Posts Tagged ‘hacked’

Protect yourself from CryptoLocker

Over the years the nature of computer viruses has seen a change in focus. When the earliest reported example, Creeper, first appeared back in 1971 its sole purpose was to gain access to a system and display the message ‘I’m the Creeper, catch me if you can!’. Now, with so much valuable information about us stored on our computers and web services, something far darker has emerged. Ransomware is a new class of virus / trojan horse that has begun to appear on PCs in the last few years, and it is something you should be very concerned about.

The principle of Ransomware is simple. Usually it sneaks into a system disguised as an email attachment and, if opened, then proceeds to encrypt the files on your machine. When this has completed the virus deletes itself and tells the user that their data has been taken hostage and will only be released if they pay the demanded ransom for a key. These style of attacks were first reported in Russia back in 2004, with the Gpcode trojan horse. Security analysts at Kapersky labs were able to crack the hold Gpcode had over data by exploiting mistakes the author had made in the code.

Now it’s back and this time the encryption is rock solid.

Cryptolocker

CryptoLocker is the latest Ransomware virus to strike unsuspecting users, and so far it’s proven impossible to crack. What’s more, it doesn’t just take all the data on your hard drive.

“It also searches for files on all drives,” reported Steve Gibson on the Security Now podcast, “and in all folders it can access from your computer: including workgroup files shared by colleagues, resources on company servers, and more. Anything within its reach it encrypts…so if you have hot online backups they’re victims of this. Essentially the more privileged your account is, the worse the overall damage will be.”

When all of this is completed, Cryptolocker puts up its money demand page, complete with options of payment (Bitcoins or MoneyPak), usually for around three hundred Euros. There’s also a badly worded message telling you that your files have been encrypted and that any attempt to remove the software will destroy the only key that could possibly decrypt it. In a James Bond-style moment of drama the authors place a countdown clock, normally set for 72 hours, which immediately begins to tick down to the moment your data will be destroyed forever. Photos, videos, documents, music, pretty much anything at all that is on your hard drive, all gone.

The structure of the virus is such that it’s not actually possible to create a key for the encryption, because the data needed to do so is held only by the originators of the virus.

“The RSA encryption algorithm uses two keys: a public key and a private key.” explains Kapersky lab expert VitalyK on the Securelist website.  “Messages can be encrypted using the public key, but can only be decrypted using the private key. And this is how Gpcode works: it encrypts files on victim machines using the public key which is coded into its body. Once encrypted, files can only be decrypted by someone who has the private key – in this case, the author or the owner of the malicious program.”

The removal of the virus itself is of little use to the victim, and shutting down the server that holds the key will only result in the loss of the decryption tool, plus this is difficult because the servers switch location on a weekly basis. So most people who suffer a CryptoLocker attack are given the simple advice of either paying the ransom or losing the data, but like in any hostage situation you can never guarantee that the criminals will honour their terms.

Such is the increase of the CryptoLocker attacks in the UK that the National Crime Agency released a statement from its Cyber Crime unit in which it warned:

“The emails may be sent out to tens of millions of UK customers, but appear to be targeting small and medium businesses in particular. This spamming event is assessed as a significant risk.”

The complexity and sophistication of a program such as Cryptolocker is in itself an unsettling precedent. It suggests more than a simple bedroom hacker with impressive coding skills and little conscience, but instead has traces of the fast growing underworld of professional cyber criminals.

“Something of this size…is a well organised group.” says Stephen Doherty, Senior Threat Intelligence Analyst at Symantec. “There’d be dedicated segments to this, because its such a large and focussed operation. The distribution of Cryptolocker in recent weeks is as high, or higher, than most trojans you’d see out in the wild.”

The need for resources to actually run the scam is also a clue to size of the proponents.

“There’s a lot of stages to this,” Stephen continues, “to infect so many machines on an ongoing basis, and try to process all the money in the background. You’d want a well organised team behind you.”

How to protect yourself from a Cryptolocker attack

The rise of the interconnected digital world has brought with it problems that previously existed in the physical realms. From chancers who play on the innocence of victims, up to serious organised crime that has money, skills, cruel intentions and the willingness to use them on the unsuspecting public.

Take solace though, that we do have ways to protect ourselves from these evil spectres of the web.

The first, and most obvious, is to regularly run full backups of your valuable data and then remove the drive from your computer, preferably storing it off-site. See also: How to back up your PC and laptop

Another is to create several online backups via free services such as Dropbox, Google Drive, Skydrive, etc., which usually offer versioning – and thus a way to roll back to older versions of your files.

The most important though is to never, ever open a file or link in an email or on a social website unless you’re sure it was deliberately sent by the person themselves. It may seem interesting at the time, but the results could be utterly catastrophic.

This article appeared on PC Advisor

Irish Web Design – Protect yourself from CryptoLocker

Internet ransomware demands cash to unscramble files

Internet ransomware demands cash to unscramble files

cryptolocker
Cryptolocker’s sophisticated use of encryption has made it hard to defeat

Malicious programs that demand a ransom to restore files that they have encrypted are starting to proliferate.

Security company IntelCrawler has discovered malware called Locker that demands $150 (£92) to restore files.

The cyber-thieves behind Locker were trying to emulate the success of CryptoLocker that has racked up thousands of victims this year.

However, IntelCrawler said, flaws in the malicious program suggest it might be easier to defeat than CryptoLocker.

IntelCrawler said it first saw “large-scale distribution” of several different versions of Locker early this month. So far, the malware has managed to snare people across the US, Europe and Russia. It is spread via infected files placed on compromised websites and through booby-trapped files disguised as MP3s.

Unscramble

Analysis by Andrey Komarov, of IntelCrawler, shows that when Locker infects a machine, it deletes files leaving only encrypted copies behind and also drops a small file containing a unique ID number and contact details for Locker’s creators.

The file also warns that no key will be given to any victim who harasses or threatens the malware’s creators.

Those who want to get their data back are encouraged to use the contact details and, once the ransom is paid, each victim gets a key to unscramble files.

However, help could be at hand for anyone hit by Locker, said Mr Komarov, as IntelCrawler had managed to penetrate the network the cyber-thieves were using to monitor victims. This helped the company extract the universal keys used to scramble target files.

“Our researchers are working on the universal decryption software in order to help the victims,” said Mr Komarov.

Irish Web Design – Internet ransomware demands cash to unscramble files

This article is from the BBC News Technology

internet users hit by ransom email spam

Internet users hit by ransom email spam

Internet users hit by ransom email spam

The emails appear to be from banks and financial organisations.

Millions of internet users in the UK are at “significant risk” from spam ransomware emails seemingly from banks and financial organisations.

The emails look like invoices or voicemails but in fact contain malware called Cryptolocker, which can encrypt files and the network, demanding payments in Bitcoins, worth about £536, to have it removed.

internet users hit by ransom email spam pc

The UK’s National Cyber Crime Unit (NCCU) warned that emails disguised as posts from banks and financial organisations are aimed at small and medium businesses and millions of bank customers.

In a statement, NCCU said: “This spamming event is assessed as a significant risk.

“The emails carry an attachment that appears to be correspondence linked to the email message (for example, a voicemail, fax, details of a suspicious transaction or invoices for payment).

“This file is in fact a malware that can install Cryptolocker – which is a piece of ransomware.”

NCCU deputy head Lee Miles said that the NCA are actively pursuing organised crime groups committing this crime. “We are working in cooperation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public,” he said.

Bitcoins have been increasingly targeted by cyber hackers, with about 4,100 Bitcoins valued at over a million Australian dollars being stolen from the online payment processor Inputs.io.

This article originally appeared on CBR

Irish Web Design – Internet users hit by ransom email spam

black hole

Suspected Malware Criminal Arrested

Blackhole malware exploit kit suspect arrested

Russian police have reportedly arrested a man on suspicion of masterminding two infamous hacking tools.

He is suspected of being the man behind the alias Paunch – the nickname used by the creator of the Blackhole and Cool exploit kits, sold to cybercriminals to infect web users with malware.

The Russian authorities have not confirmed the details.

But security firms said they had already detected a decline in the programs’ use.

A spokesman for the law enforcement agency Europol told the BBC: “Europol and the European Cybercrime Centre has been informed that a high-level suspected cyber criminal has been arrested.

“We can only refer you to the Russian authorities, they are the ones who should speak about this topic.”

The Russian police’s press office said it had nothing to add at this time.

However, Alexander Gostev, chief security expert at the Moscow-based internet protection provider Kaspersky Lab, said the arrest had been confirmed to him by “anonymous sources”.

Blackhole software The Blackhole kit offered an interface used to manage malware attacks

 

Spreading malware

The Blackhole kit, released in 2010, dominated the crimeware market throughout 2012 and the start of 2013, according to Fraser Howard, a researcher at the anti-virus company Sophos.

He said the code had been sold for an annual licence of $1,500 (£940) or could be rented from its creator for $200 (£125) for one week’s use, among other price plans.

The software targeted a range of vulnerabilities in the Java programming language, Adobe’s Flash media player, Windows software and PDF files.

It had two ways of doing this:

  • adding malicious code to hundreds of thousands of legitimate websites, which then copied malware to visitors computers
  • creating links in spam messages to specially created sites that infected PCs
Blackhole email
Sophos said that Blackhole was used to send links that directed users to sites that downloaded malware

Among the malware downloaded was:

  • fake anti-virus software that falsely claimed the PC was infected and urged the user to pay a fee to remove viruses
  • Trojans that attempted to steal financial records stored on the PC
  • the ZeroAccess rootkit, which downloaded other software that hijacked the PC for use in a botnet – a facility used to overwhelm websites with traffic and force them offline
  • key loggers that took a record of what was typed on the PC
  • ransomware that attempted to blackmail the PC owner

Although Mr Howard said Blackhole was once the biggest threat of its kind, he added that in recent months it had been overshadowed by rival kits, including Sweet Orange and Neutrino.

According to the researcher, the Blackhole and Cool kits put together were only involved in about 4% of all malware detected by Sophos in August, down from 28% the previous year.

The figure had since dropped to 2% in recent days, he added.

Another independent security blogger stressed that the arrest was still significant.

“If it’s true that the brains behind the Blackhole has been apprehended it’s a very big deal – a real coup for the cybercrime-fighting authorities, and hopefully cause disruption to the development of one of the most notorious exploit kits the web has ever seen,” said Graham Cluley.

“However, it’s worth remembering that nature abhors a vacuum, and there would surely be other online criminals waiting to take their place, promoting their alternative exploit kits and malicious code.”

Mikko Hypponen, chief research officer at F-Secure, agreed.

“If indeed it is Paunch that they arrested, that is a major arrest – he is a big deal,” he told the BBC.

“He was clearly the biggest player in providing exploit kits – not just by selling them, but also renting and leasing them to online criminals.

“Both Blackhole and its successor Cool have been very popular.

“Users didn’t have to be very technical to operate them – there was a manual that came with them – they just had to get them running and be able to break into a high-profile website, or create a new one from scratch, to install something bad on your computer.”

This story appeared on the BBC News Technology Section

Suspected Malware Criminal Arrested – Irish Web Design

living social logo

Living Social Website Compromised

The mighty Living Social website is the latest to be hacked, attacked or as they put it “experienced a security breach”.

livingsocial logo living social

Irish Web Design have carried out a series of actions to protect all the websites they have designed and currently manage.

Irish Web Design is currently considering the best course of action to take to keep all the websites in their care safe in the future.

We will be posting the results here and will also send the  details directly to our clients.

If you are not currently a client we are happy to keep you informed if you send us a message from the Contact page of this website.

In the meantime this is the content of the message subscribers received from Living Social earlier on.

IMPORTANT INFORMATION

LivingSocial recently experienced a security breach on our computer systems that resulted in unauthorised access to some customer data from our servers. We are actively working with the authorities to investigate this issue.

The information accessed includes names, email addresses, the date of birth of some users, and encrypted passwords; technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The database that stores customer credit card information was not affected or accessed.

Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.

For your security, please create a new password for your account by following the instructions below.

  1. Visit https://www.livingsocial.com
  2. Click on the “Create New Password” button (top right corner of the homepage)
  3. Follow the steps to finish

We also encourage you, for your own personal data security, to consider changing password(s) on any other sites where you use the same or similar password(s).

The security of your information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.

Please note that LivingSocial will never ask you directly for personal or account information in an email. We will always direct you to the LivingSocial website – and require you to login – before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a different website that asks for such information.

We are sorry this incident occurred, and we look forward to continuing to introduce you to new and exciting things to do in your community.

Sincerely,
Tim O’Shaughnessy, CEO

 

Living Social Website Compromised

wordpress attacked circular 3d logo

Protect Your WordPress Website

One of the most popular content management systems in use on modern websites is WordPress, found on more than 60 million websites around the world.

WordPress has been in the news recently as the subject of a large-scale attack from a huge number of computers from across the internet.  This automated botnet attack was attempting to take over servers that run WordPress websites.

Many experts believe that this current attack is a relatively small scale version of a botnet that will infect computers in the future. The next attack may be vastly stronger and more destructive than what we have seen recently.

Running on the servers that have bandwidth connections that are hundreds or even thousands of times faster than machines in homes and small businesses.

The enormous popularity of WordPress shows its vulnerability in a situation like this, as a result of it’s ease of use is weak security by users.

This typically means that users continue to use the word ‘admin’ as a user name, as this is the default administration account that’s created when you first install WordPress.

Weak passwords may be guessed by the ‘brute force’ attack of a botnet, able to try vast numbers of password combinations in a short space of  time.

For the moment every WordPress user should disabled the default ‘admin’ account in their installation,  and replace it with something else. This may take you out of the immediate danger from the current the attackers.

To create a strong password you need to use at least ten characters with a combination of upper and lower case letters along with some numbers and even some extended characters

The recent attack serves as a reminder to everyone that that security for your WordPress blog or website is something you do need to continue to work on.

What follows is Irish Web Design’s advice on what can you do to make your site more secure. These actions will help to deter such attacks in the future.

Update to the latest WordPress (currently version 3.5.1)

If there is an administrative user called ‘admin’.

Create a new account with a different name, unconnected with the name of your website. Give it administrative privileges.
Give it a strong password you have never used before.
Write these details down in at least two different places.
Sign out of the account.
Sign in as the new user.
Delete the old ‘admin’ user account.
During this procedure, you’ll be asked by  what account should you assign posts to created by ‘admin’ to.
Choose the new account name you just created.

You should also enable ‘two-step verification’ for each user in your WordPress account. As this is a more complex process with additional implications we will carry an article on the subject in the near future.

Irish Web Design would also recommend changing all passwords connected with access to the site, server and database on a regular basis.

As a matter of course Irish Web Design also recommend that all users should install a number of security programmes on all WordPress websites to prevent them being hacked.

In our view, if you adhere to minimum standards of security for your WordPress site it will give you a good level of security and will make it more difficult to hack into your site.

Don’t let the spammers, hackers or botnets destroy your presence on the web. Your site or blog can be secure with a little thought and effort.

Title of article: Protect Your WordPress Website published by Irish Web Design

Visit Us On TwitterVisit Us On FacebookCheck Our Feed