 CyberheistNews Vol 6 #42 |
| How Vulnerable Is Your Network? Download The New Ransomware Simulator. |
.jpg)
KnowBe4 has been working hard on something brand new!
Bad guys are constantly coming out with new versions of ransomware strains to evade detection. Is your network effective in blocking ransomware when employees fall for social engineering attacks?
KnowBe4’s Ransomware Simulator "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 5 ransomware infection scenarios and show you if a workstation is vulnerable to infection. RanSim is complimentary; there are no costs.
This will take you 5 minutes at best, and may give you some insights you never expected!
Download RanSim here, and tell your IT Pro friends. This is a cool new tool:
https://info.knowbe4.com/ransomware-simulator-tool-1chn
Want to know more before you download? Here is the "How It Works" technical background and FAQ in our Zendesk tech support section:
https://knowbe4.zendesk.com/hc/en-us/articles/229040167
If you find that your AV is not blocking any of the 5 scenarios, you can discuss the possible consequences with your peers at KnowBe4's Hackbusters forum in the Ransomware Topic. The forum has five main discussion topics:
- Social Engineering
- Ransomware
- Phishing
- Security Awareness Training
- PowerShell
We look forward to seeing you on KnowBe4's exciting new online community. Join us at:
https://discuss.hackbusters.com
|
| Python Ransomware Uses A Unique Key For Each File That Is Encrypted |
|
A new ransomware strain written in Python called CryPy was disclosed by Avast malware analyst Jakub Kroustek. It seems that Python is getting more popular as a ransomware development language has seen the recent rise of strains like PWOBot, Zimbra, HolyCrypt, and Fs0ciety Locker.
Security pros observed that while CryPy is a new strain, it's not yet a major threat like Locky because a unique encryption key for each file is a double-edged sword - it causes performance problems and is more susceptible to disruption if you block the malicious IP address.
It is still in the early days for CryPy, for instance the command & control infrastructure is still immature, but expect that to be rapidly improved.
The problem with the CryPy approach is that decryptors will never work, and can potentially defeat anti-ransomware software like the prototype created by researchers at the University of Florida and Villanova University in July. Here is a technical analysis at the SecureList blog:
https://securelist.com/blog/research/76318/crypy-ransomware-behind-israeli-lines/
And while we are discussing new strains, EvilTwin's "Exotic Ransomware" continuously monitors for new files to encrypt and maxes out the CPU
The Exotic Ransomware is a new infection released by a malware developer going by the alias of EvilTwin or Exotic Squad. Discovered on October 12th by MalwareHunterTeam, the Exotic Ransomware will encrypt all files, including executables in targeted folders on a victim's computer.
In general, there is nothing particularly innovative about this ransomware, but it does contain an annoying feature. This is the constant encryption of new files in the targeted folders, making the system practically unusable. Read the story at BleepingComputer:
http://www.bleepingcomputer.com/news/security/eviltwins-exotic-ransomware-continuously-monitors-for-new-files-to-encrypt/
AI-powered ransomware is coming, and it's going to be terrifying
Business Insider started an article with the following: "Imagine you've got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you're planning to meet.
It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client's email mannerisms, with a virus attached to the map."
I have a blog post here that goes into this and at the end lifts the veil on something exciting we have been working on for quite a while with an invite for the Beta:
https://blog.knowbe4.com/ai-powered-ransomware-is-coming-and-its-going-to-be-terrifying
|
| More Than 60% Of US Office Workers Are Unaware Of The Ransomware Threat |
|
OK, here is some very good ammo to get budget.
Nearly half of ransomware attacks are aimed at office workers, but almost two-thirds of those polled are unaware of the threat.
More than 60% of US office workers are unaware of ransomware and the threat it poses to business, according to a survey of more than 1,000 employees commissioned by security firm Avecto.
The survey also showed that 39% of respondents either have no confidence that their employer has measures in place to protect them against cyber threats or they are unaware of what their employer is doing to safeguard their online safety.
More than 4,000 ransomware attacks occur every day, according to US government statistics, projecting it to be a 1 billion dollar criminal business for this year.
According to a report by security firm Symantec, ransomware attacks are becoming more targeted and a number of ransomware groups have begun using advanced attack techniques, displaying a level of expertise similar to that seen in many cyber espionage attacks.
This blog post has more data, and links to all the sources, especially the US Government stats, which is an inter-agency guidance document for CIOs and CISOs:
https://blog.knowbe4.com/more-than-60-of-us-office-workers-are-unaware-of-the-ransomware-threat
|
| Yahoo Hack Triggers 'Material Adverse Change' Clause |
|
The Wall Street Journal reported that Verizon's lawyers are looking at using the "material adverse clause' to renegotiate the terms of the 4.8 billion dollars deal they struck this July.
Verizon’s general counsel, Craig Silliman, said “we have a reasonable basis to believe right now that the impact is material.”
Would you say that losing your whole customer database is an adverse change? I would! Especially after you promise in your merger agreement that no security breach had taken place, and that no breaches will have occurred by the deal’s closing. Yeah, right.
The hack, which Yahoo blamed on a state-sponsored actor, (I'm calling BS on that by the way) occurred two years ago but was "discovered" after the merger deal was signed.
It is rare for companies to trigger material adverse change clauses because courts have resisted their use, said Lisa Stark, a partner at K&L Gates LLP. “It has to be a very substantial event. It can’t just be a hiccup.” Again, if this is not a material adverse change, I will eat my hat.
My comment at the end of the story in the WSJ: "Yahoo disregarded best security practices and some key employees fell for a spear phishing attack by Eastern European cybercrime, just like 91% of all data breaches before them.
And then to think that this could have been prevented by new-school security awareness training which helps employees to make smarter security decisions..."
Full article at the WSJ. Send this link to your C-level execs. Getting hacked could shave a billion dollars off the value of your company. How's about some more IT security budget?:
http://www.wsj.com/articles/material-adverse-change-clause-is-rarely-triggered-1476402532
|
Warm Regards,
Stu Sjouwerman |
|
|
|
