Monthly Archives: May 2016

AVG

What Would You Pay for Your Own Files? The Cost of Ransomware

Alina Simone’s gripping 2015 account of her mother’s extortion ordeal was the first time many non-tech people had heard the term “Ransomware”. It presented a threat that felt intensely personal. It blocked access to data we use to define ourselves: family photos, letters to relatives, tax and financial records, and beloved music and movies.

Flash forward a year, and ransomware is all over the media. The reason for its rise is simple: money.

Before the emergence of ransomware, criminals mainly used (and still use) malware to take control of machines. Malicious code harvested user names, passwords, and credit card numbers. It might have also used infected PCs in a botnet for sending spam or launching attacks that shut down major websites, usually as a decoy while hackers broke in elsewhere.

For Criminals, Ransomware Is Lucrative

Ransomware cuts out the digital middlemen. Rather than collect credit card details that must then be sold on the dark web for a few cents to a few dollars, ransomware demands money directly from the victims. While the amount varies, it tends to be few hundred dollars for individuals.

Yet these small sums are taking a heavy toll. The exact number of ransomware attacks is hard to gauge, as many go unreported. But according to our data they are rising fast. While official complaints about ransomware (and ransoms paid) to the US Department of Justice amounted to only around $24 million in damages in 2015, other numbers are much higher. In April, CNBC estimated the cost of ransomware at around $200 million in the first three months of 2016 alone. Late last year, the Cyber Threat Alliance stated that a single piece of ransomware, CrytopWall v3, resulted in an estimated $325 million in damages worldwide over the course of its lifetime. And as far back as June 2014, the FBI issued a report saying CryptoLocker swindled more than $27 million from users over a two-month period.

Bigger Targets May Mean Bigger Paydays

These numbers speak to the audacity of ransomware purveyors. The long-tail effect of attacking individuals has proven so lucrative, it is unlikely to ever go away. But many organizations also hold sensitive customer data that needs to be protected both to ensure effective service and consumer privacy. That makes them particularly juicy targets to hackers.

Healthcare provides are a case in point. If they lose control of patient information, they may be unable to deliver treatment when needed. There are also strict legal requirements governing the protection of patient data. Both make them subject to lawsuits that could cost them far more than what they would have to pay in ransom. A hospital in Hollywood, California, paid $17,000 in bitcoin to hackers after being locked out of their data. Fortunately, so far, other reported attacks have fared less well. Healthcare providers in Kentucky and Ottawa refused to pay, as no patient data was compromised; and an attack in Germany was quickly contained by fast-acting IT staff.

Still, the hospitals have had to invest considerable time and resources into fighting the attacks. They will also need to launch multiple efforts internally and externally to restore patient trust.

And hospitals are not alone.  A 2016 report by the Institute for Critical Infrastructure Technology, an industry think tank, declares 2016 the year of ransomware, suggesting few organizations are safe. For instance, systems at an Israeli electrical utility were infected by ransomware after a phishing attack. A utility in Michigan has been allegedly attacked. Multiple police stations have been hit and paid ransoms to regain access to their systems. Local governments are increasingly feeling the pressure, with attacks reported in places as diverse as Alto City, Texas, and Lincolnshire, UK. And criminals have subverted online adverts of venerable media organizations, such as the BBC and NYT, turning their websites into potential sources of drive-by ransomware.

The Right Protection Saves Money

This is why protection is essential, especially for individual users, most of whom lack the expertise and resources of even modest city councils and small hospitals. Over a three-month period earlier this year, a conservative estimate by AVG is that its antivirus prevented around $47 million in extortion demands through the interception of just three types of ransomware: Cryt0L0cker, CryptoWall, and TeslaCrypt. And that number says nothing of the mental and emotional costs that would have resulted from feeling violated or the costs of replacing machines, software, and media if a victim decided not to pay.

AVG does not recommend paying. There is no guarantee criminals will release the files. They may also leave a piece of malicious code behind that allows them to strike again. It is better to call tech support, salvage what you can, make frequent backups, and build a fortress around your PC – and thus prevent the writing of another news story like Alina Simone’s.

Hackers News

How to Use Apple's iMessage on Android Phone

If you wish to send iMessages from your Android smartphone to a friend who owns an iPhone, it’s possible now, at least for those who own MacBooks and iMacs.

A developer has come up with a smart solution to bring Apple’s iPhone messaging platform to Android phones. Though the solution is not practical for most people, technical people and nerds can use it to send end-to-end encrypted iMessages

CentOS

CESA-2016:0722 Important CentOS 7 opensslSecurity Update

CentOS Errata and Security Advisory 2016:0722 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0722.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
5e3c51d681fee532d012c93a5a112885667e775e93ef290d45d8049fcd801d75  openssl-1.0.1e-51.el7_2.5.x86_64.rpm
4b74997828abc8b7272bf326f48eea929caaf8708196fca145b547ef467d2489  openssl-devel-1.0.1e-51.el7_2.5.i686.rpm
6230b86f09b6eac63d2445b2ad1c0b2db6bc0500d678ce945ff791ca12f3a679  openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm
2c0da28ab356f44800b68fffd8bdd6e77d7bea9cf2360976b6d150e6e4394e4d  openssl-libs-1.0.1e-51.el7_2.5.i686.rpm
fa7add3a3f2c6c024359c6b031b0e71dad7ff59422786b27ffbff479413936e0  openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
b08aa6e4d8d1b10f2b3d6e3b06e0ab0bcb3a7ba7990f8ca9a454697fafd6fdfe  openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm
757101009b96ace47e31a87390da9a731a3be8fa768f5791b26a5cbeff41297c  openssl-static-1.0.1e-51.el7_2.5.i686.rpm
97d662ed69a95e9d919404f10034f17ced2e19e3024567560924743723de532f  openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm

Source:
caa1e4aa799629d23f63083c906ee7f37d8db7de81585bd5ce7cb8a444749657  openssl-1.0.1e-51.el7_2.5.src.rpm
NVD

CVE-2015-6550

bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.

NVD

CVE-2015-6551

Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.