Archive for the ‘Ransomware’ Category

SamSam Ransomware Infected Thousands of LabCorp Systems Via Brute Force RDP

“LabCorp, one of the largest clinical labs in the U.S.”, said the SamSam ransomware attack that forced their systems offline was contained quickly and didn’t result in a data breach. However, in the brief time between detection and mitigation, the ransomware was able to encrypt thousands of systems and several hundred production servers. The wider public first learned about the LabCorp incident on Monday when the company disclosed it via an 8-K filing with the SEC. Since then, as recovery efforts continue, the company said they’re at about 90-percent operational capacity. According to sources familiar with the investigation, the SamSam…

Read More »

New Sleeper Strain of SamSam Ransomware Bypasses AV And Stays Hidden On Your Network

The ransomware strain that crippled several cities and school districts in the U.S. earlier this year is back with more tricks up its sleeve to avoid detection. If you haven’t heard of SamSam, you haven’t been paying attention. Just one example of the kind of destruction they can cause is the recent attack on the Colorado Department of Transportation which caused downtime for 2,000+ systems. This new SamSam strain adds a human element to its already devious mix of evasive techniques to keep antivirus, endpoint, and even more advanced security software from detecting it. SamSam avoids being discovered using sophisticated…

Read More »

Ransomware Mid-Year Update: It’s Worse Than Ever

Ransomware is alive and well. SonicWall recently released a mid-year update to their 2018 Cyber Threat Report. In it, they cover increases in malware attacks, encrypted attacks, and cryptojacking attacks. But one of the most prominent attacks remains a constant threat – ransomware. It feels like ransomware is old news – with so many stories in the news, and vendors claiming to have a handle on it, it’s natural to feel like it’s no longer a really-real threat. But the truth is ransomware is alive and kicking. The SonicWall report brings to light the reality of just how serious you…

Read More »

Definition of Ransomware

Ransomware is a subset of malware in which the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions on how to recover from the attack. Payment is often demanded in a virtual currency, such as bitcoin so that the cybercriminal’s identity isn’t known. View full article: What is Ransomware by TechTarget

Cloud Storage a Regular Target for Ransomware Infections

The State of the Channel Ransomware Report From 1,700 Managed Service Providers of Datto supplied some interesting in the trenches findings. Of the 1,700 MSP’s responding 26% report Cloud-based targets such as Dropbox, Office365 and G Suite infections. In addition, 5% of all SMB’s have had a Ransomware infection, with 30% reporting the Ransomware remained on the system if it wasn’t completely reinitialized. This means that the same perpetrator could infect the system again even after payment had been made. Some other interesting findings are that the Cryptolocker variant is still the most prevalent. The leading industry targets for Ransomware…

Read More »

Fortinet’s Proactive Protection

MTBW Services, Inc. takes a long hard look at each company we partner with before we ever bring a product through your doors. This recent e-mail from Fortinet is exactly why we STRONGLY recommend the enterprise bundle, which includes FortiSandbox, protection for every Fortinet product we sell. “As you may know, on May 12, hackers launched a global ransomware campaign against tens of thousands of corporate and governmental targets. The ransomware encrypts files on an infected computer and asks the computer’s administrator to pay a ransom in order to regain access. The ransomware attack is apparently spreading through a Microsoft…

Read More »

Critical Ransomware Patch: This is not a test.

The IT systems of around 40 NHS organizations across the UK have been affected by a ransomware attack. Non-emergency operations have been suspended and ambulances are being diverted as a result of the attack. Non-health focused organizations around the world are also being affected, including Spanish telecommunications firm Telefonica which reported a serious issue affecting its internal network as a result of a cyberattack earlier today. The strain is called “Wanna Decrypt0r” which asks $300 from victims to decrypt their computers. Bleepingcomputer said: “Whoever is behind this ransomware has invested heavy resources into Wana Decrypt0r’s operations. In the few hours…

Read More »

How Does Your End Point Protection Rate at Blocking Ransomware

Recently Network World in conjunction with KnowBe4 published a document regarding the effectiveness against Ransomware of the most popular end point protection applications as reported by real world users in a current survey. These included such industry heavy hitters as Symantec, Sophos, Trend Micro, Kaspersky, Webroot, McAfee, ESET, Microsoft and Vipre. The testing included the KnowBe4’s ransomware simulator, RanSim, to test the ability of the antivirus solutions to detect and stop RanSim “attacks.” Mimicking 10 different infection scenarios, RanSim attempts to encrypt simulation files it downloads from the Internet, rather than files from the actual endpoint. Follow the link here…

Read More »

Recent Real World Experience: Combating Ransomware Infection Part I Principle of Least Privilege

Just this past weekend MTBW Services was called upon to assist in the recovery from a Ransomware infection. Though never a pleasant way to spend a weekend, from our experience assisting scores of other companies infected with this insidious Malware, we were able to clean and recover the data affected. We have released an extensive checklist regarding protections in the battle against Ransomware – Ransomware Evolutions and Derivatives – but there are a few from this most recent battle that merit reiteration. The Principle of Least Privilege is a critical component in combating the ravages of Ransomware. The Principle of…

Read More »

Ransomware Hits Close to Home as DC Police Suffers Infection

As reported in the Washington Post, “hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras…… forcing major citywide reinstallation efforts, according to the police and the city’s technology office.” In addition, the report included the following description of the attack, “City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday.” As MTBW has been documenting over the last year or so, the pervasive…

Read More »