Cyber security expert on new online threat called ‘Reaper’

Reports of a scary new threat to your online security called, Reaper, have come out just in time for Halloween. Robert Jorgensen, a Professor at Utah Valley University, joined Brian Carlson to explain what that means for you.

A botnet is a collection of computers or internet connected devices that have been compromised by an attacker to be used for nefarious purposes. Each device is called a zombie, and it basically acts like it should until it is issued commands. These commands can instruct the devices to send spam or even attack other computers.

So, what is Reaper?

It is a name of a new botnet that is currently spreading through the “internet of things”.

Initial estimates of how many computers are in this botnet were in the millions, but now most researchers say it is about 30,000. Right now it doesn’t seem to be doing much of anything but spreading and waiting.

Last year, the Mirai botnet took out Reddit, Netflix, Twitter, and other sites. This one has the potential to do something similar, especially if it takes over more devices.

Jorgensen recommends updating your devices to protect yourself. When getting new devices during Black Friday and while doing other holiday shopping, check to see if there are updates from the manufacturer. If the device has a default password, change it to something unique.

For more details, read here.

Author: Brian Carlson

What is BAD RABBIT? Ransomware paralyzes train stations, airports and media in Russia and Europe

“An advanced cyberattack has hit media outlets and infrastructure in Russia, Ukraine and Eastern Europe, causing mass disruption

Cybersecurity researchers from Kaspersky described the malware, dubbed Bad Rabbit, in a blogpost on Tuesday, October 24. They explained how the previously unknown malware takes control of computer systems and encrypts data so that people.

Security researchers are comparing the Bad Rabbit ransomware to WannaCry, which disabled 300,000 computers earlier this year.

“Currently, it’s unclear as to whether or Bad Rabbit will be able to reap the same damage as WannaCry, but undoubtedly businesses will be holding their breath,” Jamie Graves, CEO of security firm ZoneFox, said in an email to Newsweek. “This highlights the need for a robust security posture, based on both technology and education.”

Victims of the Bad Rabbit ransomware include the Kiev Metro and Odessa International Airport in Ukraine, as well as Russian news agency Interfax and other media organisations.can’t access it.”

For more details, read here.

Author: Anthony Cuthbertson

1,200 Football Players’ Personal Data Exposed In NFL Leak — Colin Kaepernick Included

But that’s what has happened, in a data leak from the website of the NFL Players Association that affects as many as 1,135 football players. And hackers may now have access to all that information, a security expert warned Tuesday.

Ostensibly, hackers had found the database, attempted to lock it up and demand payment to open it. That ransom note contained the threat that hackers would release information from the database to the public unless 0.1 bitcoins (worth approximately $428) was sent to their wallet. It’s unclear if the ransomware attempt was successful; the bitcoin wallet had not received any funds at the time of publication.

For more details, read here.

Author: Thomas Fox-Brewster

New Locky-Variant Ransomware: What MSPs and MSSPs Need to Know

As an IT professional, you know how relentless ransomware attacks have become in today’s landscape. Recently, a variant of the notorious Locky ransomware has become part of a large-scale email-based campaign managing to slip past the defenses of some unsuspecting companies.

On August 9, the first campaign of a massive, worldwide ransomware attack was detected—and 62,000 phishing emails related to the attack have been identified as of last week. This new Locky-variant continues to unfold, powered from more than 11,625 distinct IP addresses in 133 different countries (the top five being Vietnam, India, Mexico, Turkey and Indonesia). As an MSP, here’s what you need to know about this new Locky-variant ransomware and how you can ensure you and your clients can remain protected against it.

Looking Out for Locky

Locky is a common type of ransomware that emerged in 2016 and has since been utilized in a wide range of cyber attacks. However, this new variant is one we have not seen before. So, how exactly does this variant work and what should MSPs be aware of from a cybersecurity standpoint?

The main way this Locky-variant is spread is by social engineering. Through phishing emails, users are tricked or induced into opening a docx, pdf, jpg, zip or other file containing the ransomware called “IKARUSdilapidated,” after a phrase that appears in the code string. If the user follows through and opens the attached file, the ransomware then takes over.

From here, all files that match particular extensions are encrypted and filenames are converted to a unique 16 letter and number combination with the .locky file extension. After the files are completely encrypted, users are given instructions for downloading a Tor browser and directed to a site on the dark web where the cyber criminals demand a ransom payment of up to one bitcoin (which equates to over $4,000).

Many endpoint protection solutions have been updated to detect Locky ransomware, however, this variant is able to slip past certain tools because it is so new. Thus, as a new ransomware variant, it is read as an “unknown file” and is allowed entry by organizations not using a “default-deny” security posture (which denies entry to all unknown files until it is verified that they are safe to enter the IT infrastructure), making it more difficult to detect and remediate.

On the Pulse of Ransomware as an MSP or MSSP

For MSPs offering security services to small- and medium-sized businesses (SMBs), or those looking to make the transition to MSSP, it is vital that you properly educate your clients and provide the right tools to minimize the serious risk at hand. While antivirus and firewalls are incredibly effective in reducing risk, your clients need a more robust security solution in place to defend against the increasingly dangerous threat landscape. For this particular type of ransomware attack, an effective security posture is needed to detect and respond to threats, as well as block all unknown files from the IT infrastructure until they are verified as safe.

Unfortunately, no matter how strong the security solutions, attacks will continue to slip through the cracks. Therefore, MSPs and MSSPs who are looking to fully-protect their clients must implement a proper, reliable backup and disaster recovery (BDR) solution with online and offline backup solutions as the ultimate failsafe against successful attacks.

Pro-Active Partners: Our system already protects against these attacks. Additionally, we use real-time anti-phishing capabilities to protect against initial phishing emails and phishing sites.

Ransomware is growing, are you prepared?

The damage caused by global ransomware is predicted to exceed $5 billion in 2017, according to researcher Cybersecurity Ventures. Up from $325 million in 2015, the costs represent not just the amount of the ransom, but also the costs of downtime and lost productivity.

Ransomware is any type of malicious software that infects a computer and either prevents it from working as it should or prevents access to certain files until the user pays a ransom. Typically, the hackers behind the ransomware demand bitcoin — a type of digital currency that is difficult for police to trace.

Businesses of all sizes have become targets of ransomware, as it can infect not only personal computers, but also entire networks and servers.

Read more details here.

Author: Rggie Dejean

Destruction of service: How ransomware attacks have changed

The latest wave of ransomware attacks, including WannaCry, Petya and NotPetya, show not only an increase in sophistication of these types of attack, but also a change in motivation. Although NotPetya is ostensibly a ransomware variant, the threat actors appeared to have no interest in making money, and were more concerned about damaging companies by disrupting operations.

Now dubbed destruction of service, this latest trend is something I’ve been concerned about for a while, having tested many companies’ internal networks and witnessing firsthand how vulnerable they are.

A different kind of ransomware

Getting malicious software inside a company’s network is quite easy — an email phishing attack usually works.

However, NotPetya also appears to have spread by compromising M.E.Doc, a Ukrainian financial services software maker, and then altering an automatic update to include NotPetya, delivering it to every client. The vast majority of antivirus and antimalware software was unable to detect the malicious content. It then restarted the victims’ machines, encrypting the data, and then overwriting the master boot record with its own custom loader. Once this process was completed, the data on the machines was unrecoverable unless it could be restored from backup.

For a hacker who is concerned with destroying data and causing as much damage as possible, the next step is to give the ransomware variants the ability to spread.

Read more details here.

Author: Rob Shapland

Hacker Claims To Be Holding HBO Data For Ransom

“The persons behind the hack have already released a dump of a little more than 3 GB worth of data, the AP says — mostly internal documents about the company’s network, a month’s worth of email from one executive’s account, and a few draft scripts from Game of Thrones.

That’s a mere fraction — 2%, give or take — of the roughly 1.5 TB of data the attackers claim to have stolen. But included in that initial dump was a video addressed to HBO CEO Richard Plepler.

That video, which the AP describes as “swaggering,” gives Plepler an ultimatum: Pay up in three days, or else we release all of it.

The hackers are demanding the equivalent of 6 months of their salary for ransom. And what is the annual salary of a hacker criminal, you may wonder? They claim their annual take from extortion is $12-$15 million per year — so they basically want at least $6 million worth of bitcoin.”

Read more details here.

Author: Kate Cox


“Mobile ransomware has risen by over 250 percent during the first few months of 2017, according to a report Monday by the security firm Kaspersky. The publication of the cybersecurity statistics, which revealed that the U.S. is the country worst affected by the issue, comes as experts warn of a ransomware epidemic in the wake of the WannaCry cyberattack.

The Kaspersky Lab Malware Report for the first quarter of this year revealed that the number of mobile ransomware files detected had reached 218,625, compared with 61,832 in the previous quarter. Devices compromised by ransomware mean the owner must pay a ransom in order to recover their data.

The threat is most often associated with computers, but Roman Unuchek, a senior malware analyst at Kaspersky, said the report should serve as a reminder that attackers are not only targeting PCs but also mobile devices. “The mobile threat landscape for ransomware was far from calm” during the first three months of 2017, he said.”

Read more details here.

Author: Anthony Cuthbertson

Google Warns Ransomware Boom Scored Crooks $2 Million A Month

“As the ransomware scourge calms down for the summer holidays, Google has taken a retrospective at that particular pesky form of cybercrime, finding it only become massively profitable in the last year and a half.

That was largely thanks to two forms of ransomware, Locky and Cerber. They’re the illicit market’s kingpins that really came to life in 2016. With those and a handful of lesser ransomware families, criminals were making in excess of $2.5 million every month, according to the research, produced alongside researchers at University of California San Diego, New York University and blockchain analyst firm Chainalysis.

Compared to the $140,000 made by WannaCry and $10,000 by NotPetya, both of which have been deemed destructive in nature and possibly the produce of nation state hackers, the figures are astronomical. “They [WannaCry and NotPetya] were clearly not interested in cashing out the money,” noted Luca Invernizzi, research scientist in Google’s anti-abuse team.”

Read more details here.

Author: Thomas Fox-Brewster

Cisco Security Report: 34% of Service Providers Lost Revenue from Attacks

“A new type of security threat — “destruction of service” (DeOS) attacks, which could eliminate companies’ backups and safety nets — could cause way more damage to businesses than ransomware.

This is according to Cisco’s 2017 Midyear Cybersecurity Report in which the company coined the term DeOS attack. The report says the Internet of Things (IoT) increases attack surfaces and the potential scale and impact of these threats.

Researchers sampled 300 companies over a four-month period and found that three prevalent spyware families (Hola, RelevantKnowledge, and DNSChanger/DNS Unlocker) infected 20 percent. On a monthly basis, these three infected more than 25 percent of all organizations.

Attacks on service providers may interrupt their core business and hurt the bottom line: 34 percent of the service providers said they’d lost revenue because of attacks in the past year. And 30 percent said they lost customers or business opportunities because of these attacks.”

Read more details here.

Author: Jessica Lyons Hardcastle