Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
2015 Ransomware Wrap-Up
Threaded  |  Newest First  |  Oldest First
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/23/2015 | 1:15:06 PM
Ransomware
With Ransomware being so modular it is difficult to prevent because as soon as a bit is changed the signature is rendered useless.

A great way to try and stay ahead of ransomware is user awareness on social engineering and having a process in place to detect potential ransomware threats.
alphaa10
50%
50%
alphaa10,
User Rank: Strategist
12/24/2015 | 12:29:48 PM
Re: Ransomware
Since profitability is the focus of the new wave of ransomware, expect more rapid development and extremely adaptive anti-security measures. The driving objective now is not mere plunder, but the fullest possible extortion routine.

As the writer notes, under threat of data loss, victims can become accomplices in passing along their contagion through social networking. This means the threat vector now includes friends and associates who in some fashion cooperate with the extortioners.

Users, themselves, must understand ransomware of the common type sometimes can be evaded even after the extortion threat message appears-- provided the Windows system is shut down immediately without clicking on the message, while the payload is still confined to system memory.

The key to successful evasion is to pay more careful attention than ever to screen messages which seem genuine, but for some reason-- unfamiliar text, poor grammar, misspellings, etc.-- not quite right. Some message panels are convincing enough to bring a quick click, even if, only a second later, a user realizes that was a mistake.

Almost inevitably, however, user support technicians will not find only a pre-infection situation. Users typically do not know they are in trouble and call for help until they already have clicked on the message.

 

-------------------------------------------------------------------------


* PS to Dark Reading editorial staff-- please make it easier for readers to save articles in a single file. Some publications provide this capability under "Print Article" or "Save Article" options, to save the article as a single page. This enhancement will actually draw readers to your publication, whereas an article seen as merely more clickbait and a tedious, system-resource robbing slideshow will be ignored.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:00:46 AM
Re: Ransomware
"The key to successful evasion is to pay more careful attention than ever to screen messages which seem genuine, but for some reason"

Agree. It is just hard to pay attention everything that comes to your face. Sometimes you realize it when it is too late.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/30/2015 | 10:29:06 AM
Re: Ransomware
Yes when there is a lot of feeds to analyze it is difficult to wittle through the genuine events and the noise. That's why it is imperative to hone your security products so the feeds received have a minimal amount of noise.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:56:09 AM
Re: Ransomware
"A great way to try and stay ahead of ransomware is user awareness"

Agree. User awareness is key to many of our problems. It starts from there and goes up to finding and holding bad guys responsible. :--))
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/28/2015 | 12:43:36 PM
Game theory
It's interesting because -- at its most basic level -- game theory indicates that you never pay ransom on this sort of thing because you remain -- and have proven yourself -- susceptible in the future.  On the other hand, the fact that ransomware operators are approaching their extortion schemes similarly -- insofar as they have a business to run -- suggest that the one-time payment may not be so bad, because at the end of the day they're in this to make money, and they don't want word-of-mouth or anything else spreading indicating that if you pay the ransom bad things will continue to happen necessarily.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/29/2015 | 9:47:47 AM
Re: Game theory
@Joe, its quite the predicament. I think the decision needs to be made based off the value of the data in question. You do not want to make a habit of paying the ransom but sometimes the detriment of not paying may be too great.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:06:25 AM
Re: Game theory
"...value of the data in question."

I agree with you there. There is a real issue in being publicized negatively, maybe ransom is the way to go for certain situations. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:03:55 AM
Re: Game theory
"suggest that the one-time payment may not be so bad"

That is true. I think they think paying ransom is easier way out than fighting with it, the reality is if they paid once they would most likely pay again.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:50:31 AM
30%?
 

I am surprised  the number: 30% of organizations paid ransom. That is quite profitable. Why are we not hearing those situation, they must be hiding something. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:52:54 AM
Encryption?
If they could not recover it because of encryption then we do have a sophisticated level of encryption algorithms that could not be broken yet, that is a actually good news at the same time. :--)))


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23654
PUBLISHED: 2021-11-26
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via C...
CVE-2021-43785
PUBLISHED: 2021-11-26
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious...
CVE-2021-43776
PUBLISHED: 2021-11-26
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other se...
CVE-2021-41243
PUBLISHED: 2021-11-26
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be add...
CVE-2021-41279
PUBLISHED: 2021-11-26
BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management...