This is not a joke. Heimdal Security disclosed a new variant of ransomware combining CryptoWall 4 and CryptXX. It has all the usual components of ransomware. The ransom itself is high: five bitcoins (about $2,200). Usually, ransoms are around $500.
In addition to the exceptional price, the ransomware adds some social engineering tricks. In the ransom screen, you will find: Your money will be spent for the children charity. So that is mean that You will get a participation in this process too. Many children will receive presents and medical help!
And We trust that you are kind and honest person! Thank You very much! We wish You all the best! Your name will be in the main donors list and will stay in the charity history!
So do not hesitate to pay, it is for the kiddies L
Moreover, there is an additional benefit.
Also You will have a FREE tech support for solving any PC troubles for 3 years!
Trust us L
Remember the best practices for avoiding ransomware:
- Backup your computer(s) regularly; Use a physical backup (air gaped) rather than a cloud-based one (unless it is disconnected). A new generation of ransomware also encrypts remote or cloud-based servers.
- Do not be infected; do no click on suspicious attachments or links in emails; avoid ‘suspicious’ websites.
- Protect your computer(s); up to date OS and antivirus
It is now six months since RSA suffered from the hack that compromised secureID. RSA had a positive attitude regarding the hack by providing some details and good visibility. Thus, we can learn many things about it.
We know now how RSA was penetrated. It was through a targeted email using an excel file. The excel file had an embedded flash object inside. The object, using a zero-day vulnerability, installed Poison Ivy Backdoor. For more details see F-secure’s analysis. The attacker used the backdoor to get access to the sensitive data to break SecureID. The mail was addressed to four members of RSA, thus a targeted attack. Once SecureID compromised, the attackers could access Lockeed Martin.
This is the first publicly known instance of Advanced Persistent Threat (APT). This corresponds to extremely targeted attack that works stealthily, slowly in order not to be detected, and performed by extremely skilled attackers. It was currently reserved to warfare. As the final target was Loockhed Martin, we may believe that it as a high-profile attack. They used a zero-day exploit which passed under the radar of any anti-virus scanner.
RSA and Kapersky Labs presented an interesting analysis of the attack.
What can we conclude:
- The perimetric defense is not anymore sufficient, at least in a professional environment. Skilled hackers will try to attack from inside. We need new tools to detect suspect behaviour within the enterprise network. For instance, an alert should be triggered when a device communicates with “exotic” IP addresses. Unfortunately, they will be more complex to administrate and probably need more manual monitoring. :Weary:
- Targeted attacks will be more and more used against industrial targets. Security awareness will become key. People must also be aware of business intelligence. It is a reality that is too often downplayed by people.
- I will rant against all these software that are used for other purposes than the initial ones. How often did I see Excel used for other things than calculating! For instance, to display tables of text. As a result, software editors add new features. Why should we have to add flash object in calculus? In security, KISS (Keep It Simple & Stupid) is a golden rule. The more features, the more potential vulnerabilities.