close

Internet Security

Internet Security

What is WannaCry and How Does Ransomware Work?

What is WannaCry and How Does Ransomware Work?

Ransomware is a type of a cyber-attack that has affects a computer system allowing hackers to take control of it and blocks all access to it until a ransom is paid by the users. To gain access to the system, the cyber criminals have to download harmful software onto the device that’s in the network and they often do this by tricking the users in clicking a link that downloads it onto the system.

Through the downloaded software already on the system, the hackers can Ransomeware attack all of the user’s files that it can find within a network and lock it. This is usually a gradual process where the files are encrypted one by one.

Big companies with elaborate security systems are able to identify this occurring and can single out documents to reduce the damage. However, individual users may have a hard time due to lack of such security systems which could result in losing out on all of their data.

Once all the files are locked, cyber criminals demand for a payment to be made in order to unlock the files on the victim’s computer. The payment is usually asked to be made in the form bitcoin which is the online cryptocurrency.

WannaDecryptor – What is it?

WannaDecryptor is also known as WannaCry or wcry for short and is a specific ransomware program that locks all the files and data on a system and only leaves two files for the user. One being the set of instructions on what to do next and the other, the WannaDecryptor program itself.

When opened, the ransomware software tells the user that all their files have been encrypted and gives them a few days’ time to make a payment failing which their files will be deleted. Ransomware asks for the payment in Bitcoin, giving instructions on how to purchase it and also provides a Bitcoin address to send the payment to.

Most of the computer security companies can bypass the ransomware software with the help of ransomware decryption tools that they have. This was used in a wide-scale cyber-attack that affected many big organisations across the world, a few being the NHS and the Telefonica in Spain.

Protection against Ransomware

In order to be immune to the ransomware attack, one must back up all the files in a completely separate system. Hence, in the future, in case of an ransomware attack, no information or data will be lost.

It is difficult to stop the hackers before they launch a ransomware attack but a few precautionary measures could be taken. The cyber criminals need to download the harmful software onto the user’s computer, phone or any other connected device. Very often, the hackers install the virus through infected emails and websites.

For example, the attackers could send a phishing email to an employee posing as if it’s a mail from their boss, asking them to check out a link. But it actually links them to a malicious website that secretly downloads the virus onto the system. A device can also get infected by downloading a harmful program or application or just by visiting a website that contains infected advertisements too.

The best approach to prevent such ransomware mishaps is to be cautious of unsolicited emails and rather than clicking on the link. The website can be checked out by typing out the web address in another window.Another precaution is to make use of antivirus programs that can scan a file before it is downloaded, block secret background installations and search for malware that may already be present on the computer.

Sophisticated and elaborate defences have been developed by cyber security companies which include machines that fight against the hackers once spotted on a system. The Antivirus should be updated on all the systems and the latest software patches from Microsoft should be downloaded.

One can also ensure that smart screen (in Internet Explorer) is left turned on which assists in spotting reported phishing and harmful websites, thus helping the user make reconsider before making any downloads. A pop-up blocker is also useful as it automatically blocks unwanted websites from opening automatically. For higher security, the security tools available on the IT ministry website can be used.

What Should Ransomware Victims Do?

Though there is no permanent solution to the problem, there are a few blind spots that one could take advantage of to either control the damage or prevent it from spreading.

According to Cert-In, the system’s user should immediately disconnect it from the internet to prevent it from spreading to other systems. Since the ransomware encryption is done one file at a time, the user should immediately make an attempt to back up the remaining files in order to try and salvage as much data as one can.

If all the files are found to be locked, it is advisable for the victims to refrain from paying the ransom as it will further encourage the hackers. Even if the payment is made, there is no surety that the files will be returned to them intact. The best thing to do in such a situation is to restore all the files from the backup that was created. If that is not possible, there are some tools available that help recover a part of the lost information.

What is Bitcoin?

Often hackers demand payment in the form of Bitcoins usually between 0.3 and 1 Bitcoins, which is £400 – 1,375, but there is a possibility that they can demand a payment in dollars but made via Bitcoin. Cyber criminals usually demand payments through this digital currency since it is unregulated and practically untraceable. Although it is impossible to trace, the amount of the payment made is however public information. The amount may seem small to charge, but these ransomware attacks are wide-spread, so the payments altogether can be a huge amount.

Kill Switch

To prevent the spread of WannaCry, a Cyber-security researcher discovered a “kill-switch”, which was in fact by accident. The researcher, a twitter user,tweeted that the registering of a domain name that was by the malware, stopped itsspread. However, it did not help the computer systems that were already affected by this ransomware attack. He also warned that the threat was not yet fully averted as the culprits behind this ransomware attack could come up with a new way by changing the code and trying again. He warned users to update the patches on their systems since the attackers would definitely try again.

read more
Internet Security

Don’t fall for This Computer Virus Scam!

Don’t fall for This Computer Virus Scam!

Undoing the menace of online fraud  Scam

Scams have become a menace these days, affecting millions of computers worldwide. This has also resulted in unnecessary fear amongst people with panic gripping many of the internet users. Taking advantage of the turmoil, scammers have found a new way to swindle off money by luring people into buying fraudulent anti-virus software.Frequent spam emails, adware pop-ups and high pressure sales tactics is the new modus operandi of fraudsters operating online. Very often, users are tricked into sharing confidential information which is then used to loot money from people’s bank accounts.

Unveiling the latest tricks to Scam People

There’s a new trend in market which is catching people off guard is the use of sudden pop-up advertisements.  These ads pop up whenever someone visits a website or scrolling through a webpage, showing a fake warning that the user’s computer has been affected by malware and needs immediate repair. The fraudsters design the whole procedure in such a manner that one cannot hardly differentiate them from the legitimate ones.

These advertisements prompt the user to call some servicemen to deal with the virus issue. Most of the time, novice users fall prey to such social engineering tactics and gets convinced by scamsters that their computer is infected by malicious software. Once the user grants access of their computer to these conmen, they install certain spyware and adware instead of legitimate anti-virus software and gains access to all of user’s personal information and financial transaction.  Aged people and inexperienced users are usually the soft targets of these scam.

FTC in action

The US government have started their operation against such scams/fraudsters after noticing large increase in internet fraud. The Federal Trade Commission which the chief regulatory body in this regard, is doing all in its capability to book the culprits behind the scam. Pam Bondi, the attorney general of Florida who is known to be operating closely with the Federal Trade Commission has told users to remain alert and report such crimes whenever they occur.

About 16 new enforcement actions by the FTC are said to be in the process of implementation to nab the conmen. Till now, the commission has received more than 96,000 complaints in this regard with people getting conned for a total amount of $24.6 million.

The FTC is working closely with internet giants like Apple and Microsoft to device ways to protect people from such internet scams and frame charges against the scamsters.  Whenever users call numbers given in the pop-up advertisements, they are usually greeted by telemarketers who tries to convince that they are certified servicemen from legitimate companies like Apple and Microsoft. In this way, it’s easy for them to gain trust of the internet users.  FTC warns people not fall for such social engineering tricks and instead call up service centers of Microsoft and Apple directly. It has also warned against replying to spam emails pretending to be from authentic sources.

read more
Internet Security

Should You Pay the WannaCry Ransom?

Should You Pay the WannaCry Ransom?

Is it right to pay the WannaCry Ransomware to get data back?

Last Friday a major ransomware based cyberattack was launched on global scale which left hundreds of computers infected with the WannaCry. Security experts had advised the users to update their Windows in order to minimize the threat of the ransomware. However the major question which is being tackled by the infected users is ‘whether to pay up the ransom or not’?

Most of the security experts had put forward the advice that one shouldn’t pay the ransom in any given scenario. For a number of users paying a sum of $300 isn’t too much to get back their encrypted data stored back to its original state. But paying ransom will only made the attackers resolve stronger and they will be compelled to bring much higher level of threats which can lead massive financial and other losses.

Paying isn’t the right course of action

The people behind the WannaCry ransomware has set up a number of digital wallets to track the Bitcoin payments made for the ransom and it shows quite a number of people are willing to part with their money in order to get their data back. A number of security experts have stated that these people are dealing with the criminals and they shouldn’t expect the honest transaction. The reason behind such statement is that on analyzing the WannaCry it was found that its design doesn’t offer any promises of regaining the access to the files in any way even after paying the ransom.

A UK security firm called Hacker House experts has stated that a usual ransomware works by encrypting all the data present on the computer then asks for a ransom. When the ransom is paid then hackers tend to provide the key which helps in decrypting the data but in case of the WannaCry it requires a manual human operator to activate the decryption process.

 

In simple words paying the ransom will not result in getting back the encrypted data to its original form in any manner in WannaCry hacking. Security researchers had tried to get in touch with the people behind the WannaCry ransomware but they had remained silent. Therefore when the victims try to contact the WannaCry hackers in order to get the key for unlocking the files then it’s doubtful that someone will heed to them.

What you should be doing instead?

WannaCry has mainly targeted the business networks on the global scale by exploiting the vulnerability present in the Windows operating system. All those users who had been affected by this WannaCry ransomware should note that they are not likely to get their data back unless they had backed their data on a spate device earlier.

Therefore people should make a habit of backing up their files on a spate device or a different machine on a regular basis. It is also possible to get rid of this WannaCry ransomware from the device or system but the process is certainly isn’t a straightforward one. A technical support website called Bleeping Computer has set down a guideline for removing the ransomware but it involves downloading of some specific programs.

read more
Internet Security

Internet Security: Flaws in Most Secure Email Service

Internet Security: Flaws in Most Secure Email Service

BBC reveals that even the most secure email service has a ‘flaw’

We live such an age where threat to privacy is rising at an alarming level and a number of tech firms and service providers jumped on the wagon bringing the coveted ‘internet security’ to the consumers. BBC has exposed one such email service provider named Nomx who claimed to be world’s most secure email platform. This small personal email server firm has claimed to offer absolute security to the consumers but it failed to live up to the rigid expectation after undergoing a BBC Click investigation.

This email service is created by an entrepreneur named Will Donaldson who popularized his platform as being the most secure communication protocol in the world for safeguarding the email messages. In its defense Nomx has stated that the test conducted to declare its security has been done its very own gadgets.

Exposing internet security in self-proclaimed ‘secure email service’

BBC Click brought on board Scott Helme, a security researcher and Prof Alan Woodward, a computer security expert from the University of Surrey. These men were given the task of analyzing whether the email messages sent over this platform is secure against the rampant hacking, interception and other attacks.

The personal email server is sold at a price of $ 199 to $399 and in all its marketing communication it has been proclaimed that this service is specifically designed to offer highly secure email communication capability to the consumers.

Two major issues were found in the Nomx which includes software packages running on very old version and harboring a massive amount of unpatched security bugs and the presence of low-key default passwords functionality.

choose the updates for internet security

BBC Click investigation findings were welcomes by the Nomx management and they were happy at getting the list of vulnerabilities. Addressing the issue emerging from the use of old software Nomx explained that it will be bringing frequent updates to its platform which will allow users to choose which updates to apply on their device.

Nomx will not be forcing the users to install all the updates as updates are also known to introduce vulnerabilities & limits internet security therefore it will selectively allow users to pick, choose and install updates whenever they are made available.

The default passwords as well as names provided by the Nomx were introduced in a bid to make it easier for the users to set up their device. Users are always encouraged to change them once the device perfectly set up for using the email communication portal.  On other hand security researchers have found the set up process quite complex and they were not asked to change the password or pick a new one at any given point of time.

Nomx has also contested against the finding revealed by the BBC Click investigation by stating that the way device was tested for Nomx is completely unrealistic. Furthermore it was also established that the internet security of the users were never at risk and attack showcased by the security researchers was simply ‘non-existent’ for the Nomx users.

read more
Internet Security

Internet Security: Hacker Documents Show NSA Tools for Breaching Global Money Transfer

Internet Security: Hacker Documents Show NSA Tools for Breaching Global Money Transfer

We are living in the age of computer and digital technology has embraced the society in such a way that a person or organization find it quite difficult to get anything be done, without a bit of computer touch. The computer and the internet technology have paved the way for some other developments in almost every sector, which are the integral part of an individual, as well as, for the society itself but the Internet Security is the big concern for every individual.

Like other sectors, the use of computer and the internet have made the banking sector faster and diversified, which help their potential customer to get the best service of any banking issue. It is now known to all that the erstwhile service of the bank, such as; deposit and withdrawal of money on the manual manner, have now become obsolete and the computerized services are available in almost every bank, even in the remote areas.

Now, one can easily avail the net banking system of the bank, which allows the client of any bank to operate his own account from his own office or home, just with the help of a laptop, tablet or smartphone, which are having the facility of the internet. While we are considering the internet banking system, the very first thing that comes to our mind is the Internet Security, which ensures the safekeeping of our hard earned money, deposited in the bank.

Important issues to be noted in Internet Security

Very recently, an alarming issue came out, where some hackers released some documents and files that provide the blueprint of how the famous U.S. National Security Agency are using the weak link in any commercially available software that may help in gaining access to the all important global system for the transfer of money between various banks. According to documents, revealed by a group, named Shadow Brokers, indicated that NSA had already accessed the SWIFT mode of money transfer system through different service providers in the Latin America and Middle East region in Asia.

It is a great threat to the Internet Security, so far the banking sector is concerned, as the internet banking cannot be considered as the safest possible banking operation in this kind of situation, which is now being considered as one of the major issues in this sector. It is stated by experts of the cyber security that some screenshots have indicated some of the SWIFT affiliates had used Windows servers, which were vulnerable in 2013, to the Microsoft exploits and the conclusion made that the NSA had taken the advantage of this loopholes in the Internet Security.

Conclusion

It is reported that NSA has targeted, not one but nine computer servers at EastNets, one Dubai-based bureau of services and SWIFT contractors, as claimed in the documents, released by the Shadow Brokers. The documents also revealed that NSA has used some of the code to inquiry the important Oracle database and SWIFT servers, handling the transactions, which is a real threat to the Internet Security, which needs to be noted and corrected for getting the optimum security of the banking system.

 

read more