CyberheistNews Vol 4, # 23 CryptoWall Comes With Nasty Twist

CyberheistNews Vol 4, # 23
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube

CyberheistNews Vol 4, 23

Editor's Corner


New Ransomware CryptoWall Comes With Nasty Twist

There is a new ransomware strain called CryptoWall hitting organizations. Late April, the cyber criminals who developed the CryptoDefense ransomware released a new variant called CryptoWall. This strain is for the most part the same as CryptoDefense except another brand name, different filenames for the ransom instructions, and a whole new attack vector.

IT security pundits speculated that either the criminals released a new version because CryptoDefense was being blocked by endpoint protection software, or that they sold their source code to another cyber mafia. The bad news is that the earlier vulnerability of CryptoDefense has been fixed and you can no longer yourself decrypt files that are encrypted by CryptoWall.

This puppy comes with a nasty twist though, it no longer requires a user to open an infected attachment, but uses a fresh vulnerability in Java. Malicious advertisements on domains belonging to Disney, Facebook, The Guardian newspaper and many others are leading people to sites that are CryptoWall infected and encrypt their drives. There is a massive attack reported by Cisco, and they have a heatmap with the countries primarily targeted. The US is, predictably, the most affected, with the UK coming in second. Map at the KnowBe4 Blog:

Since Cisco began blocking the attacks on April 24, its researchers said they had blocked requests to over 90 infected web domains for more than 17 percent of its cloud-security customer base. Mind you, Cisco's customer base for their cloud web security is really large, so 17% is big numbers.

In the mean time, back at the ranch, ransomware grand-daddy CryptoLocker has continued to improve the quality of its spear-phishing attacks with fake fax announcement messages that start to look very real. They also improved their marketing, as the latest version provides a new feature which is a button that gives you the chance to "Decrypt 1 file for FREE" and is fully functional. Oh Joy.

Yes, the CryptoLocker network was taken over by the Feds last week, but there are three competing gangs, and cyber criminals more than anyone build their systems to be robust, redundant and fault-tolerant because they know from the get-go they will be shut down sooner rather than later. They do not go away, they get mad and come back with an even more resilient malware version.

It's a very good idea to step your end-users through effective Kevin Mitnick Security Awareness Training. You can get a free quote to find out how much this would be for your organization. You'll be pleasantly surprised how affordable this is, and this month it comes with an innovative crypto-ransom offer you will like:

If your network gets hit with this, look at time stamps and owner(s) of the decrypt_instructions files that were loaded to the (mapped) drives. That's how you can identify which workstation it originally came from and (re-)train the user. Reformat/reimage their PC (a.k.a. "nuke from orbit") and restore all the directories that have those encrypted files. Do a restore from a backup prior to the date you see listed on the file creations.

In case you do not have recent backups, pay the ransom and hope for the best. Surprisingly these criminals do their best to decrypt your files, it's their "reputation" after all! But do not waste a crisis like this and use it to your advantage. Strengthen your policies and IT Best Practices. Keep your systems patched and your users on their toes with security top of mind!

Scam Of The Week: Hackers Exploit CryptoLocker Hysteria

So now, other cyber gangs have launched a massive phishing campaign to exploit the fear generated by the recent CryptoLocker ransomware takedown news announcements. The scam offers "decryption keys for CryptoLocker". The utility can be downloaded and it claims it will unlock any files encrypted by CryptoLocker. However, as you might have guessed, it's a scam.

If an unsuspecting end-user downloads it, a snake oil registry cleaner is installed which falsely claims that there lots of registry problems. And of course, the only way these can be solved is by buying the product. This is clearly an attempt to exploit the news coverage of both CryptoLocker and GameOver Zeus. This type of scam will escalate for sure, and more dangerous viruses will be marketed as CryptoLocker file decrypters. Warn your users to not fall for this scam!

BOOK: No Place To Hide. Edward Snowden, The NSA and the U.S Surveillance State

I have just finished this book which describes the story of Edward Snowden's last year. It was written by a journalist by the name of Glenn Greenwald who was selected by Snowden to reveal what he had found. It is fascinating to get all the details you never read in the press, and to see what happens when you challenge the status quo. One important thing I did not know is that Snowden was trained up to be a very high-level white-hat hacker, not a system admin like the press claimed. There are many other revelations. You can get the book at Amazon and comes warmly recommended:

No time to read the book? Here are the cliff notes, a brand new slide show with the 10 biggest Snowden leaks. Slide number 11 shows that the NSA tracks and hacks system admin workstations. Are you pwned by the NSA?

SUMMER Sci-Fi MOVIE: Edge Of Tomorrow

Just saw it on opening weekend. Wow, if you like Sci-Fi action movies you gotta go see this one. I thought it was fantastic. It's "Alien meets Groundhog Day", the script is unique and I had a great time. This one also earns a "Stu's Warmly recommended"!


Quotes of the Week

"Permanence, perseverance and persistence in spite of all obstacles, discouragements, and impossibilities: It is this, that in all things distinguishes the strong soul from the weak." - Thomas Carlyle - Philosopher (1795 - 1881)

"If you can't explain it to a six year old, you don't understand it yourself." - Albert Einstein

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

You can read CyberheistNews online at our Blog!:

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me:
Facebook LinkedIn Blog Twitter YouTube YouTube

Did your Auditors Tell You To Remediate Weak Spots?

The audit season is just ending, and you may have been told by your auditors that you need to remediate weak spots regarding your compliance and get these areas tightened up.

Often that's a large amount of work which disrupts your normal workflow. The remediation may have to do with for instance PCI, HIPAA or FFIEC compliance, but sometimes it's the fact that no outside-in vulnerability testing was done.

We can help you in several areas: The KnowBe4 Compliance Manager allows you to automate the compliance (remediation) workflow to dramatically speed up both becoming and staying compliant while cutting down audit costs significantly. Click here for a whitepaper and/or a demo

Next, we can provide you with an essential compliance requirement which is to scan your websites from the outside in, to look for vulnerabilities and configuration problems. KnowBe4 does this type of scanning -and- gives you a hand to get things fixed:


Are You an Expert or Caught in the Phishing Net?

Did you know that Intel has a publishing arm? Their website has a bunch of interesting articles. The most recent one was about Phishing and you can read about KnowBe4 in this article:

McAfee Phishing Quiz reveals roughly 65 percent of respondents can’t properly identify email scams. Email is one of the oldest “modern” forms of communications. While it provides near real-time discussions, alerts and sharing, it also has become one of the most popular ways hackers gain access to locked-down business environments. Despite powerful security solutions and diligent IT departments, often it is awareness and education that help keep corporate environments secure. More:


"We’ll Pay Your Crypto-Ransom If You Get Hit"

"We are so confident our training works, we’ll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer." -- Stu Sjouwerman, Founder and CEO, KnowBe4

We announced last week that we will pay your ransom in Bitcoin if you get hit with ransomware due to human error of an employee. Security experts agree it will only be a matter of weeks before CryptoLocker or a variant will be back in business as the criminals who created it are still on the loose.

Cyber criminals more than anyone build their systems to be robust, redundant and fault-tolerant because they know from the get-go they will be shut down sooner rather than later.

The FBI estimates 234,000 have been hit with ransomware like CryptoLocker, CryptoDefense and CryptoBit to the tune of $30 million in ransom fees in Sept-Dec 2013 alone. The US Dept of Justice claimed more than 300,000 computers had been "freed" from the ransomware in Operation Tovar last week.

I think now is a very good time for you to seize the moment and train your users. Anyone hit with CryptoLocker knows how destructive it can be. With the large number of phishing threats hitting companies, people can become immune to alerts.

We help you be more proactive and train employees to learn which Red Flags to look for and how to keep themselves and your network protected. Often, antivirus does not recognize a new CryptoLocker variant and an end user clicks on a link or opens an infected attachment, and encrypts their local files or worse, a whole file share.

Once these files are encrypted, the only way to get them back is to restore a recent backup or pay the ransom. According to one KnowBe4 customer: “We made their security training mandatory after we were infected with CryptoLocker. We continue to reinforce good habits by sending fake spam/phishing messages to our employees and addressing any clicks that may occur. Continued education using KnowBe4 has empowered our users and the ability to "spot check" employees on-the-go definitely helps keep our systems safe.” R.B.

Many employees take work home and access the network on personal laptops or devices shared with family members. KnowBe4 recognizes the need to help users stay secure in a variety of environments and we offer our clients a separate Home Internet Security Course for their whole family as an extra bonus. More:

We are so confident our training works, we’ll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer and your employees stepped through our training. Go to the KnowBe4 website now and get a quote for your organization. The special Crypto-Ransom offer is valid until June 30, 2014. Orders need to be received before that date 24:00 hrs. Get your quote here:


Security Awareness Training Should 'Change How People Think'


Security awareness training must be high on the agenda of Best Practices when companies fight off cyber threats, experts concluded at the SC Congress London.

Such training schemes have been a big topic of conversation in recent months, but many in the information security world are still unsure how it is best employed. Is it, as BH Consulting founder Brian Honan suggested to this writer on Twitter, from board level or better placed from the bottom-up, feeding through the roots of the company?

A panel of speakers voted in favor of bottom-up security training awareness at the SC Congress London on Tuesday, and argued that it is one of many best practices that should be employed to safeguard companies against possible data breaches.

Derrick Bates, trust information security officer at North Cumbria University Hospitals NHS Trust, said that his own training has resulted in staff becoming a lot savvier on the threat from the outside.

“The one big thing you have to do is educate your users, because if you do, you have an extra 3,000 people on your security team. They now come to me to tell me about phishing emails, or people pretending to be from IT team or recruiters. My users challenge them.”

“My education awareness program and newsletters take a lot of time but it pays dividends.”

Bates added that businesses need to ask six questions on ‘Who, what, where, when, how and why' on IT infrastructure and incoming threats to have “95 percent [of the information] to take upstairs to the C-level corridor.”

Sarah Stephens, head, cyber & commercial E&O for Aon EMEA, agreed that awareness training should underpin protecting assets and said that the security messages need to get back to end users. “Bringing [security] back to the individual works well for IT security professionals."

Bates added that his awareness programs were focused on ‘ordinary folk' but insisted that these must not teach or preach, because workers have enough on their plate already.

“The whole thing with security awareness training is not to teach…they have too much [on]. What I am trying to do is to change the way they think and perceive what's around them. That's how you get in the C-level corridor, you don't go at them and convince them they're doing something wrong.” Article at:


5 Summer Scams To Watch Out For This Season

Taylor Ammerding over at CSO has a good anti-scam article: "As the temps go up, so do the number of social engineering scams. Here are the latest summer cons to watch out for this year.


It is almost summertime, and while the livin’ supposedly gets a bit easier, it remains risky. As the vacation season approaches and everybody is planning travel, socializing with friends and family and relaxing, people in the “always connected” world should add one more item to their list: Don’t relax when it comes to online security.

Social engineering scams are more ubiquitous and sophisticated than ever. And they can do a lot more than ruin a vacation. As experts consistently point out, a successful scammer can steal, destroy or hold your files hostage, install malware on your computer, steal your identity and other personal information, steal your money, break into your house and ruin your reputation.

There are dozens to hundreds of such scams, but with the help of several experts, CSO has selected a somewhat arbitrary “Top Five” that represent the most common social engineering threats that target individuals and organizations, concluding with some general advice on how to detect and avoid them:

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

This Electric Motorcycle Lap At TT Zero 2014 Is Insane. Watch this full screen in HD and keep your lunch down!

How to Hack a Car: Phreaked Out (Episode 2) A new frontier. Dang this is scary, think about ransomware schemes where people lock your car and only open it when you pay!:

OK, this is almost NFSW, but it's really a FemBot made by some Japanese for a horror movie. The comments on facebook are a RIOT, too. The video is possibly disgusting, but also needs to be admired for the mad technical skeels they used to pull this off, looks at how those hands, elbows and and shoulders articulate!

The 10 Most Iconic Car Commercials. These are great to see again (and some you may have missed):

However they are all NOTHING compared to this ad where Audi lets the R8 V10 engine speak for itseld. Full screen, HD and Volume at 10!

A metal plate vibrating at different frequencies creates beautiful geometric wave patterns:

A dachshund plays with a balloon. He keeps it up in the air for a long time by successfully kicking it 14 times in a row:

7-year-old Mahiro makes a stunning presentation of Kankudai, an advanced karate exercise that consists of offensive and defensive moves against eight opponents:

One of these three dogs made a mess in the house. Who's done it? Cody (top left) Murphy (top right) or Maggie?:

From the Weird Japanese Video Department. How to break a car window with the headrest:

Facebook LinkedIn Blog Twitter YouTube YouTube

Subscribe To Our Blog

Anti-Phishing Guide ebook

Get the latest about social engineering

Subscribe to CyberheistNews