391 85 By incorporating a distributed denial of service component into ransomware payloads, criminal coders have devised a novel and nefarious method for profiting from their activities (tampa bay, fl) may 24, 2016— Today, the cybersecurity company knowbe4 published a warning about a harmful new trend in ransomware. A new edition of the cerber ransomware now adds a ddos bot that can silently fire faked network traffic at multiple ips. This is in addition to “simply” encrypting data files on a workstation (plus any network drive it can detect) and locking the system. This is the first time that a ransomware outbreak has been found to have a bundled DDoS virus. It indicates that while the victim is unable to reach their endpoint, another victim is having service denied to them via the usage of the same endpoint. double the damage for the price of a single assault (and two ways cybercriminals can make money off victims). The chief executive officer of knowbe4, stu sjouwerman, referred to the addition of ddos capabilities to ransomware as an example of a “evil genius” concept. Even if costs have dropped significantly over the last several years, renting out DDOS botnets on the dark web is still a highly successful industry. It seems that this is the first instance in which a cybermafia has combined ransomware with a ddos bot; nonetheless, you can anticipate that this practice will become a rapidly expanding trend. spotted by invincea, who mentioned it in a post on their website: “It would seem that the observed network traffic is overwhelming the subnet with udp packets via port 6892. The host might make the targeted host unresponsive by faking the source address and directing all response traffic from the subnet to the targeted host. This would cause the host to be unresponsive.” The attackers are using visual basic to launch a file-less assault, and the vast majority of antivirus and “next-generation” antivirus manufacturers are utterly ignorant to the methodologies of file-less attacks. As a consequence of this, they won’t be able to recognize it until after it’s been written on the disk. At that time, scanners are able to locate it, and many of them do; nevertheless, by that point, it is often too late. Sjouwerman gave the following piece of advice: “the sample invincea analyzed is being detected by 37 out of the 57 antivirus engines on virustotal. However, the next sample will be invisible for a few days. As a result, you should not count on your endpoint anti-malware layer being 100 percent effective because doing so will give you a false sense of security.” The file depends on the employee being tricked into using social engineering to enable the macro function in office, which then launches a malicious vbscript that downloads and runs the virus. After the ransomware has been successfully launched, it will encrypt the user’s files before locking the screen to prevent the user from gaining access to the machine. Following the completion of this sequence, a second binary file with the name 3311.tmp will be executed. This binary will cause the infected machine to begin transmitting a significant volume of network traffic. Ransomware affects a large number of individuals, however some of them are able to recover their files via backups. These fraudsters create a two-for-one situation by attaching a DDoS bot to the ransomware payload. This allows them to extract network traffic from victims who have not paid the ransom and exploit that traffic as an additional source of illegal cash. knowbe4 provides a total of eight different approaches to resolving the issue, in addition to military-grade backup: 1. “From this point forward, in the event of any ransomware infestation, delete all data from the system and re-image it from scratch.” 2.If you do not already have a secure email gateway (seg), you should acquire one that includes url filtering and ensure that it is suitably calibrated. 3. Ensure that all of your endpoints, including operating systems and third-party applications, have the latest patches installed. 4. Ensure that your endpoints and web-gateway are protected by next-generation security layers that are regularly updated (at least once every few hours). 5. Identify users who are in charge of handling sensitive information and require them to utilize a more stringent type of authentication (like 2fa). 6. In order to avoid CEO fraud, evaluate your company’s internal security rules and processes, paying special attention to those that are linked to financial transactions. 7. Check the setup of your firewall and make sure that no illegal network traffic is being permitted to escape. 8. Implement cutting-edge security awareness training, which should include instruction on how to do social engineering across different channels in addition to email. It is imperative that users receive effective security awareness training that frequently simulates phishing attacks in light of the fact that phishing has quickly risen to the position of the most important vector for the spread of malware, and that attacks are frequently bypassing the security measures put in place by companies. Please visit www.knowbe4.com for any further information. about knowbe4 knowbe4 is the complete security awareness training and simulated phishing platform that has had the highest success throughout the globe. knowbe4 was founded by two of the most well-known names in cybersecurity, kevin mitnick (the world’s most famous hacker), and stu sjouwerman, an inc. 500 alum and serial security entrepreneur, after they came to the conclusion that the human element of security was being seriously neglected. Their goal was to assist organizations in managing the problem of social engineering tactics through the use of new school security awareness training. The firm continues to have a prominent position in the cybersecurity 500, which is the authoritative ranking of the world’s most cutting-edge and cutting-edge enterprises in the field of cybersecurity. Knowbe4’s technology is used by more than 4,000 companies to keep their staff on their toes while keeping security at the forefront of their minds. knowbe4 is used in all sectors, including highly regulated domains such as the financial industry, the healthcare industry, the energy sector, the government, and insurance. kathy wattman, knowbe4, may be reached at kathyw@knowbe4.com, and Michael Becce, of MRB Public Relations, Inc., can be reached at (732) 758-1100 extension 104.
I love myBlogd
