior Editor at Dark Reading, took apart the new 70-page IB-group report and has a good article about it:
The report itself can be downloaded here:
KnowBe4 Console User Management Improvements
We have some exciting news for existing users and organizations that are looking at subscribing to Kevin Mitnick Security Awareness Training. Significant improvements have been made to the user management section of your KnowBe4 console.
An existing user said: "I am happy to see that the console is still being developed and extended. The latest change in the user console where you can see the training progress of an individual user is a great improvement. So I’m pleased."
Here are the new features:
Delete users improvements
Delete will not actually delete the users but they will be marked as ‘archived’. Archived users will not show in any user management screens. To “Delete” a user you go to the users page and select from the drop down on the right of the table the "Delete" option. You can filter by "Only deleted users" to find all deleted users. You can "Restore" users from the individual settings menu or "Restore selected" option. If a user is deleted and later imported, the user will be automatically restored
Bulk user delete
- You can now delete users in bulk from a CSV file
When a user signs up, the screen will provide more information on what to do if the email they’re trying to sign up with is in use already: "Email has already been taken? Try to Resend confirmation instructions or Reset password." Users page now has a better layout, shows total number of users, grouped. We capture more information, so account admins can better manage the users: Location, Division, Manager Name, Employee Number. You can now see individual user details, overall statistics on clicks, opened attachments and training status.
We redesigned the index page and you now have an option to remove all users from a group in the groups list. The group details page was redesigned to be more user friendly, you can now export users in a group to CSV, and we added a feature to be able to delete all users in a group.
Symantec Intelligence Report (SIR): September 2014
It's that time of month again, the latest Symantec Intelligence Report just dropped. All the latest on the bad things the bad guys are trying to do. Ben Nahorney is one of their top Cyber Security Threat Analysts as well as the chief architect of the SIR.
Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Here is a snippet that is relevant for this issue:
"The average number of spear-phishing attacks rose to 53 per day in September, after a 12-month low in August. Spear-phishing activity has returned to levels seen earlier in the summer, but is still down from the 12-month average of 85 attacks per day." Much, much more at:
This Is a Data Privacy Survey for Your HR People
It's about Employment Verification Outsourcing & Employee Data Privacy Trends. Data privacy is a hot button issue. Does your firm outsource employment verification processing to a third party employment verification vendor? Does your firm understand its obligations to its employees under the Fair Credit Reporting Act (FCRA)? Take this survey to weigh in on this crucial topic. Leave a comment with your Email address for a chance to win a $150 Amazon gift card. All responses are confidential. Please forward this survey to your HR people. Here's the link:
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
This week's episode of The Good Wife has a whole office infected with ransomware that throws them into turmoil. Great for a lunch break and to forward to management:
Need a 4-minute "feel-good-shot-in-the-arm?" I assure you you will feel better with this one. Turn up the volume and ENJOY this collection of dance clips from almost 40 movies, from dance movies to comedies, from Fred Astaire to Michael Jackson:
A novel way to move a couch from the third story of an apartment building. Will it work or be a disaster?:
A compilation of clips from America’s Funniest Videos of the 24 best cats and dogs talking like humans:
Super Typhoon Vongfong as the astronauts saw it from the International Space Station on October 9, 2014:
It all begins when she is meeting her girlfriend for lunch at a cafe ... Cafe Lip-Dub Proposal "Marry Me"
The human powered airplane 'Airglow' flown by Mike Truelove at the Icarus Cup 2012 on a 1km (0.62 mile) stretch:
A commercial for a new Toyota, and they pulled _all_ the tricks out of the photography bag for this one:
FlameStower Charger: Charge USB Devices with Fire. Really!
"Lady is a tramp" on Vimeo. This is called surrealism. I think it's weird!
Jonathan Mann performs a song he wrote using only the iOS 8 QuickType autocomplete feature. Riot:
The Sukhoi Su-35 and Su-37 pilots show the amazing maneuverability of their aircraft at an air show in Dubai: