CyberheistNews Vol #5 #48 New Triple Threat Chimera: Ransomware, Extortion And Data Breach



OK, Heads Up! This has not hit U.S. shores yet, but it's just a matter of time. This nasty bit of crimeware is being beta-tested in Germany at the moment, and that is where the reports surfaced a few days ago at the German Anti-Botnet Advisory Centre.


 

CyberHeist News CyberheistNews Vol #5 #48 Nov 10, 2015
New Triple Threat Chimera: Ransomware, Extortion And Data Breach
Stu Sjouwerman

OK, Heads Up! This has not hit U.S. shores yet, but it's just a matter of time. This nasty bit of crimeware is being beta-tested in Germany at the moment, and that is where the reports surfaced a few days ago at the German Anti-Botnet Advisory Centre.

Chimera combines a ransomware infection with extortion, trying to make organizations pay even when they have good backups. This cyber-mafia sends spear-phishing attacks to specific employees with job offers or business proposals with a link to a malicious payload hosted on dropbox.

It starts as a "normal" ransomware infection, encrypts both local and network files and throws up a ransom note for 2.5 Bitcoin, which at the current Bitcoin rate of 388 dollars is almost a thousand bucks. But the note shows that Chimera's evil creators take things to a new low. In it, they claim that if they are not paid, they will publish the files on the Internet.

It's not clear just yet if the ransomware program does indeed siphon off the files before or after encrypting them. But the threat itself could be enough to make organizations who do have backups into paying, because key files that have left the building illegally could constitute a very expensive data breach with all it's highly unpleasant consequences.

In the first six months of 2015, the number of ransomware attacks equaled the total number in all of 2014. That shows you how widespread this problem is becoming for businesses of all sizes. It is entirely possible that you or someone in your organization will be held ransom at some point — a scenario that could have a devastating effect.

Learn how you can prevent such an attack and protect your organization by downloading KnowBe4's Ransomware Hostage Rescue Manual: The most informative and complete 20-page hostage rescue manual on ransomware:
https://info.knowbe4.com/ransomware-hostage-rescue-manual-0

Cryptowall V4.0 Released: Now Encrypts The File Names As Well

We also have a new blog post about the latest version 4.0 of Cryptowall which has arrived in the U.S.:

"CryptoWall 4.0 has been released that displays a redesigned ransom note, new filenames, and now encrypts a file's name along with its data. We were alerted to this new variant by various members who have posted about being infected by what was being called the help_your_files ransomware. Once we were able to analyze a sample, though, it was quickly determined that this was in fact a new version of CryptoWall." This is a screenshot from their site that shows what it looks like:" Blog post with screen shots and links:
https://blog.knowbe4.com/cryptowall-v4.0-released-now-encrypts-the-file-names-as-well

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"It is not because things are difficult that we do not dare, it is because we do not dare that they are difficult."- Lucius Annaeus Seneca - Philosopher, Statesman, Dramatist (5 BC - 65 AD)

"No crime is so great as daring to excel."- Winston Churchill


Thanks for reading CyberheistNews


Security News
This Week's Five Most Popular HackBusters Posts
    1. Nibble on the dark side with a Death Star waffle maker:
      http://www.hackbusters.com/news/stories/449801-nibble-on-the-dark-side-with-a-death-star-waffle-maker

    2. Anonymous Group Leaks Identities of 1000 KKK Members:
      http://www.hackbusters.com/news/stories/452777-anonymous-group-leaks-identities-of-1000-kkk-members

    3. Microsoft to discontinue Windows 7, 8.1 a year from now:
      http://www.hackbusters.com/news/stories/449736-microsoft-to-discontinue-windows-7-8-1-a-year-from-now

    4. Hackers Win 1 Million Bounty for Remotely Hacking latest iOS 9 iPhone:
      http://www.hackbusters.com/news/stories/448567-hackers-win-1-million-bounty-for-remotely-hacking-latest-ios-9-iphone

    5. FBI Deputy Director's Email Hacked by Teenager Who Hacked CIA Chief:
      http://www.hackbusters.com/news/stories/452912-fbi-deputy-director-s-email-hacked-by-teenager-who-hacked-cia-chief
The Room Where the Internet Was Born

An epic American road trip—to see “The Cloud” in all its strange manifestations—begins in an old lab at UCLA. The room is painted in the closest approximation of its color in archival photos, a pale industrial green that is somehow both soothing and sinister. It is the Muzak equivalent of the color green, a wall color that only could have been popular in the 1970s.

Most of the period furniture was actually just taken out of UCLA's storage. Not all of the computer hardware from those days was kept in storage or considered historically relevant to preserve. The IMP is original, as is the first packet switch installed on the Arpanet, and the teletype. But the mainframe computer components are replicas, designed according to old specs. Interesting Internet history story in The Atlantic:
http://www.theatlantic.com/technology/archive/2015/11/where-was-the-internet-born/413221/

Take The "Security and IoT" Survey

Our latest, joint KnowBe4 & ITIC/StrategyAnalytics 2015 – 2016 Security and IoT Survey is live!

In the Digital Age where everyone is connected via IoT, BYOD, the cloud and the Internet, security is more crucial than ever. Hacks into corporate networks and consumer devices are occurring with alarming frequency. Is your firm’s security proactive or reactive? The survey should take about 5 to 10 minutes to complete. Leave a comment with your Email address for a chance to win a 100 dollar Amazon gift card. All responses are confidential. No sales person will call you and we never share your information with anyone.

Once the survey is complete, we will publish an Executive Summary in Cyberheist News. Additionally, anyone who has completed the survey is eligible for a complimentary copy of the full Report by sending a request to ldidio@strategyanalytics.com or Stu Sjouwerman at: stus@knowbe4.com.

Thanks very much in advance for your participation. Take the survey here:
https://www.surveymonkey.com/r/FG35GJD

SANS Announces November OUCH!: Shopping Online Securely

They said: "We are excited to announce the November issue of OUCH! This month, led by Guest Editor Jonathan Homer, we focus on shopping online securely. With the holidays coming up, we thought this would be the perfect opportunity to remind everyone of the steps they can take to safely get the best deals online. We ask you to share OUCH! with your family, friends and coworkers. English Version (PDF)
https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201511_en.pdf

Cybersecurity Efforts Still Falling Short At Financial Services Firms

Here is another article mentioning the weaknesses of security in the financial arena from Investment News. "It's not that advisers are neglecting cybersecurity measures intentionally," Mr. Attias said, citing a lack of education and understanding as one of the biggest problems advisers face regarding cybersecurity.

He recommended that advisers receive security awareness training, but emphasized that they do not need to become IT experts in order to manage their cybersecurity within their firms:
http://www.investmentnews.com/article/20151103/FREE/151109981/cybersecurity-efforts-still-falling-short-at-financial-services-firms


Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews