Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
2015 Ransomware Wrap-Up
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/23/2015 | 1:15:06 PM
Ransomware
With Ransomware being so modular it is difficult to prevent because as soon as a bit is changed the signature is rendered useless.

A great way to try and stay ahead of ransomware is user awareness on social engineering and having a process in place to detect potential ransomware threats.
alphaa10
50%
50%
alphaa10,
User Rank: Strategist
12/24/2015 | 12:29:48 PM
Re: Ransomware
Since profitability is the focus of the new wave of ransomware, expect more rapid development and extremely adaptive anti-security measures. The driving objective now is not mere plunder, but the fullest possible extortion routine.

As the writer notes, under threat of data loss, victims can become accomplices in passing along their contagion through social networking. This means the threat vector now includes friends and associates who in some fashion cooperate with the extortioners.

Users, themselves, must understand ransomware of the common type sometimes can be evaded even after the extortion threat message appears-- provided the Windows system is shut down immediately without clicking on the message, while the payload is still confined to system memory.

The key to successful evasion is to pay more careful attention than ever to screen messages which seem genuine, but for some reason-- unfamiliar text, poor grammar, misspellings, etc.-- not quite right. Some message panels are convincing enough to bring a quick click, even if, only a second later, a user realizes that was a mistake.

Almost inevitably, however, user support technicians will not find only a pre-infection situation. Users typically do not know they are in trouble and call for help until they already have clicked on the message.

 

-------------------------------------------------------------------------


* PS to Dark Reading editorial staff-- please make it easier for readers to save articles in a single file. Some publications provide this capability under "Print Article" or "Save Article" options, to save the article as a single page. This enhancement will actually draw readers to your publication, whereas an article seen as merely more clickbait and a tedious, system-resource robbing slideshow will be ignored.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/28/2015 | 12:43:36 PM
Game theory
It's interesting because -- at its most basic level -- game theory indicates that you never pay ransom on this sort of thing because you remain -- and have proven yourself -- susceptible in the future.  On the other hand, the fact that ransomware operators are approaching their extortion schemes similarly -- insofar as they have a business to run -- suggest that the one-time payment may not be so bad, because at the end of the day they're in this to make money, and they don't want word-of-mouth or anything else spreading indicating that if you pay the ransom bad things will continue to happen necessarily.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/29/2015 | 9:47:47 AM
Re: Game theory
@Joe, its quite the predicament. I think the decision needs to be made based off the value of the data in question. You do not want to make a habit of paying the ransom but sometimes the detriment of not paying may be too great.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:50:31 AM
30%?
 

I am surprised  the number: 30% of organizations paid ransom. That is quite profitable. Why are we not hearing those situation, they must be hiding something. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:52:54 AM
Encryption?
If they could not recover it because of encryption then we do have a sophisticated level of encryption algorithms that could not be broken yet, that is a actually good news at the same time. :--)))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:56:09 AM
Re: Ransomware
"A great way to try and stay ahead of ransomware is user awareness"

Agree. User awareness is key to many of our problems. It starts from there and goes up to finding and holding bad guys responsible. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:00:46 AM
Re: Ransomware
"The key to successful evasion is to pay more careful attention than ever to screen messages which seem genuine, but for some reason"

Agree. It is just hard to pay attention everything that comes to your face. Sometimes you realize it when it is too late.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:03:55 AM
Re: Game theory
"suggest that the one-time payment may not be so bad"

That is true. I think they think paying ransom is easier way out than fighting with it, the reality is if they paid once they would most likely pay again.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:06:25 AM
Re: Game theory
"...value of the data in question."

I agree with you there. There is a real issue in being publicized negatively, maybe ransom is the way to go for certain situations. :--))
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20399
PUBLISHED: 2021-07-27
IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073.
CVE-2021-20562
PUBLISHED: 2021-07-27
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...
CVE-2020-18428
PUBLISHED: 2021-07-26
tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).
CVE-2020-18430
PUBLISHED: 2021-07-26
tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).
CVE-2021-37576
PUBLISHED: 2021-07-26
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.