News Posts matching #RansomWare

Return to Keyword Browsing

Cybersecurity in 2019: Ransomware up 41% in the US Alone, Average Decryption Price in December 2019 set at $190,946

A Report via the New York Times paints an increasingly challenging picture for security specialists, technology users and businesses. Security firm Emsisoft reported a 41% increase in ransomware attacks in 2019 (in the US) compared to the previous year (up to 205,280 distinct attacks). The advent of cryptocurrencies with built-in anonimity, such as Monero, have become the favored extortion method employed by wrongdoers, shielding them from the usual checks and balances of the banking system. And with increasingly complex tools in the hands of hackers, plus the advantage of first strike new attacks enjoy, ransomware is becoming harder and harder to battle. According to the New York Times, citing security firm Coveware, the average payment for file decryption in 2019 rose to $84,116 in the Q4 2019, double what it was just in Q3. And in the last month of the year, the average decryption payment jumped more than twofold to $190,946.

34 Companies Sign the Cybersecurity Tech Accord

34 different companies (which include Microsoft, Facebook, Cisco, Nokia, and Oracle) signed the Cybesecurity Tech Accord this week. The Accord, which is being hailed as the "Digital Geneva Accord", ratifies a new era of corporations' protection of customers, and a new way to engage and protect from cyberattacks. The biggest part of this? The pledge not to aid governments in performing any type of cyberattacks against customers. The usage of the word customers isn't an innocent one: a consumer is such in any part of the world, regardless of any given countries' definition.

The idea behind the Accord is to allow "public commitment among 34 global companies to protect and empower civilians online and to improve the security, stability and resilience of cyberspace." This is an effort from tech companies to distance themselves from all manner of centralized government power, and to place themselves in a new, customer-protective light. At the same time, companies are looking to engender a coordinated response to global-scale ransomware attacks, such as last years' WannaCry and NotPetya events. "The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together." said Microsoft President Brad Smith. "This tech sector accord will help us take a principled path towards more effective steps to work together and defend customers around the world." You can read the entire post on the mission and signing of the Accord after the break.

PUBG Ransomware Forces Users to Play PUBG to Decrypt Their Files

MalwareHunterTeam recently discovered the PUBG ransomware that is currently floating around the internet. When executed, the pesky program would encrypt the files and folders that are located on the victim's desktop and add the ".PUBG" extension to them. While meant to be more of a joke than actual malware, the program demands that the victim play PUBG for an hour. Nevertheless, users can decrypt their files in two ways. They can introduce the "s2acxx56a2sae5fjh5k2gb5s2e" code into the program and proceed to restore their files or launch the PUBG executable for three seconds. MalwareHunterTeam noted that the program runs a background check for a "TslGame" process, and therefore users can rename any executable to TslGame.exe and trick the malware into thinking that the fake executable is the real deal.

Weekend Reading 101: On Ransomware's Chains and Carbon Black's Report

Carbon Black, a cybersecurity company that's been founded by former members of the U.S. government's elite team of offensive security hackers, has released a report detailing the continued rise of ransomware's impact, which served as the fire-starter for this piece. Carbon Black's Threat Analysis Unit (TAU) has found that ransomware is an increasingly prolific economical entity, bolstered by a 2,502% increase in sales in the dark web. As with every activity, legal or illegal, the economic footprint follows profit; and in ransomware's case, it's estimated it has yielded around $1 billion just this year. Ransomware even has the advantage of not requiring specialized computer skills, and can be quickly and brainlessly deployed in search of a quick buck.

Carbon Black reports that there are currently more than 6,300 ransomware marketplaces in the dark web, with over 45,000 different product listings, which range in price from $0.5 to $3K (the median price for a DIY ransomware package stands at roughly $10.5). Ransomware sellers are taking advantage of this burgeoning, "quick buck at anyone's expense" reasoning: some ransomware sellers are earning more than six figures yearly, sometimes even more than legitimate software companies. It's no surprise, however that the report points to technologies such as Bitcoin and the Tor network as being two of the most important enablers in this ransomware explosion, besides making it much more difficult for law enforcement agencies to, well, enforce the perpetrators.
To our Forum Dwellers: this piece is marked as an Editorial

Where's My Bitcoin? "Cerber" Ransomware Starts Stealing Cryptocurrency Wallets

"Where's my Bitcoin?" is a question no miner, investor or mere user in the cryptocurrency ever wants to have to ask. There's always someone willing to take advantage of someone else's hard work or subjection to risk in order to increase their own value; and if there's something years of cyber security have told us, is that hackers seldom lag in picking up new sources of undeserved revenue. So it was only a matter of time before general purpose ransomware started seeing updates so as to take advantage of the newer trends in valuable assets. Enter cryptocurrency. And you can probably guess the rest of this piece.

The new, updated Cerber ransomware routine now not only encrypts a user's files, it also looks for some specific, known Bitcoin wallet applications (namely, and as of time of writing, Bitcoin Core, Electrum, and Multibit), copies them to an external server controlled by the hackers, and proceeds to delete them from the user's PC. Naturally, Cerber also has a routine that handles copying passwords that are stored in your browser of choice. The wallet stealing and copying isn't much of a concern per se; there are additional security measures in any given wallet before the hackers can access their potential treasure trove of cryptocurrency. However, many people also keep files with passwords or some such on their computers; and could be doing a disfavor to themselves by not keeping another copy of their wallets on a secure, non-internet connected hardware wallet, or even USB pen. Naturally, a user who kept the password for their wallet on their system is vulnerable to the entire "ransomware" portion of the Cerber malware; and if someone doesn't even have another copy of their wallet but keeps an ungodly amount of value in it, could very well be facing losses towards the entirety of their wallet. Definitely not a good place to be.

Several Critical Ukrainian Targets Hit by "Petya" Ransomware, Fear of Outbreak

After last month's WannaCry outbreak (which persisted in its effects as recently as last week), we now have a new variant of ransomware infecting PCs across Europe. The outbreak seems centered in Ukraine, where several government facilities and critical pieces of infrastructure have been shutdown due to the attacks. The Ukrainian government seemed almost defiantly optimistic, posting this decidedly awesome response to twitter during the attack.
Return to Keyword Browsing