Tag Archives: malware

The scourge of Ransomware

From Wikipedia:

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files.

To say that Ransomware has become a serious problem in recent times is putting it mildly. In the last year, numerous SA businesses and users have become victims of this nasty type of malware. According to BlueCoat, a security vendor, Ransomware is now the leading mobile threat and ranks very high on the list of desktop/server threats.

Briefly, Ransomware infection is primarily by email link or email attachment. Once the user clicks a link in the infected email or runs the attachment, the infection silently takes place. From there, files accessed by the user are encrypted with a key, known only by the malware author. A message ( in the form of a file typically called HELP_DECRYPT.TXT ) is left in the folder where the file was first encrypted – the message provides details of how to send payment, often in bitcoins, to the malware author, so that they will send the key to unencrypt your files.

CryptoWall 3 and earlier versions, as well as some competing malware, targeted specific files that you accessed. Newer variants like CrytoWall 4 will now encrypt an entire folder and not just the files you access. They also have the ability to infect/encrypt files on the network shares of servers. Chimera is a new type of Ransomware that threatens to post copies of your documents and images on the Internet unless a ransom is paid. PowerWorm has recently come to light as another variant that encrypts files – but it has a bug in that the key is destroyed ( mistakenly ) after encryption.  Which means that paying a ransom will not get you your files back – ever.

Another method of infection is through websites that are compromised by the Angler exploit kit. Just visiting the site results in a drive-by attack called Pony which scours the infected computer for any login credentials for websites, banking, network resources and applications. Once done, the infected computer is then redirected to alternate sites where Angler will install CryptoWall 4 which in turn will result in encrypted files. CryptoWall 4 also renames files with randomly generated characters meaning that you don’t even know which files have been encrypted.

This is real scary stuff …

Paying, what amounts to around R 5,000 – 30,000 ( 1 – 6 bitcoins ) per infection, is beyond the ability of most.  Another issue is that there is no guarantee that the perpetrator will actually send you the encryption key. Paying a ransom is not a good idea …

 

What can I do to protect myself?

  • always keep your Operating System and installed applications up to date
  • do not use Adobe Flash and plugins for browsers, and try to limit your usage of Java
  • make sure you have  a good Anti-Virus package installed and make sure it is updated continuously
  • do NOT click on links in emails ( even if they look genuine ) and do not save or run attachments from emails that appear to be from friends, family or known business connections
  • use common sense and logic when accessing email and visiting websites; look for things that are out of the ordinary and double check items that look ordinary
  • attend Security Awareness Training which gives you the tools to navigate email, websites and other internet applications safely
  • backup your data regularly

What can I do if I’m infected?

The answer to this is: nothing – if you’ve not followed the last recommendation above. The only option is to clear out the infection and restore data from backups. Clearing out the infection often means rebuilding the infected device from scratch, reinstalling all applications and restoring your data.

If you don’t have a backup, then there are no further options. Unless you want to take a chance and have the funds available to pay the ransom ….

Home routers: security fail

It’s no secret that I absolutely hate non-business/home-based ( ADSL/3G/other ) routers. From  a security point of view, they have a history of never-ending security issues that result in a variety of malicious attacks including DNS reflection, remote control, spam, malware infections and  other attacks.

There are other serious issues including ( but not limited to ):

  • vendors of these devices are slow to react to vulnerabilities and often don’t even patch these
  • users either don’t know that updates are available, don’t know how to apply patches/updates or just can’t be bothered to apply updates
  • the firewall/protection features of these devices are limited
  • there are common back-doors included in many of these devices which opens up access to attackers

Because non-business grade routers/firewalls don’t carry any sort of guarantee or warranty in terms of performance, vendors do not put ( as much ) effort into these in terms of keeping them secure. The following link describes just how bad the situation is:

http://www.theregister.co.uk/2015/03/05/broadband_routers_sohopeless_and_vendors_dont_care/

If you have any concern over your internet security or use your internet link for any secure services ( like online shopping or internet banking ), consider purchasing/using a business-grade firewall that will:

  • provide you with a decent level of protection
  • be updated regularly by the manufacturer

Keeping your desktop computers, laptops and mobile devices safe is only one part of home security. You also need to look at the security of your network devices  including routers, printers and WiFi access points as these are an important point of access to your home network and can compromise your systems as easily as a virus on your computer.

The end of Windows XP

Windows XP support will officially end on April the 8th next week.

This is a very important change that appears to have escaped many people. Why important? Because you will no longer be receiving any updates ( security or other ) from Microsoft for XP. That effectively means that if there is a security hole discovered in Windows XP from the 8th of April, it will be open for anyone to exploit and no fixes will be forthcoming from Microsoft.

While Windows XP has never been what you might term a secure operating system, Microsoft have to this point, continued to fix vulnerabilities, bugs and other issues in XP.  And it’s these fixes that have improved the security level of XP significantly. That will no longer be the case from next week on.

What is really worrying is that many companies are still running a fairly large percentage of Windows XP systems – it’s estimated that up to 25% of Enterprise/Corporate systems are still Windows XP. And many smaller businesses have a higher percentage as they can’t afford the Windows software and hardware upgrade cycle.

The risk of security breaches on systems running Windows XP beyond April 2014 is high. This is not an overstatement – it’s a certainty! Even the European Cybercrime Centre has warned of impending XP security risks.

What can you do?

1. make an asset list of both hardware and software

It’s important to understand what hardware and software you have as this will dictate whether you can upgrade to a newer version of Windows or not. As well, certain older applications will not be able to run on Windows 7 and later, even in compatibility mode.

2. Test your hardware

Use one of your PCs/Laptops as a test-bed for checking if Windows 7/8 will run on them without issue. Use the Windows 7 Upgrade Advisor and Microsoft Upgrade Advisor to see if your machines meet the minimum requirements. Minimum requirements also don’t mean a good experience; Windows has, and always will, require more memory and faster disk to perform adequately.

Note that certain MS Windows version upgrades won’t keep any of your existing data or applications so you need to a. create backups and b. do a clean install. Check with your hardware vendor to see if there are any driver updates for your hardware that is required for Windows upgrades.

Here is more info on upgrading Windows XP to Windows 7. Note also that Windows 7 support ends in 2020 which is not that far away so keep that in mind when upgrading.

2. Test your applications

Take a Windows 7 or later system and run all your applications on that system to make sure they will execute without issues. If you find any issues, try the application compatibility modes in Windows 7 and later – if this does not solve the issue, then approach the manufacturer for a fix or look for equivalent applications that are compatible.

3. Update or install a good Anti-Virus package

It cannot be underestimated how valuable a good AV package is. This is generally the first line of defense when accessing network resources or using portable data devices ( USB, CD, DVD etc. ). The package should include malware protection, email scanning and URL/Link scanning. Many AV packages now also come with cloud-based sandbox technologies which enhance the ability to detect 0-day vulnerabilities. Note that AV packages will NOT be able to provide full protection for Windows XP systems after the end-of-support date.

4. Do not use Internet Explorer 6 or earlier

In fact, don’t use Internet Explorer at all – use an alternate browser such as Firefox or Chrome.

5. Do not use a Windows XP system to do banking or other financial transactions

You are literally inviting crackers into your bank account if you continue to use Windows XP from next week on for banking and/or other financial transactions. Use an alternate locked-down system running a memory stick-based system like Linux for any secure internet browsing requirements. You are welcome to contact me for pre-configured memory sticks or pen drives.

6. Contact your technical IT support  company for assistance

Your IT service company is in the best position to determine possible solutions for you in this regard. Don’t underestimate the value they can provide in assisting you in either mitigating the security risks for XP or upgrading to Windows 7 or something else.

9 years ago, I took the decision to ditch Windows altogether. I’ve never looked back – not only does my current system ( Linux ) provide good performance on lower spec hardware but it’s also relatively immune to the bulk of exploits out there. This means I’m secure in the knowledge that when I’m doing Internet Banking, my money is not going to disappear.

This path is not for everyone. However, you need to look at the  alternatives – whether it’s upgrading Windows to a newer version or migrating to a completely new platform like Mac OS or Linux, you need to make the decision now.

Any delay beyond next week is likely to be a costly move.

Large security breach involving fast food outlets and banks in SA

A variant of the Dexter malware has apparently been running on POS systems unchecked for quite a while. All of SA’s banks have been hard hit by the losses incurred as a result of arguably one of the largest security breaches in SA history. More info here:

http://www.techcentral.co.za/sa-banks-in-massive-data-breach/44338/