Monthly Archives: January 2017

Ransomware

By Michael Birman on July 16, 2019

Computers and other electronic devices have become targets for scammers do to ransomware, although it is usually individuals that get hit and it’s wont be long until the business world is also targeted. One such scam involves ransomware (or ransom-ware) which is a type of malware (malicious software) that is designed to block access to a personal computer, server or mobile electronic device or maliciously encrypt data stored on such devices which makes that information inaccessible to the user until a monetary ransom has been paid.

Payment of the demanded ransom is the only way users can retrieve the stolen information via a software “key” that will restore access to the user. Ransoms are typically demanded in the form of bitcoins which are a form of digital currency that uses encryption technology to regulate the generation of bitcoins and for verifying the transfer of money from one account to another, but which are not in any way connected to a legitimate bank or other financial institution. As you may have guessed, these scams are extremely difficult to overcome without payment of the ransom and simply removing the malware from electronic devices will not even begin to solve the problem.

Ransomware is usually delivered to victims in the form of an email or third-party websites that are already infected with the nefarious software. The Federal Bureau of Investigation (FBI) indicates that ransom payments in 2016 were expected to reach a billion dollars in comparison to 2015 statistics that show ransom payments upwards of $24 million. Cyber security experts predict the figures to rise even more in 2017 and every year thereafter because it has proven to be a very lucrative activity for scammers.

The phishing emails use Visual Basic Script to avoid detection rather than using macros which would make them easier to identify and eradicate. Cyber criminals are now targeting major financial institutions and insurance providers with nefarious email messages that contain the necessary tools and information-collecting software that uses keylogging to fraudulently obtain information about keystrokes that targeted individuals and businesses use to access various accounts.

This keylogging software enables hackers to see everything that is typed on an infected computer or mobile device keyboard which is then used to exploit personal and confidential information in the form of login usernames, passwords and other valuable information and then demand payment of ransom from that individual or entity in order to regain access to their own stolen vital information.

Scammers are now targeting high profile major financial institutions and insurance companies because of the plethora of information contained within their computer systems about millions of individuals and business entities which they can exploit for their malicious purposes.

The United States Secret Service is now warning people to also be leary of public computers offered to guests of hotels and devices in business centers and other places that provide public access to and use of their personal computers or other office machinery that is provided as a service to guests and/or clients.

This warning also applies to activities conducted on electronic devices using a public WI-FI facility that provides Internet access or personal communications within a specific area using computers, Smartphones and other hand-held electronic mobile devices which are popularly used by millions of people worldwide every day.

Like most phishing schemes, emails are sent that contain attachments in the form of Microsoft documents (Word, Excel, PowerPoint) that seem legitimate but which are designed to do nothing more than install nefarious malware using Visual Basic Script that is the means by which malware is downloaded onto computers and other electronic devices, including cell phones and tablets.

Visual Basic Script files are “Packager Shell Objects” that can be used to open files and execute from within Microsoft Office documents in which the malicious file is embedded. Fraudulent emails often include images or links but request that you download a certain software application in order to view those images or information contained in links within the body of the email. Cyber security experts have determined that those images and/or links are not what they appear to be and instead contain codes for keylogging malware that will begin to nefariously operate on your device the second you attempt to access the application by clicking “run.”

After the malware is installed on your computer or other electronic device, it sends keystroke information to hard-coded email addresses which fix parameters of a software program or data contained therein and cannot be altered or changed in any way without modifying the entire computer program.

Although Microsoft software applications block macros by default and this particular type of malware is pretty basic compared to other means of exploitation, cyber criminals and hackers are continually developing new ways to infect your devices with nefarious downloads, which indicates a shift from the previous practice of tricking users into inadvertently enabling malicious macros.

According to a report from the American technology company known as Symantec, the average ransom that was demanded in 2016 was about $679, compared to only $295 typically demanded from victims in 2015. Experts believe ransom demands will exceed $1000 before the end of 2017 and some larger entities and/or wealthy individuals have already paid ransoms consisting of 4 to 5 monetary digits in order to unlock their critical data and resume normal activities.

Corporations and other business entities are becoming frequent targets and are also vulnerable since reports of ransomware payments have been made by utility companies, banks, insurance companies, colleges, hospitals, police departments and multiple other agencies in order to retrieve their vital information.

The Hollywood Presbyterian Medical Center in L.A. paid almost $17,000 to unlock its computer network in February, 2016 and the San Francisco Municipal Transportation Agency was targeted which disabled passenger ticket vending machines that are used for its municipal light rail system.

Whereas other types of malware require stealing personal information in the form of passwords and credit card numbers, etc., which is then sold to other criminals who attempt to profit from the acquisition, ransomware is a direct means of stealing information which usually results in ransom payments being made directly to the criminal in order to quickly recover data and resume normal operations.

Digital security experts fully expect the criminal use of ransomware to get worse and explode exponentially in the future, affecting more and more people every year. This is due to the fact that ransoms are usually paid and that ransom software can be purchased from cyber hackers which enables anyone with basic computer skills to launch sophisticated attacks against mostly individuals who typically don’t maintain adequate security measures to protect from such attacks.

The problems with ransomware include new varieties like Jigsaw which encrypts data and then begins deleting groups of files to pressure victims to pay the demanded ransom. Another newcomer is Chimera which threatens to post files, photos and videos online if the ransom is not paid by a certain deadline. Android handheld electronic mobile devices have been targeted by Flocker which can lock Android phones and smart TVs until ransom is paid.

Ransomware criminals are all over the world and can attack anyone or any company connected to the Internet. Symantec determined that the United States is the favorite target for ransomware demands with 28% of global infections and Canada is second accounting for 16% of global ransomware infections.

Law enforcement agencies discourage victims from paying ransoms because it encourages more attacks which pays for the development or more and more nefarious malware, especially since there is absolutely no guarantee that payment of the ransom will result in computer files being unlocked. However, many unprepared business owners feel they have no choice but to pay the ransom.

In fact, a survey of business leaders conducted by IBM revealed that almost half of the businesses polled indicated they have already been victimized by ransomware attacks; 60% indicated they would be willing to pay ransoms in order to recover stolen data; 70% of businesses surveyed indicated they have already been infected with ransomware and actually paid the ransom to regain access to computer systems and vital business data; 20% of those that paid indicated the ransom they paid was over $40,000; half of the companies surveyed indicated they would be willing to pay over $10,000 to retrieve data; and 25% indicated they would be willing to pay between $20,000 and $50,000 depending on the type of data stolen. So you can see why ransomware is becoming more popular and effective as a means for cyber criminals to make a lot of money and they will continually up the ante because of the predictable certainty of ransoms being paid.

Of course medium and large companies are more attractive and lucrative victims than individuals since they are usually willing to pay larger amounts of money for ransom, but small businesses are also vulnerable to attacks because employees often lack IT security training that is typically provided by large businesses. The survey concluded that only 30% of the 200 or so small businesses surveyed offer security training to employees while 58% of larger companies offer such training.

In conclusion, everyone is at risk for ransomware attacks and must take action to protect vital information by disabling macros, backing up files every day and maintaining up-to-date security software. It is also advisable that you make sure those backups are not constantly connected to the internet or a live network that makes the data insecure and vulnerable. Users of computers and other electronic devices should also delete any applications that are rarely or never used and should be set up to automatically receive updated software for operating systems, computer apps and security software on every electronic device you utilize.

Symantec’s Kevin Haley indicated “This is not something that happens to other people; it could easily happen to you. We really need to step up our protection because the bad guys are stepping up their game. There’s just too much money involved for them not to.”

Don’t allow yourself to become a victim and take every security measure you can to protect your personal or business information or you may be the next victim of ransomware and it could very well destroy you or your business financially or completely shut down operations altogether. Better to be safe than sorry!
For ransomware help contact Eyes Everywhere

Phishing 2017

By Michael Birman on July 16, 2019

Ransomware:

Computers and other electronic devices have become targets for scammers to fraudulently obtain personal information from users to which the scammers are not entitled. One such scam involves ransomware (or ransom-ware) which is a type of malware (malicious software) that is designed to block access to a personal computer, server or mobile electronic device or maliciously encrypt data stored on such devices which makes that information inaccessible to the user until a monetary ransom has been paid.

Payment of the demanded ransom is the only way users can retrieve the stolen information via a software “key” that will restore access to the user. Ransoms are typically demanded in the form of bitcoins which are a form of digital currency that uses encryption technology to regulate the generation of bitcoins and for verifying the transfer of money from one account to another, but which are not in any way connected to a legitimate bank or other financial institution. As you may have guessed, these scams are extremely difficult to overcome without payment of the ransom and simply removing the malware from electronic devices will not even begin to solve the problem.

Ransomware is usually delivered to victims in the form of an email or third-party websites that are already infected with the nefarious software. The Federal Bureau of Investigation (FBI) indicates that ransom payments in 2016 were expected to reach a billion dollars in comparison to 2015 statistics that show ransom payments upwards of $24 million. Cyber security experts predict the figures to rise even more in 2017 and every year thereafter because it has proven to be a very lucrative activity for scammers.

The phishing emails use Visual Basic Script to avoid detection rather than using macros which would make them easier to identify and eradicate. Cyber criminals are now targeting major financial institutions and insurance providers with nefarious email messages that contain the necessary tools and information-collecting software that uses keylogging to fraudulently obtain information about keystrokes that targeted individuals and businesses use to access various accounts.

This keylogging software enables hackers to see everything that is typed on an infected computer or mobile device keyboard which is then used to exploit personal and confidential information in the form of login usernames, passwords and other valuable information and then demand payment of ransom from that individual or entity in order to regain access to their own stolen vital information.

Scammers are now targeting high profile major financial institutions and insurance companies because of the plethora of information contained within their computer systems about millions of individuals and business entities which they can exploit for their malicious purposes.

The United States Secret Service is now warning people to also be leary of public computers offered to guests of hotels and devices in business centers and other places that provide public access to and use of their personal computers or other office machinery that is provided as a service to guests and/or clients.

This warning also applies to activities conducted on electronic devices using a public WI-FI facility that provides Internet access or personal communications within a specific area using computers, Smartphones and other hand-held electronic mobile devices which are popularly used by millions of people worldwide every day.

Like most phishing schemes, emails are sent that contain attachments in the form of Microsoft documents (Word, Excel, PowerPoint) that seem legitimate but which are designed to do nothing more than install nefarious malware using Visual Basic Script that is the means by which malware is downloaded onto computers and other electronic devices, including cell phones and tablets.

Visual Basic Script files are “Packager Shell Objects” that can be used to open files and execute from within Microsoft Office documents in which the malicious file is embedded. Fraudulent emails often include images or links but request that you download a certain software application in order to view those images or information contained in links within the body of the email. Cyber security experts have determined that those images and/or links are not what they appear to be and instead contain codes for keylogging malware that will begin to nefariously operate on your device the second you attempt to access the application by clicking “run.”

After the malware is installed on your computer or other electronic device, it sends keystroke information to hard-coded email addresses which fix parameters of a software program or data contained therein and cannot be altered or changed in any way without modifying the entire computer program.

Although Microsoft software applications block macros by default and this particular type of malware is pretty basic compared to other means of exploitation, cyber criminals and hackers are continually developing new ways to infect your devices with nefarious downloads, which indicates a shift from the previous practice of tricking users into inadvertently enabling malicious macros.

According to a report from the American technology company known as Symantec, the average ransom that was demanded in 2016 was about $679, compared to only $295 typically demanded from victims in 2015. Experts believe ransom demands will exceed $1000 before the end of 2017 and some larger entities and/or wealthy individuals have already paid ransoms consisting of 4 to 5 monetary digits in order to unlock their critical data and resume normal activities.

Corporations and other business entities are becoming frequent targets and are also vulnerable since reports of ransomware payments have been made by utility companies, banks, insurance companies, colleges, hospitals, police departments and multiple other agencies in order to retrieve their vital information.

The Hollywood Presbyterian Medical Center in L.A. paid almost $17,000 to unlock its computer network in February, 2016 and the San Francisco Municipal Transportation Agency was targeted which disabled passenger ticket vending machines that are used for its municipal light rail system.

Whereas other types of malware require stealing personal information in the form of passwords and credit card numbers, etc., which is then sold to other criminals who attempt to profit from the acquisition, ransomware is a direct means of stealing information which usually results in ransom payments being made directly to the criminal in order to quickly recover data and resume normal operations.

Digital security experts fully expect the criminal use of ransomware to get worse and explode exponentially in the future, affecting more and more people every year. This is due to the fact that ransoms are usually paid and that ransom software can be purchased from cyber hackers which enables anyone with basic computer skills to launch sophisticated attacks against mostly individuals who typically don’t maintain adequate security measures to protect from such attacks.

The problems with ransomware include new varieties like Jigsaw which encrypts data and then begins deleting groups of files to pressure victims to pay the demanded ransom. Another newcomer is Chimera which threatens to post files, photos and videos online if the ransom is not paid by a certain deadline. Android handheld electronic mobile devices have been targeted by Flocker which can lock Android phones and smart TVs until ransom is paid.

Ransomware criminals are all over the world and can attack anyone or any company connected to the Internet. Symantec determined that the United States is the favorite target for ransomware demands with 28% of global infections and Canada is second accounting for 16% of global ransomware infections.

Law enforcement agencies discourage victims from paying ransoms because it encourages more attacks which pays for the development or more and more nefarious malware, especially since there is absolutely no guarantee that payment of the ransom will result in computer files being unlocked. However, many unprepared business owners feel they have no choice but to pay the ransom.

In fact, a survey of business leaders conducted by IBM revealed that almost half of the businesses polled indicated they have already been victimized by ransomware attacks; 60% indicated they would be willing to pay ransoms in order to recover stolen data; 70% of businesses surveyed indicated they have already been infected with ransomware and actually paid the ransom to regain access to computer systems and vital business data; 20% of those that paid indicated the ransom they paid was over $40,000; half of the companies surveyed indicated they would be willing to pay over $10,000 to retrieve data; and 25% indicated they would be willing to pay between $20,000 and $50,000 depending on the type of data stolen. So you can see why ransomware is becoming more popular and effective as a means for cyber criminals to make a lot of money and they will continually up the ante because of the predictable certainty of ransoms being paid.

Of course medium and large companies are more attractive and lucrative victims than individuals since they are usually willing to pay larger amounts of money for ransom, but small businesses are also vulnerable to attacks because employees often lack IT security training that is typically provided by large businesses. The survey concluded that only 30% of the 200 or so small businesses surveyed offer security training to employees while 58% of larger companies offer such training.

In conclusion, everyone is at risk for ransomware attacks and must take action to protect vital information by disabling macros, backing up files every day and maintaining up-to-date security software. It is also advisable that you make sure those backups are not constantly connected to the internet or a live network that makes the data insecure and vulnerable. Users of computers and other electronic devices should also delete any applications that are rarely or never used and should be set up to automatically receive updated software for operating systems, computer apps and security software on every electronic device you utilize.

Symantec’s Kevin Haley indicated “This is not something that happens to other people; it could easily happen to you. We really need to step up our protection because the bad guys are stepping up their game. There’s just too much money involved for them not to.”

Don’t allow yourself to become a victim and take every security measure you can to protect your personal or business information or you may be the next victim of ransomware and it could very well destroy you or your business financially or completely shut down operations altogether. Better to be safe than sorry!