By Bradley Coulter / Cyber Security / 0 Comments

What will life after passwords look like? For many companies, the goal is for the authentication of customer and employee identities to be nearly invisible, taking only a second as a shopper logs into the website, or running in the background as office staff do their work. To achieve that, and be able to accurately verify that employees and customers are who they say they are, companies are embracing …
The Wall Street Journal

By Bradley Coulter / Cyber Security / 0 Comments

WannaCry Ransomware hits 99 Countries exploiting leaked NSA Tool

It has been an unanticipated day for millions of users across the globe as a massive ransomware targeted 99 countries, small and large companies including healthcare hospitals and telecom companies.

A relatively unusual kind of ransomware cyber-attack has taken the world by storm, causing calamities in National Health Service hospitals and businesses around the UK, and advancing to telecommunications in Spain, where it shambled the largest telecom company Telefonica, along with Telenor in Hungary.

What is WannaCry Ransomware?

It's a dangerous ransomware which encrypts each and every file and folder on your computer and makes them inaccessible to you. To decrypt the files and folders, WannaCry Hackers are demanding $300 worth of Bitcoins.

It's a ransomware which completely encrypts your data. To decrypt the data encrypted, WannaCry Hackers are demanding $300 value of Bitcoin.

Wanna Cryptor, WanaCrypt0r 2.0, WannaCry or Wcry has infected thousands of computers worldwide, causing millions of dollars of damage. Kaspersky Lab said more than 90 countries had been affected so far and there seems to be no stop to the ransomware.

The enormous malware that engulfed Europe, Asia and other parts of the world appears to be spreading at a faster rate than anticipated by security experts. Cyber security experts have long warned regarding a ransomware attack, and it appears that their worst fears have now taken full effect.

“The spread is immense,” says Adam Kujawa, the director of malware intelligence at Malwarebytes, which discovered the original version of WannaCry. “I’ve never seen anything before like this. This is nuts.”

Ransomware cyber-attacks dominated the cyber threat landscape in 2016, costing businesses more than $1 Billion worldwide. The ones most affected by this crime are small and medium sized businesses who pay the highest price as they don’t possess the means to obscure themselves against such a massive ransomware cyber-attack.

Should I be concerned if I am a victim?

There’s nothing you can do once you’re infected by the ransomware as it encrypts any and all files on your computer completely unless you meet the demands upon which the hackers will decrypt the data once they receive funds from you. But, if you have a backup of the files you should be able to restore them after cleaning the computer.

Related Read: How to Protect Yourself from Wanna Cry Ransomware?

What should you do if you're a business:

Businesses suffer a lot due to a ransomware attack. Your data such as financial reports, cash flows, user base, client details amongst numerous others gets lost. That very data can be sold to your competitors so they get an upper edge over you.

What should you do if you're an individual:

If you're an individual and your data in the folders has been encrypted, there's a high chance that your information such as pictures, videos, documents, financial statements, bank details, social account passwords amongst others are completely lost.

That very information can be used to blackmail you or be sold to the highest bidder. One should always be careful of the intricate details they save on their devices as you never know when they might get used against you.

Should I give money to Wana Decrypt0r 2.0 to decrypt my file?

Undeniably, the most simple, fast and reliable method to recover any files that have been encrypted by the Wana decrypt0r 2.0 ransomware is to restore them from any possible backup taken before the ransomware took place.

To answer the question whether you should pay, let’s be clear first: WannaCry hackers are criminals that you’re coming to face with, so there’s no guarantee as to what might fall through when you do make any payment. It just might be equal to simply throwing your hard-earned money away. Or it might work out in your favor where you do recover your files.

Only you can decide whether or not to pay criminals the ransom. We recommend, Don’t Do It. Making any payments to WannaCry ransomware only reassures their criminal enterprise’ agenda, and puts millions of people and businesses at risk of finding their files encrypted by the ransomware as WannaCry certainly won’t be catering to each payment received.

As an alternative, pick up from the harsh experience. Most importantly, start off by backing up your data so that this never has to happen to you ever again!

How Does WanaCrypt0r 2.0 work?

What’s sad is that the ransomware did not spread due to people clicking on bad links. Nonetheless, the only way to prevent this attack was to have your system updated with the latest update.

With the help of EternalBlue exploit, the malware installed the NSA backdoor payload called DoublePulsar, and through it went WannaCry, dispersing swiftly and automatically to other computers on the same network – hundreds at one single time.

The infectious WanaCrypt0r 2.0 malware is notable for multi-lingual ransom demands which support more than two-dozen languages. That begs the question, how does one protect themselves against this ransomware?

What actually went down?

Here’s what happened: Attackers installed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren’t updated after March 14th, 2017 with the MS17-010 patch were affected; this patch resolved an exploit known as EternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by Shadow Brokers.

Is NSA tied into this attack?

The incredibly dangerous new kind of self-replicating ransomware is known to be a National Security Agency exploit that was publicly released last month by the shadowy group calling themselves Shadow Brokers.

Analysis of the WannaCry Ransomware attack

Currently, at least 50,000 attacks of the WannaCry ransomware have taken in 90+ countries around the world, especially in Russia, Spain, and the UK.

WannaCry Ransomware

The following is the message that appears when your files have been encrypted by Wana Decrypt0r 2.0.

WannaCry Ransomware

In terms of targeted files, the ransomware encrypts files with the following extensions:

.der, .pfx, .key, .crt, .csr, .p12, .pem, .odt, .ott, .sxw, .stw, .uot, .3ds, .max, .3dm, .ods, .ots, .sxc, .stc, .dif, .slk, .wb2, .odp, .otp, .sxd, .std, .uop, .odg, .otg, .sxm, .mml, .lay, .lay6, .asc, .sqlite3, .sqlitedb, .sql, .accdb, .mdb, .dbf, .odb, .frm, .myd, .myi, .ibd, .mdf, .ldf, .sln, .suo, .cpp, .pas, .asm, .cmd, .bat, .ps1, .vbs, .dip, .dch, .sch, .brd, .jsp, .php, .asp, .java, .jar, .class, .mp3, .wav, .swf, .fla, .wmv, .mpg, .vob, .mpeg, .asf, .avi, .mov, .mp4, .3gp, .mkv, .3g2, .flv, .wma, .mid, .m3u, .m4u, .djvu, .svg, .psd, .nef, .tiff, .tif, .cgm, .raw, .gif, .png, .bmp, .jpg, .jpeg, .vcd, .iso, .backup, .zip, .rar, .tgz, .tar, .bak, .tbk, .bz2, .PAQ, .ARC, .aes, .gpg, .vmx, .vmdk, .vdi, .sldm, .sldx, .sti, .sxi, .602, .hwp, .snt, .onetoc2, .dwg, .pdf, .wk1, .wks, .123, .rtf, .csv, .txt, .vsdx, .vsd, .edb, .eml, .msg, .ost, .pst, .potm, .potx, .ppam, .ppsx, .ppsm, .pps, .pot, .pptm, .pptx, .ppt, .xltm, .xltx, .xlc, .xlm, .xlt, .xlw, .xlsb, .xlsm, .xlsx, .xls, .dotx, .dotm, .dot, .docm, .docb, .docx, .doc

The file extensions that the malware is targeting contain certain clusters of formats including:

  1. Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
  2. Less common and nation-specific office formats (.sxw, .odt, .hwp).
  3. Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
  4. Emails and email databases (.eml, .msg, .ost, .pst, .edb).
  5. Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
  6. Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
  7. Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
  8. Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
  9. Virtual machine files (.vmx, .vmdk, .vdi).

How long will WannaCry attack last?

Typically, ransomware often has a short life. However, in the case of WannaCry ransomware, nothing can be certain as it keeps on spreading unless you update your system. Moreover, as anti-viruses and VPN understand new versions of the malware, they can prevent infections from initiating and dispersing to various parts of the world.

Scams
By Bradley Coulter / Cyber Security / 0 Comments
the twelve scams of christmas

Cyber criminals are always looking for new ways to scam or infect new users. When most of us are busy finishing off our last minute Christmas shopping and planning how to get from one dinner to the next, malware developers and scammers are taking advantage of our distracted minds. The holiday season offers many ways to package classic scam techniques with pretty bows so appealing that we can’t help but open that email, click that deal or purchase discounted vouchers for the relatives who seem to already have everything.

Don’t worry. UR Gadget Doctors has your back. Here are the 12 scams to look out for this Christmas:

scam1Romance brings vulnerable hearts to scammers

Feeling isolated this Christmas? For many people Christmas is not about family and love, but a lonely night without company. Scammers count on this. Online romance scams happen all year round but are particularly popular around Christmas when lonely hearts are at their most vulnerable.  Amy* saw the holidays ahead and after two lonely years since the death of her husband, signed up for an online dating service. Her contact with Duane was intense and constant, exchanging calls and texts all day every day until he was due to arrive at her home. His money was tied up, he said, and needed to borrow some money to release some parts he needed to finish the project he was working on in Malaysia. Amy sent him $8,000. He was due to fly home, having even sent her a copy of his itinerary but he was held up at customs, he told her, and would need to borrow some money to bribe the guards. She sent a further $10,000.  Long term relationships are cultivated online by scammers who, once they have gained the trust and love of a victim, will begin to slowly ask for money in smaller amounts until, such as in Amy’s case, sums can run up to $100,000 or more before scammers disappear.  Actual figures are hard to find but the 1,165 members on romancescams.org who were willing to disclose the amount of money they had lost reported a total combined loss of $14.1 million – more than $12,000 apiece, on average.

scam2Dodgy travel deals steal credit card information

Planning a vacation this holiday season? There is no getting around the fact that Christmas travel is expensive. If you find a deal that seems too good to be true, chances are it is. Be mindful of travel deals that pop-up through advertising. NEVER purchase travel from an email leading you to a third party site. Beware of fake travel websites that imply relationships with major airlines that do not actually exist. Stop and think before entering credit card details. Use Google Earth and Street View to check on the location of hotels to ensure they actually exist and TripAdvisor to check reviews of airlines, travel websites and hotels before booking. 

scam3Gift cards offer fake cashback rewards

Looking for freebies online? Who doesn’t love a bargain! But, beware of emails offering free Christmas gift cards. scam-detector.com reports:

“Scammers send mass-emails, request recipients to participate in a survey, and promise a gift card in return. The crooks pose as retail chains or fast food restaurants and use the real logos to make it seem legitimate. The latest names used are Walgreens, Walmart, Sam’s, Kohl’s, Costco, McDonald’s and Amazon.”

Once you have completed the survey you will see a list of what you have won. All you need to do is enter your credit card details to pay the $1 processing fee and your prizes are yours. Instead, your credit card is emptied while you wait.

Image: scam-detector.com

Image: scam-detector.com

Also on Facebook, fake pages pretending to be affiliated with major brands ask you to like their page and complete surveys to receive cash or free gift cards. As soon as they have your details, your inbox will be flooded with marketing materials, junk and who knows what else.

scam4Gooligan spreads through new Androids

Kids getting a new phone for Christmas? As new phones are unwrapped around the world, app downloads skyrocket offering ideal conditions for malware injection through third-party app sites. Gooligan reached epidemic levels recently, downloading malware to increase advertising revenue for hackers. Always download apps through Google Play or the Apple App Store as they have built-in measures for weeding out malware. 

scam5Fake shopping sites inject malware

Looking for cheap gift ideas online? Malware injecting sites disguised as discounted designer wear and fragrance sales regularly snag shoppers and as the Christmas gift-buying frenzy forces us to rush, it is easy to become complacent online. Beware of any sites that lead you to third party sites for purchases. Do not buy from ad pop-ups.  

scam6Charity phishing scams ask for donations

Want to give something back this year? Every year, reputable charities make calls for their annual Christmas appeals. But beware of calls from fake charities or people pretending to be from legitimate charities. Much like the tech support scam going around, a person calls your phone pretending to be from Red Cross or Save the Children and asks for donations for their Annual Christmas Appeal. If you are unsure if this is a legitimate call, simply hang up and call the Red Cross directly, make your contribution in person or on your chosen charity’s website. 

scam7Bogus delivery failed emails contain malicious links

Expecting a package? Fake emails saying that your package was unable to be delivered will direct you to fake links that once open inject malware. These emails may pretend to be from FedEx, UPS or any other legitimate courier service, or, may list no business. This is one of the most common ways of spreading malware currently. If you are expecting a parcel, contact the sender directly with questions. Do not open these emails. 

scam8Fake eCards spread malware

Spreading a little Christmas cheer this year? What easier way to spread the holiday spirit than with a funny eCard by email to all of your contacts? eCards are a cheap and entertaining way to stay in touch, but be careful if you receive one. Fake eCards ask you to open a link to see your eCard on a separate page and can lead you to malware-injecting sites. If an eCard is legitimate it will say the name and email address of the sender. Use caution before opening. 

scam9Fake bank emails ask for sensitive information

Did you receive an email from your bank offering you Christmas rewards with a link to follow? Please note: Your bank will never email you asking you for your internet banking password, credit card details or lead you to another site to login to internet banking.

I repeat.

Your bank will never email you asking you for your internet banking password, credit card details or lead you to another site to login to internet banking. If you have received an email such as this, contact your bank immediately who will alert their fraud team and check your cards for unusual activity.

scam10Fake friends spread malware on social media

Are you receiving unexpected messages on Facebook? Beware of any new friend requests from people you don’t know or who may have duplicated other friend’s profiles. Beyond spreading malware, these friends phish for private information to exploit further. If in doubt, block and report the profile to Facebook.

scam11Christmas lotteries offer scam winnings

Who doesn’t want a little extra cash to play with at this time of year? But, beware of the lottery scam. It always starts the same way. An email alerts you that you have won an impossible amount of money, all you have to do to claim your prize is pay the small processing fee. It is always tempting but never worth it. Once you have handed your scammer your credit card details the only limit for them is the spending limit on your card.

scam12Christmas screensavers bundle malware

We all love a bit of Christmas cheer on our desktops, but holiday search terms are loaded with additional downloads such as PUPs (Potentially Unwanted Programs) that continually flood your computer with pop-ups and more malicious types of malware such as ransomware which takes all personal data hostage until a user agrees to pay.

Here’s how to stay safe online this Christmas

As is the case all year round, the key to staying safe online is using common sense and reading things thoroughly. Here are UR Gadget Doctors top tips:

  • Always read who an email is from before opening it. If you don’t recognize the sender, delete it.
  • If you wish to make charitable donations for Christmas, visit the charity’s website directly
  • Don’t follow any external links from emails if you are unsure of the contents
  • Shop on reputable websites, don’t click on pop-ups with sales that seem too good to be true
  • Be mindful of downloads, unusual friend requests and fake bank emails

Keep in mind that all of these types of scams occur every day of the year, not just at Christmas. It’s just that, like all things at this time of the year, they simply come with better wrapping.

Have a Merry (malware-free) Christmas!