Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Clever CryptoWall Spreading Via New Attacks
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/2/2015 | 7:45:13 AM
Re: BACKUP!
Haha, thats a funny and interesting "parable". I am definitly going to be using that soon.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
6/30/2015 | 11:44:14 PM
PDs
It's been really disheartening to see police departments/law enforcement agencies in particular give in to ransomware demands.

I'm not sure which is the more depressing aspect of this -- that the organizations that are supposed to protect us are powerless against these attackers, or that they failed to back up their data.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
6/30/2015 | 11:41:56 PM
Re: BACKUP!
Reminds me of a story...

Jesus and Satan get into an argument over who the better programmer is.  They decide to settle it with a 24-hour contest (with God as the judge).

They take their seats before their respective terminals, the contest begins, and they get to work -- furiously typing non-stop.

Finally, a couple of minutes before the contest is about to draw to a close, there is a power outage!  The computers go out, and all the lights go out.

The power comes back on almost immediately, and the contest ends.

God approaches Satan, asking him to show his work.

Satan complains, "The power outage took everything!  I lost it all!"

God then turns to Jesus.  Jesus types in a command at the prompt, presses Enter, and the screen bursts forth with a vivid, colorful display while the speakers pump out Handel's "Messiah."

Satan is agape as God declares Jesus the winner.

"But...how???!!!" says Satan in disbelief.  "I lost my entire program.  How did he do it?"

God looks over at the fallen angel and replies, "Jesus saves."
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/30/2015 | 12:54:21 PM
BACKUP!
Can't state this enough. Always back up your important files to a remote location. I've seen this happen first hand and you can easily render ransomware ineffective if they do not have leverage over you. IE) The data they encrypted doesn't matter to you because you have a backup elsewhere.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3830
PUBLISHED: 2021-09-26
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...