Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
2015 Ransomware Wrap-Up
Threaded  |  Newest First  |  Oldest First
RyanSepe
RyanSepe,
User Rank: Ninja
12/23/2015 | 1:15:06 PM
Ransomware
With Ransomware being so modular it is difficult to prevent because as soon as a bit is changed the signature is rendered useless.

A great way to try and stay ahead of ransomware is user awareness on social engineering and having a process in place to detect potential ransomware threats.
alphaa10
alphaa10,
User Rank: Strategist
12/24/2015 | 12:29:48 PM
Re: Ransomware
Since profitability is the focus of the new wave of ransomware, expect more rapid development and extremely adaptive anti-security measures. The driving objective now is not mere plunder, but the fullest possible extortion routine.

As the writer notes, under threat of data loss, victims can become accomplices in passing along their contagion through social networking. This means the threat vector now includes friends and associates who in some fashion cooperate with the extortioners.

Users, themselves, must understand ransomware of the common type sometimes can be evaded even after the extortion threat message appears-- provided the Windows system is shut down immediately without clicking on the message, while the payload is still confined to system memory.

The key to successful evasion is to pay more careful attention than ever to screen messages which seem genuine, but for some reason-- unfamiliar text, poor grammar, misspellings, etc.-- not quite right. Some message panels are convincing enough to bring a quick click, even if, only a second later, a user realizes that was a mistake.

Almost inevitably, however, user support technicians will not find only a pre-infection situation. Users typically do not know they are in trouble and call for help until they already have clicked on the message.

 

-------------------------------------------------------------------------


* PS to Dark Reading editorial staff-- please make it easier for readers to save articles in a single file. Some publications provide this capability under "Print Article" or "Save Article" options, to save the article as a single page. This enhancement will actually draw readers to your publication, whereas an article seen as merely more clickbait and a tedious, system-resource robbing slideshow will be ignored.
Dr.T
Dr.T,
User Rank: Ninja
12/30/2015 | 10:00:46 AM
Re: Ransomware
"The key to successful evasion is to pay more careful attention than ever to screen messages which seem genuine, but for some reason"

Agree. It is just hard to pay attention everything that comes to your face. Sometimes you realize it when it is too late.
RyanSepe
RyanSepe,
User Rank: Ninja
12/30/2015 | 10:29:06 AM
Re: Ransomware
Yes when there is a lot of feeds to analyze it is difficult to wittle through the genuine events and the noise. That's why it is imperative to hone your security products so the feeds received have a minimal amount of noise.
Dr.T
Dr.T,
User Rank: Ninja
12/30/2015 | 9:56:09 AM
Re: Ransomware
"A great way to try and stay ahead of ransomware is user awareness"

Agree. User awareness is key to many of our problems. It starts from there and goes up to finding and holding bad guys responsible. :--))
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
12/28/2015 | 12:43:36 PM
Game theory
It's interesting because -- at its most basic level -- game theory indicates that you never pay ransom on this sort of thing because you remain -- and have proven yourself -- susceptible in the future.  On the other hand, the fact that ransomware operators are approaching their extortion schemes similarly -- insofar as they have a business to run -- suggest that the one-time payment may not be so bad, because at the end of the day they're in this to make money, and they don't want word-of-mouth or anything else spreading indicating that if you pay the ransom bad things will continue to happen necessarily.
RyanSepe
RyanSepe,
User Rank: Ninja
12/29/2015 | 9:47:47 AM
Re: Game theory
@Joe, its quite the predicament. I think the decision needs to be made based off the value of the data in question. You do not want to make a habit of paying the ransom but sometimes the detriment of not paying may be too great.
Dr.T
Dr.T,
User Rank: Ninja
12/30/2015 | 10:06:25 AM
Re: Game theory
"...value of the data in question."

I agree with you there. There is a real issue in being publicized negatively, maybe ransom is the way to go for certain situations. :--))
Dr.T
Dr.T,
User Rank: Ninja
12/30/2015 | 10:03:55 AM
Re: Game theory
"suggest that the one-time payment may not be so bad"

That is true. I think they think paying ransom is easier way out than fighting with it, the reality is if they paid once they would most likely pay again.
Dr.T
Dr.T,
User Rank: Ninja
12/30/2015 | 9:50:31 AM
30%?
 

I am surprised  the number: 30% of organizations paid ransom. That is quite profitable. Why are we not hearing those situation, they must be hiding something. :--))
Dr.T
Dr.T,
User Rank: Ninja
12/30/2015 | 9:52:54 AM
Encryption?
If they could not recover it because of encryption then we do have a sophisticated level of encryption algorithms that could not be broken yet, that is a actually good news at the same time. :--)))


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-33085
PUBLISHED: 2022-06-30
ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.
CVE-2022-33087
PUBLISHED: 2022-06-30
A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2022-31115
PUBLISHED: 2022-06-30
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML...
CVE-2022-33082
PUBLISHED: 2022-06-30
An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2013-5683
PUBLISHED: 2022-06-30
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.