Category Archives: ransomware

April 16th 2018 updates

Updates to Anti-Social Media 

Updates to Meltdown/Spectre – Related Resources

Bleeping Computer: Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

Updates to: Ransomware Resources  and Specific Ransomware Families and Types

Researchers at Princeton: Machine Learning DDoS Detection for Consumer Internet of Things Devices. “…In this paper, we demonstrate that using IoT-specific network behaviors (e.g. limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic with a variety of machine learning algorithms, including neural networks.” Commentary from Help Net: Real-time detection of consumer IoT devices participating in DDoS attacks

Updates to Specific Ransomware Families and Types

Pierluigi Paganini: Microsoft engineer charged with money laundering linked to Reveton ransomware

Updates to Mac Virus

Mozilla: Latest Firefox for iOS Now Available with Tracking Protection by Default plus iPad Features. Commentary from Sophos: Tracking protection in Firefox for iOS now on by default – why this matters

The Register: Android apps prove a goldmine for dodgy password practices “And password crackers are getting a lot smarter…An analysis of free Android apps has shown that developers are leaving their crypto keys embedded in applications, in some cases because the software developer kits install them by default.” Summarizes research described by Will Dormann, CERT/CC software vulnerability analyst, at BSides.

David Harley

Advertisements

Ransomware: PUBG, RensenWare, Quant, Wannacry

Updates to Specific Ransomware Families and Types

Resource updates: April 5th-7th 2018

Updates to Anti-Social Media 

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

Only distantly related, but…

Updates to Specific Ransomware Families and Types

[3rd April 2018] Peter Kálnai and Anton Cherepanov for ESET: Lazarus KillDisks Central American casino – “The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.”

Updates to Mac Virus

 

David Harley

Updates: Facebook, AggregateIQ, and some ransomware resources

Updates to Anti-Social Media 

[4th/5th April 2018]

Updates to: Ransomware Resources

[4th/5th April 2018]

David Harley

Resource updates March 29th 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

  • Security|DMA|Hacking: Total Meltdown? (Analysis of the Windows 7 Meltdown patch fiasco)

David Harley

Resource updates 28th March 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Meltdown/Spectre – Related Resources

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Mac Virus

iOS

Android

Updates to Chain Mail Check

Resources updates, 26 March 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Cryptocurrency/Crypto-mining News and Resources

David Harley

Resources updates, 23rd March 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

  • Catalin Cimpanu for Bleeping Computer: City of Atlanta IT Systems Hit by SamSam Ransomware
  • An older article (January) but well worth reading: SamSam – The Evolution Continues Netting Over $325,000 in 4 Weeks
  • ESET on the Atlanta ransomware attack City of Atlanta computers held hostage in ransomware attack
  • My response (not used) to a request for comment: “Lately, quite a few comparatively new security issues have tended to overshadow ransomware in the media: cryptojacking, vulnerabilities relating to hardware and firmware, even privacy issues relating to social media (and especially Facebook). Yet this incident is a salutary reminder that ransomware has not gone away just because it isn’t talked about so much, and there are some examples for which there is still no decryptor available except by the ‘goodwill’ of the criminals. As long as some of the bad guys are making money out of it, the attacks will continue. It should, therefore, still be a priority for organizations and individuals to ensure that their data and systems are safely backed up and that ransomware can’t reach the backups as well as the original files.”
  • Thomas Claburn for The Register: City of Atlanta’s IT gear thoroughly pwned by ransomware – “nasty Data gone with the wind as attacker goes full Sherman”

In other news… Richard Chirgwin, for the Register: ‘R2D2’ stops disk-wipe malware before it executes evil commands – ‘Reactive Redundancy for Data Destruction Protection’ stops the likes of Shamoon and Stonedrill before they hit ‘erase’. Summarizes research from Purdue university.

Updates to Meltdown/Spectre – Related Resources (Microsoft/Windows section)

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Mac Virus

  • V3: Apple to fix iOS11 bug that enables Siri to read hidden notifications – “Bug means Siri can be asked to read aloud all your hidden notifications” (Yes, it’s more on that Siri silliness.)

Updates to Chain Mail Check

Decryption for Polsk, Vortex, Flotera

Catalin Cimpanu for Bleeping Computer: Author of Polski, Vortex, and Flotera Ransomware Families Arrested in Poland.

“Authorities were able to recover data from the suspect’s laptop and remote servers, including encryption keys. Polish police are now encouraging victims of the Polski, Vortex, and Flotera ransomware families to file official complaints with local authorities so they can receive a decryption key for their files.”

Added to the Specific Ransomware Families and Types page.

David Harley

March 5th 2018 resources update

Update to Ransomware Recovery and Prevention

Update to Cryptocurrency/Crypto-mining News and Resources

Update to Specific Ransomware Families and Types

Update to Meltdown/Spectre – Related Resources

David Harley