Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
CryptoWall Makes a Comeback via Malicious Help Files
Newest First  |  Oldest First  |  Threaded View
XIANLEE78
50%
50%
XIANLEE78,
User Rank: Apprentice
6/4/2015 | 12:57:35 PM
Re: Network Drives
I know it can traverse mapped drives, but can it hit the "favorites" from explorer as well? If not we could GPO favorites instead of mapped drives. Thoughts?
anon4559049434
50%
50%
anon4559049434,
User Rank: Author
3/10/2015 | 9:18:51 AM
Re: Network Drives
Hi Ryan,

Network attached storage can also fall victim to ransomware. As long as the user has read/write access to these locations, the crypto-ransomware can iterate through the files on the mounted drives, look for relevant target files, encrypt and overwrite them. From a technical perspective, this approach is no different than writing and deleting files on or from network shares. It's worth mentioning that crypto-ransomware does not use worm-like exploit techiques to jump from one host to another, it just makes use of the functionalities and permissions that are available to the user.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/9/2015 | 10:49:39 PM
Outdated and too insecure?
Like Flash, I'm beginning to wonder if it's time to put JavaScript out to pasture for being so ridiculously unsecure.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/9/2015 | 3:26:56 PM
Network Drives
Backups are always smart when it comes to data safety. I normally recommend network drives and frequent backups, however the frequent backups may increase in difficulty the larger the data store is.

My question towards cryptowall and other ransomware is can it encrypt network drives? IE can it traverse the connection from the client to the hardware behind the network drive and encrypt those files? If so, how is this accomplished?


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3318
PUBLISHED: 2021-01-27
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVE-2020-5427
PUBLISHED: 2021-01-27
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
CVE-2020-5428
PUBLISHED: 2021-01-27
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
CVE-2021-20357
PUBLISHED: 2021-01-27
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
CVE-2020-4865
PUBLISHED: 2021-01-27
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.