The informations of Mac computers being infected for the first time ever with a ransomware virus was the top news of March’s first weekend.
The post Ka-chink. So much for Mac invulnerability to malware. The facts appeared first on Avira Blog.
Tag Archives: ransomware
A closer look at the Locky ransomware
Today, we bring you a deep look into the latest ransomware called Locky. This new file encryptor, targeting PC users, has most likely been created by authors of the well-known Dridex botnet and is spread the same way.
Locky uses all “top class” features, such as a domain generation algorithm, custom encrypted communication, TOR/BitCoin payment, strong RSA-2048+AES-128 file encryption and can encrypt over 160 different file types, including virtual disks, source codes and databases.
We monitored the Locky family this past month and discovered a second variant of the malware, which has new features and program code improvements. Locky’s authors added a new hard-coded seed to the domain generation algorithm, which allows them to deactivate Locky on Russian PCs.
Infection vector
Locky is spreading via spam email campaigns that are similar to those used by the Dridex botnet. They use similar file names, obfuscation, email content and structure of download URLs.
We have observed three different campaign versions of Locky and have described them below.
Below is an example of one of the spam emails. The emails are designed to make people believe they were sent from large companies such as Nordstrom, Symantec and Crown Holdings.
Freeriders phishing on the Locky express
Phishing attacks that use the German police and Locky ransomware as a theme make it clear: some cybercriminals aren’t above copying the success of competing cybercriminals to make money.
The post Freeriders phishing on the Locky express appeared first on Avira Blog.
KeRanger ransomware is now a menace for your Mac too
There is a start for everything or so we’ve learned during the last weekend. Apple users were targeted in the first time ever ransomware attack against Mac computers.
The post KeRanger ransomware is now a menace for your Mac too appeared first on Avira Blog.
Protecting business against the new “Locky†ransomware threat
Ransomware attacks are on the rise and it is quickly becoming all too real for many businesses and organizations who aren’t prepared. As new threats continue to emerge, our AVG channel partners play a critical role in helping their clients avoid the negative business impact from security threats like ransomware.
For several years now, ransomware, a type of malware that encrypts files and demands a ransom for the decryption key (usually in the form of a Bitcoin payment), has been on the steady increase. And in recent news, IT pros have just identified an even deadlier ransomware, dubbed “Locky.”
Incidents of recent ransomware attacks in the UK and U.S. have also sparked a media cycle, which in itself may drive further attacks. One of these latest ransomware victims has reportedly been a U.S. medical center, which paid $17,000 to gain back control of its computer systems.
With smaller companies becoming attractive targets to cybercriminals due to their perceived lower levels of protection, no one is immune to the danger of ransomware or the latest Locky malware.
This also means that your end customers will require an increased level of service and expect your immediate response to their security needs. If your business is focused on security protection for SMB customers, isn’t it time you refreshed your antivirus and Internet security offering?
AVG has been working in the security space for over 25 years and our award-winning AVG AntiVirus and AVG Internet Security business solutions continue to benefit from the full force of this expertise.
Offering cloud-based, real-time Outbreak Detection and proactive AI Detection, the solutions deliver robust protection. Real-time Outbreak Detection is AVG’s new crowd intelligence that’s designed to identify even the newest malware variants and outbreaks in real-time. AVG’s Artificial Intelligence detection proactively identifies malware 24 hours a day 7 days a week – even before samples have been analyzed by AVG’s Virus Lab team. For example, our technology is also already detecting known variants of Locky.
These are just a few of the advanced features that help our partners respond to these new security demands and we are continuing to receive positive feedback.
John Miller, Director of Glideslope Software, is one AVG partner putting our AVG AntiVirus and AVG Internet Security business solutions to great work for its client base. As John shared with us recently, “We see efficient IT support as the key to our clients’ growth, agility and happy employees. For our charity sector customers in particular, AVG is essential in ensuring they can operate virus and spam free so they can continue their valuable work. I can’t remember the last time a client called to say they’d found a virus that AVG had missed.”
Help us put the best security defense in place for today’s businesses. We will continue to share updates on new AVG Business product features and services.
Hospitals and healthcare providers under cyberattack
Hospitals are vulnerable to cyberattacks
The recent ransomware attack on the Hollywood Presbyterian Medical Center in Los Angeles has spooked the healthcare community. Hackers installed *ransomware in the hospital computer system and held patient records hostage while demanding payment. The hospital eventually paid $17,000 to have their files unlocked.
Attacks on major insurance and healthcare systems last year including Excellus BlueCross BlueShield and Anthem Inc. resulted in 100 million individual records being stolen.
Electronic medical records are a treasure trove of data and fetch a price 20 times more than that a stolen credit card numbers. The cost for the U.S. healthcare industry is $6 billion dollars annually, with the average data breach costing a hospital $2.1 million.
According to a study by the Ponemon Institute, healthcare organizations average about one cyberattack per month with more than half of all organizations surveyed saying they experienced at least one cyberattack in the last 12 months.
Organizations major concerns are system failures (legacy software and devices are common), unsecured wearable biomedical technology that puts patients at risk, and something that other industries face – BYOD (bring your own device) – as employees increasingly using their personal devices for work-related activities. One of the real threats is that hackers can compromise healthcare mobile apps and expose confidential medical records.
Stop by to visit the Avast Virtual Mobile Platform booth at HIMMS16
This week, cybersecurity in healthcare is a major discussion point at the Healthcare Information and Management Systems Society 2016 Conference in Las Vegas. Avast Virtual Mobile Platform (VMP) will demonstrate how hospitals, insurance companies, and others can use Avast VMP to ensure secure, HIPAA-compliant access to mobile apps such as instant messaging, EHR, document storage and more. Avast will also demonstrate how VMP uses virtualization to instantly secure healthcare mobile apps.
*Ransomware commonly enters a computer system when a user is tricked into clicking an infected link in an email or an infected ad on a website. The ransomware then locks all the files in the system and demands money for a key that will unlock the files.
Locky ransomware is dead, long live Locky
Even if Locky is no longer a hot news story, the financial success of this ransomware for the cybercriminals means that it – or a new and improved version of it – will be coming around again. Here are four lessons to be learned from the latest round of ransomware.
The post Locky ransomware is dead, long live Locky appeared first on Avira Blog.
CTB-Locker Ransomware Spreading Rapidly, Infects Thousands of Web Servers
In last few years, we saw an innumerable rise in ransomware threats ranging from Cryptowall to Locky ransomware discovered last week.
Now, another genre of ransomware had been branched out from the family of CTB-Locker Ransomware with an update to infect “Websites”.
The newly transformed ransomware dubbed “CTB-Locker for Websites” exclusively hijacks the websites by locking out its data, which
New Silverlight Attacks Appear in Angler Exploit Kit
Exploits targeting a patched Silverlight vulnerability have found their way into the Angler Exploit Kit and victims are being hit with TeslaCrypt ransomware.
IRS Warns Tax-Related Phishing, Malware Surging
The IRS warns businesses and consumers about a significant increase in tax-related phishing and malware attacks.