Search the Community
Showing results for tags 'ransomware'.
-
Ok, does anyone have any idea if an Enterprise type ransomware backup solutions that uses hardware not sofware exsists for personal/commercial use and does not require additional software. I know it's sounds a bit stupid but I'm just wondering
-
Act 1: The long explanation. I installed a ransomware virus on my main Windows partition. I lost everything. Hundreds of Gigabytes of information encrypted beyond recognition and repair and it was all my fault. It was karma for an elevated praise to the Windows operating system and its unparalleled compatibility. In that text, I present myself as an experienced Windows, OSX and Linux user by skillfully editing out the bits that reveal my true self: an old loser who would infect his own computer. Disclosure: I do not, I repeat, I do not live in my mother’s basement. I, of course, use the “I lost everything” statement rather lightly since -as most users of this forum- I backup frequently, dance awkwardly and repel females with phrases such as: “I love Star Wars” or “I backup frequently”. Act 2: The questions Here is my current predicament (see image): Will i lose my Fedora boot if I install windows in a new sda2? I will delete the infected partition, create it again, format it with NTFS and install windows 7. Will that erase references to my current boot partition? I know an installation disk or a Windows 7 recovery disk can fix a broken Windows boot record. How do you fix the MBR for a Fedora 28 boot in case it’s overwritten? Act 3: Your turn
- 6 replies
-
- ransomware
- mbr
-
(and 3 more)
Tagged with:
-
From Kotaku: https://kotaku.com/theres-a-new-malware-that-locks-your-files-unless-you-p-1825148822 [clip] "PUBG Ransomeware’s note reads “Your files is encrypred [sic] by PUBG Ransomeware! But don’t worry! It is not that hard to unlock it. I don’t want money! Just play PUBG 1Hours [sic]!” Malware experts have confirmed to me that PUBG Ransomeware actually does lock down computers’ files, but it’s pretty easy to get around. The ransomware only encrypts users’ desktop files and unlocks them after three minutes of a game of Battlegrounds as opposed to the stated hour." Apparently it doesn't seem like a serious effort to lock computers down since there are apparently simple workarounds. Maybe sounds like a script kiddie who's more invested in PUBG rather than Fortnite that wanted to tilt the scales a bit. Additional Reporting: Bleeping Computer: https://www.bleepingcomputer.com/news/security/pubg-ransomware-decrypts-your-files-if-you-play-playerunknowns-battlegrounds/
- 31 replies
-
- pubg
- ransomware
-
(and 1 more)
Tagged with:
-
Boeing Response: Twitter Text: ~~~~ ORIGINAL POST: It seems that even though patches were pushed out immediately for Wannacry it looks like Boeing (NYSE:BA) has been hit with the ransomware on critical systems. ~~~~ From TechCrunch: ~~~~ Opinion: Its interesting to see that such a large and critical portion of Boeings manufacturing process was hit even though patches have been available for nearly 9 months. I would have thought that something of this importance would have been airgapped or stripped to the absolute bare minimum requirements for usage in order to mitigate any threats like Wannacry that could occur. With Boeing being a major defense contractor it will be interesting to see how this plays out in the near future with current and upcoming contracts. ~~~~ Main Source: https://www.seattletimes.com/business/boeing-aerospace/boeing-hit-by-wannacry-virus-fears-it-could-cripple-some-jet-production/ Non paywall Source: https://techcrunch.com/2018/03/28/boeing-reportedly-hit-by-wannacry-ransomware/
- 3 replies
-
- wannacry
- ransomware
-
(and 1 more)
Tagged with:
-
This is one of those threads that could get very political so I wouldn't mind if mods locked this thread right after five to ten responses. Source: Reuters Just so everyone knows, the Lazarus Group is responsible for Sony hack in 2014 where they said it was a thin-skinned response from North Korea as retaliation for releasing the movie "The Interview" starring James Franco and Seth Rogen as well as a heist in the Bangladesh Central Bank [more info about the Lazarus group here] Anti-virus companies like Symantec, Kaspersky, and even Microsoft linked Lazarus to North Korea as they found IP addresses from North Korea. The same cybersecurity companies also found the same connections linking WannaCry and Lazarus group saying: From Symantec: Kaspersky: *It's a good thing that none of the banks I have money on got infected by WannaCry. I guess the lack of red color to the New Zealand map suggest that PC in New Zealand has installed Windows Updates. Obviously North Korea will deny this but for a country with so many economic sanctions imposed, it all makes sense why they'll engage in state sponsored cyberattacks especially ransomware attacks where they can hold PCs hostage until people pay up via Bitcoin. Even though the payout for WannaCry ransomware wasn't that lucrative, there are reports especially from North Korean defectors saying that the regime are currently training and employing hackers in order to offset the effects of the UN economic sanctions and to show everyone that they're as powerful if not better than everyone when it comes to cyberespionage. But we can also put the blame on businesses and corporations for using out of date computers. Prior to the WannaCry pandemic, Microsoft has already released a patch for SMBv1 but so many won't even bothered to deploy security updates. As per this NYT article, "The big question is whether Mr. Kim, fearful that his nuclear program is becoming too large and obvious a target, is focusing instead on how to shut down the United States without ever lighting off a missile. “Everyone is focused on mushroom clouds,” Mr. Silvers said, “but there is far more potential for another kind of disastrous escalation.” The US and everyone else should put more focus on ensuring nationwide cybersecurity as massive cyberattacks can lead to global economic crisis. It's such a shame that the US response to the Sony hack is launching a DDOS attack on North Korea which means nothing. In my opinion, since North Korea has fewer computers connected to the real internet they are at an advantage over US as the likes of NSA and DHS will find it useless to create a cyberespionage malware against North Korea since only a few IP addresses from North Korea can be found. 2017 is indeed the year of cybersecurity woes and I think in 2018 it will get much worse. I'm just curious as to what took the DHS so long to declare that WannaCry came from North Korea when major anti-virus companies have been saying that there's a link between Lazarus Group (DPRK) and WannaCry for months. I can't help but bring back these related threads
- 30 replies
-
- wannacry
- ransomware
-
(and 2 more)
Tagged with:
-
Hi I'm new here just wanting to find out if you encrypt your files with Windows bitlocker, can cyber criminals use a ransomeware such wannacry to lock your data. I mean it's already encrypted how can they access it
- 7 replies
-
- ransomware
- asus
-
(and 1 more)
Tagged with:
-
Sources: BBC, VirusTotal, Securelist I know news about a new malware strain isn’t particularly interesting but I posted this as more of a PSA as the attack method is via drive by download meaning it doesn’t require user interaction to execute it. All it needs is to have the user browse an infected website. It seems that the attack is more localized than a global pandemic. With that said, at the time I’m posting this, 43 out of 66 anti virus programs are now detecting it (including Windows Defender) which is good. Make sure to have your AV programs up to date and enable cloud protection for faster protection. Also, it’s a good idea to use standard accounts instead of admin accounts.
- 5 replies
-
- ransomware
- security
-
(and 1 more)
Tagged with:
-
Source: https://www.eteknix.com/ransomware-costs-toshiba-400000tb-ssd-storage Toshiba's NAND production facilities in Japan were targeted by ransomware attacks severe enough to cause production to come to a halt for 3-6 weeks. This is an estimated production loss of 100,000 wafers, or roughly 400PB worth of chips, enough to possibly cause a short term market shortage in NAND and more price increases.
- 74 replies
-
- ransomware
- ssd
-
(and 2 more)
Tagged with:
-
Hey Everyone, It's my first thread here, but..... I've been running a Minecraft server on a dedicated Windows Server 2012 machine, and recently was infected by a Ransomware that added .arena file extensions. I've tried the Trend Micro ransomware decrypter. Anyone have any ideas or should I wait for Trend Micro to release an update? I've attached a file (the start.bat file from the server) that was encrypted by the malware. Any help would be appreciated. *File removed*
- 2 replies
-
- help
- ransomware
- (and 4 more)
-
hey my parents got ransomware and have decided to do a clean install they bought there system from costco and i have the product key
-
Hello, So i dont know if its right forum category to post such topic but well feel free to relocate it. So i wanted to fix my issues with dualshock 4 pad while playing newest Tekken (which is on PC ) . At first i didint notice but my pad was giving wrong inputs or additional inputs sometimes. I tried a steam option for controller settings but it is kinda uncofortable and i cant use controller if i alt + tab the game while game is in bordeless window (before playing with steam thingy i could do it). So i decided to dl the DS4Windows from http://ds4windows.com and run it but after launching the app my antyvirus blocked it and said it is potential ransomware danger. I am using Bitdefender 2017 Internet security . Should i remove this from potential dangers block list or leave it as it is ? Thx for help beforehand. Cheers
- 2 replies
-
- bitdefneder
- ransomware
-
(and 2 more)
Tagged with:
-
So in the latest use of the EternalBlue exploit kit that has been released to the wild, there is a new Ransomware that follows in the footsteps of the WannaCry ransomware being dubbed PetyaWrap. So far this ransomware has hit several large companies across the globe, including Merck Pharmaceuticals, Maersk Shipping, DLA Piper and more... The main differences between this ransomware attack and WannaCry is that this one is encrypting at the file system level as opposed to the individual files, it is stealing usernames and passwords from the systems and so far, there appears to be no kill switch. https://arstechnica.com/security/2017/06/a-new-ransomware-outbreak-similar-to-wcry-is-shutting-down-computers-worldwide/ https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/ I guess this is a good welcome to the wild world of the future of exploits and not having your systems up to date with patches... Of course, this may cause bitcoin prices to jump again. EDIT Adding BitCoin Address: Thanks to @The Benjamins for providing the below link to the BitCoin Blockchain address: https://blockchain.info/address/1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX As of this edit, it appears to have collected about 2.14 Bitcoins worth of transactions... EDIT 2: Thanks to @verytiny for bringing up an announcement from Posteo that they have blocked the email address that was being used and are working with local Federal Authorities. https://posteo.de/en/blog/info-on-the-petrwrappetya-ransomware-email-account-in-question-already-blocked-since-midday In addition, one of the bits of information concerning how this bug is spreading listed on ArsTechnica consists of it using boobytrapped phishing emails and PSExec command line tools so that if it is able to penetrate a computer by any one vector, it can then spread throughout the network. EDIT 3: According to Bleeping Computers, security researchers has found a 'vaccine' to prevent system infection, but have not found a killswitch for the attack yet. https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/ There is a step-by-step on the article on how to do this, however, it is important to note that this is only for the current version of the ransomware. At the same time, it is being strongly speculated that the initial infection may have originated from a tainted software package from Ukranian based M.E.Doc compromised by an unknown attacker. https://www.bleepingcomputer.com/news/security/petya-ransomware-outbreak-originated-in-ukraine-via-tainted-accounting-software/ UPDATE: Well this is interesting. According to an update from Ars Technica, antivirus researchers are determining that this malware attack was not a ransomware attack but a wiper attack with the ransomware note as more of a red herring to try and throw people off. Welcome to the digital nuclear arms race where pretty soon all countries will have digital WMDs and be threatening all the other countries with digital Mutually Assured Destruction of critical systems. https://arstechnica.com/security/2017/06/petya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware/ UPDATE 2: Not sure if this will be the last update, but there is some additional information coming out that a separate, smaller Ransomware attack occurred around the same time as the NotPetya attack that was coded to look similar to the WannaCry attack, however it did not employ any of the WannaCry NSA Exploits and was written in .Net as opposed to C. Interestingly, this bit of Ransomware was discovered to be embedded in the M.E.Doc folder of the computer. This would make for the fourth ransomware cyberattack to target the Ukraine heavily within the last month and a half as well as the fourth one to be deployed and tried to be passed off as a member of another malware family. https://www.bleepingcomputer.com/news/security/ransomware-attacks-continue-in-ukraine-with-mysterious-wannacry-clone/
- 104 replies
-
- eternalblue
- ransomware
-
(and 1 more)
Tagged with:
-
I have had a call from a customer explaining that one of their servers has ransomware on it. It apparently printed out a sheet of paper with the words "What Happened?". I haven't heard of this before and neither has my adviser. All help is greatly appreciated.
-
A Web-hosting service recently agreed to pay $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites, the company said recently. As for how this Linux ransomware arrives, we can only infer that Erebus may have possibly leveraged vulnerabilities or a local Linux exploit. For instance, based on open-source intelligence, NAYANA’s website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. Security flaws like DIRTY COW that can provide attackers root access to vulnerable Linux systems are just some of the threats it may have been exposed to. Additionally, NAYANA’s website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known; in fact, there was even a tool sold in the Chinese underground expressly for exploiting Apache Struts. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack. This should serve as a reminder that you need to patch all your servers, not just your windows ones. Remember, if you don't patch it, you don't own it. Source: https://arstechnica.com/security/2017/06/web-host-agrees-to-pay-1m-after-its-hit-by-linux-targeting-ransomware/
- 23 replies
-
- ransomware
- linux
-
(and 2 more)
Tagged with:
-
I was wondering how to update a windows xp system to Microsoft's latest update that deals with the wannacrypt worm (MS17-010). I heard that in an unusual move, Microsoft made the update available to windows xp systems too. I don't see the usual update prompts from windows update within the system. Going onto microsoft's website only shows options for windows vista and up. I was wondering how to download the update and apply it to a windows xp system.
- 3 replies
-
- windows xp
- update
-
(and 4 more)
Tagged with:
-
So i just watched the Wan Show, and i didn't quite understand it, to be safe i don't have to download the latest windows update? Luke said that most people doesn't have their windows update activated, or do i need to have the latest update?
- 55 replies
-
- ransomware
- wanna cry
-
(and 1 more)
Tagged with:
-
[Sorry for long post and quotes, but I only found Spanish sources, so I figured I translated the important bits] Source 1: El Mundo newspaper http://www.elmundo.es/tecnologia/2017/05/12/59158a8ce5fdea194f8b4616.html Telefónica, the largest telecommunications company in Spain, and a major player in several other countries, got its PCs infected by a ransomware worm today. One of the sources claims up to 85% of the firm's computers got locked by the worm. It's unclear whether other companies have been infected as well, but this source claims at least one of the major Energy providers (Gas Natural) has been affected as well. In turn, Telefónica stated that this attack had no consequences to its services: Apparently, the network infrastructure has not been compromised, by individual workstations were. Hence, despite the title talking about "a hack", most likely what happened is that an employee's terminal got a non-targeted worm somehow, and it then spread through the intranet. The second source provides a bit more detail (also in Spanish). It also states that other firms got infected too, but several of them denied it. Source 2: El País newspaper http://tecnologia.elpais.com/tecnologia/2017/05/12/actualidad/1494585889_857386.html Regarding the virus: Regarding the inner works of the virus: With respect to other companies: The article goes on to explain that several of these other firms did order to shut down computers earlier today as a response to the Telefónica attack, but only due to being Telefónica customers themselves. Since Telefónica's services has not been compromised, there is no reason to expect any critical equipment or customer to have been infected. In other words, the attack seems restricted to Telefónica, while the rest was an exaggerated? precaution by its customers. Personally, the more information surfaces on this topic, the more I'm convinced this was a generic worm looking for random victims, and an employee managed to get his/her Windows workstation infected. It probably then spread to other Windows PCs in the intranet, but never got anywhere near the service-critical equipment. In other words, this was just the same as a home PC getting infected - only that hundreds of such PCs happened to be indoors a major telecommunications provider I bet the moral of the story will be: the weakest link in the security chain is people... ------------- UPDATE: The same / a similar attack took place in hospitals around the UK, as reported by @ashypanda and @Jinchu. Ars technica has covered all these episodes together, providing us with an English source (thanks @WMGroomAK!). Their title is a bit misleading regarding Spain (Banks have denied the infection, they may simply be worried customers of Telefónica), but the article itself seems in line with other reports. In any case, I think the British hospitals' case is more worrisome. I can laugh at Telefónica's accounting PCs being held hostage by ransomware, but a broken hospital intranet is a less comical matter. Link to Ars Technica's article: https://arstechnica.com/information-technology/2017/05/nhs-ransomware-cyber-attack/
- 9 replies
-
- ransomware
- security
-
(and 1 more)
Tagged with:
-
Cylance Researchers disclosed 2 firmware vulnerabilities in the Gigabyte BRIX at the BlackHat Asia 2017 conference that would allow attackers to write malicious content into the UEFI. To date, the researchers have been working with Gigabyte and a new firmware update is expected to be released soon to fix this. From the article: https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/) Per the Bleeping Computers Article the details on these vulnerabilities are: To demonstrate these flaws, the researchers installed a proof of concept UEFI ransomer that prevented the BRIX from booting, essentially bricking it, however, these same kits could be used to plant rootkits to allow for persistent malware. I guess the best recommendation would be to keep an eye out for a new UEFI to keep your device up to date. Originally saw this article at PCPer (https://www.pcper.com/news/General-Tech/UEFI-ransomware-may-brick-your-BRIX) and followed back to Bleeping Computers (https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/).
- 12 replies
-
Hey guys! i was just with a friend on his computer and he has a iMac. He told me something that really suprised me, all of his files has been changed to .locky and been encrypted. This is a part of a ransomware. I did not realise that this was possible on a mac yet however it is. Anyone got a fix? preferable one that is not formatting as he has files he desperatly needs of his hard drive.
-
source: http://www.engadget.com/2016/05/19/teslacrypt-ransomware-creators-hand-over-key/ So the original developers of the teslacrypt, a version of the cryptovirus ransomware family have just handed out the 'master key' as they 'wrap up operations. Turns out asking nicely works for many things... This is kinda of cool in a way, i mean it sucks for the amount of people and businesses that had no choice but to fork out the money to get their data back. This seems to mean either; they have given up because there are so many ways to get around it (if you know what youre doing) Or they got very close to being caught. This is something that worries me though, seeing as it was posted online, this could mean that they are moving onto bigger things. Still kinda neat though.
-
https://www.grahamcluley.com/2016/04/pirate-bay-hit-malvertising-attack-drops-cerber-ransomware/ malwarevertising campaign recently struck popular torrent site The Pirate Bay and redirected users to landing pages for the Magnitude exploit kit, where they were infected with the notorious Cerber ransomware. Over the past few weeks, Segura and his fellow researchers have observed Magnitude blitzing its way past other exploit kits and distribution methods, such as compromised websites, in order to prey upon vulnerable users. Each campaign has leveraged the Magnitude exploit kit, and each has dropped the Cerber ransomware as its ultimate payload. As regular readers of might recall, Cerber made headlines back in March for its ability to "Talk" to its victims and announce it had encrypted their files before demanding US $500 in ransom. Edit in progress
- 5 replies
-
- ransomware
- virus
-
(and 4 more)
Tagged with:
-
Hey, guys recently there has been some pretty nasty ransomeware going around by the name of "Petya", that would lock down your system unless you paid. But it has been cracked: http://arstechnica.com/security/2016/04/experts-crack-nasty-ransomware-that-took-crypto-extortion-to-new-heights/ If you know someone or have been personally affect by this wave of ransomware there is a fix!
- 10 replies
-
- ransomware
- opsec
-
(and 3 more)
Tagged with:
-
sources http://arstechnica.com/security/2016/03/big-name-sites-hit-by-rash-of-malicious-ads-spreading-crypto-ransomware/ http://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-in-us-leads-to-angler-exploit-kitbedep/ https://www.trustwave.com/Resources/SpiderLabs-Blog/Angler-Takes-Malvertising-to-New-Heights/ https://blog.malwarebytes.org/malvertising-2/2016/03/large-angler-malvertising-campaign-hits-top-publishers/ --- I have no words ... just last week Adobe released a security update for Flash that included 32 critical vulnerabilities: I have ADBlock Plus and Element Blocker installed since "forever" and I won't disable them for anything if and when it becomes obsolete, I will jump to another one, uBlock Origin seems like a valid alternative update your Java, or remove it update your Flash player, or remove it update your Silverlight, or remove it update your fucking browsers, or you risk losing it all
-
Hey all, I just got a call from an acquaintance about hes PC being locked down. I thought it was your usual virus/trojan and I'd just do a PC scan and clean it. Oh boy, was I WRONG! Apparently it's some new type of ransomware (February 2015 was as old as I could find it online). It locks up all the files on the PC, changes their format to .XTBL and creates readme's everywhere with the attackers email address. I haven't tried going that way but once contacted (he contacted them) they requested 200e for the unlock. From my research online it turns out once you pay them, they will send a decrypter specific for your key (which is in the readme) and it will unlock the files. Removing the virus does not help at all, the files remain encrypted and no decrypter has been made. People have tried bruteforcing it and failed miserably due to the unknown key length. The files on hes PC are important, he is a photographer and the infection spread to EVERYTHING. So he no longer has access to any of hes files which he needs. There are no backups on other drives/external hdd. Using a shadow copy helps with this particular virus, but there aren't any shadow copies on the PC. Any ideas? Any suggestions? Any help is appreciated. Kind regards and keep your eyes open against this type of ransomware. Cheers, Bogica
- 2 replies
-
- virus
- ransomware
-
(and 3 more)
Tagged with:
-
Cryptolocker-like malware maliciously encrypts savegames and other data for a number of popular titlesIf you're a gamer, be on the lookout for a nasty new piece of malware that will make your mods, savegames, and other game data inaccessible via encryption. The cybercriminals behind the scheme are seeking to extort users by forcing those unlucky enough to be infected to make a large payment in Bitcoin in order to receive an unlock key. Source:http://arstechnica.com/security/2015/03/cryptolocker-look-alike-searches-for-and-encrypts-pc-game-files/]http://arstechnica.com/security/2015/03/cryptolocker-look-alike-searches-for-and-encrypts-pc-game-filesOther Sources: Click here to view the article