Category: Threats

lockyRansomware, what is it? Defined as “malware for data kidnapping,” it is one of the top security issues in the digital and cloud age, wherein the hacker or attacker encrypts data and asks for ransom (usually a Bitcoin payment) for the decryption key.

Today, another ransomware threatens the online community “Locky” that can hit you if you were ‘unlucky.’ It works similarly like the modus conducted by the banking software Dridex.

How Locky works?

A victim will be sent an email with a Microsoft Word attachment disguising as an INVOICE that requires macro.

[By default, Microsoft disables it due to security reasons. So a user normally will see a warning if an attachment contains it.]

Now if you would enable the macro function, it will run and then download Locky to your PC, according to the Palo Alto Networks.

[It is the same modus operandi used by Dridex, a notorious Trojan that steals banking account details.]

There are suspicions that the distributors of Locky are connected to one of the main men of Dridex because both use the same mode of malware distribution.

If you or your organization happens to be the unlucky target, your files will be unrecoverable unless you have a regular backup or if your data has not been touched yet.

Lately, the Hollywood Presbyterian Medical’s computer system was infected by ransomware in which the hackers ask for 9,000 bitcoins (or approximately US$3.6 million).

Reports indicated that the operators behind Locky may have conducted a large attack. Palo Alto Networks revealed that it had detected 400,000 sessions that used the same downloader “Bartallex,” which is the one that deposits the infection onto a computer system. Over half of the targets were recorded in the United States and the rest included Australia and Canada.

Locky utilizes its command-and-control infrastructure for conducting a memory exchange before encrypting the files.

Kevin Beaumont from Medium said that encrypted files have the ‘.locky’ extension. He wrote guidance on how to figure out who among the people in an organization has been infected and recommended that the active directory account of the victim must be locked and its network access must be shut down. Finally, he said that you are more likely to rebuild the victim’s PC from scratch.

Check out the full story here.

I pulled out the attempted hacks to this site over the last few hours. It is sad to see the direction this is taking.

2016-01-17_13-01-25

I just received the message below via email. This is nobody I’ve been into contact with before and I did not download the linked file. Services like Wetransfer is getting popular and now unfortunately the hackers has caught on and is using this as a vehicle to get their trojans and viruses installed so be warned.

The message is a valid Wetransfer email, so the hackers has simply used their service and entered in me as a recipient of their no doubt virus file.

2016-01-14_22-55-42

Computer-MouseTech toys are among kids’ wish lists this holiday season. But parents should be warned that even tech toys are subject to online hacking. In a recent report, millions of children have been victimized by online attack on a tech toy manufacturer, Vtech Holdings Ltd. In relation to this, experts advised users to be careful on depositing personal information online and when you do, make sure you use a secured connection. It is also advised to verify the legitimacy of the company or toy manufacturer. Users are also strongly encouraged to be cautious when disclosing any information when purchasing online.

Source: CBC

Screen-exclamationWith the crowded streets and malls, people opted to shop online this holiday season. However, it also makes them vulnerable to cybercrimes. OCIO shares some safety tips on how to stay secured when shopping online this holiday season. Among these tips, include safeguarding information such as credit card details and other personal info. It is discouraged to use free and public Wi-Fi, as they are not secured network, especially when it comes to online purchasing. Experts advise customers to shop at trusted and few online stores during holidays to track purchasing activities. It is also advised to monitor your account for any suspicious activity.

Source: The Lantern

computer2Black Friday is one of the few celebrated shopping days in the country. The radical increase in online shopping opens opportunity for cyber criminals. To stay safe for Black Friday shopping, follow these steps.

First, keep your devices from the eyes of strangers. Next is to make sure that your computer antivirus is updated for protection. Also, ensure that you use safe and secured connection and avoid using public Wi-Fi connection. Check on the shopping websites and make sure that it is a secured and legitimate site for product shopping. Lastly, check your bank statement and report any suspicious transaction immediately.

Source: Silicon Republic

onlinesecure4Most Americans prefer online shopping this holiday for convenience. But there are tips to consider in order to stay safe when shopping online. Among these tips, include using secured connections and not the free Wi-Fi’s. Also, make sure to you use legitimate websites and official apps. When paying for online purchases, use credit cards and not debit cards. You can also use online payments using your phone, as they are safe from duplication. When using your phone, make sure that it is properly locked for safety. And the last but not the least, make sure that you check you statement of accounts and report any suspicious transactions immediately.

Source: USA Today

Screen-exclamationBusinesses face a huge data risks and fraud. These risks include hacking of personal information, financial accounts, credit card information, and other sensitive data. Safeguard your business from these risks by using a password manager for generating strong passwords. Make sure that these passwords are kept safely at all times.

Perform encrypting procedures such as two-step verification that requires anyone to type the password twice or more, or ask for a verification code before accessing an account. All business personnel must be warned about phishing attacks, links and malware from unsolicited emails, and attempts to access company information. Lastly, use VPN keep sensitive information from untrusted users.

Source: IT Portal

Computer-ErrorSmall businesses are susceptible to cyber attacks, causing them thousands of dollars and putting their business at risk. The following security tips are specially designed for SMBs.

First, do not assume security in all your transactions so keep all your pertinent information safe at all times. Second, make sure to perform password alteration in a regular basis. If you ran out of ideas, you can use an app to help you in password creation and management. And last but not the least; try using Open Source solutions if possible, as it is easier to detect security flaws in these solutions.

Source: Tech Republic

Computer-MouseWith holiday around the corner, people will be shopping for presents in one of the most convenient stores – online. For a safe and convenient shopping online, make sure that you don’t fall in the hands of cybercriminals. Consider the following tips: First, be vigilant on your surrounding and avoid exposing your device from strangers – this is why it is best to use secured connections with VPN rather than public Wi-Fi. Also, make sure that you visit secured websites by checking the URL and padlock icon at the address bar. And lastly, ensure that your OS and browsers are updated as well as the antivirus for a more secured device.

Source: CS Monitor