Tag Archives: businesses

Your Company Suffered 130 Security Breaches in 2017

The number of cyberattacks worldwide is growing at a dizzying pace. The latest to come to mind is Bad Rabbit, but there have been many others. This number goes hand in hand with the growing economic impact of cybercrime, as underlined by the recent report of Accenture and Ponemon Institute “2017 Cost of Cybercrime”.

The number of security breaches increased by 27%

Since the beginning of this study, in 2009, the number of cyberattacks has grown year by year. But the pace from 2016 to 2017 has been dramatic: on average, companies were successfully attacked 130 times on average. One of the main reasons for this high number was undoubtedly WannaCry and NotPetya.

The economic consequences of these and other security breaches, and the investment required to combat them, have meant an average cost for companies in excess of 11.7 million dollars.

Time is money

The study notes something that may seem quite obvious: the longer it takes to find a solution, the greater the economic impact of cybercrime. And the bad news is that, in general terms, that time interval is increasing. Although security officers have been able to respond more aggressively to DDoS and web-based attacks (twenty-two and sixteen days respectively), they increasingly need more time to implement mitigating measures for cyberattacks that use malware (fifty-five days vs. forty-nine as of 2016). Malicious software attacks, in particular, were the most costly for companies, reaching 2.4 million dollars.

Five keys to increasing the level of security in your company

The negative effects of a cyberattack can vary widely: data theft, reputation crises, economic losses, irreparable damage to equipment and technical infrastructure, etc. So it is important to take into account a series of measures to increase your company’s level of protection and minimize the impact of cybercrime.

  • Prioritize critical assets: It is unrealistic to think that the company can be one-hundred percent protected. An effective security plan is able to identify which assets are fundamental to the operation of the company and strengthen their defenses.
  • Build awareness with your employees: The protection of the company depends, to a certain extent, on their decisions. Properly your company’s workforce reduces, for example, the risk of suffering a social engineering attack.
  • Implement advanced cybersecurity solutions: These tools allow you to anticipate the malicious behavior of threats and to activate protection systems even before the malware is executed. For example, thanks to the continuous monitoring of all processes and the advanced prevention, detection and remediation capabilities of Panda Adaptive Defense, none of the clients equipped with our solution was affected by Bad Rabbit.
  • Make backups: Your company doesn’t only need backup copies; the data contained in these backups is critical and, therefore, must be protected correctly. Among other measures, these backup copies should only be accessed by those who expressly need it and access passwords should be sufficiently robust.
  • Have a coordinated security strategy: On numerous occasions, cybercrime is a form of organized crime. The defense must also be coordinated and highly organized.

The number of security incidents and the economic impact of cybercrime will continue their upward trend. It’s time to start thinking of cybersecurity as an investment, and not an expense.

The post Your Company Suffered 130 Security Breaches in 2017 appeared first on Panda Security Mediacenter.

Read More

Small business cybersecurity risks for 2018

About 99.8% of all businesses in the USA are considered small businesses. The Census Bureau and the Small Business Administration define small businesses as private companies having fewer than 500 employees. Roughly about 50% of the US workforce in the US is employed by small businesses. While this is a significant chunk of the US economy, this is arguably the most fragile one. Only one-third of the newly formed small businesses will survive ten years or more.

Being a small business in the sea of thriving competition means that you have to be spotless in everything you do as chances your business won’t last long are high – only about half of all new small businesses make it past the 5-year mark. Small business owners wear many hats and are known to be the most optimistic businessmen in the world. Even though the risks are there and your business could cease to exist in a blink of an eye due to a cyber-security issue or a lawsuit, being a business owner is probably the only way for you to get a piece of the American dream. So many people jump on the train!

While optimism is an integral part of being a leader, leaders do not rely on luck, they are cautious and always prepared. It has been estimated that half of the small businesses that suffer a cyber-attack go out of business within six months as a result. And your business could be the next victim.

Here is a top five of the biggest threats to small firms in the US for 2018.

Phishing attacks

The first, and probably the most common problem seen in small businesses, is seeing them falling for phishing scams. Those types of scams are as old as the internet, and you can avoid becoming a victim by educating your employees about the dangers on the internet, and by restricting their rights accordingly. Make sure that even if they want to harm your company devices, they won’t be able to succeed.

Ransomware

No one is safe; ransomware attacks happen all the time and companies from all sizes fall victims every day. Ransomware attacks could be easily avoided if all company systems are kept up-to-date, and they have quality anti-virus software installed. Always make sure that you regularly make backups of your company’s files and be very careful with the data that you open on your computer – use your anti-virus software to confirm that they are not malicious. Make sure you run regular educational cyber security seminars with your employees who have access to company devices.

Cloud storage

The cloud computing services are genuinely changing the ways how small businesses operate and are becoming an option of choice for small and medium-sized companies. Cloud storage services ease the lives of many business owners as they come with defense measures and timely security updates. While cloud storage might seem like a great idea you never know if your cloud storage provider is as secure as you want them to be, make sure that you are using reputable service providers.

Attacks affecting websites

Web-based attacks will continue to change small businesses in 2018. Very often small business websites do not have multiple layers of security and hackers make their way in so they can execute malicious activities right from your company website. This could have a disastrous effect on your branding as such websites get quickly penalized by search engines such as Google and Bing. Not changing your passwords or not updating your company website WordPress plugins may cost you a lot.

Compromised and stolen devices

Laptops, cell phones, tablets, computers, and Macs – they all contain company information that could be useful for cybercriminals. Make sure that you highlight to your employees that company information should only be stored and accessed by verified and adequately secured company devices. The information on stolen or compromised machines could be used against the interests of the company that you own or represent.

Small business will be a target in 2018!

However, cybersecurity should not be of concern if you have multiple layers of security on all your systems, backup up your company’s files often, and you regularly update your systems. Do not ignore those update-notifications – they are released by service providers to improve processes and security. Your chances of becoming a ransomware victim, or seeing your company website being taken over by hackers significantly decrease if you build a habit of updating your systems and have anti-virus software solutions capable of handling the cybersecurity needs of your company.

Check out our 2018 Cybersecurity Trends Report

The post Small business cybersecurity risks for 2018 appeared first on Panda Security Mediacenter.

Read More

What Will the CISO of the Future Look Like?

As the cyber landscape evolves, the role of the CISO (Chief Information Security Officer) is transforming. Managers at companies of varying size are more aware of the importance of cybersecurity than ever before, and, therefore, CISOs are increasingly present on the boards of directors. The new business context due to disruptive technological developments (such as the Internet of Things and the rise of the cloud), together with growing threat levels, requires security managers to face various changes, such as aligning with business objectives to respond to security needs. Although the profile of a CISO is still technical, its link to business objectives requires specific capabilities and a broaderbusiness vision.

New Responsibilities for a New CISO

With the increase in cyberattacks and the danger of sensitive data leaks looming over companies, the work of the new CISO takes on a role never before seen. According to a study by the Ponemon Institute, 67% of CISOs are responsible for establishing their company’s security strategies and initiatives. This figure indicates an increasing level of influence, confirming that the CISO goes from being a simple guardian of the IT area to a trusted adviser in the upper echelons of organizations.

In the above mentioned study, 60% of respondents said that their organization considers security as one of their priorities. The ability to prevent and respond to attacks is now of great importance for companies, which begin to value the tasks of the CISO to promote awareness and provide adequate training in cybersecurity among the staff, as well as investments in cybersecurity  tools to detect possible threats.

The integration between business and technology taking place with the digital revolution is creating a more complex ecosystem for companies and their employees dedicated to security. The CISO must now act according to business demands and assuming the same objectives as other executives of the company.  69% of the respondents in the Ponemon study consider that the appointment of a security director with corporate responsibility is fundamental for the company. The CISO of the future must report its activities within the organization, assume budget and compliance challenges, and implement business tactics driven by business objectives.

And let’s not forget their responsibility toward ensuring the availability of IT services at all times, as well as their airtight grip on data. In this way, the new CISO must reduce the imminent risk of data leaks, protecting the privacy of users and consumers, and complying with new regulations, such as the GDPR.

From Technician to Leader

Most security officers have a technical profile related to studies in computer science. It makes sense, taking into account the need to understand programming and work closely with your team on a technical level. However, the CISO of the future must have business vision and be able to influence the direction the company takes, with leadership skills and interpersonal and strategic communication. The CISO of the future must also be able to draw up plans and models of operations that contribute to the brand, including not only the technical side of cybersecurity but also its essential human side.

The CISO has made its way into organizations after years of being considered an afterthought, and this recognition must be welcomed by security experts as an exciting challenge. This evolution, which now requires an amalgam of technical, legal, regulatory and communicative knowledge, demonstrates the shift towards a global ecosystem much more aware of the importance of cybersecurity. It’s time to reinvent yourself and accept that the traditional IT role no longer exists. Are you ready to be the CISO of the future?

The post What Will the CISO of the Future Look Like? appeared first on Panda Security Mediacenter.

Read More

3 Poor IT Practices that Endanger Companies

An attack perpetrated by a criminal, a malicious or negligent action taken by an employee… The causes of security incidents can be very diverse. And, according to a recent study by Ponemon Institute, 28% are caused by poor IT practices. In many cases, these failures are due to limited security policies that do not cover all possible risks. By overlooking certain tasks and processes, IT teams are exposing the vulnerabilities of their companies. In this post, we will highlight three key aspects that should be adequately monitored by the security officers of any company.

Neglecting printers is dangerous

This seemingly harmless device can endanger your corporate network. It is worth remembering that printers are also sophisticated storage devices, and that they usually have a longer lifespan than any of our connected devices. According to a study by Spiceworks, only 16% of IT managers believe that printers are vulnerable to security breaches, a figure significantly lower than that corresponding to computers and mobile phones.

Since printers store sensitive document data, it is convenient to delete and review their content periodically. Also, if you stop updating the printers’ firmware, they can become an attack vector (especially if they are connected to the central corporate network). Different types of attacks could allow cybercriminals access to insecure printers, obtaining the documents that have been printed, analyzing network traffic, and even obtaining user information and passwords.

Do you know what applications your employees are using?

Another risk is not knowing what cloud services employees are using. It is important to perform a Shadow IT study and evaluate the dangers implied by applications and services not expressly authorized by security teams. According to an EMC study, annual losses that can be traced back to Shadow IT have reached up to 1.7 trillion dollars. Many organizations are unaware that their employees use services and applications outside of those put at their disposal by the company itself, increasing the blind spots and, therefore, the attack surface of the company.

To stave off malicious behavior, it is essential to monitor corporate network activity and have complete visibility of the software and applications employees are using.  These are crucial characteristics of a security system that is able to act against apps that could endanger the company’s sensitive information or intellectual property. It is very important to educate employees, but also to design policies that can satisfy their needs and prevent them from authorizing services in an insecure way, or by “taking the back door”. Likewise, IT professionals must evaluate each and every service and application, preventing access to those that are dangerous with infrastructural protocols (such as firewalls and proxies).

What if an employee loses their company phone?

The loss of corporate devices, whether mobile phones, computers, tablets, etc., should be extremely disconcerting for any IT professional. In a Tech Pro Research survey, when asked about the company’s weakest link in terms of cybersecurity, 45% answered that the most vulnerable point was mobile devices. To protect against collateral damage from loss or theft, ideally all corporate devices would be encrypted. IT administrators must ensure that contained on them is not compromising, and that these devices can only access corporate information through a VPN. And, in case of loss, administrators should have the ability to block it remotely.

By permitting mobile devices to install applications, even versions authorized by the operating system, you are, figuratively speaking, placing a door where there used to be a wall. It is important to ensure that the IT team has an identifiable base of all mobile systems connected to the corporate network and that, if possible, vulnerability tests and remote control may be performed to analyze penetration levels.

These are just three examples of areas that IT teams must take care to address. Ignoring these good practices can open the door to security incidents that cause considerable economic impact. In a context in which external threats are growing in number and complexity, avoiding risks by implementing basic protocols should be an obligation for every IT professional.

The post 3 Poor IT Practices that Endanger Companies appeared first on Panda Security Mediacenter.

Read More

Debunking the Myths of the GDPR, Pt. 2

The date is approaching when the new GDPR (General Data Protection Regulation) will replace the 1995 data protection legislation and, as time passes, its application is taking relevance in the conversations of security experts and responsible for all the companies. Remember that the GDPR will help strengthen the protection of the user’s fundamental rights in the online environment and will give them back control of their personal information. Therefore, companies must be prepared to adopt mandatory measures.

We’ve already explained the fundamental changes to the legislation. We also went over some of the most widespread myths regarding the GDPR: its scope of application, the timeframe for reporting incidents, or requirements related to data encryption. Today we are going to analyze more myths that enshroud this new regulation.

Myth number 4: “The personal data already contained in our database is not subject to the GDPR”

One of the most overwhelming issues for companies is the massive amount of information they already have in their possession. Does the new legislation apply to these databases collected before its entry into force? The answer is, “Yes. Definitely.” All user data of a personal nature must comply with the regulation, regardless of the date of collection of said data. The only exception to this rule is in the case of deceased persons, since in this case the regulation would not apply to their personal data.

Myth number 5: “The data is stored by my cloud provider, so the GDPR is their problem, not mine”

Some have contended that since companies that use third party cloud storage are not technically responsible for directly storing data, we are not responsible for applying the measures imposed by the GDPR. However, whenever you deal with a user’s information, you will most likely fall into the controller or processor category. If you hire an external company to store the data, your company would become the controller, or controller and processor, while the cloud service would be solely in a processor role. But both are within the scope of the new regulation. So even if the controller uses a third-party service to store their data, it will still be responsible for complying with the GDPR.

Myth number 6: “The GDPR is restricted to personal identification information”

It is advisable to take extra precautions when approaching the changes indicated by the GDPR. That’s because, to date, the definition of what we consider to be personally identifiable data has fallen short. As the GDPR explains, the EU has substantially expanded this definition of personal data to efficiently reflect the types of data that is ordinarily collected. The new regulation expands the definition to include online identifiers or even IP addresses, since these are now considered to be personal data. Other data, such as economic, cultural, genetic or mental health information, are also considered to be personally identifiable information.

Panda Security can help you make the change

The GDPR will bring along with it a series of profound changes in the way a company operates. To help get things up and running, Panda Security has prepared this “Preparation Guide to the New European General Data Protection Regulation”. We respond to important issues related to the GDPR, such as: how does it affect my business? What obligations does this regulation require? What happens if I do not comply with these obligations?

We also work on solutions, so that the data and systems remain completely safe and in full compliance with the GDPR. For example, Adaptive Defense, with its state-of-the-art protection tools (NG EPP) and detection and remediation technologies (EDR), serves as a critical means of ensuring compliance. The GDPR is not to be underestimated, and understanding its finer points will be a differentiating factor in every sector that handles personal data.

The post Debunking the Myths of the GDPR, Pt. 2 appeared first on Panda Security Mediacenter.

Read More

“Gamification” Can Help Your Company Improve Security

It’s not easy getting employees to appreciate cybersecurity. It’s not enough that cybercrime costs billions of dollars a year, or that its impact can be mitigated with good practices. Training them and making them understand the importance of their actions (or inaction) is the deciding factor. And to achieve this, we might resort to a tool that we may never have heard of: gamification.

What is Gamification?

Gamification is a method that uses different techniques to improve the learning system. It is, of course, associated with pedagogical teaching in children, but it is increasingly applied in other fields. For example, in companies, where gamification can be used to train workers or even customers more effectively. Although the term “gamification” first appeared 2008, the concept it describes is an inherent characteristic of human learning.

In gamification, there are specific rules and mechanics that must be respected, as if they were part of a game. The reward for playing by the rules consists in a system of levels and scores. This generates a game dynamic that helps acquire a specific discipline. It also creates more efficient teaching. But how does this affect a company?

Innovation with Games

Despite many companies’ reluctance, the fact is that gamification is an incredibly effective system to get workers to learn and follow established rules. Currently, giants such as Ford Motor Company, Deloitte, and PwC, to give a few examples, are implementing these techniques with excellent results. The technique helps keep employees more involved, especially the younger ones and new talents, as studies show. Gamification can, as we will see, also apply to best security practices.

How to Gamify a Cybersecurity Education Plan

Employees can, and should, acquire the skills to identify a possible security breach. Gamification can help the IT department to mitigate and prevent threats. It can also help to create a “security culture” among employees.

To design a good gamification program, first we need to think about the content we manage. Enriching language, goals, and media. For example, avoid dry presentations, nitpicky technicalities, and unintelligible chart flows. Simplify and focus on what is important: the action to be carried out.

The next important point is to generate interactive material with games-based dynamics, which has proven to be 77% more effective than traditional learning and can be used in almost any context.

Finally, scoring systems, rankings and recognition are very effective. You can also dress the rewards with physical incentives: prizes, money, opportunities, etc. It’s important to be careful not to undercompensate the effort employees are making to “play the game”. The end goal is to educate, something which, it turns out, becomes much more effective when learning is part of a game. If we know how to use it properly, the potential it could have when it comes to ensuring the safety of our company is huge.

The post “Gamification” Can Help Your Company Improve Security appeared first on Panda Security Mediacenter.

Read More

The Scariest Cyber Nightmares in Recent Years

Halloween is just around the corner. As the day approaches, we have to be aware that “trick or treat” means something a little more sinister when it comes to cybercriminals. They may play some bothersome pranks, or they may in fact try to infect our computers with real, no-joke malware that will undoubtedly ruin our holiday spirits.

This Halloween will be marked by threats and cyberattacks organized by criminal groups that shake the foundations of businesses and infrastructures every day. In 2017, WannaCry showed us how it was possible to indiscriminately attack corporate networks all over the world. We’ve also seen surgical attacks, like Petya/GoldenEye, whose target was much more defined. Then, just in time for the spookiest holiday of the year, we saw the big Bad Rabbit.

These are just a few recent cases, but can you remember the most terrifying attacks of recent years?

Hackers and Organized Groups, the Latest Cyber Nightmare

There are all different types of hackers with a wide variety of motives. From the cyber arms dealer — a hacker who develops and sells malware and other hacking tools and exploit kits —  to other cybercriminals specializing in ransomware; from so-called bankers (hackers specialized in credit or financial card information theft) to contract hackers who belong to a well-established industry and who offer their services in return for remuneration.

They are all behind the most terrifying cyber nightmares, creating diabolical malware and exploiting tenebrous vulnerabilities to haunt your company.

Protect Your Company Year-Round and Enjoy a Bone-Chilling Halloween

Using the right tools is essential to keeping your network safe. A defense method able to protect against malware of all types, even before an attack can begin, is indispensable. Such solutions allow continuous monitoring of network and endpoint activity in real time. Panda Adaptive Defense is a pioneer in this type of technology, and combines state-of-the-art protection with detection and remediation capabilities with the ability to classify 100% of running processes. This approach secures the system against external attacks, and even attacks originating within the network itself.

Make sure Halloween comes only once a year. Manage, control and protect your data against all kinds of advanced threats.

The post The Scariest Cyber Nightmares in Recent Years appeared first on Panda Security Mediacenter.

Read More

Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack

ukraine-cyber-attack

Remember NotPetya?

The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year.

Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of “large-scale” NotPetya-like cyber attack.

According to a press release published Thursday by the Secret Service of Ukraine (SBU), the next major cyber attack could take place between October 13 and 17 when Ukraine celebrates Defender of Ukraine Day (in Ukrainian: День захисника України, Den’ zakhysnyka Ukrayiny).

Authorities warn the cyber attack can once again be conducted through a malicious software update against state government institutions and private companies.

The attackers of the NotPetya ransomware also used the same tactic—compromising the update mechanism for Ukrainian financial software provider called MeDoc and swapping in a dodgy update including the NotPetya computer virus.

The virus then knocked computers in Ukrainian government agencies and businesses offline before spreading rapidly via corporate networks of multinational companies with operations or suppliers in eastern Europe.

notpetya-ransomware-attack
Presentation by Alexander Adamov, CEO at NioGuard Security Lab

The country blamed Russia for the NotPetya attacks, while Russia denied any involvement.

Not just ransomware and wiper malware, Ukraine has previously been a victim of power grid attacks that knocked its residents out of electricity for hours on two different occasions.

The latest warning by the Ukrainian secret service told government and businesses to make sure their computers and networks were protected against any intrusion.

“SBU notifies about preparing for a new wave of large-scale attack against the state institutions and private companies. The basic aim—to violate normal operation of information systems, that may destabilize the situation in the country,” the press release reads. 

“The SBU experts received data that the attack can be conducted with the use of software updating, including public applied software. The mechanism of its realization will be similar to cyber-attack of June 2017.”


To protect themselves against the next large-scale cyber attack, the SBU advised businesses to follow some recommendations, which includes:

  • Updating signatures of virus protection software on the server and in the workstation computers.
  • Conducting redundancy of information, which is processed on the computer equipment.
  • Providing daily updating of system software, including Windows operating system of all versions.

Since the supply chain attacks are not easy to detect and prevent, users are strongly advised to keep regular backups of their important files on a separate drive or storage that are only temporarily connected for worst case scenarios.

Most importantly, always keep a good antivirus on your system that can detect and block any malware intrusion before it can infect your device, and keep it up-to-date for latest infection-detection.

Powered by WPeMatico

The Three Primary Regulatory Changes of the GDPR

The recent increase in number and impact in cyberattacks to steal information has made it necessary to change the legislation on data protection in Europe. The GDPR (General Data Protection Regulation), which will be implemented in May 2018, aims to protect the data of European citizens and monitor how organizations process, store and use this data. Broadly speaking, with this new regulation, the European Commission has sought to give Europeans control over their data, removing the ambiguities of the previous legislation (dating back to 1995), as well as to unify the specific legislation of each country.

What changes with this new regulation?

The GDPR contains almost 100 articles which, in short, guarantee access to data for individuals and detail in clearer terms the responsibility companies will bear. Here are the main changes from previous regulation that the GDPR will bring about:

  • Scope of the regulation: The GDPR affects all organizations that store EU citizen data, even if they do not have a physical presence in Europe.
  • Obtaining explicit consent: Organizations have an obligation to obtain explicit and active consent from the individual following a fully transparent explanation of how the data will be treated (processing, storage or use of data). It is no longer enough to inform the user, but the person must actively express their agreement.
  • Right of access: all citizens will have the right to obtain confirmation of whether or not a company is using their personal data. If so, they have the right to access this data and the organization will be required to provide a copy, as well as explain the purposes of the data processing, the criteria used, and the time frame of its storage. The GDPR also includes the right to rectify the data.
  • Right to be forgotten: this is probably the most salient of the rights included in the new regulation. This article allows the user to request the erasure of their personal data for various reasons: if the data is no longer necessary for the purpose for which it was collected, if the consent has been withdrawn, if the data was obtained in an illegal way, etc.
  • Right of portability: the user will have the right to request that the organization that stores their personal data provide a copy or transfer this data to another organization.
  • Company responsibility: in general terms, the responsibilities of companies and institutions have been compounded with the GDPR. Organizations will be required to implement monitoring systems, document the procedures for collecting, storing and using personal data (in companies of more than 250 employees), reporting any breaches of security or attack to the authorities within 72 hours, and even hire a data protection officer (DPO) in companies that handle large amounts of sensitive information.

What can companies do to be prepared?

  • Protect the data. It may seem obvious, but this is the basis of any adaptation plan to the GDPR: it is necessary to actively reinforce information security throughout the life cycle of the data you store. To help companies in this process, Panda Security offers Adaptive Defense, which includes the tools necessary to implement these prevention measures.
  • Implement an explicit consent program for clients. With the new regulations, all companies will have to offer their customers the option to actively express their consent for the treatment and use of their data.
  • Develop an action plan. To avoid being overwhelmed by the application of the GDPR, the first thing is to have a plan, starting with an analysis of the current situation of the company in terms of obtaining, processing, storing and using personal data. In our “Preparation Guide to the New European General Data Protection Regulation”, we offer some useful guidelines for making the transition to GDPR compliance.

The post The Three Primary Regulatory Changes of the GDPR appeared first on Panda Security Mediacenter.

Read More

Warning: Two Dangerous Ransomware Are Back – Protect Your Computers

Ransomwares

Ransomware has been around for a few years but has become an albatross around everyone’s neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars.

In just past few months, we saw a scary strain of ransomware attacks including WannaCry, Petya and LeakerLocker, which made chaos worldwide by shutting down hospitals, vehicle manufacturing, telecommunications, banks and many businesses.

Before WannaCry and Petya, the infamous Mamba full-disk-encrypting ransomware and the Locky ransomware had made chaos across the world last year, and the bad news is—they are back with their new and more damaging variants than ever before.

Diablo6: New Variant of Locky Ransomware

locky-ransomware-decrypt-files

First surfaced in early 2016, Locky has been one of the largest distributed ransomware infections, infecting organisations across the globe.

By tricking victims into clicking on a malicious attachment, Locky ransomware encrypts nearly all file formats on a victim’s computer and network and unlocks them until the ransom in Bitcoins is paid to attackers.

The ransomware has made many comebacks with its variants being distributed through Necurs botnet and Dridex botnet.

This time security researchers have discovered a fresh spam malware campaign distributing a new variant of Locky known as Diablo6 and targeting computers around the world, with the United States being the most targeted country, followed by Austria.

An independent security researcher using online alias Racco42 first spotted the new Locky variant that encrypts files on infected computers and appends the .diablo6 file extension.

Like usually, the ransomware variant comes in an email containing a Microsoft Word file as an attachment, which when opened, a VBS Downloader script is executed that then attempts to download the Locky Diablo6 payload from a remote file server.

The ransomware then encrypts the files using RSA-2048 key (AES CBC 256-bit encryption algorithm) on the infected computer before displaying a message that instructs victims to download and install Tor browser; and visit the attacker’s site for further instructions and payments.

This Locky Diablo6 variant demands a sum of 0.49 Bitcoin (over $2,079) from victims to get their files back.

Unfortunately, at this time it is impossible to recover the files encrypted by the .Diablo6 extension, so users need to exercise caution while opening email attachments.

Return of Disk-Encrypting Mamba Ransomware

mamba-ransomware-malware

Mamba is another powerful and dangerous kind of ransomware infection that encrypts the entire hard disk on an affected computer instead of just files, leaving the system totally unusable unless a ransom is paid.

Similar tactics have also been employed by other ransomware attacks, including Petya and WannaCry, but the Mamba ransomware has been designed for destruction in corporates and other large organisations, rather than extorting Bitcoins.

Late last year, Mamba infected the San Francisco’s Municipal Transportation Agency (MUNI) system’s network over the Thanksgiving weekend, causing major train delays and forcing officials to shut down ticket machines and fare gates at some stations.

Now, security researchers at Kaspersky Lab have spotted a new campaign distributing Mamba infections, targeting corporate networks in countries, majorly in Brazil and Saudi Arabia.

Mamba is utilising a legitimate open source Windows disk encryption utility, called DiskCryptor, to fully lock up hard drives of computers in targeted organisations. So, there is no way to decrypt data as the encryption algorithms used by DiskCryptor are very strong.

mamba-ransomware

Although it’s not clear how the ransomware initially finds its way into a corporate network, researchers believe like most ransomware variants, Mamba might be using either an exploit kit on compromised or malicious sites or malicious attachments sent via an email.

The ransom note does not immediately demand money, rather the message displayed on the infected screen only claims that the victim’s hard drive has been encrypted and offers two email addresses and a unique ID number to recover the key.

Here’s How to Protect Yourself From Ransomware Attacks

Ransomware has become one of the largest threats to both individuals and enterprises with the last few months happening several widespread ransomware outbreaks.

Currently, there is no decryptor available to decrypt data locked by Mamba and Locky as well, so users are strongly advised to follow prevention measures in order to protect themselves.

Beware of Phishing emails: Always be suspicious of uninvited documents sent over an email and never click on links inside those documents unless verifying the source.

Backup Regularly: To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.

Keep your Antivirus software and system Up-to-date: Always keep your antivirus software and systems updated to protect against latest threats.

Powered by WPeMatico