CyberheistNews Vol 7 #2 Heads-Up! Massive New Locky Ransomware Attack Is Coming

CyberheistNews | KnowBe4

CyberheistNews Vol 7 #02
Heads-Up! Massive New Locky Ransomware Attack Is Coming

Jan Sirmer at the Avast blog wrote: "Based on analysis of past Locky ransomware attacks, experts in the Avast Threat Labs predict that another attack is imminent.

Locky has taken a holiday of sorts. Avast detection of Locky shows that attacks have slowed down considerably during the days before Christmas through New Year and leading up to Eastern Orthodox Christmas, which is celebrated in Russia on January 7.

The Avast Threat Lab analyzes the lifecycle of Locky, and they can see small peaks, new spread methods, new binaries etc., usually occurring before a new campaign starts. The graph in the blog (link below) shows data for the last 100 days.

Notice that a slowdown occurs for several days before a new round of attacks; but this time it’s been more than 15 days, which doesn’t fit the pattern. The drop between attacks is not typically as significant as it has been during the 2016-17 winter holiday period.

When we consider why the incidents of Locky dropped during the last 15 days we have to wonder:
  • Are ransomware attacks down over the holidays because business users, those victimized the most, are not at work?
  • Did the attackers decide to reduce the number of overall attacks?
  • Are they preparing a new campaign?
  • Could they just be celebrating Christmas?
  • Like the Grinch, did their small hearts grow three sizes and they abandoned the ransomware racket?
Well, don't count on them going out of business. They have celebrated an incredibly profitable 2016 and we are expecting a new Locky ransomware campaign, starting the week of January 9th forward. Graph at the KnowBe4 Blog:
The Who Behind the Why of Relentless Phishing and Ransomware Attacks

Why are organizations in the West subjected to relentless phishing and ransomware attacks? We need to go back in history for a bit to understand what caused this, and determine how we can best prepare ourselves.

First of all, let's look at planet Earth from the following perspective: It is an anarchy of nations. The United Nations has turned out to be a disappointing, ineffective, and corrupt mess. Credit where credit is due, the U.N. has done some very good work in certain corners. The Universal Declaration of Human Rights is a excellent example, but taken as a whole, the U.N. has mostly been paralyzed.

Now, let's go back to right after WWII. The cold war has started up, and there is a atomic arms race with mutually assured destruction as the only deterrent. Two superpowers at each other's throat with physical walls being built and the Iron Curtain coming down. I remember traveling with my parents passing CheckPoint Charlie from West- to East Berlin as boy, an unpleasant experience to say the least. Physical barriers were used to keep people both out and in, we have all seen the cold war spy movies, the images are vivid.

Fast forward 40 years.

Continue reading at the KnowBe4 Blog, you need to know this:
300+ New Ways to Stop Your Users from Clicking on Everything!

KnowBe4 today announced a game-changing partnership with The Security Awareness Company that allows you to significantly better manage the ongoing problem of social engineering.

In your fight against phishing and ransomware you can now deploy the best-in-class phishing platform combined with the world's largest library of security awareness training content; including 300+ interactive modules, videos, games, posters and newsletters.

Join us on Thursday, January 19, 2017, at 2:00 p.m. (EST) for a 30-minute live product demonstration of KnowBe4's Security Awareness Training Platform, including the extensive content library available through our new Module Store that allows you to easily search, browse and preview content. Find out how easy it is to setup fully automated campaigns to train and phish your users:
  • 20 e-learning modules
  • 8 interactive learning modules
  • 7 compliance modules
  • 100+ videos, bite-size 1-3 minute
  • 33 trivia games
  • 125+ pieces of artwork
We are super excited to be able to provide you with this content in an all-you-can-eat format.

See a demo of "the best of both worlds" for yourself.

Register Now:

Don't want to wait until January 19th? Get a demo now!

Prepare to be pleasantly surprised...
LA College District Pays 28 Grand Ransom After Hacker Takes Hundreds of Systems Hostage

Alright, here is another apparent backup failure. Read it and weep.

When a malicious hacker locked out 1,800 staff and teachers from their computers at Los Angeles Valley College this week, college administrators faced an agonizing choice: pay a ransom or leave 20,000 students in the lurch.

They elected to pay a 28k ransom. In Bitcoins.

“In consultation with district and college leadership, outside cybersecurity experts and law enforcement, a payment of 28,000 dollars was made by the District,” Los Angeles Community College District Chancellor Francisco C. Rodriguez, in a statement Friday.

“It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost.”

Computer systems throughout the Valley Glen campus suffered a massive meltdown Friday that continued through the New Year’s holiday into the start of college’s winter session.

While classes that began Tuesday were conducted as usual, 1,800 Valley College administrators and teachers were shut out from hundreds of computers, crippling access to spreadsheets, lesson plans, emails, voicemail, even the LAVC website.

No word yet how exactly this happened, but phishing is suspected. Train those users! More at the LA Daily News:
Don’t Miss the January Live Demo: New-School Security Awareness Training

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.

Join us on Thursday, January 19, 2017, at 2:00 p.m. (EST) for a 30-minute live product demonstration of KnowBe4's game-changing Security Awareness Training Platform to see the latest features and how easy it is to train and phish your users:
    • NEW Access to the world's largest library of security awareness training content through our innovative Module Store.
    • NEW Send Simulated Phishing tests to your users during specified business hours with "Reply-to Tracking" that shows you which users fall for spoofed emails and what they answer to the bad guys.
    • Active Directory Integration allows you to easily upload and synch user management, set-it-and-forget-it.
    • Advanced Features: EZXploit™ an internal, fully automated "human pentest”. USB Drive Test™ to test reactions to unknown USBs.

    • Reporting to watch your Phish-prone percentage drop, with great ROI.
Find out how thousands of organizations have mobilized their end-users as their first line of defense.

Warm Regards,
Stu Sjouwerman

Quotes of the Week
You will not be punished for your anger, you will be punished by your anger. - Buddha

You may never know what results come of your actions, but if you do nothing, there will be no results.
- Gandhi (In other words, the wrong thing to do is nothing)

Thanks for reading CyberheistNews
Security News
What to Watch for With Ransomware: 2017 Edition

DarkReading wrote: "Ransomware has businesses concerned - with good reason. Organizations across all industries are at risk of infection via email or Web attacks.

This brand of malware attack will grow and change in the new year. New variants, such as the new version of KillDisk that no longer just erases data but instead encrypts information and demands a Bitcoin ransom, are constantly surfacing.

Threat actors have successfully used ransomware to infiltrate businesses and demand money long before the rise in ransomware attacks in 2016. But ransomware is reaching a plateau now: stolen data is less valuable because of the sheer amount of it available on the black market, experts say. So attackers are getting more creative, generating new ways to broaden their reach and demand more money from their victims.

"Ransomware is a business, and as a business, it's going to evolve," says Allan Liska, intelligence analyst at Recorded Future.

Many security watchers believe ransomware will get worse. Some think attackers will take advantage of IoT devices and target consumers. Others think mobile devices are at greater risk.

What else is on the horizon for ransomware in 2017? We did some digging to find out. Read on to learn more about how threats will evolve, what to watch for, and how to mitigate risk." Slideshow with 10 changes:
Can Government Really Fix the IoT Mess?

The vulnerabilities, and dangers, of the Internet of Things are well documented. And a growing number of experts are now saying that the market will not fix them – it will take government regulation.

Tailor Amerding at ITWorld wrote: "The private sector often views government as the problem, not the solution. But, in the view of a growing number of experts, the opposite is true when it comes to addressing the rampant and increasing security risks of the Internet of Things (IoT).

While it is not a unanimous view, there is general agreement that the blessings the IoT brings to modern life are being undermined by its curses – and that the market will not correct those curses."

I am quoted in this article about Bruce Schneier's perhaps controversial position on this problem:
More Than 10,000 Exposed MongoDB Databases Deleted by Ransomware Groups

Five Groups of attackers are competing with a new tactic that involves deleting publicly exposed MongoDB databases and asking for Bitcoin to restore them.

In a matter of days, the number of affected databases has risen from hundreds to more than 10,000.

The issue of misconfigured MongoDB installations, allowing anyone on the internet to access sensitive data, is not new. Researchers have been finding such open databases for years, and the latest estimate puts their number at more than 99,000.

On Monday, security researcher Victor Gevers from the GDI Foundation reported that he found almost 200 instances of publicly exposed MongoDB databases that had been wiped and held to ransom by an attacker or a group of attackers named Harak1r1.

The attackers left a message behind for the database administrators asking for 0.2 bitcoins (around US 180 dollars) to return the data. Run Mongo? Batten down the hatches! Here is the Mongo security checklists on how to do that:
7 Tips for Better Security Awareness Training Sessions

At their worst, security awareness training sessions are boring wastes of time, both for employees and the IT people responsible for them. At their best, however, they are interactive, discussion-driven, and genuinely helpful opportunities to raise security issues and lay the groundwork for better habits.

If you do these type of sessions, here are a few good tips!
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
FOLLOW US ON: Twitter | LinkedIn | Google | YouTube
Copyright © 2014-2017 KnowBe4, Inc. All rights reserved.

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews