What is Ransomware?

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.

Ransomware has been around for more than a decade, but cybercriminals have resurrected the scam over the last couple of years and have been immensely successful. Once the victim’s files are infected they are asked to pay a ransom-in the virtual bitcoin currency if the victims want their files unlocked.

Cryptowall Ransomware one of a family of malware programs that encrypts files and demands a ransom from victims, has undergone a revamp that is frustrating security researchers. CryptoWall uses strong public-key cryptography to scramble files with certain extensions. Aside from paying the ransom, the only other way to counter it is by restoring files from a backup, although CryptoWall hunts around and tries to encrypt those files as well. Please see Cryptowall Ransomware Variant has new defenses.

One of the new variants in the crypto ransomware family is the CTB-Locker which encrypts the victims hard drive and the victim has to pay a large sum in order to get the decryption key. The most famous strain of this is the CryptoLocker, which FBI and other authorities took down GameOver Zeus infrastructure which was used to distribute the Cryptolocker which significantly reduced the malware’s effectiveness.

Peace was only for a short time until the ransomware came in form of the Curve-Tor-Bitcoin (CTB) Locker. Traditionally CTB has been distributed through the Angler Exploit Kit. Now the new wave of CTB is being distributed from malicious spam messages.

The common infection vector of CTB is via an email containing a fake invoice, compressed in a “.zip” or “.cab” file. Once the archive is decompressed displays a decoy RTF document, and after 5 minutes drops the CTB-locker payload and then performs the encryption routine. Users infected are asked to pay two or three bitcoins and those who do not risk losing their files.

In early December 2014, there were several reports about yet another type of ransomware, VirRansom (see Protect Against Virulent Ransomware). Not only does it make data unavailable and lock your computer until you have paid the crooks the ransom they demand, but the key feature of the virus is in addition to taking your computer hostage it has a mechanism by which it spreads to others. Not only will it take your system hostage but also other systems which you communicate with by spreading the virus.

How can you prevent becoming a victim of Ransomware attacks?

1. Get educated about phishing. Never, ever open a file or link in an email or on a social website unless you’re sure it was deliberately sent by the person themselves. It may seem interesting as you are reading it but you could end being a victim.
2. Make backups of all your critical data and software on a separate storage device that is not attached to your network or computer except only when backups are made (during which time you should be offline). Once backup is complete disconnect that drive from the network.
3. Use effective and constantly updated anti-malware tools.
4. Keep your operating system updated with the latest patches.
5.  Don’t click on photos or videos without first considering the consequences. If the person who sent it is someone you know, ask them. Better verify than being sorry later.
6. Download email attachments only from trusted sources.
7. If you think you are infected immediately disconnect your system from the network. Run your updated antivirus program. If it is a University owned asset (work computer) run McAfee antivirus and call IT Service Desk.
8. Educate your employees, family members and friends about destructive malware. Please read this security alert by US-CERT on Crypto Ransomware

Do not pay the criminals. If you take the required precautions especially backing up your critical software and data, you can reinstall and have a clean copy of your files.

P.S :For Your Information- FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker (Please see Decyptolocker).

Data Privacy Month (DPM) is an annual effort to empower people to protect their privacy and control their digital footprint, as well as escalate the protection of privacy and data as everyone’s priority.

Data Privacy Month is currently being celebrated in 2015 starting January 28th and running through February 28th.

Several research studies have been conducted on digital rights and privacy. According to studies conducted by Pew Research Center, 91 percent of Americans believe they’ve lost control over how their personal information is collected and used by companies; 64 percent think the government needs to do more to regulate the way advertisers use personal information.

University employees need to ensure they maintain trust with students regarding handling of student data, whether it is the Registrar’s office, IT department, Admissions, Student Activities, or even the various student groups like the Outdoors Club or athletic teams.

As stated in the blog Hey Students are Consumers Too, no one wants student data leaked through the internet or to suffer the cost of a significant data breach. One University of Maryland cyber-attack in February 2014 compromised sensitive information of 300,000 staff, faculty, and students. The cyber-attacker targeted a university website meant for uploading photos and instead uploaded a Trojan horse containing malware that found the passwords for some IT managers. Armed with those credentials, the hacker was able to elevate their own privileges and accessed social security numbers and other personal information.

In a recent article in Computer World, “How-three-small-credit-card-transactions-could-reveal-your-identity”, just three small clues (receipts for pizza, coffee, and pair of jeans) are enough to identify a person’s credit card transactions from amongst those of a million people.

We leave our digital footprints everywhere. The more you think about it, the more you can virtually see it piling up: the email we send, the credit transactions we make, Facebook or Twitter, the apps we download from various sources, the websites we surf, and even how we dispose of our sensitive information (shred it or throw it in the garbage). One never knows how this information can and/or will be used or misused.

You can take charge by following some of these tips listed by Stewart Wolpin in the article International Privacy Day Protect Your Digital Footprint:

• “Fracture” your digital identity.Strategically use different email addresses, browsers, credit cards and even devices for different web activities (like personal, work and online shopping) to make it more difficult for entities to assemble one cohesive data set about you.
• Check privacy settings.Browsers, devices and apps often are set to share your personal data out of the box. Find and review default settings to see if you’re comfortable with data that is automatically shared.
• Regularly review your browser’s cookies.You may be shocked by how many cookies have been set on your browser by sites you weren’t even aware you visited.
• Read the fine print.Know the privacy policies of the devices, websites, social sharing services and applications you use. Find out what permissions apply to the content you upload and how it can be used.

Data privacy is something you should care about every day – from what you say, to what you type, and what you share. Since this is the Data Privacy Month, let’s make a start by watching and sharing this year’s recorded Educause webinar, “The Power of Privacy and the Passion to Build Something Better.”

What Happened?

When Sony Pictures employees got into the office on Monday, November 24, they discovered that their corporate network had been hacked. The attackers took terabytes of private data, deleted the original copies from Sony computers, and left messages threatening to release the information if Sony didn’t comply with the attackers’ demands. Someone claiming to be a former Sony employee posted this screenshot, which (allegedly) shows the message that appeared on Sony employees’ computer screens (Source: Hacked By #GOP).

News about the hack on Sony Pictures’ infrastructure continue to unfold, with the group calling itself the Guardians of Peace (GOP), circulating un-released movies, emails (32000 were released in public), password lists and personal information of Sony Pictures staff, actors and higher management. The publication of data has been done using torrents with gigabytes of data being made public by GOP almost every day so far this month. Almost 38 million files to date have been stolen and released on various file sharing websites.

How did it happen?

Considering the large amount of information that was released, it is clear that the group gained access to a large portion of Sony Pictures’ network. The GOP initially hacked into one server that was not so well protected, and escalated the attack to gain access to the rest of the network. Looks like Sony Pictures did not have a defense-in-depth approach to their security. The network was not layered well enough to prevent breaches occurring in one part of their network to affect other parts of the network. In addition, the password “password” is obviously not good enough, however this was used in 3 certificates. These certificates were published by GOP, and they were subsequently used to digitally sign malware. (Source: Lessons we can learn from Sony Pictures Hack)

A combination of weak passwords, lack of server hardening (resulted in access to one server and thereby the entire network), not responding to alerts or not having the controls in place to set off such alerts, inadequate logging and monitoring, and lack of Security Education Training and Awareness (SETA) all contributed to the Sony Breach.

Motivation behind the Attack?

Hackers hack for various reasons. Some for intellectual property theft, some for monetary reasons, and others for defaming and destroying. Hackers were out to defame Sony probably in light of the soon to be released movie “The Interview” which North Korea has condemned as an “act of war”.

What did we learn?

This can happen to any organization big or small. The hacker community is skilled and well-funded. Organizations need to use a multi-layered defense-in-depth approach to protect their territory by adopting strong security practices that weave policies, people, regulations, and technology. Some of these include – educating the employees about security best practices – using strong passwords and changing them per company policy, using technologies like firewall and VPN, performing periodic risk assessments to understand one’s security posture – which controls are effective and which are failing. Performing a penetration test is important to see where you are vulnerable. Continuously monitoring and responding to the alerts will help you be ready to prevent, detect, and respond in a timely manner.

To conclude the cost of repairing after a security incident is 10 to 100 times higher than preventing it in the first place. Deploy the Defense-in-depth approach. Prevention, Detection and Response is the key.

Online sales are expected to be significant  this year. How can you maximize your transaction security? If the offer seems too good to be true, it probably is. Don’t get blindsided by the lure of great discounts – the security of your information is what’s most important. If you aren’t prepared and cautious, you could become the next cyber crime victim, the cost of which could far exceed any savings you might have received from the retailer.

When purchasing online this holiday season—and all year long—keep these tips in mind to help minimize your risk:

1. Secure your mobile device and computer.

Be sure to keep the operating system and application software updated/patched on all of your computers and mobile devices. Be sure to check that your anti-virus/anti-spyware software is running and receiving automatic updates. Confirm that your firewall is enabled.

2. Use strong passwords.

It’s one of the simplest and most important steps to take in securing your devices, computers and accounts. If you need to create an account with the merchant, be sure to use a strong password. Always use more than ten characters, with numbers, special characters, and upper and lower case letters. Use a unique password for every unique site.

3. Do not use public computers or public wireless for your online shopping.

Public computers may contain malicious software that steals your credit card information when you place your order. Additionally, criminals may be intercepting traffic on public wireless networks to steal credit card numbers and other confidential information.

4. Pay by credit card, not debit card.

A safer way to shop on the Internet is to pay with a credit card rather than debit card. Debit cards do not have the same consumer protections as credit cards. Credit cards are protected by the Fair Credit Billing Act and may limit your liability if your information was used improperly. Check your statements regularly.

5. Know your online shopping merchants.

Limit your online shopping to merchants you know and trust. If you have questions about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller’s physical address, where available, and phone number in case you have questions or problems.

6. Look for “https” when making an online purchase.

The “s” in “https” stands for “secure” and indicates that communication with the webpage is encrypted.

7. Do not respond to pop-ups.

When a window pops up promising you cash or gift cards for answering a question or taking a survey, close it by pressing Control + F4 for Windows or Command + W for Macs.

8. Do not click on links or open attachments in emails from financial institutions/vendors.

Be cautious about all emails you receive even those from legitimate organizations, including your favorite retailers. The emails could be spoofed and contain malware. Instead, contact the source directly.

9. Do not auto-save your personal information.

When purchasing online, you may be given the option to save your personal information online for future use. Consider if the convenience is really worth the risk. The convenience of not having to reenter the information is insignificant compared to the significant amount of time you’ll spend trying to repair the loss of your stolen personal information.

10. Use common sense to avoid scams.

Don’t ever give your financial information or personal information via email or text. Information on many current scams can be found on the website of the Internet Crime Complaint Center: http://www.ic3.gov/default.aspx.

11. Review privacy policies.

Review the privacy policy for the website/merchant you are visiting. Know what information the merchant is collecting about you, how it will be stored, how it will be used, and if it will be shared with others.

12. What to do if you encounter problems with an online shopping site?

Contact the seller or the site operator directly to resolve any issues. You may also contact the following:

• Your State Attorney General’s Office – www.naag.org/current-attorneys-general.php

• Your State Consumer Agency – http://www.usa.gov/directory/stateconsumer/index.shtml

• The Better Business Bureau – www.bbb.org

• The Federal Trade Commission – http://www.ftccomplaintassistant.gov