Category Archives: Ransomware

NotPetya: Yet Another Ransomware Outbreak

The WannaCry ransomware virus has become a distant memory for many. For some WannaCry and its variants came and went without doing damage. Others weren’t so lucky. What we are learning (once again) is how critical it is to be prepared against a ransomware outbreak. The fact that the ransomware threat is ongoing and not leaving the scene of the cybercrime anytime soon is underscored by the latest malware to hit the unprotected computer environment and make headlines: NotPetya.

The NotPetya ransomware breakout appears to have started in Eastern Europe and is spreading west. From what we know at this time, a Ukrainian accounting software application is the suspected source; NotPetya was apparently hidden in a software update. As you might expect, NotPetya was named after the Petya ransomware because it masquerades as that ransomware.

What about that ransom?

The NotPetya ransom payment mechanism has been disabled; that is, the email ID associated with cybercriminal’s Bitcoin account was blocked by the email ID’s provider, according to a source. In other words, there is no way to pay even if you want to. At this point of the outbreak, the purpose of this malicious virus is to attack systems quickly and cause as much damage as possible.

NotPetya is considered more dangerous than the WannaCry virus, which was so devastating because it paralyzed infected computers and then caused application failures for systems that had a dependency on Windows operating systems. Hundreds of victims paid various amounts of ransom in Bitcoin in exchange for a decryption key. If there was anything good about WannaCry, it was that it warned IT admins and others to keep their Windows operating systems up to date with the latest patches.

So, what’s the point?

It’s important to remember that cybercriminals who seek to infect systems with ransomware or spread any other form of malware are criminals; cybercriminals to be sure, but criminals just the same who might have no other purpose than to simply cause damage. In the case of NotPetya, this ransomware spreads more effectively than WannaCry and not only encrypts data but also extracts credentials to other machines and systems.

Similar to the WannaCry virus, the purpose of NotPetya is to infect Windows 10 computers. Fortunately, the Windows 10 Credential Guard spots NotPetya’s password extraction from memory. Ransomware running in the Windows 10 operating system with administrative privileges cannot extract credentials. Read more about Windows 10 Credential Guard.

Mozy can help you defend against ransomware

Mozy by Dell can help you protect your environment from the NotPetya ransomware. Here’s how:

   •     Immutable copy: Mozy uses a proprietary encryption and encoding mechanisms to store backups which prevents any          execution of code within files that have been backed up. Mozy backups are entirely separate from your computer.
   •     Point-in-time backup and restore: Mozy uses file versioning, allowing the end user or administrator to restore the entire          backed up data set or individual files and folders from any point in time; up to seven years for MozyPro and          MozyEnterprise, and 90 days for MozyHome. This allows you to easily go back to a healthy version of your files.
   •     Automatic backups: Mozy provides automatic backup as frequent as every two hours, providing highly granular point in          time backup to recover from.
   •     Self-service restore: Mozy provides the ability to the end user to perform their own restore from the Mozy agent or the          Web Access interface.

Avoid a ransomware disaster

To learn how you can use Mozy as a second line of defense for your data and to prevent a ransomware disaster, visit Mozy by Dell.

Other Mozy blogs about ransomware

For more information about ransomware and what you can do to increase your defenses:

   •     Educate your users and yourself
   •     Take a multi-layered approach to protection
   •     WannaCry? You will if you don’t back up

Rumor has it that the ransom is going up

Ransomware is a vicious form of malware that locks users out of their devices or blocks access to files, until a ransom is paid. There are numerous variants, with some ransomware designed to attack Windows devices, and others geared towards Macs or mobile devices. The WannaCry outbreak is a recent example of this form of malware that’s infecting Windows computers.

Evolution of ransomware

While ransomware has been around since the late 1980s, it went “pro” in September 2013 when CryptoLocker was released. It was the first cryptographic malware, and spread quickly via downloads from a compromised website and/or emails made to look like customer complaints. It was estimated that more than $27 million was paid in ransom.

That may seem like a hefty amount to pay out, but there’s only been an exponential increase in ransom payments, with CNN reporting that cybercriminals collected more than $209 million in the first quarter of 2016!

Over the course of time, encrypted browser software such as TOR, anonymous currencies like bitcoin, and increasingly intelligent cybercriminals have evolved ransomware to where it is the #1 security concern of organizations.

Protecting your business

Cybercriminals do not particularly care who their victims are, as long as they can pay a ransom. With a scatter gun approach to propagating ransomware, cybercriminals just want to cast the net as wide as possible so as to maximize the returns.

Here is how you can protect your business:

Educate your users

Most people can’t tell a phishing email from a safe email. Teach your employees to recognize a phishing email. Train them to only open emails from people they know and that pertain to topics they would be expected to talk to them about, and avoid navigating to URLs sent in emails.

“Humans need to be trained; they are the weakest link,” says Paul Kubler, a cybersecurity and digital forensics examiner at LIFARS LLC. “Companies should employ at minimum a bi-annual training geared towards each user group so that everyone is aware of the latest attacks.”

Use a layered defense and update your software regularly

Ransomware attacks involve many different elements. They can start off as a spam email with a link to a malicious website that exploits vulnerabilities in your system to download the virus. A layered approach to cybersecurity, such as email security as well as network protection, can defend you at each of these points. Each layer creates an extra obstacle for the malware, making it more difficult for the attack to be successful.

Keep your operating system, third-party applications, and antivirus programs updated at all times. These are layers of defense for your data, and while they are not bulletproof, they can go a long way in protecting you.

Back up your data often

Business devices often contain sensitive information, as well as operation-critical information such as customer data and business plans. Losing this data to a ransomware attack could severely cripple your business processes. Ensure regular backups are made of all important data, and that these backups are also routinely tested to make sure they work.

According to Steven J.J. Weisman, author of Scamicide, “The best defense against ransomware is to back up all of your data each day. In fact, my rule is to have three backup copies using two different formats with one off site.”

Ransomware isn’t going anywhere, and it is up to each business to protect itself from being the next victim of this type of cybercrime. Mozy by Dell can help. You can avoid a ransomware disaster!

Read about how these two businesses protect their data from ransomware:
   •     Technology consultant battles ransomware with Mozy backup
   •     IT provider chooses Mozy. ‘Nuff said!

Lose my data? LOL. Not a chance!

Data is everywhere. And for many users, their data is everything. Documents, photos, videos, and other files cover years of life lived, experiences shared, and work completed. But recent research shows that the cost of lost or stolen data is on the rise. For businesses, the average cost per record rose $158 last year. For personal users, meanwhile, it’s easy to make the case that real “data loss” only happens to large companies and enterprises. After all, you’re careful with your data—always super cautious about saving information and even duplicating on to a USB stick or external hard drive. There’s no chance you could ever lose your data, right?

Right?

Data dangers

Let’s suppose you’re really careful. Like really careful with your data; you never shut down your laptop or desktop without making sure that files are properly saved, stored in the right directory, and time-stamped within the last few minutes. Plus, you’re regularly backing up everything to a USB stick or hard drive. What’s the worst that could happen? For starters:

Lost or stolen: You get distracted at the coffee shop and someone runs off with your laptop, or it gets lost in the shuffle when you move to a new apartment. Sure, you’ve got that memory stick, but when was the last time you backed it up?

Hard drive failure: Hard drives aren’t perfect, and a recent study found that some have failure rates pushing 10 percent. If your hard drive stops spinning, your data goes kaput.

Ransomware: Maybe you opened that email attachment marked “URGENT” or visited a shady website. And maybe your PC is infected with ransomware, locking you out of your files. Every. Single. File.

It’s funny, right?

And those are just the “ordinary” ways to lose all your data. We’ve all had days where Murphy’s Law seems out to get us. What about:

Pool party: Don’t laugh. It happens. You’re on vacation, bring the laptop for work or play and after a day of too much sun and fun someone bumps your device and…splash!

Scary spills: You’re up late or starting early, barely hanging on. Your cup of coffee somehow misses the mark or your kids burst in and…hisssssss. Computers and caffeine don’t mix.

E-rage: We’ve all thought about it: Tossing that laptop off a balcony or breaking it in two when it won’t cooperate. If you’re tired enough, stressed enough, or had the worst day, your device may not make it through the night.

Of course, none of these scenarios could happen to you. Right? But just to be on the safe side, it’s worth considering another line of defense: Cloud-based storage from Mozy that automatically replicates your data and can restore lost or stolen files if laptops go missing or physical drives bite the dust. Plus, it’s one less thing for you to worry about. Use your device, live your life, and let Mozy take care of the rest.

2017 Ransomware Update

Ransomware, a specific form of malicious software that encrypts files on your computer until a ransom is paid, like other online scams ebbs and flows in fads. In 2017 the ransomware landscape has seen the return of some old tricks as well as the evolution of an old threat. Here’s a look at the current state of ransomware and what you can do to prevent it.

Open-source software

Most people know open-source software for helpful alternatives to Microsoft Office or a music player that reads a plethora of file types unlike iTunes. However, open-source ransomware has become a much more prominent issue in recent months. While most demand a monetary ransom be paid, the open-source nature of the code has given rise to stranger demands. For example, one iteration demands that you achieve a certain level on an online video game before your files are restored. Another recent version simply makes the victim watch a video educating the victim about what ransomware is.

Expanded distribution

Ransomware, like the ones mentioned above, is typically distributed through email with an attachment. The sender may be a cunningly disguised email address that looks like a friend, family, or colleagues address. Often the software is attached and disguised as a document. However, in April 2017, distribution changed shape. Companies in Europe received emails with an included hyperlink that took users to a Dropbox link with a file disguised as an invoice.

Locky returns and Cerber evolved

Locky was discovered in 2016 embedded in a Microsoft Word document. After its discovery users caught on quickly and the threat seemed to be mitigated by most moderately aware users. However, in May 2017, Locky got a makeover and was found embedded in a PDF that has a link that leads to a .docm. Once the .docm file is opened it sends an invisible connection to another server from which it downloads the ransomware.

In the same month Locky was reborn, Cerber evolved. Like its previous versions, however, it is disseminated via spam emails with an attachment. So what has changed? Once the file is open, Cerber 6 is able to download and run another virus that utilizes Windows Firewall’s technology and blocks any attempt at detection while the ransomware is downloaded. As firewalls have been equipped with machine learning, hackers have created new ways of circumnavigating cybersecurity.

Prevention and solutions

No matter the new form of ransomware, there is always one hurdle it must leap before your computer and files are infected, and that’s tricking you into clicking a malicious link or downloading a malicious file. Educate family, friends, and colleagues what scam email addresses look like. Usually, users whose computers became infected with ransomware did not invest any time or effort to verify the origin of suspicious emails or attachments. Furthermore, victims of ransomware also open macros or click on suspicious links. Refrain from opening files or links within unverified emails. If you’re a victim of ransomware, there are decryption tools that can decrypt some strands of ransomware or prevent screen locks altogether. However, prevention should be paramount.

Mozy by Dell knows how to beat ransomware

Data stored in the Mozy cloud is protected from ransomware. Learn why programs, including viruses, cannot execute or run in the Mozy cloud and cannot infect files stored there: Ransomware: Frequently Asked Questions.

You can prevent a ransomware disaster. Check out our white paper.