Collaborate Disseminate
The latest SANS ‘Ouch!’ newsletter is dedicated to a description of ransomware and tips on how to counter it. And no, I have no idea why they chose the name Ouch! Like other editions, this particular newsletter issue is presumably aimed primarily at home users rather than corporates. (Though it does include a link to the SANS Advanced Cybersecurity Learning […] Continue reading SANS ‘Ouch!’ Newsletter on Ransomware
I haven’t checked the links yet, but Yasin Soliman’s article for Graham Cluley’s site looks really useful. How to report a cybercrime – Who you gonna call? includes a table with contact points in the US appropriate to several categories: I’m guessing that followers of this blog will find the links for ‘Internet fraud and SPAM’ particularly relevant. […] Continue reading Reporting cybercrime
Europol, the European Union’s law enforcement agency, has announced an initiative to address the ransomware issue. (Hat Tip to Kevin Townsend, who first brought it to my attention.) The agency’s announcement tells us that: No More Ransom(www.nomoreransom.org) is a new online portal aimed at informing the public about the dangers of ransomware and helping victims […] Continue reading Europol says ‘No More Ransom’
Zeljka Zorz reports for Help Net Security: Decrypter for Locky-mimicking PowerWare ransomware released – Palo Alto Networks’ researchers have created a decrypter for the variant of the PoshCoder ransomware that imitates the Locky ransomware. Josh Grunzweig’s decryptor is a Python script available here. Zeljka points out ‘They can try following these instructions on Python.com on how to […] Continue reading Decrypter for Locky-imitating PowerWare
My friend and colleague Stephen Cobb, for ESET, recently posted an article on Jackware: When connected cars meet ransomware. He says: I define jackware as malicious software that seeks to take control of a device, the primary purpose of which is not data processing or digital communications. A car would be such a device. A lot […] Continue reading Jackware: carjacking and ransomware
Useful resources from F-Secure: Evaluating the Customer Journey of Crypto-Ransomware and the Paradox Behind It (Hat-tip to ESET’s Stephen Cobb for bringing it to my attention.) Infographic/comic strip (OK, not my sort of thing, but may be useful for other educationalists: Five Habits of Successful Ransomware Criminals Commentary by The Register: Ransomware gang: How can I extort […] Continue reading Ransomware: F-Secure looks at the ‘customer’ experience
When Chuck Berry recorded ‘Beautiful Delilah’ back in the 1950s, he wasn’t thinking of anything like the Trojan described by Diskin, according to Gartner’s Avivah Litan, as gathering ‘enough personal information from the victim so that the individual can later be manipulated or extorted.’ By which the company seems to include recruitment of insiders by forcing […] Continue reading Delilah: Ransomware and Recruitment
Lawrence Abrams, for Bleeping Computer, has an article on CryptXXX providing free keys for .Crypz and .Cryp1 Versions. It discusses the curious case of victims being given decryption keys for free. Link added to the CryptXXX resource page. David Harley Continue reading Curious CryptXXX Freebie
Not quite ransomware (though there is a suggestion that it may happen), but but my ESET Lukas Stefanko describes a fake lockscreen app that takes advantage of the currently prevalent obsession with Pokémon GO to install malware. The app locks the screen, forcing the user to reboot. The reboot may only be possible by removing and replacing the […] Continue reading Pokémon beGOne – malware exploiting a popular craze
Researchers from the University of Florida and Villanova University suggest that ransomware can be mitigated by detecting its encrypting files early in the process: CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data A good idea, but some anti-malware programs already do something like this (i.e. flag programs that start encrypting files in bulk). But […] Continue reading If it’s encrypting, perhaps it’s ransomware