Tag: security warning

News snippets, Security

Curse of the Bad Rabbit – Ransomware

by  •  • 0 Comments

BadRabbit Ransomware

A new Ransomware threat has infected PC’s in Russia and multiple other countries stretching to the other side of the globe. Corporate systems at Interfax as well as two other Russian media companies seem to be first affected. But has been seen in Poland and South Korea.

In Ukraine, Odessa airport, the Kiev metro, and the Ministry of Infrastructure were also infected. It is the usual sign of a ransom for encrypted files.

The team at ESET. Antivirus have said this is a strain of the Diskcoder.

Screen shot of the BadRabbit ransomware (Source: Group-IB)

The software will pose as a false adobe flash update to seduce victims to installing the malware, the software would be installed by people visiting these websites according to IB-Group. There may be other websites that are infected.

https://twitter.com/GroupIB_GIB/status/922972032098291718

Once installed on a Windows PC, the malware will actually use a legit open-source tool: Mimikatz to seek out file server login details from the memory on the computer. The software will then spread via SMB shares on the same network.

There is some news to show that it has used a leaked CIA hacking tool as WannaCry did a few months back.

The Master Boot Record will be changed and this will display a start-up screen and not allow progress via this screen. The BadRabbit ransomware will also have a countdown till the price actually goes up. This will force companies and individuals to make a quick decision and possibly more likely to pay. Remember if you pay you are more likely to get attacked more often as the attackers know who pays.

The payment required is 0.05BTC which is just a little over £200.

Signs of infiltration

If you’ve had network connections to caforssztxqzf2nm.onion, or downloads from the following sites:

hxxp://1dnscontrol.com/flash_install.php

hxxp://1dnscontrol.com/install_flash_player.exe

are obvious signs of infiltration.

But the software might pop-up with a sign asking you to disable or stop current AV or malware protection. Some AV packages have spotted it already.

According to Kaspersky Lab, if you prevent these files from executing you should be able to disable BadRabbit from starting to run.

C:\Windows\infpub.dat

C:\Windows\cscc.dat

But you should check the Flash update you’re installing is legit even if you have Flash enabled.

Backing up and having a system image backed up regularly is one way to have a small amount of post-malware protection. But anti-malware software is one of the best remedies to protect yourselves. But checking updates are legit is the best way and not clicking on dodgy links!

News snippets, Security

Security warning over data.gov.uk – time to change your password!

by  •  • 0 Comments

Have a data.uk.gov account? You should probably change your password.

The site that people can search for data published by the government has discovered, after a data security review, that some usernames and passwords were placed on a publicly accessible resource.

Following quote is taken from the BBC site: (http://www.bbc.co.uk/news/technology-40443601)

A GDS spokeswoman told the BBC that the breach had affected only data.gov.uk accounts, and people with separate accounts for other government websites were not affected.

She said only email addresses, usernames and hashed passwords were implicated, rather than personal information such as names and addresses.

Hashed passwords are not massively secure, but certainly more secure than clear text passwords. It all depends on the algorithm that is used. But the BBC site also reports that users will need to change their passwords next time they login.

The Computer Saint would also advise changing your password, if the same, on any other services. So if you login with the same details to Yahoo, Google, Hotmail, etc then you should change your password.

You should also keep an eye for fraudulent emails, if you suspect an email is fraudulent then you should contact the website in question and not via the email you’ve just got. Go to the actual website via a browser.