City of Riviera Beach Florida pays ransom

[Solaris17]

Just another (of several) cities that have been hit with ransomware.

Florida city to pay $600K ransom to hacker who seized computer systems weeks ago

A Florida city is paying $600,000 in Bitcoins to a hacker who took over local government computers after an employee clicked on a malicious email link three weeks ago.

www.cnn.com

This time an employee clicked on a malicious email link. Which is actually one of if not the most common method of infection regardless of payload type.

What are Ransomware Attacks?

Explore the most common attack methods for ransomware, including software vulnerabilities, brute force attacks, and more.

www.paloaltonetworks.com

Personally, think this comes down to employee training and of course mitigation. Since it spread so quickly I'm going to go on a limb and assume the machines were not properly protected. But informing staff not to do stuff like this is important.

Remember folks business are not the only ones targeted. If something seems to good to be true, like fedex is holding a package etc. Ask yourself if you bought something, or give them a call.

 

[Bill_Bright]

Personally, think this comes down to employee training and of course mitigation.

I agree 100%. However, some of these bad guys are extremely clever and their emails and links often do look very authentic. I think training is essential, but user discipline is even more so. Ever seen Doctor Who when he comes across a bunch of buttons and levers? He (now she) just can't resist pushing them. But of course, that's TV.

Remember folks business are the only ones targeted.

Well, that's not true. Regular home computers are regularly too. I frequently get official looking notices from banks and credit cards (some I don't even have) notifying me of "suspicious behavior" or my account is locked, click here and enter my information, etc. etc.

Generally, with a little education (and good self-discipline) these "socially engineered" methods of malware distribution are easy to spot.

​

If the salutation is "Dear Customer" or "Dear Member" and not your real name, it's likely a scam.​

If the email is addressed to "Undisclosed recipients" and not your real, registered email address, it's likely a scam.​

If there are missing periods, extra commas, extra spaces, misspelled words, incorrect verb conjugations or other grammatical errors, it is likely a scam.​

Ask yourself if you bought something, or give them a call.

Or use your regular methods of accessing the site. For example, if you get an official looking notice from Well Fargo bank, for example, about something wrong with your account or credit card, don't click any links in that email. Delete the email then visit www.wellsfargo.com and log in there. If a problem, you can find out there - assuming you have an account there.

Generally, my advice is to give these emails all the attention they deserve - that is, none! Don't open it, just delete it.

 

[Solaris17]

Sorry that was a quote to something I mis typed. I meant they were "not" the only ones targeted.

 

[kid41212003]

Happened to my company 2 months ago. We didn't pay the ransom of course. Took us more than a month to completely recovered. Absolutely a nightmare. Luckily, we'd transited to a cloud-based ERP system last year. Otherwise, it would have been even worse...

 

[lexluthermiester]

Personally, think this comes down to employee training and of course mitigation.

Exactly this. People are not being taught secure computing ethics and methodologies. Though realistically, the simple "When in doubt don't and doubt everything." is a school of thought that would go a long ways.

 

[the54thvoid]

Mobile scam emails are getting more advanced as well. On desktop/laptop you can hover over the URL's to see the real link destination. On email, it's not so easy.

But yeah, if it doesn't say your name in the intro, 99.9% scam.

 

[R-T-B]

But yeah, if it doesn't say your name in the intro, 99.9% scam.

Dear Sir/Madam,

Help free me from this prison, they have trapped me in a cage and make me send spam emails for food. Please, write my family, tell them I love them. Even if escape is impossible I must let them know I have never forgotten them.

Sincerely,

-The Long Lost Nigerian Prince

[FILTERED TO SPAM]

Sorry, I is feeling goofy this morn.

 

[jaggerwild]

Did you see where the NSA has a hack(they never released its name), but some how someone in Russia got a hold of it LOLZ!. Oh and there using it now on US based companies, of course the NSA won't say if it's there's............

 

[trparky]

Does anybody know exactly what kind of ransomware was used to target them? Something custom or one of the more common ones you generally find floating around the seedier sides of the Internet?

 

[R-T-B]

Does anybody know exactly what kind of ransomware was used to target them? Something custom or one of the more common ones you generally find floating around the seedier sides of the Internet?

My guess is if they "opened an email" it could be any generic cryptolocker malware.

 

[trparky]

What? Has no one heard of https://www.nomoreransom.org?

That web site I mentioned above has free decryption tools that can be used to decrypt most of the more common ransomware. Oh, and did I mention it's FREE? So unless it's a custom ransomware attack that targetted you specifically, you can probably find a decryption tool on that web site, recover your data, and not pay a dime.

 

[Solaris17]

What? Has no one heard of https://www.nomoreransom.org?

That web site I mentioned above has free decryption tools that can be used to decrypt most of the more common ransomware. Oh, and did I mention it's FREE? So unless it's a custom ransomware attack that targetted you specifically, you can probably find a decryption tool on that web site, recover your data, and not pay a dime.

That’s not entirely true unfortunately while many older variants can be decrypted the modification of ransomware is easy and the variants mutate a lot. While the will certainly prove useful to the variants it covers, their are unfortunately many variants coming out often.

 

[trparky]

But considering that many of the tools presented on that site are written by the antivirus vendors and they themselves are encountering new variants of the ransomware as part of their malware research you'd think that they'd be updating their tools to decrypt more variants of that garbage. Well, at least I hope that would be the case.

 

[Solaris17]

But considering that many of the tools presented on that site are written by the antivirus vendors and they themselves are encountering new variants of the ransomware as part of their malware research you'd think that they'd be updating their tools to decrypt more variants of that garbage. Well, at least I hope that would be the case.

Your certainly right of course! But it can't be done for all variants, and others aren't so easily dencrypted.

 

[trparky]

Good point, I didn't think about that. You just have to hope and pray that you got hit by something that can be easily decrypted. But then again, if you were doing things right you'd not have been hit in the first place. But... yeah.

 

[moproblems99]

But considering that many of the tools presented on that site are written by the antivirus vendors and they themselves are encountering new variants of the ransomware as part of their malware research you'd think that they'd be updating their tools to decrypt more variants of that garbage. Well, at least I hope that would be the case.

The best chance you have in most cases is a flaw in the implementation of the encryption scheme they are using. Or they were stupid and embedded the key in the binary.

 

[lexluthermiester]

What? Has no one heard of https://www.nomoreransom.org?

That web site I mentioned above has free decryption tools that can be used to decrypt most of the more common ransomware. Oh, and did I mention it's FREE? So unless it's a custom ransomware attack that targetted you specifically, you can probably find a decryption tool on that web site, recover your data, and not pay a dime.

That’s not entirely true unfortunately while many older variants can be decrypted the modification of ransomware is easy and the variants mutate a lot. While the will certainly prove useful to the variants it covers, their are unfortunately many variants coming out often.

More to that, many of the new variants of ransomware have anti-tamper routines built in, so if you attempt to defeat them they become unrecoverable.

 

[delshay]

I agree 100%. However, some of these bad guys are extremely clever and their emails and links often do look very authentic. I think training is essential, but user discipline is even more so. Ever seen Doctor Who when he comes across a bunch of buttons and levers? He (now she) just can't resist pushing them. But of course, that's TV.Well, that's not true. Regular home computers are regularly too. I frequently get official looking notices from banks and credit cards (some I don't even have) notifying me of "suspicious behavior" or my account is locked, click here and enter my information, etc. etc.

Generally, with a little education (and good self-discipline) these "socially engineered" methods of malware distribution are easy to spot.

​

If the salutation is "Dear Customer" or "Dear Member" and not your real name, it's likely a scam.​

If the email is addressed to "Undisclosed recipients" and not your real, registered email address, it's likely a scam.​

If there are missing periods, extra commas, extra spaces, misspelled words, incorrect verb conjugations or other grammatical errors, it is likely a scam.​

Or use your regular methods of accessing the site. For example, if you get an official looking notice from Well Fargo bank, for example, about something wrong with your account or credit card, don't click any links in that email. Delete the email then visit www.wellsfargo.com and log in there. If a problem, you can find out there - assuming you have an account there.

Generally, my advice is to give these emails all the attention they deserve - that is, none! Don't open it, just delete it.

This is why I don't have on-line banking. My banks have pushed me many times year after year to go on-line & say I am protected, but I have refused to sign up. To tell you the truth, I just don't have the time to fill out forms if something go's wrong.

I have received emails in the past many times related to my bank account, but I already know it is false/fake emails because I don't have on-line banking.

I use telephone banking 24/7 fully automated with rolling security pin numbers. & if I need help will contact the helpdesk.

 

[Vayra86]

This is why I don't have on-line banking. My banks have pushed me many times year after year to go on-line & say I am protected, but I have refused to sign up. To tell you the truth, I just don't have the time to fill out forms if something go's wrong.

I have received emails in the past many times related to my bank account, but I already know it is false/fake emails because I don't have on-line banking.

I use telephone banking 24/7 fully automated with rolling security pin numbers. & if I need help will contact the helpdesk.

Online banking uses the same rolling security pin numbers, or has even better methods like 2FA. I can easily place more trust in my online banking security than I could ever get over the phone.

Those emails.. it is and has always been simple. Banks NEVER email you about anything account security related. They send letters.

I mean, you say you don't have time to fill out forms but I can guarantee you online banking will save more time than calling up for every little thing.

Some thoughts to consider, in the end its entirely up to you and I agree its a good thing that there are multiple ways to get service/things done!

 

[delshay]

Online banking uses the same rolling security pin numbers, or has even better methods like 2FA. I can easily place more trust in my online banking security than I could ever get over the phone.

Those emails.. it is and has always been simple. Banks NEVER email you about anything account security related. They send letters.

I mean, you say you don't have time to fill out forms but I can guarantee you online banking will save more time than calling up for every little thing.

Some thoughts to consider, in the end its entirely up to you and I agree its a good thing that there are multiple ways to get service/things done!

This is all about access. If you have something on your computer & you don't known it is there ie spyware then you have a problem. Your not going to get spyware on a normal phone, unless you are redirected.

 

[Grog6]

I was a system admin during the "I love you" virus attack; this was in the Win95 days...

I had several users that I made ghost images of their systems only because they couldn't stop themselves from opening the emails that said "I love you" in the freaking title.

In one case, I had just finished repairing one users system, and was walking down the hall, and heard her say "OOH! someone else loves me!"

I moved all her files to a server without write privileges, and deleted her IP address for a week.
I had to answer all her email, but it was mostly garbage anyway.

 

[Vayra86]

This is all about access. If you have something on your computer & you don't known it is there ie spyware then you have a problem. Your not going to get spyware on a normal phone, unless you are redirected.

The computer and the login aren't relevant anymore with 2FA. Its a temporary token login no matter what you do. Any bank that relies on a regular login detail set is doing it wrong. Its just a first line of defense.

And prior to 2FA, my bank used TAN codes - or as you use them over the phone: a temporary access number, supplied from a paper list with ID numbers. You get an ID number, you find the TAN code on your physical list, and use that for one specific transaction confirmation. Basically an early form of 2FA.

 

[trparky]

I remember the "I love you" worm. Honestly, if someone sent me that my first response would be... "Who the hell is this and why is he/she saying that they love me?" followed up quickly by the pressing of the delete key.

When that worm was going around the Internet I much younger than I am now and back then I had an inferiority complex if you catch my drift. I still sort of do still have one today in regard to significant others.

 

[Bill_Bright]

Trusting on-line banking is totally different from getting infected with ransomware. On-line banking can be trusted. There are even on-line only banks. The main reason I don't do on-line banking with my smart phone is I don't trust my smart phone. They can too easily grow feet and disappear and perhaps fall into bad guy's hands. For example, I discovered my last smart phone could not stay put on my back bumper for a short 10 mile ride!

But I use my PC to pay bills, transfer funds, and everything else. I use PayPal to send money to the kids. I have no reservations doing that.

The problem is scams from socially engineered emails and compromised websites. For example, I received the following the other day.

Looks pretty good but clearly has some telltale clues indicating it is fake (I count 7).

Other obvious clues:

It was addressed to "Undisclosed-Recipients:"​

It came from "no1warrior@comcast.net"​

I don't and never have had a Chase banking account or credit card.​

 

[trparky]

I count nine dead giveaways in that picture.

The reason I circled the "Verify Your Account" button is really two reasons, the word "Your" shouldn't be capitalized but the button is also sized weird. There's more space on the right side than there should be or at least the words aren't centered inside the box.