Security Awareness Training Blog

    CyberheistNews Vol 5 #22 ALERT: Is Your Network Infected With A Sleeper Ransomware Strain?

                                                                                                                    
    CyberheistNews Vol 5 #22 June 2, 2015
                          

    ALERT: Is Your Network Infected With A Sleeper Ransomware Strain?

    There is a concerning new "sleeper" ransomware twist.

    It's called Locker and has been infecting employee's workstations but sat  there silently until midnight May 25, 2015 when it woke up. Locker then  started to wreak havoc in a massive way.

    Since this strain literally reared its ugly head, Reddit has a topic on it  with over 600 comments. Bleepingcomputer has a support topic that is more than 30 pages long and they received 100s of emails from consultants all over the  world. Based on their experience with cryptoware, they stated this strain has  a large "installed" base, which does not bode well, Topics related to  this new strain are suddenly being posted on all the major support boards, AV  forums, etc.

    It appears we have a new player in Ransomware City, but they only charge  0.1 Bitcoin, something between 20 and 30 bucks. At the moment, it looks like  the infection vector is compromised sports-websites that have exploit kits  on them, and there is a compromised MineCraft installer out there.

    Here is what it does: 

      • A series of Windows services are used to install Locker on the computer and  encrypt data files.

      • During the install process, Locker will check if the computer is virtual  machine and terminate if detected.

      • Encrypts data files with RSA encryption, and does not change the file extension.

      • After the encryption it deletes your c:\ shadow volume copies and displays  its ransom interface.

      • If your backups failed and you are forced to pay the ransom, once payment  has been confirmed the ransomware will download the private key and  automatically decrypt your files. 
    There are quite a files that are encrypted, the list of extensions is on our blog. Locker does not change the file extension so your users will  get error messages from their applications that the file is corrupted.

    As you see on the screenshot at our blog (link below), it has a scary  message in red at the bottom of the screen stating: "Warning any attempt  to remove damage or even investigate the Locker software will lead to  immediate destruction of your private key on our server!"  This is just  to force you into paying, not something to be too worried about. The amount is negligible, but the hassle and list time is significant.

    At this very early time after the initial discovery, things are still  somewhat murky, but we will keep you in the loop about any developments at the blog which will be updated. Screenshot link and more detail at  the KnowBe4 Blog. 

    BREAKING NEWS - there is a development about Locker you want to read about at the blog:
    http://blog.knowbe4.com/is-your-network-infected-with-sleeper-ransomware

    And as always, stepping employees through effective security awareness  training is a must these days. Find out how affordable this is, and be  pleasantly surprised.
    http://info.knowbe4.com/kmsat_get_a_quote_now

    It's heeere! Criminal Ransomware as a Service

    As we predicted in our whitepaper "Your Money or Your Files", there is  now shake-and-bake criminal ransomware that aspiring Internet criminals  can put together in a few minutes. Meet 'Tox', Ransomware for the rest of us.

    In short, you can now go to this TOR website "for criminals by criminals",  roll your own ransomware for free, and the site takes a 20% kickback of  every Bitcoin ransom payment.

    Jim Walter at McAfee Labs commented: "The packaging of malware and  malware-construction kits for cybercrime “consumers” has been a  long-running trend. Various turnkey kits that cover remote access plus  botnet plus stealth functions are available just about anywhere.  Ransomware, though very prevalent, has not yet appeared in force in  easy-to-deploy kits. But now we have Tox–and it’s free."

    Tox is not going to be the last criminal malware to embrace this  model. You can expect new strains, built with more features, better  quality and different encryption and evasion methods. This is only  the beginning. Whitepaper download:
    http://info.knowbe4.com/whitepaper-ransomware-history

    Some Interesting Security Awareness Training Numbers

    You may know Gartner, the 800-pound gorilla in the IT Analyst space. When a  market is mature enough they create their Magic Quadrant (MQ) with  the leading vendors in that particular space. Normally there are hundreds of players in a mature market but only 20 or so of the actual leaders make it  on the MQ. KnowBe4 made it on there first time around.

    The Gartner Managing Vice President who covers the security awareness training  market and manages this MQ is called Andrew Walls, here is his bio:
    http://www.gartner.com/analyst/29763

    Walls revealed some interesting numbers that may help you to get budget:
      • The security awareness training market globally exceeds one billion in  annual revenue.

      • This market is growing about 13 percent per year.

      • CISOs are increasingly turning to educational security awareness solutions.
    This is good ammo if you need to get budget approval to train your employees, C-level peer pressure is a great incentive to hop onto a trend and not fall  behind. InfoWorld's security guru Roger Grimes reviewed KnowBe4's integrated  awareness training and phishing platform. It's great to send to executives as an addendum to a business case for user education: Here is the article:
    http://www.infoworld.com/article/2920804/security/get-real-about-user-security-training.html

    Warm Regards,
    Stu Sjouwerman
    Quotes Of The Week
     
           
    " The less effort, the faster and more powerful you will be." - Bruce Lee, Martial Artist (1940 - 1973)

    " It's not that I'm so smart, it's just that I stay with problems longer."  - Einstein
         Thanks for reading CyberheistNews!
    Security News
     

    What Our Customers Say About Us

    "Knowbe4 has put together a great solution. I am very pleased with the  progress of our users so far. 34% initially, down to 5%. Hopefully the next  campaign will be 0%. I think this is funny so I wanted to share.

    I had changed the landing page for the templates, before I started the  campaign so the users would not know it was a test so easily. Almost all  of our users called or emailed IT about the phishing scam emails they  received, except for one user.

    This user got the amazon phishing scam template. After clicking on the phishing  scam email, the user got so nervous they canceled their amazon account and  both of their credit cards! The templates are very convincing. I bet they  are more careful next time."
    - L.L., System Support-Hardware

    This Week's Five Most Popular HackBusters Posts

    What are IT security people talking about? Here are this week's five most  popular hackbusters posts:
      1. Silk Road Creator Ross Ulbricht Sentenced to Life In Prison:
        http://www.hackbusters.com/news/stories/330682-silk-road-creator-ross-ulbricht-sentenced-to-life-in-prison

      2. This Facebook Hack Allows You to Track Your Friends On Map:
        http://www.hackbusters.com/news/stories/329172-this-facebook-hack-allows-you-to-track-your-friends-on-map


      3. This Simple Text Message Can Crash and Reboot Your iPhone:
        http://www.hackbusters.com/news/stories/328996-this-simple-text-message-can-crash-and-reboot-your-iphone

      4. APUS Launcher Now Blocks SMS Phishing & Spam:
        http://www.hackbusters.com/news/stories/328243-apus-launcher-now-blocks-sms-phishing-spam-android-headlines-android-news


      5. County Sheriff Has Used Stingray Over 300 Times With No Warrant:
        http://www.hackbusters.com/news/stories/328520-county-sheriff-has-used-stingray-over-300-times-with-no-warrant

    Not Providing Security Education Is *THE* Dumbest Idea for InfoSec Efforts

    The Privacy Guidance Blog makes a passionate and well written plea  for security awareness training. They started out with: "Every year or so,  an otherwise smart information security professional publishes some really  bad information security advice about how awareness and training is a  waste of time and money. The latest proclamation at CSO Online has  generated a small bit of a firestorm since it was published."  Warmly recommended:
    http://privacyguidance.com/blog/not-providing-education-is-the-dumbest-idea-for-information-security-and-privacy-efforts/

    Cybersecurity On The Agenda For 80 Percent Of Corporate Boards

    IT Security has become a growing priority for boards. In fact, 81  percent of the directors in a new survey said information security  matters have become a topic for discussion at most or every board  meeting. Still, two-thirds professed being uncertain of their company’s  ability to avert a data breach, while more than 70 percent said they  were significantly concerned about security risk from third-party  software in the supply chain. This is interesting information for any C-level executive in your organization:
    http://www.csoonline.com/article/2927395/data-protection/cybersecurity-on-the-agenda-for-80-percent-of-corporate-boards.html

    Are There Free Ransomware Decryption Tools?

    Multiple bright minds have been working on a solution to combat ransomware,  yet it is not an easy task. Because every infection is different – and also  requires its unique decryption key – it is difficult for security experts  to find a cookie cutter solution. However, all of these decryption keys are  generated by a certain algorithm, and once that has been cracked, the story  changes dramatically.

    It may come as a surprise that a solution has been made available to the  public at no cost. Jadacyrus – a pseudonym for an unknown individual or  group – created a decryption toolkit that allegedly would be able to break  the ransomware encryption. Even though there are multiple version of  ransomware available, this toolkit should be able to decrypt most  infections by CryptoLocker, CoinVault, TeslaCrypt and others. More at our Blog:
    http://blog.knowbe4.com/are-there-free-ransomware-decryption-tools
    Cyberheist 'FAVE' LINKS:
     

    This Week's Links We Like. Tips, Hints And Fun Stuff.
                                   
        
    Copyright © 2014-2015 KnowBe4 LLC, All rights reserved.

    Our mailing address is: 33 N. Garden Suite 1200, Clearwater, Florida, 33755

     

    Return To KnowBe4 Security Blog
    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews