Monthly Archives: May 2017

WannaCrypt: Cyber attack rolls into Asia but global spread slows

London/Washington: The global WannaCrypt “ransomware” cyber attack spread more slowly on Monday with no major infections reported, as attention shifted to investment and government policy implications of lax cyber security.

There were 213,000 infected machines in 112 countries as of 1000 GMT (8pm AEST) on Monday, according to Czech security firm Avast, making it one of the largest coordinated attacks to hit computers across the world.

The countries most affected by WannaCrypt or WannaCry were the same as Friday: Russia, Taiwan, Ukraine and India, Avast’s data showed.

The number of infections has fallen dramatically since Friday’s peak when more than 9,000 computers were being hit per hour. By afternoon on the US East Coast, new infections had fallen to the low hundreds of machines and continue to decline, Avast said.

Earlier on Monday, Chinese traffic police and schools reported they had been targeted as the attack rolled into Asia for the new work week, but no there were no major disruptions.

Authorities in Europe and the United States turned their attention to preventing hackers from spreading new versions of the virus.

Tom Bossert, US President Donald Trump’s homeland security adviser, said people “should be thinking about this as an attack that for right now we have under control, but as an attack that represents an extremely serious threat,” speaking on Good Morning America.

The perpetrators of the attack are still not known. Mr Bossert said that while US officials had not ruled out the possibility that it was a “state action,” he said it appeared to be criminal, given the ransom requests.

Some victims were ignoring official advice and paying the $US300 ($405) ransom demanded by the cyber criminals to unlock their computers, which was due to double to $US600 ($809) on Monday for computers hit by Friday’s first wave.

So far only a few victims of the attack appeared to have paid, based on publicly available bitcoin accounts on the web, where victims have been instructed to pay.

This coming Friday, victims face being locked out of their computers permanently if they fail to pay the $US600 ransom, said Tom Robinson, co-founder of Elliptic, a London-based private security company that investigates ransomware attacks.

As of 1400 GMT, the total value of funds paid into anonymous bitcoin wallets the hackers are using stood at just $US55,169 (around $74, 000), from 209 payments, according to calculations made by Reuters using publicly available data.

Brian Lord, managing director of cyber and technology at cyber security firm PGI, said victims had told him “the customer service provided by the criminals is second-to-none,” with helpful advice on how to pay: “One customer said they actually forgot they were being robbed.”

Companies and governments spent the weekend upgrading software to limit the spread of the virus. Monday was the first big test for Asia, where offices had already mostly been closed for the weekend before the attack first arrived.

Renault-Nissan said output had returned to normal at nearly all its plants. PSA Group, Fiat Chrysler, Volkswagen, Daimler, Toyota and Honda said their plants were unaffected.

Shares in firms that provide cyber security services jumped on the prospect of companies and governments spending more money on defenses, led by Israel’s Cyren Ltd and US firm FireEye Inc..

Cisco Systems rose 2.8 per cent, making it the leading gainer in the Dow Jones Industrial Average, which was up more than 100 points in afternoon trading, as investors focused more on opportunities the attack presented rather than the risk it posed to corporations.

British media were hailing as a hero a 22-year-old computer security whiz who appeared to have helped stop the attack from spreading by discovering a “kill switch” – an internet address which halted the virus when activated.

Individual European countries and the United States saw infections at a rate of only 10 per cent to 20 per cent of the most affected countries, according to the researcher who stumbled on the “kill switch”.

The virus hit computers running older versions of Microsoft Corp software that had not been recently updated. Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks. The company’s shares were down about 1 per cent on Monday, in a slightly higher broad market.

Infected computers appear to be largely out-of-date devices. Some have also been machines involved in manufacturing or hospital functions, difficult to patch without disrupting operations.

The US Senate Intelligence Committee is monitoring the attack and expects to receive a briefing in the coming days from the Trump administration, a panel aide said.

Attack used NSA-devised tool

In a blog post on Sunday, Microsoft President Brad Smith confirmed what researchers had already widely concluded: the attack made use of a hacking tool built by the US National Security Agency that had leaked online in April.

He poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – against sharing those flaws with technology companies to better secure the internet.

Russian President Vladimir Putin, noting the technology’s link to the US spy service, said it should be “discussed immediately on a serious political level.”

“Once they’re let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators,” he said.

In Britain, where the virus first raised global alarm when it caused hospitals to divert ambulances on Friday, it gained traction as a political issue just weeks before a general election. The opposition Labour Party accused the Conservative government of leaving the National Health Service (NHS) vulnerable.

“The government’s response has been chaotic,” the British Labour Party’s health spokesman Jon Ashworth said. “If you’re not going to allow the NHS to invest in upgrading its IT, then you are going to leave hospitals wide open to this sort of attack.”

Britain’s NHS is the world’s fifth-largest employer after the US and Chinese militaries, Wal-Mart Stores and McDonald’s. The government says that under a previous Labour administration the trusts that run local hospitals were given responsibility to manage their own computer systems.

Asked if the government had ignored warnings over the NHS being at risk from cyber attack, Prime Minister Theresa May told Sky News: “No. It was clear (that) warnings were given to hospital trusts.”

British health minister Jeremy Hunt said on Monday it was “encouraging” that a predicted second spike of attacks had not occurred, but the ransomware was a warning to public and private organisations.

Impact in Asia

China appeared over the weekend to have been particularly vulnerable, raising worries about how well the world’s second-largest economy would cope. However, officials and security firms said the spread was starting to slow.

“The growth rate of infected institutions on Monday has slowed significantly compared to the previous two days,” said Chinese Internet security company Qihoo 360.

A patient waits at Dharmais Cancer Hospital in Jakarta as the hospital’s information system is in trouble by cyberattack.. Photo: AP

An official from Cybersecurity Administration China (CAC) told local media on Monday the ransomware had affected industry and government computer systems but the spread was slowing.

Energy giant PetroChina said payment systems at some petrol stations were hit although it had restored most of the systems.

Elsewhere in Asia, Conglomerate Hitachi Ltd said the attack had affected its systems over the weekend, leaving them unable to receive and send emails or open attachments in some cases.

At Indonesia’s biggest cancer hospital, Dharmais Hospital in Jakarta, attacks affected scores of computers. By late morning, some people were still manually filling out forms, but 70 per cent of systems were online.

India’s government said it received only a few reports of attacks and urged those hit not to pay any ransom. No major Indian corporations reported disrupted operations.

Reuters

Henry Sapiecha

Hackers reportedly hold Disney film for ransom

Even as many businesses are worried about hackers taking control of their computers as part of the worldwide WannaCry ransomware crisis, Disney may be facing a slightly different ransom situation of its own.

Hackers have obtained a copy of an upcoming Disney film and are threatening to release more and more snippets of it unless the company pays a “huge sum” of bitcoins, according to the Hollywood Reporter.

Citing remarks that chief executive Bob Iger made to employees Monday, THR reports that the film could be the latest entry in the Pirates of the Caribbean franchise, or perhaps Cars 3. The company is reportedly refusing to pay.

A spokesman for Disney didn’t immediately respond to a request for comment. But the report marks the latest attempt by hackers to wring Hollywood for cash. It comes two weeks after Netflix confirmed that hackers were responsible for leaking new episodes of its hit series, Orange Is the New Black.

It is unclear how much the hackers demanded of Netflix, but the company refused to pay.

The Washington Post

Henry Sapiecha

Twitter abandons ‘Do Not Track’ privacy protection

Is this the end for ‘Do Not Track’, the web-tracking privacy service?

The most shocking internet privacy laws.

Twitter was one of the first companies to support Do Not Track (DNT), the website privacy policy. Now, Twitter is abandoning DNT and its mission to protect people from being tracked as they wander over the web

DNT seemed like a good idea. By setting DNT on in your web browser, websites that supported DNT could neither place nor read advertising cookies on your device. Well, that was the idea anyway.

Any web browser or application that supported DNT added a small snippet of code to its request for a web page: DNT=1. This meant websites and services that observed DNT shouldn’t track you on the internet.

This would protect your online privacy. You might think that meant “Don’t collect and store any information about me without my explicit permission.”

Wrong.

From day one in 2012, that isn’t how it worked. According to Sarah Downey, an attorney and privacy advocate, the Interactive Advertising Bureau and the Digital Advertising Alliance (DAA), which represent most online advertisers, have their own interpretation of Do Not Track: “They have said they will stop serving targeted ads but will still collect and store and monetize data.”

However, Twitter played fair by the spirit of DNT rather than the law. Unfortunately, they were one of the few companies that did. DAA, for example, publicly abandoned DNT in 2013. With the advertisers and privacy advocates unable to agree on basic principles, DNT increasingly offered users no privacy protection worth the name.

Twitter finally had enough of fighting an already lost battle. In a note to its revised privacy policy, the company stated: “Twitter has discontinued support of the Do Not Track browser preference. While we had hoped that our support for Do Not Track would spur industry adoption, an industry-standard approach to Do Not Track did not materialize. We now offer more granular privacy controls.”

Under its new privacy rules, Twitter is extending how long its tracking cookies are active, from 10 days to 30 days as of June 18. You can also switch off Twitter ad personalization. From the same page, you can also disable geolocation and data sharing with third parties.

It’s a pity DNT has come to this. As Jason Kint, CEO of Digital Content Next, pointed out in an email interview: “Do Not Track still remains an elegant and simple consumer signal to not be tracked across the broader web.”

Kint remains hopeful about DNT: “Twitter dropping its support is disappointing as they were a leader here, but the standard is written regardless of what Twitter says and will continue to move forward. In the desire to regain consumer trust and reduce ad blocking, the ad tech world would be wise to embrace Do Not Track rather than ignoring it. Ultimately consumers win. No business has ever succeeded long-term without meeting consumer demands.”

I’m not at all optimistic. DNT has been spinning its wheels for years now with little progress. Online privacy remains an issue that upsets people, but at day’s end, neither companies nor the Trump administration have any real interest in protecting privacy.

Henry Sapiecha

Survey: Aussies concerned about online privacy yet don’t use privacy tools

Despite growing concerns over online privacy, Australians are not using readily available methods to protect themselves online, according to the Australian Information and Privacy Commissioner.

This finding was revealed through the 2017 Australian Community Attitudes to Privacy survey, which found that 69 per cent of Australians felt more concerned about their online privacy than they did five years ago.

It also found 83 per cent of participants believed privacy risks are greater online than offline.

However, despite these concerns, the survey found Australians are not using existing privacy tools to adequately protect themselves online.

Australian Information and Privacy Commissioner Timothy Pilgrim said both individual responsibility and better business practice both played a part in ensuring best privacy protection.

He said although more Australians are aware of the privacy risks, this awareness need to shift into action where already available tools are used to safeguard personal information.

“While 61 per cent of us check website security, our results found that over 65 per cent of Australians do not read privacy policies, and half do not regularly adjust privacy settings on social media, or clear their browsing history,” Pilgrim said.

“These are options that we can all use to better protect our privacy. If you are shopping or socialising online, I encourage you to take the time to protect your privacy first.”

Pilgrim said more can be done by businesses to make privacy easy for customers to manage.

“Those long-winded privacy notices and complex settings need to be replaced by clear language and point-in-time notifications,” he said.

“Some are doing this well, but others need to lift their game, because our survey shows the majority of Australians have decided not to deal with a business due to privacy concerns.”

The survey found Australians believe the biggest risks to privacy are online services including social media (32 per cent), identity fraud and theft (19 per cent), data breaches and security (17 per cent) and risks to financial data (12 per cent).

It also showed participants are uncomfortable with businesses sharing their personal information with other organisations and concerned about companies sending their personal information overseas.

www.scamsfakes.com

www.crimefiles.net

Henry Sapiecha

Famed Hacker Kevin Mitnick Shows You How to become Invisible Online

If you’re like me, one of the first things you do in the morning is check your email. And, if you’re like me, you also wonder who else has read your email. That’s not a paranoid concern. If you use a web-based email service such as Gmail or Outlook 365, the answer is kind of obvious and frightening.

About the author

Kevin Mitnick (@kevinmitnick) is a security consultant, public speaker, and former hacker. The company he founded, Mitnick Security Consulting LLC, has clients that include dozens of the Fortune 500 and world governments. He is the author of Ghost in the Wires, The Art of Intrusion, and The Art of Deception.

Even if you delete an email the moment you read it on your computer or mobile phone, that doesn’t necessarily erase the content. There’s still a copy of it somewhere. Web mail is cloud-based, so in order to be able to access it from any device anywhere, at any time, there have to be redundant copies. If you use Gmail, for example, a copy of every email sent and received through your Gmail account is retained on various servers worldwide at Google. This is also true if you use email systems provided by Yahoo, Apple, AT&T, Comcast, Microsoft, or even your workplace. Any emails you send can also be inspected, at any time, by the hosting company. Allegedly this is to filter out malware, but the reality is that third parties can and do access our emails for other, more sinister and self-serving, reasons.

While most of us may tolerate having our emails scanned for malware, and perhaps some of us tolerate scanning for advertising purposes, the idea of third parties reading our correspondence and acting on specific contents found within specific emails is downright disturbing.

The least you can do is make it much harder for them to do so.

Start With Encryption

Most web-based email services use encryption when the email is in transit. However, when some services transmit mail between Mail Transfer Agents (MTAs), they may not be using encryption, thus your message is in the open. To become invisible you will need to encrypt your messages.

Most email encryption uses what’s called asymmetrical encryption. That means I generate two keys: a private key that stays on my device, which I never share, and a public key that I post freely on the internet. The two keys are different yet mathematically related.

For example: Bob wants to send Alice a secure email. He finds Alice’s public key on the internet or obtains it directly from Alice, and when sending a message to her encrypts the message with her key. This message will stay encrypted until Alice—and only Alice—uses a passphrase to unlock her private key and unlock the encrypted message.

So how would encrypting the contents of your email work?

The most popular method of email encryption is PGP, which stands for “Pretty Good Privacy.” It is not free. It is a product of the Symantec Corporation. But its creator, Phil Zimmermann, also authored an open-source version, OpenPGP, which is free. And a third option, GPG (GNU Privacy Guard), created by Werner Koch, is also free. The good news is that all three are interoperational. That means that no matter which version of PGP you use, the basic functions are the same.

When Edward Snowden first decided to disclose the sensitive data he’d copied from the NSA, he needed the assistance of like-minded people scattered around the world. Privacy advocate and filmmaker Laura Poitras had recently finished a documentary about the lives of whistle-blowers. Snowden wanted to establish an encrypted exchange with Poitras, except only a few people knew her public key.

Snowden reached out to Micah Lee of the Electronic Frontier Foundation. Lee’s public key was available online and, according to the account published on the Intercept, he had Poitras’s public key. Lee checked to see if Poitras would permit him to share it. She would.

Given the importance of the secrets they were about to share, Snowden and Poitras could not use their regular e‑mail addresses. Why not? Their personal email accounts contained unique associations—such as specific interests, lists of contacts—that could identify each of them. Instead Snowden and Poitras decided to create new email addresses.

How would they know each other’s new email addresses? In other words, if both parties were totally anonymous, how would they know who was who and whom they could trust? How could Snowden, for example, rule out the possibility that the NSA or someone else wasn’t posing as Poitras’s new email account? Public keys are long, so you can’t just pick up a secure phone and read out the characters to the other person. You need a secure email exchange.

By enlisting Lee once again, both Snowden and Poitras could anchor their trust in someone when setting up their new and anonymous email accounts. Poitras first shared her new public key with Lee. Lee did not use the actual key but instead a 40-character abbreviation (or a fingerprint) of Poitras’s public key. This he posted to a public site—Twitter.

Sometimes in order to become invisible you have to use the visible.

Now Snowden could anonymously view Lee’s tweet and compare the shortened key to the message he received. If the two didn’t match, Snowden would know not to trust the email. The message might have been compromised. Or he might be talking instead to the NSA. In this case, the two matched.

Snowden finally sent Poitras an encrypted e‑mail identifying himself only as “Citizenfour.” This signature became the title of her Academy Award–winning documentary about his privacy rights campaign.

That might seem like the end—now they could communicate securely via encrypted e‑mail—but it wasn’t. It was just the beginning.

Picking an Encryption Service

Both the strength of the mathematical operation and the length of the encryption key determine how easy it is for someone without a key to crack your code.

Encryption algorithms in use today are public. You want that. Public algorithms have been vetted for weakness—meaning people have been purposely trying to break them. Whenever one of the public algorithms becomes weak or is cracked, it is retired, and newer, stronger algorithms are used instead.

The keys are (more or less) under your control, and so, as you might guess, their management is very important. If you generate an encryption key, you—and no one else—will have the key stored on your device. If you let a company perform the encryption, say, in the cloud, then that company might also keep the key after he or she shares it with you and may also be compelled by court order to share the key with law enforcement or a government agency, with or without a warrant.

When you encrypt a message—an e‑mail, text, or phone call—use end‑to‑end encryption. That means your message stays unreadable until it reaches its intended recipient. With end‑to‑end encryption, only you and your recipient have the keys to decode the message. Not the telecommunications carrier, website owner, or app developer—the parties that law enforcement or government will ask to turn over information about you. Do a Google search for “end‑to‑end encryption voice call.” If the app or service doesn’t use end-to-end encryption, then choose another.

If all this sounds complicated, that’s because it is. But there are PGP plug-ins for the Chrome and Firefox Internet browsers that make encryption easier. One is Mailvelope, which neatly handles the public and private encryption keys of PGP. Simply type in a passphrase, which will be used to generate the public and private keys. Then whenever you write a web-based email, select a recipient, and if the recipient has a public key available, you will then have the option to send that person an encrypted message.

Beyond Encryption: Metadata

Even if you encrypt your e‑mail messages with PGP, a small but information-rich part of your message is still readable by just about anyone. In defending itself from the Snowden revelations, the US government stated repeatedly that it doesn’t capture the actual contents of our emails, which in this case would be unreadable with PGP encryption. Instead, the government said it collects only the email’s metadata.

What is email metadata? It is the information in the To and From fields as well as the IP addresses of the various servers that handle the email from origin to recipient. It also includes the subject line, which can sometimes be very revealing as to the encrypted contents of the message. Metadata, a legacy from the early days of the internet, is still included on every email sent and received, but modern email readers hide this information from display.

That might sound okay, since the third parties are not actually reading the content, and you probably don’t care about the mechanics of how those emails traveled—the various server addresses and the time stamps—but you’d be surprised by how much can be learned from the email path and the frequency of emails alone.

According to Snowden, our email, text, and phone metadata is being collected by the NSA and other agencies. But the government can’t collect metadata from everyone—or can it? Technically, no. However, there’s been a sharp rise in “legal” collection since 2001.

You’d be surprised by how much can be learned from the email path and the frequency of emails alone.

To become truly invisible in the digital world you will need to do more than encrypt your messages. You will need to:

Remove your true IP address: This is your point of connection to the Internet, your fingerprint. It can show where you are (down to your physical address) and what provider you use.
Obscure your hardware and software: When you connect to a website online, a snapshot of the hardware and software you’re using may be collected by the site.
Defend your anonymity: Attribution online is hard. Proving that you were at the keyboard when an event occurred is difficult. However, if you walk in front of a camera before going online at Starbucks, or if you just bought a latte at Starbucks with your credit card, these actions can be linked to your online presence a few moments later.

To start, your IP address reveals where you are in the world, what provider you use, and the identity of the person paying for the internet service (which may or may not be you). All these pieces of information are included within the email metadata and can later be used to identify you uniquely. Any communication, whether it’s email or not, can be used to identify you based on the Internal Protocol (IP) address that’s assigned to the router you are using while you are at home, work, or a friend’s place.

IP addresses in emails can of course be forged. Someone might use a proxy address—not his or her real IP address but someone else’s—that an email appears to originate from another location. A proxy is like a foreign-language translator—you speak to the translator, and the translator speaks to the foreign-language speaker—only the message remains exactly the same. The point here is that someone might use a proxy from China or even Germany to evade detection on an email that really comes from North Korea.

Instead of hosting your own proxy, you can use a service known as an anonymous remailer, which will mask your email’s IP address for you. An anonymous remailer simply changes the email address of the sender before sending the message to its intended recipient. The recipient can respond via the remailer. That’s the simplest version.

One way to mask your IP address is to use the onion router (Tor), which is what Snowden and Poitras did. Tor is designed to be used by people living in harsh regimes as a way to avoid censorship of popular media and services and to prevent anyone from tracking what search terms they use. Tor remains free and can be used by anyone, anywhere—even you.

How does Tor work? It upends the usual model for accessing a website. When you use Tor, the direct line between you and your target website is obscured by additional nodes, and every ten seconds the chain of nodes connecting you to whatever site you are looking at changes without disruption to you. The various nodes that connect you to a site are like layers within an onion. In other words, if someone were to backtrack from the destination website and try to find you, they’d be unable to because the path would be constantly changing. Unless your entry point and your exit point become associated somehow, your connection is considered anonymous.

To use Tor you will need the modified Firefox browser from the Tor site (torproject.org). Always look for legitimate Tor browsers for your operating system from the Tor project website. Do not use a third-party site. For Android operating systems, Orbot is a legitimate free Tor app from Google Play that both encrypts your traffic and obscures your IP address. On iOS devices (iPad, iPhone), install the Onion Browser, a legitimate app from the iTunes app store.

In addition to allowing you to surf the searchable Internet, Tor gives you access to a world of sites that are not ordinarily searchable—what’s called the Dark Web. These are sites that don’t resolve to common names such as Google.com and instead end with the .onion extension. Some of these hidden sites offer, sell, or provide items and services that may be illegal. Some of them are legitimate sites maintained by people in oppressed parts of the world.

It should be noted, however, that there are several weaknesses with Tor: You have no control over the exit nodes, which may be under the control of government or law enforcement; you can still be profiled and possibly identified; and Tor is very slow.

That being said, if you still decide to use Tor you should not run it in the same physical device that you use for browsing. In other words, have a laptop for browsing the web and a separate device for Tor (for instance, a Raspberry Pi minicomputer running Tor software). The idea here is that if somebody is able to compromise your laptop they still won’t be able to peel off your Tor transport layer as it is running on a separate physical box.

Create a new (invisible) account

Legacy email accounts might be connected in various ways to other parts of your life—friends, hobbies, work. To communicate in secrecy, you will need to create new email accounts using Tor so that the IP address setting up the account is not associated with your real identity in any way.

Creating anonymous email addresses is challenging but possible.

Since you will leave a trail if you pay for private email services, you’re actually better off using a free web service. A minor hassle: Gmail, Microsoft, Yahoo, and others require you to supply a phone number to verify your identify. Obviously you can’t use your real cellphone number, since it may be connected to your real name and real address. You might be able to set up a Skype phone number if it supports voice authentication instead of SMS authentication; however, you will still need an existing email account and a prepaid gift card to set it up.

Some people think of burner phones as devices used only by terrorists, pimps, and drug dealers, but there are plenty of perfectly legitimate uses for them. Burner phones mostly provide voice, text, and e‑mail service, and that’s about all some people need.

However, purchasing a burner phone anonymously will be tricky. Sure, I could walk into Walmart and pay cash for a burner phone and one hundred minutes of airtime. Who would know? Well, lots of people would.

First, how did I get to Walmart? Did I take an Uber car? Did I take a taxi? These records can all be subpoenaed. I could drive my own car, but law enforcement uses automatic license plate recognition technology (ALPR) in large public parking lots to look for missing and stolen vehicles as well as people on whom there are outstanding warrants. The ALPR records can be subpoenaed.

Even if I walked to Walmart, once I entered the store my face would be visible on several security cameras within the store itself, and that video can be subpoenaed.

Creating anonymous email addresses is challenging but possible.

Okay, so let’s say I send a stranger to the store—maybe a homeless person I hired on the spot. That person walks in and buys the phone and several data refill cards with cash. Maybe you arrange to meet this person later away from the store. This would help physically distance yourself from the actual transaction.

Activation of the prepaid phone requires either calling the mobile operator’s customer service department or activating it on the provider’s website. To avoid being recorded for “quality assurance,” it’s safer to activate over the web. Using Tor over an open wireless network after you’ve changed your MAC address should be the minimum safeguards. You should make up all the subscriber information you enter on the website. For your address, just Google the address of a major hotel and use that. Make up a birth date and PIN that you’ll remember in case you need to contact customer service in the future.

After using Tor to randomize your IP address, and after creating a Gmail account that has nothing to do with your real phone number, Google sends your phone a verification code or a voice call. Now you have a Gmail account that is virtually untraceable. We can produce reasonably secure emails whose IP address—thanks to Tor—is anonymous (although you don’t have control over the exit nodes) and whose contents, thanks to PGP, can’t be read except by the intended recipient.

To keep this account anonymous you can only access the account from within Tor so that your IP address will never be associated with it. Further, you should never perform any internet searches while logged into that anonymous Gmail account; you might inadvertently search for something that is related to your true identity. Even searching for weather information could reveal your location.

As you can see, becoming invisible and keeping yourself invisible require tremendous discipline and perpetual diligence. But it is worth it. The most important takeaways are: First, be aware of all the ways that someone can identify you even if you undertake some but not all of the precautions I’ve described. And if you do undertake all these precautions, know that you need to perform due diligence every time you use your anonymous accounts. No exceptions.

Excerpted from The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data, Copyright © 2017 by Kevin D. Mitnick with Robert Vamosi. Used with permission of Little, Brown and Company, New York. All rights reserved.

 www.scamsfakes.com

www.crimefiles.net

www.freephonelink.net

www.policesearch.net

www.ispysite.com

Henry Sapiecha

The WannaCry Ransomware connected to Suspected North Korean Hackers

As the WannaCry ransomware epidemic wreaked havoc across the globe over the past three days, cybersecurity researchers and victims alike have asked themselves what cybercriminal group would paralyze so many critical systems for such relatively small profit? Some researchers are now starting to point to the first, still-tenuous hint of a familiar suspect: North Korea.

On Monday, Google researcher Neel Mehta issued a cryptic tweet containing only a set of characters. They referred to two portions of code in a pair of malware samples, along with the hashtag #WannaCryptAttribution. Researchers immediately followed Mehta’s signposts to an important clue: An early version of WannaCry—one that first surfaced in February—shared some code with a backdoor program known as Contopee. The latter has been used by a group known as Lazarus, a hacker cabal increasingly believed to operate under the North Korean government’s control.

“There’s no doubt this function is shared across these two programs,” says Matt Suiche, a Dubai-based security researcher and the founder of the security firm Comae Technologies. “WannaCry and this [program] attributed to Lazarus are sharing code that’s unique. This group might be behind WannaCry also.”

According to Suiche, that chunk of commands represents an encoding algorithm. But the code’s function isn’t nearly as interesting as its Lazarus provenance. The group rose to notoriety following a series of high-profile attacks, including the devastating hack of Sony Pictures in late 2014, that were identified by US intelligence agencies as a North Korean government operation. More recently, researchers believe that Lazarus compromised the SWIFT banking system, netting tens of millions of dollars from Bangladeshi and Vietnamese banks. Security firm Symantec first identified Contopee as one of the tools used in those intrusions.

Researchers at the security firm Kaspersky last month presented new evidence tying those attacks together, pointing to North Korea as the culprit. On Monday, Kaspersky followed up on Mehta’s tweet with a blog post analyzing the similarities in the two code samples. But while they noted the shared code in the Lazarus malware and the early version of the WannaCry, they stopped short of definitively stating that the ransomware stemmed from state-sponsored North Korean actors.

“For now, more research is required into older versions of Wannacry,” the company wrote. “We believe this might hold the key to solve some of the mysteries around this attack.”

In its blog post, Kaspersky acknowledged that the repetition of the code could be a “false flag” meant to mislead investigators and pin the attack on North Korea. After all, the WannaCry authors cribbed techniques from the NSA as well. The ransomware leverages an NSA exploit known as EternalBlue that a hacker group known as Shadow Brokers made public last month.

Kaspersky called that false flag scenario “possible” but “improbable.” After all, the hackers didn’t copy the NSA code verbatim but, rather, lifted it from the public hacking tool Metasploit. The Lazarus code, by contrast, looks far more like a reuse of unique code by a single group out of convenience. “This case is different,” Kaspersky researcher Costin Raiu wrote to WIRED. “It shows that an early version of WannaCry was built with custom/proprietary source code used in a family of Lazarus backdoors and nowhere else.”

Any link to North Korea is far from confirmed. But WannaCry would fit the Hermit Kingdom’s evolving playbook of hacker operations. Over the past decade, the country’s digital attacks have shifted from mere DDoS attacks on South Korean targets to far more sophisticated breaches, including the Sony hack. More recently, Kaspersky and other firms have argued that the impoverished country recently expanded its techniques to outright cybercriminal theft, like the SWIFT attacks.

If the author of WannaCry isn’t Lazarus, it would show a remarkable degree of deception for a cybercriminal group that has in other respects shown itself to be rather inept at making money; WannaCry included inexplicable an “kill switch” in its code that limited its spread, and even implemented ransomware functions that fail to properly identify who’s paid a ransom.

“Attribution can be faked,” concedes Comae’s Suiche. “But that would be pretty smart. To write ransomware, target everyone in the world, and then make a fake attribution to North Korea—that would be a lot of trouble.”

For now, plenty of unanswered questions remain. Even if researchers somehow prove that the North Korean government cooked up WannaCry, its motive for indiscriminately handicapping so many institutions around the world would remain a mystery. And it’s tough to square the malware’s shoddy configuration and botched profiteering with the more sophisticated intrusions Lazarus has pulled off in the past.

But Suiche sees the Contopee link as a strong clue about WannaCry’s origins. The Dubai-based researcher has closely followed the WannaCry malware epidemic since Friday, and over the weekend he identified a new “kill switch” in an adapted version of the code, a web domain the WannaCry ransomware checks to determine whether it will encrypt a victim’s machine. Just before Mehta’s finding, he identified a new URL—this time, one that begins with the characters “ayylmao.”

That LMAO string, in Suiche’s view, is no coincidence. “This one looks like an actual provocation to the law-enforcement and security community,” Suiche says. “I believe that’s North Korea actually trolling everyone now.”

www.crimefiles.net

www.scamsfakes.com

 

Henry Sapiecha

Global cyber-attack: Security blogger halts ransomware ‘by accident’

 

A UK security researcher has told the BBC how he “accidentally” halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK’s NHS.

The 22-year-old man, known by the pseudonym MalwareTech, had taken a week off work, but decided to investigate the ransomware after hearing about the global cyber-attack.

He managed to bring the spread to a halt when he found what appeared to be a “kill switch” in the rogue software’s code.

“It was actually partly accidental,” he told the BBC, after spending the night investigating. “I have not slept a wink.”

Although his discovery did not repair the damage done by the ransomware, it did stop it spreading to new computers, and he has been hailed an “accidental hero”.

“I would say that’s correct,” he told the BBC.

Cyber-attack scale ‘unprecedented’

NHS ‘robust’ after cyber-attack

“The attention has been slightly overwhelming. The boss gave me another week off to make up for this train-wreck of a vacation.”

What exactly did he discover?

The researcher first noticed that the malware was trying to contact a specific web address every time it infected a new computer.

But the web address it was trying to contact – a long jumble of letters – had not been registered.

MalwareTech decided to register it, and bought it for $10.69 (£8). Owning it would let him see where computers were accessing it from, and give him an idea of how widespread the ransomware was.

By doing so, he unexpectedly triggered part of the ransomware’s code that told it to stop spreading.

Analysis: How did it start?

What is the ransomware?

This type of code is known as a “kill switch”, which some attackers use to halt the spread of their software if things get out of hand.

He tested his discovery and was delighted when he managed to trigger the ransomware on demand.

“Now you probably can’t picture a grown man jumping around with the excitement of having just been ‘ransomwared’, but this was me,” he said in a blog post.

MalwareTech now thinks the code was originally designed to thwart researchers trying to investigate the ransomware, but it backfired by letting them remotely disable it.

Does this mean the ransomware is defeated?

While the registration of the web address appears to have stopped one strain of the ransomware spreading from device-to-device, it does not repair computers that are already infected.

Security experts have also warned that new variants of the malware that ignore the “kill switch” will appear.

“This variant shouldn’t be spreading any further, however there’ll almost certainly be copycats,” said security researcher Troy Hunt in a blog post.

MalwareTech warned: “We have stopped this one, but there will be another one coming and it will not be stoppable by us.

“There’s a lot of money in this, there is no reason for them to stop. It’s not much effort for them to change the code and start over.”

Henry Sapiecha

Massive international cyber attack hits computers across Europe, Asia and Russia

London: A huge cyber attack struck computers across Europe and Asia on Friday, crippling health services and closing emergency rooms in Britain.

The attack involved ransomware, a kind of malware that encrypts data and locks out the user. According to security experts, it exploited a vulnerability that was discovered and developed by the National Security Agency (NSA) in the US.

The hacking tool was leaked by a group calling itself the Shadow Brokers, which has been dumping stolen NSA hacking tools online since the beginning of last year. Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets – particularly hospitals – had yet to update their systems.

The malware was circulated by email; targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate its targets.

Employees of Britain’s National Health Service (NHS) were warned about the ransomware threat early on Friday, but by then it was too late.

As the disruptions rippled through hospitals, doctors’ offices and ambulance services across Britain, the NHS declared the attack a “major incident” and patients were asked to only seek assistance for serious medical emergencies.

Hospitals and telecommunications companies across Europe, Russia and Asia were affected, according to MalwareHunterTeam, a security firm that tracks ransomware attacks.

Spain’s Telefonica and Russia’s MegaFon were among the telecommunications targets.

Attacks were being reported in Britain and 11 other countries, including Turkey, Vietnam, the Philippines, Japan, with the majority of affected computers in Russia. The computers all appeared to be hit with the same ransomware, and similar ransom messages demanding about $US300 to unlock their data.

The attack on the NHS seemed perhaps the most audacious of the attacks, because it had life-or-death implications for hospitals and ambulance services.

Tom Donnelly, a spokesman for NHS Digital, the arm of the health service that handles cybersecurity, said in a phone interview that 16 organisations, including “hospitals and other kinds of clinician services,” had been hit. Officials later updated that number to at least 25.

Hospitals and doctors’ surgeries were forced to turn away patients and cancel appointments as the attack crippled computer systems.

The Spanish government said a large number of companies, including telecommunications giant Telefonica, had been infected. Portugal Telecom was also hit but no services were impacted, a spokeswoman for the company said.

“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from the National Cryptology Centre of “a massive ransomware attack.” It said hackers used a version of a virus known as WannaCry that targets Microsoft Corp’s widely used Windows operating system.

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

Reuters

www.scamsfakes.com

www.crimefiles.net

Henry Sapiecha

Ransomware: An executive expose to one of the biggest monster menaces on the web

Everything you need to know about ransomware: how it started, why it’s booming, how to protect against it, and what to do if your PC’s infected

The AIDS demand for payment – by post.

ll you need to know about ransomware in 60 seconds

What is a ransomware attack?

Ransomware is one of the biggest problems on the web right now. It’s a form of malware which encrypts documents on a PC or even across a network. Victims can often only regain access to their files and PCs by paying a ransom to the criminals behind it. A ransomware infection often starts with someone clicking on what looks like an innocent attachment, and it can be a headache for companies of all sizes.

Cybercriminals didn’t use to be so obvious. If hackers infiltrated your corporate network, they would do everything possible to avoid detection. It was in their best interests not to alert a victim that they’d fallen victim to cybercrime.

But now, if you are attacked with file-encrypting ransomware, criminals will brazenly announce they’re holding your corporate data hostage until you pay a ransom in order to get it back. It might sound too simple, but it’s working: cybercriminals pocketed over $1bn from ransomware attacks during 2016 alone.

What is the history of ransomware?

While ransomware exploded last year, increasing by an estimated 748 percent, it’s not a new phenomenon; the first instance of what we now know as ransomware appeared in 1989.

Known as AIDS or the PC Cyborg Trojan, the virus was sent to victims — mostly in the healthcare industry — on a floppy disc. The ransomware counted the number of times the PC was booted: once it hit 90, it encrypted the machine and demanded the user ‘renew their license’ with ‘PC Cyborg Corporation ‘ by sending $189 or $378 to a post office box in Panama.

How did ransomware evolve?

This early ransomware was a relatively simple construct, using basic cryptography which mostly just changed the names of files, making it relatively easy to overcome.

But it set off a new branch of computer crime, which slowly but surely grew in reach — and really took off in the internet age. Before they began using advanced cryptography to target corporate networks, hackers were targeting general internet users with basic ransomware.

One of the most successful variants was ‘Police ransomware’, which tried to extort victims by claiming to be law enforcement and locking the screen with a message warning the user they’d committed illegal online activity, which could get them sent to jail.

However, if the victim paid a fine, the ‘police’ would let the infringement slide and restore access to the computer. Of course, this wasn’t anything to do with law enforcement — this was criminals exploiting innocent people.

An example of ‘Police ransomware’ threatening a UK user.

Image: Sophos

While somewhat successful, these forms of ransomware often simply overlaid their ‘warning’ message on the user’s display — and rebooting the machine could get rid of the problem.

Criminals learned from this and now the majority of ransomware schemes use advanced cryptography to truly lock down an infected PC.

What are the main types of ransomware?

Ransomware is always evolving, with new variants continually appearing in the wild and posing new threats to businesses. However, there are certain types of ransomware which have been much more successful than others.

Perhaps the most notorious form of ransomware is Locky, which terrorised organisations across the globe throughout 2016. It infamously made headlines by infecting a Hollywood hospital. The hospital gave into the demands of cybercriminals and paid a $17,000 ransom to have its networks restored.

Locky remained successful because those behind it regularly update the code with changes which allow it to avoid detection. They even update it with new functions, including the ability to make ransom demands in 30 languages, helping criminals more easily target victims in around the world. Locky became so successful, it rose to become most prevelant forms of malware in its own right.

Cryptowall is another form of ransomware which has found great success for a prolonged period of time. Starting life as doppleganger of Cryptolocker, it’s gone onto become one of the most successful types of ransomware.

Like Locky, Cryptowall has regularly been updated in order to ensure its continued success and even scrambles file names to make it harder for victims to know which file is which, putting additional pressure on the victim to pay.

While some ransomware developers — like those behind Locky or Cryptowall — closely guard their product, keeping it solely for their own use, others happily distribute ransomware to any wannabe hacker keen to cash in on cyber extortion – and it’s proved to be a very successful method for wide distribution.

One of the most common forms of ransomware distributed in this way is Cerber, which has been known to infect hundreds of thousands of users in just a single month. The original creators of Cerber are selling it on the dark web, allowing other criminals to use the code in return for receiving 40 percent of each ransom paid.

Cerber has become so successful that after it has surpassed Locky – which appeared to mysteriously disappear over Christmas, although remerged in April with new attack techniques – to become the most dominant form of ransomware on the web – accounting for 90 percent of ransomware attacks on Windows as of mid-April 2017.

In exchange for giving up some of the profits for using Cerber, wannabe cyber fraudsters are provided with everything they need in order to successfully make money through extortion of victims.

Indeed, now some criminal groups offer this type of ransomware-as-a-service scheme to potential users at no cost at the point of entry. Instead of charging a fee for the ransomware code, they want a 50 percent cut.

How much will a ransomware attack cost you?

Obviously, the most immediate cost associated with becoming infected with ransomware — if paid — is the ransom demand, which can depend on the type of ransomware or the size of your organisation.

Recent research revealed that a quarter of companies which paid a ransom paid over £5,000 to retrieve their data, while a further quarter paid hackers between £3,000 and £5,000.

The most common ransom paid amongst small and medium-sized businesses was between £500 and £1500, proving that there’s still easy money to be made from targeting organisations of this size.

There are also examples of high-profile targets paying five-figure fees in order to regain access to their networks, especially in cases where criminals threaten to delete data if they’re not paid.

Ultimately, whatever the size of the company, time is money and the longer your network is down, the more it’s going to cost your business.

Even if you regain access to your networks by paying a ransom, there will be additional costs on top of that. In order to avoid future attacks — especially if you’ve been marked as an easy target — be prepared to invest in additional cybersecurity software and to pay for additional staff training.

There’s also the risk of customers losing trust in your business because of poor cybersecurity and taking their custom elsewhere.

Why should businesses worry about ransomware?

To put it simply: ransomware could ruin your business. Being locked out of your own network for even just a day will impact on your revenue. But given that ransomware takes most victims offline for at least a week, or sometimes months, the losses can be significant. Systems go offline for so long not just because ransomware locks the system, but because of all the effort required to clean up and restore the networks.

And it isn’t just the immediate financial hit of ransomware which will damage a business; consumers become wary of giving their custom to organisations they believe to be insecure.

How does ransomware infect your PC?

It’s the modern enterprise’s reliance on the internet which is enabling ransomware to boom. Everyday, every employee receives hundreds of emails and many roles require these employees to download and open attachments, so it’s something which is often done on autopilot. Taking advantage of employees’ willingness to open attachments from unknown senders is allowing cybercriminals to successfully run ransomware campaigns.

Like other forms of malware, botnets send ransomware out en masse, with millions of malicious phishing emails sent every single second. Criminals use a variety of lures to encourage targets to open a ransomware email, ranging from offers of financial bonuses, fake online purchase receipts, job applications from prospective employees, and more.

A spam email claiming the target has purchased a flight – complete with fake invoice containing the ransomware.

Image: Symantec

While some messages give away clues to their malicious nature with poorly-worded messages or strange return addresses, others are specially tailored to look as convincing as possible, and appear no different from any other message the victim might be sent.

Once the malicious attachment has been opened, the user is encouraged to enable macros in order to view and edit the document. It’s when this is enabled that the ransomware code hidden within the macros strikes. It can encrypt files in seconds, leaving the victim with a ransom note demanding a payment ranging from a few hundred dollars to tens of thousands of dollars in order to get them back.

Which organisations are targets for ransomware?

Any business can find itself a victim of ransomware, but perhaps the most high-profile incident occurred when the Hollywood Presbyterian Medical Center in Los Angeles became infected with Locky ransomware. The infection left doctors and nurses unable to access patient files for days, until the hospital opted to give into the ransom demands of hackers in order to restore services.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Allen Stefanek, CEO of the hospital, said at the time.

Locky is one of the most successful forms of ransomware.

Image: F-Secure

Hospitals and other healthcare organisations are popular targets for ransomware attacks, because they are often willing to pay. Losing access to data is a life-or-death matter for them — and hospitals don’t want to be held responsible for letting people die due to poor cybersecurity. However, there are even cybercriminals who think attacking hospitals is too despicable an activity.

But there are plenty of other sectors criminals will happily target, including educational institutions, such as the University of Calgary, which paid a ransom of $20,000 to hackers. Any large business is at threat and there’s even the prospect of ransomware infecting industrial systems.

Why are small businesses targets for ransomware?

Small and medium -ized businesses are a popular target because they tend to have poorer cybersecurity than large organisations. Despite that, many SMEs falsely believe they’re too small to be targeted — but even a ‘smaller’ ransom of a few hundred dollars is still highly profitable for cybercriminals.

Why is ransomware so successful?

You could say there’s one key reason why ransomware has boomed: because it works. Organisations can have the best antivirus software in the world, but all it takes for ransomware to infect the network is for one user to slip up and launch a malicious attachment.

If organisations weren’t giving in to ransom demands, criminals would stop using ransomware. But businesses do need access to data in order to function so many are willing to pay a ransom and get it over and done with.

Meanwhile, for criminals it’s a very easy way to make money. Why spend time and effort developing complex code or generating fake credit cards from stolen bank details if ransomware can result in instant payments of hundreds or even thousands of dollars from large swathes of infected victims at once?

There are even ransomware-as-a-service schemes available on the dark web which allow the most technically inept wannabe cybercriminals to start sending out ransomware — in exchange for a percentage of their ill-gotten gains going directly into the pockets of the creators.

What does Bitcoin have to do with the rise of ransomware?

The rise of crypocurrencies like Bitcoin has made it easy for cybercriminals to secretly receive extorted payments, without the risk of the authorities being able to identify the perpetrators. The secure, untraceable method of making payments makes it the perfect currency for criminals who want their financial activities to remain hidden.

Cybercriminal gangs are becoming more professional — some even offer customer service and help for victims who don’t know how to acquire or send Bitcoin, because what’s the point of making ransom demands if users don’t know how to pay?

Globe3 ransom demand for 3 Bitcoin – including a ‘how to ‘ guide for those who don’t know how to buy it

Image: Emsisoft Lab

How do you prevent a ransomware attack?

With email being by far the most popular attack vector for ransomware, you should provide employees with training on how to spot an incoming attack. Even picking up on little indicators like poor formatting or that an email purporting to be from ‘Microsoft Security’ is sent from a obscure address which doesn’t even contain the word Microsoft within it might save your network from infection.

There’s also something to be said for enabling employees to learn from making mistakes while within a safe environment. For example, one firm has developed an interactive video experience which allows its employees to make decisions on a series of events then find out the consequences of those at the end. This enables them to learn from their mistakes without suffering any of the actual consequences.

On a technical level, stopping employees from being able to enable macros is a big step towards ensuring that they can’t unwittingly run a ransomware file. Microsoft Office 2016 — and now Microsoft 2013 — both carry features which allow macros to be disabled. At the very least, employers should invest in antivirus software and keep it up-to0date, so that it can warn users about potentially malicious files.

How do I get rid of ransomware?

The ‘No More Ransom’ initiative — launched by Europol and the Dutch National Police in collaboration with a number of cybersecurity companies — offers free decryption tools for ransomware variants to help victims retrieve their data without succumbing to the will of cyber extortionists.

The portal offers decryption tools for ransomware varients including Crypt XXX, MarsJoke, Teslacrypt, and Wildfire. It’s updated as often as possible in an effort to ensure tools are available to fight the latest forms of ransomware.

The No More Ransom portal offers free ransomware decryption tools.

Image: Europol

Another way of working around a ransomware infection is to ensure your organisation regularly backs up data offline. It might take some time to transfer the backup files onto a new machine, but if a computer is infected and you have backups, it’s possible just to isolate that unit then get on with your business.

Should I pay a ransomware ransom?

There are those who say victims should just pay the ransom, citing it to be the quickest and easiest way to retrieve dataand many organisations do pay.

But be warned: if word gets out that your organisation is an easy target for cybercriminals because it paid a ransom, you could find yourself in the crosshairs of other cybercriminals who are looking to take advantage of your weak security.

And remember that you’re dealing with criminals here and their very nature means they may not keep their word. There are stories of victims paying ransoms and still not having files returned.

What’s the future of ransomware?

Ransomware is continually evolving, with an increasing number of variants now engaging in additional activities such as stealing data or weakening infected computers in preparation for future attacks.

Researchers even warn that ransomware could soon hold whole operating systems hostage, to such an extent that the only two options available to the user would be to pay, or to lose access to the entire system.

And ransomware isn’t just a problem for Windows PCs; Apple Macs are vulnerable to it too.

Can you get ransomware on your smartphone?

Absolutely. Ransomware attacks against Android devices have increased massively, as cybercriminals realise that many people aren’t aware that smartphones can be attacked.

In fact, any internet-connected device is a potential target for ransomware, which has already been seen locking smart TVs.

Researchers demonstrate ransomware in an in-car infotainment system.

Image: Intel Security

Ransomware and the Internet of things

Internet of things devices already have a poor reputation for security. As more and more of these make their way onto the market, they’re going to provide billions of new attack vectors for cybercriminals, potentially allowing hackers to hold your connected home or connected car hostage.

There’s even the potential that hackers could infect medical devices, putting lives directly at risk.

As ransomware continues to evolve, it’s therefore crucial for your employees to understand the threat it poses, and for organisations to do everything possible to avoid infection, because ransomware can be crippling.

Read more about ransomware

www.scamsfakes.com

www.crimefiles.net

Henry Sapiecha

Ransomware: These four industries are attacked the most frequently.

Ransomware is a threat to all sectors — but these are the ones most under attack, states a new study

A ransomware attack against any business could be potentially devastating, but there are some sectors which are more at risk from file-encrypting attacks than others, as cybercriminals prey on industries which can’t afford to not have access to their networks.

Ransomware has boomed over the last 18 months, growing from an annoyance which targeted home PC users with moderate ransom demands, to a billion-dollar industry, with cybercriminals holding high-profile or deep-pocketed targets to ransom for tens of thousands of dollars.

While some cybercriminals might be attempting to compromise any organisation possible with a generic attack, professional threat actors will create specially tailored attacks in order to make them look as authentic as possible — even by making the message look like it comes from a colleague.

Ransomware is most often delivered via a phishing email, which arguably provides an explanation as to why NTT Security‘s Global Threat Intelligence Report lists business and professional services as the sector most likely to be targeted by ransomware.

Given that opening financial spreadsheets, job applications, and other email attachments is at the very heart of this modern sector, it makes sense that over a quarter of ransomware attacks (28 percent) were directed at business and professional services firms over the course of a year.

Meanwhile, 19 percent of ransomware attacks were targeted at government and government agencies. Healthcare is the next highest-profile target for cybercriminals, accounting for 15 percent of attacks. It was a ransomware attack against an LA hospital which infamously highlighted the problem, taking the network offline for days until the hospital paid a $17,000 Bitcoin ransom.

Ransomware attacks against the retail industry account for a further 15 percent of all incidents. All other industries make up the remaining 23 percent, according to the NTT Security report.

Ransomware has become one of the biggest menaces on the web. This ZDNet guide contains everything you need to know about it: how it started, why it’s booming, how to protect against it, and what to do if your PC suffers an attack.

www.crimefiles.net

www.scamsfakes.com

Henry Sapiecha