CyberheistNews Vol 5 #15 Apr 14, 2015 New Ransomware CrypVault Evades AV With Simple Batch Scripts



 
                                 
                                                                                                                
                                                       
   
                    
                                                                                                                                       

New Ransomware CrypVault Evades AV With Simple Batch Scripts

A new ransomware strain dubbed CRYPVAULT is being spread as an email  attachment. It's beta testing in Eastern Europe and is making its  way to Europe and America.

It's a novel approach. In an attempt to bypass any and all endpoint  protection, the user is social engineered to open an attached Javascript  file. The phishing attack does not have an executable as a payload. Next,  the malware uses the command box to run a batch file that encrypts the files.

According to a post by Michael Marcos, threat response engineer with Trend  Micro, CRYPVAULT encrypts the files and then makes them appear to the  end-user as if they were quarantined, by giving them the .vault extension.

Adam Greenberg at SCMagazine said: "The act of disguising the users' encrypted  files as quarantined files possibly aims to raise urgency for users to take  action on their files," Marcos told SCMagazine.com in an email correspondence,  going on to add, "Appending a .vault file extension can also be used as a  marker for the malware to know that the file is already encrypted."

"The ransomware is written in a batch script (the script is executed line  per line in the command line/MS-Prompt)," Marcos said. "It did not import  any libraries or can create functions. The commands were executed from  top to bottom."

What To Do About It

Two things: First, check your edge devices (Firewall, spam filters, proxy  servers etc.) to make sure that any .js file extensions are found, and  quarantined or the whole e-mail deleted.

Second: It is clear that more and more Eastern European cyber mafias are  jumping on the ransomware bandwagon, and that employees need to be trained  within an inch of their lives not to fall for these types of social  engineering attacks. Find out how affordable this is today:
https://info.knowbe4.com/kmsat_get_a_quote_now

There is much more technical detail, including a schematic of the infection chain at the KnowBe4 Blog here:
https://blog.knowbe4.com/new-ransomware-crypvault-makes-files-look-like-they-are-quarantined

So, What Is The Real Reason The White House Got Hacked?

According to a new CyberEdge research survey of 19 sectors including  government, spearphishing is the biggest concern to IT security pros,  more worrisome than even malware. And only 20 percent of officials  expressed confidence their organizations have invested enough in educating  employees how to avoid falling for phishing attacks.  

You may know that for months now, the State Department has struggled  to keep Russian hackers out of its networks, despite periodic shutdowns  of email for maintenance and a massive endeavor to re-issue credentials,  according to officials. The White House maintains the intruders did not  breach classified material, but CNN reports they had access to sensitive  data such as confidential updates on President Barack Obama's schedule.

State even provided an online cyber training course, to train employees  to be careful about the personal and professional information they post  on social media. Social engineering was the topic of the lecture. One  of the subjects covered, according to State's website, was "organizational  risk to social engineering through email and social media."

"No one at the White House took the course," White House deputy press  secretary Shawn Turner told Nextgov. Well, that will get you hacked.  Kevin and I are giving the White House a second chance, step through our  training...for free. Mr President, call us anytime! :-D

If you want to know what your phishing attack surface is, you can find out  at no cost. We will send you your Email Exposure Check (EEC) with all email  addresses belonging to your domain that are out there on the Internet for  the bad guys to find:
https://info.knowbe4.com/free-email-exposure-check-CTA-GEN

NEW: This Week's Five Most Popular HackBusters Posts

Here are this week's five most popular hackbusters posts:

 

  1. Hacked French Network Exposed Its Own Passwords During TV Interview:
    https://www.hackbusters.com/news/stories/301995-hacked-french-network-exposed-its-own-passwords-during-tv-interview
  2. How to Run Linux Kernel on Canon DSLRs Cameras:
    https://www.hackbusters.com/news/stories/300053-how-to-run-linux-kernel-on-canon-dslrs-cameras
  3. John Oliver Sits Down With Edward Snowden:
    https://www.hackbusters.com/news/stories/299575-john-oliver-sits-down-with-edward-snowden
  4. Anonymous Hackers Target Israeli Websites and Leak Credentials:
    https://www.hackbusters.com/news/stories/300249-anonymous-hackers-target-israeli-websites-and-leak-credentials
  5. NSA and CIA Analysts Watching Porn, A Lot of Porn, More Than You Could Ever:
    https://www.hackbusters.com/news/stories/299750-nsa-cia-analysts-watching-porn-a-lot-of-porn-more-than-you-could-ever

 


Warm Regards,
Stu Sjouwerman


Quotes of the Week:

"Life should not be a journey to the grave with the intention of arriving  safely in a pretty and well preserved body, but rather to skid in broadside  in a cloud of smoke, thoroughly used up, totally worn out, and loudly  proclaiming "Wow! What a Ride!"  - Hunter S. Thompson

"A purpose is the eternal condition of success."  - Theodore T. Munger

Security News

 

 

NEW Whitepaper: Best Practices for Dealing with Phishing and Next-Generation Malware

Can users be your first line of defense?

Phishing and malware threats are skyrocketing as cybercriminals become more  adept, stealthier, and more able to penetrate your IT security defenses.

The consequences of even a single attack penetrating your network can be  devastating, resulting in enormous potential losses. Large amounts of dollars  stolen directly out of your corporate financial accounts, your CEO first  reading about your data breach in the morning paper, the loss of intellectual  property like trade secrets, and possibly the bankruptcy of your organization.

To combat phishing attempts and next-generation malware, this new Osterman  Research white paper gives you a list of high-priority actionable items, all  related to IT security. One of these is to learn how users can be mobilized  as your first line of defense using effective security awareness training.  Download Now:
https://info.knowbe4.com/whitepaper-osterman-bp-phishing-15-04-14

So, You "Don’t Believe In" Security Education?

Joe Ferrara, CEO of our friends at Wombat Security posted an excellent editorial at the DarkReading site. He's taking on awareness training  naysayers and methodically shows why they are in the minority. I like his analytical approach pointing out why they are wrong, and comes up with a lot of actionable ammo in a short post. Recommended Reading!
https://www.darkreading.com/endpoint/so-you-dont-believe-in-security-education-/a/d-id/1319793?#msgs 

Mass Police Pay Ransom After Ransomware Phishing Attack

Last December Police in Massachusetts confronted a new and growing  frontier in cybercrime when the CryptoLocker ransomware virus infected  the department’s network, encrypting essential department files until  the town paid a $500 Bitcoin ransom.

In total, police systems were down between four and five days as the department  worked with the FBI, Homeland Security, Massachusetts State Police, as well as  private firms in an effort to restore their data without paying the ransom.

The problem? The last good backup tape was 18 months old. Ouch.

According to the U.S. Department of Homeland Security’s Computer Emergency  Readiness Team (US-CERT), CryptoLocker is a malware campaign that initially  surfaced in 2013. CryptoLocker is a new variant of ransomware that restricts  access to infected computers and demands the victim provide a payment to the  attackers in order to decrypt and recover their files. As of this time, the  primary means of infection appears to be through phishing emails containing  malicious attachments, phony FedEx and UPS tracking notices, and even through  pop-up ads.

Police Chief Timothy Sheehan told the Town Crier that Tewksbury was hit with  a newer form of CryptoLocker, for which authorities did not have the key.  Though initially infected sometime on December 7, the department became  aware of the malware on December 8, 2014. 

A recent KnowBe4 survey of more than 300 IT professionals found that 88 percent  of respondents said security awareness training provides the most effective  protection from ransomware. More at esecurityplanet:
https://www.esecurityplanet.com/malware/police-department-pays-cybercriminals-following-ransomware-infection.html

How Data Breaches Break Down By State And Sector

Morgan & Morgan, a personal injury law firm, has compiled data that shows 930  million records have been breached since 2005. In 2010, if you received a  notification of a data breach, your chances of becoming a victim of fraud  were one in nine. By 2012, those odds had shrunk to one in four. Now, in  2014, it’s one in three. Here is a breakdown by state and sector of the data  breaches in the past 10 years. This is an interesting and scary slide show:
https://www.csoonline.com/article/2907517/data-breach/how-data-breaches-break-down-by-state-and-sector.html?

Identifying and Disrupting Crypto-Ransomware

Adam Cramer posted something interesting at the SANS digital forensics blog. It's a new idea how to stop ransomware and destructive malware from causing  too much damage, by monitoring file handles and see if there is abnormal  activity. He even wrote some free code you can experiment with. It's all here:
https://digital-forensics.sans.org/blog/2015/04/03/identifying-and-disrupting-crypto-ransomware-and-destructive-malware

Indiana Jones in Real Life! In 4K. This looks like a BLAST. Never mind the bruises...
https://youtu.be/qPKKtvkVAjY

Wingsuit Precision Flight. Wow, this guy is good!
https://youtu.be/uRGaIK51LWc

Unified Weapons Master Video - high-tech armor that looks pretty cool:
https://youtu.be/bK8BCdhsCF8

                                                       
     
 



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews