Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
2015 Ransomware Wrap-Up
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/30/2015 | 10:29:06 AM
Re: Ransomware
Yes when there is a lot of feeds to analyze it is difficult to wittle through the genuine events and the noise. That's why it is imperative to hone your security products so the feeds received have a minimal amount of noise.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:06:25 AM
Re: Game theory
"...value of the data in question."

I agree with you there. There is a real issue in being publicized negatively, maybe ransom is the way to go for certain situations. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:03:55 AM
Re: Game theory
"suggest that the one-time payment may not be so bad"

That is true. I think they think paying ransom is easier way out than fighting with it, the reality is if they paid once they would most likely pay again.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:00:46 AM
Re: Ransomware
"The key to successful evasion is to pay more careful attention than ever to screen messages which seem genuine, but for some reason"

Agree. It is just hard to pay attention everything that comes to your face. Sometimes you realize it when it is too late.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:56:09 AM
Re: Ransomware
"A great way to try and stay ahead of ransomware is user awareness"

Agree. User awareness is key to many of our problems. It starts from there and goes up to finding and holding bad guys responsible. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:52:54 AM
Encryption?
If they could not recover it because of encryption then we do have a sophisticated level of encryption algorithms that could not be broken yet, that is a actually good news at the same time. :--)))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:50:31 AM
30%?
 

I am surprised  the number: 30% of organizations paid ransom. That is quite profitable. Why are we not hearing those situation, they must be hiding something. :--))
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/29/2015 | 9:47:47 AM
Re: Game theory
@Joe, its quite the predicament. I think the decision needs to be made based off the value of the data in question. You do not want to make a habit of paying the ransom but sometimes the detriment of not paying may be too great.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/28/2015 | 12:43:36 PM
Game theory
It's interesting because -- at its most basic level -- game theory indicates that you never pay ransom on this sort of thing because you remain -- and have proven yourself -- susceptible in the future.  On the other hand, the fact that ransomware operators are approaching their extortion schemes similarly -- insofar as they have a business to run -- suggest that the one-time payment may not be so bad, because at the end of the day they're in this to make money, and they don't want word-of-mouth or anything else spreading indicating that if you pay the ransom bad things will continue to happen necessarily.
alphaa10
50%
50%
alphaa10,
User Rank: Strategist
12/24/2015 | 12:29:48 PM
Re: Ransomware
Since profitability is the focus of the new wave of ransomware, expect more rapid development and extremely adaptive anti-security measures. The driving objective now is not mere plunder, but the fullest possible extortion routine.

As the writer notes, under threat of data loss, victims can become accomplices in passing along their contagion through social networking. This means the threat vector now includes friends and associates who in some fashion cooperate with the extortioners.

Users, themselves, must understand ransomware of the common type sometimes can be evaded even after the extortion threat message appears-- provided the Windows system is shut down immediately without clicking on the message, while the payload is still confined to system memory.

The key to successful evasion is to pay more careful attention than ever to screen messages which seem genuine, but for some reason-- unfamiliar text, poor grammar, misspellings, etc.-- not quite right. Some message panels are convincing enough to bring a quick click, even if, only a second later, a user realizes that was a mistake.

Almost inevitably, however, user support technicians will not find only a pre-infection situation. Users typically do not know they are in trouble and call for help until they already have clicked on the message.

 

-------------------------------------------------------------------------


* PS to Dark Reading editorial staff-- please make it easier for readers to save articles in a single file. Some publications provide this capability under "Print Article" or "Save Article" options, to save the article as a single page. This enhancement will actually draw readers to your publication, whereas an article seen as merely more clickbait and a tedious, system-resource robbing slideshow will be ignored.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.