When we talk about the Ransomware these days the hike in these attacks is increased and the threat actor worked with such dedication that we all become aware or next maybe you.

Russian Hacker Evil Corp has worked and accessed at least 31 organization networks in order to cripple systems and demand millions of dollars in ransom.

The US Justice Department has indicated the two alleged leaders in December 2019.

As a report mentioned from BBC that last year the US authorities filed charges against Evil Corp which alleged leaders Maskim Yakubets and Igor Turashev which are accused of using malware and stealing millions of dollars from the group which includes schools and religious organizations in over 40 organizations.

Even the organization who is finding these goons also announced $5m rewards for the information to their arrest that was the largest amount ever offered for a cyber-criminal.

According to the Gallup Poll, around 62% of the threat comes with the Americans who were working from home and still supporting the company or family in this pandemic time.

The US election is ahead and just a month away that’s why the federal and local officials have been putting hard measures in place to protect the voter records as well as manage safe voting practices amid the pandemic.

Attack Analysis

A firm named Symantec Corporation which monitors the corporate and government networks has released a notice of threat warning on Thursday night as it was identified.

The attacks which the Symantec have described as a relatively new type of the ransomware which was called WastedLocker which the Evil crop attributed it.

Ransomware is the computer virus that threatens the victim if they won’t pay the amount then their files are deleted. The most important this (Wasted Locker ransomware) virus demands ransoms around $500,000 to $ 1m and then after they unlock the file it seizes.

The Symantec firm also mentioned the “Vast majority of targets are the major corporations which include many household names and the main they target the 500 companies.

They attacked almost all the companies which are US-based and expect one owned.

According to the Symantec firm, the Russian hacker has breached the network of these companies and was “laying the groundwork” for the future ransomware attack, and that would let them block access to data and demand millions of dollars.

The New York Times also mentioned, “ The Russian hacker is using VPN for taking advantage of employees and now using virtual private networks(VPNs) to access work systems”.

Even though they use VPNs to identify which company a user works for, they are used to infect the computer when they visit a public or commercial site. After that even after the user connects then the Russian hacker can attack.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post Russian Hacker Evil Crop Group targets US workers at home appeared first on Vednam.

New ransomware which hit the android users for the particular users in Canada posing as an official COVID-19 tracing app from the health Canada. 

The CryCryptor ransomware is used for targeting and is open-source ransomware which is published in Jun 2020.

#Android #Banking #Trojan #Malware@Spam404 @malwrhunterteam
tracershield.apk
covid19tracer.apk
https://tracershield[.ca/download/tracershield.apk
https://covid19tracer[.ca/download/covid19tracer.apk
“faa0efaad40e78bf27ca529171aaf0551db998a276d4ff501209d1f5ef830dfb” pic.twitter.com/ccAwdgKcbA

— Re-ind (@ReBensk) June 23, 2020

The campaign which started after the candaina government announced it officially tracing app. From the source, the app is still in the testing phase and to be live possibly next month.

Malicious Ransomware 

The security researcher from the team of ESET has discussed the observation that the malicious COVID-19 tracing app is distributed by using two third party websites and not through google play.

Once this malicious app launches in the device it can get access to the files on the device, once permission is provided it encrypts files with certain extensions.

The extensions include txt,jpg,BMP,png,Pdf docx,ppt,pptx,avi,xls.vcf,pdf and db files.

The Ransomware encrypts the file and does not even lock the device where it leaves a “read me: file in every directory with the encrypted files that have the threat actor email addresses”.

ESET researcher has mentioned that they have the good news about having decorating tools that are available for ransomware, the bug with the malinois app which allows them to create decryption tools.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post New Ransomware Attacks : Android Devices are under threat appeared first on Vednam.

To prove the reality of the attack, even the cyber attackers have uploaded the six screenshots to the ‘CLOP_-LEAKS’ site. After the investigation, the expert claims that expose data is highly sensitive which include the bank document, transaction details, vouchers, conversations with the different baking institute and the other finance-related details have been exposed.

As per Report, the experts are still under investigation which re alleged attack and still not gets clear whether it was really initiated. The Bad Packets in which the expert class has been found technically vulnerable in the Indiabulls Server. The threat actor has exploited the Citrix Netscaler ADC VPN gateway which came, in turn, out to be vulnerable for the CVE-2019-19781 vulnerability.

Finally, apart from the six leaked files which were found on the Clop ransomware site, there are no other specificities known which expect that the authorities of Indiabulls are expected to pay the ransom within 24 hours.

The Cyber attackers also promise to expose the leaked data which are related to pharmaceuticals and Indiabulls housing finance Limited.

Exposed to Leak Site

As you all are aware either Maze being an initiator of the data breach, the ransomware families followed the examples and launched such sites which are mainly used to blackmail the victims and induce them to pay the ransom amount.

The first followers of the leak site are Sodinokibi/REvil, memory and DoppelPaymer were the first followers. The Nefilim, Sekhmet, and Clop have also started following the trend.

The Newly leak site has been fulfilled with the victim’s credentials.

Recently On March 13, The Execu Pharm pharmaceuticals were compromised by the cyber threat actor and the hit by the CLOP ransomware. The hackers are able to manage and lock the server with 163GB of data. If we find the result is that data exposed by the threat actor at the end.

The Criminal’s minds behind the CLOP ransomware hit have exposed around thousand of emails, accounting information, financial records, backups, and other highly sensitive data with the proof attack.

Another Maastricht University, the University data are also compromised and the whole file is encrypted with the virus and they paid 30 bitcoin for the criminals in exchange for the data.

Recently, we are discussing the CLOP ransomware attack over the India Bull group that hasn’t yet been confirmed.

CLOP Ransomware

The CLOP Ransomware first discovered and found in February 2019. It is a well-known ransomware family dubbed as CryptoMIx. The developer changed the behavior significantly and the ransomware became rather difficult to predict.

CLOP Ransomware is famous because of the stands out in the crowd of ransomware family and the killing process of the Windows 10 Software, IDEs, Language, Microsoft Office applications, Microsoft Exchange, SQL Exchange, SQL Server, My SQL, BAckupEXec, etc.

The Capability of killing 663 Windows processes before running a file encryption algorithm that was not such common behavior and the process killed by the CLOP is extraordinary and experts cannot understand for what purpose some of these processes are targeted. 

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post Indiabulls group going to pay CLOP Ransomware : Report appeared first on Vednam.

The tremendous increase in the number of cyber-attacks compared with the same period last year. This year the average ransom payment has nearly doubled over the years. Even with the countries which have the most advanced security technologies are also being attacked.

The several Florence officials may have been alerted that their information technology systems were hacked by the hackers who specialize in deploying ransomware.

The mayor mentioned that hackers may have access to the city’s computer systems for more than a month.

The Florence City Council voted unanimously at an emergency meeting that pays the ransom from the city insurance fund in order to preserve the information of city workers and customers.

On May 26, acting on a tip from Milwaukee which held the security KrebsOnSecurity contacted the office of Florence’s mayor to alert them that the Windows 10 system in their IT environment had been commandeered by a ransomware gang.

As Mayor Holt said “ We are having to approach it from the standpoint that we’re going to have to assume -we know they have some of our information, we don’t know that they have critical information frankly don’t think they do but we don’t know”

After that mayor, Holt has confirmed that the city is being deceived by the ransomware gang called DoppelPaymer.

Doopelpaymer has a reputation for never releasing any information once the ransom is paid.

The city will seek proof that the hacker deleted the stolen information.

“Ransom has been a big problem for some time but that was a worrying chapter for me as the Decatur information technology Director Brad Philips said”.

if you feel any suggestions for this article.Please!  let me know in the comment section

The post $300,000 Ransomware paid by city of Florence after attack appeared first on Vednam.

People Know about the Cognizant that it is one of the big IT firms which has more than 3 Lakh employees and it provides the IT services which include digital, technology, consulting, and operations services.

The Attack affect

The day April 17 is not good for the company, the first the internal system is hit by the Maze ransomware. The company has informed the clients about the attack and provided them with the indicator of compromise (IOCs) and the other technical information of defensive nature.

The company has initially learned that the attackers have staged and likely exfiltered a limited amount of data from the cognizant’s systems.

The company has further investigation that was found that the majority of the personal information was also exposed.

When we talk about the personal information that may impact the information related to our corporate credit cards.

The company has also informed all the associates who gave an active corporate credit card and they can offer credit and identity theft monitoring services.

The company has built a team and mentioned that they continue to monitor the account for any fraudulent activities and we have been informed that they have not seen an increase in fraud for our accounts.

Ransomware attacks have become an easy and malicious way of robbing individuals and companies can cost billions of dollars not to mention the privacy and safety implications.

The company also published the breach notification letter states that the Maze ransomware is active in the Cognizant network between April 9 and 11.

The post After Ransomware attacks Cognizant Confirms Data Breach appeared first on Vednam.

Thanos was discovered to be the sole ransomware family which was used by the researcher as a RIPlace tactic. If you know about the place that was a windows file system technology that can be used to maliciously alter files and allow the cyber attacker to bypass the anti-ransomware methods.

History

1. The first story of the thanos started at the end of October 2019 and that is Quimera ransomware.
2. By early 2020, It has started being identified as Hakbit which is based on core functionality using the string and code are similar.
3. According to a report, the ransomware was finally identified as Thanos which is being promoted as a RaaS on a Russian hacker’s forums in February.
4. It was also said that ransomware attacks have been discovered with Thanos 25% surge in any attack of the first three months of 2020 as compared to the final three months of 2019.

About Thanos Ransomware

1. The client code of Thanos is written in C#
2. The client end uses the encryption mode of AES-256 which is in CBC mode.
3. The Thanos client has also been offered by lateral-movement function with SharpExe.

Final

It was believed that the ransomware will continue to be used as a weapon by the operator in different ways. Carbon Back and Kaspersky updated the software post-disclosure of the latest technique used by Thanos.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler and Linkedin to know more exclusive content we post.

The post Thanos Ransomware : Another Popular Ransomware family appeared first on Vednam.

This Ransomware named Tycoon that was found in his reference code and researcher said that it was active since December 2019 and this time the work of the cybercriminals is highly selective in targeting the user which they plan to victimize. The Different unique technique is using an uncommon deployment technique that helped to stay inside the machine and compromised networks.

They may try to target the Educational and software organization to clear the mark of attack.

Tycoon Malware is smarter than the rest of the malware because of the unusual form of ransomware because it’s written in java which is deployed as a trojanized Java Runtime Environment and is compiled in the form of Java Image (Jimage) to hide the intention of malware.

The two main methods or you say ‘Unique’ style. First, the java is used to write the malware because it requires the Java Runtime Environment which is able to execute the code, After the second method they used Image files which are rarely used by the attackers.

The researcher said that this is another form of attack which uses the uncommon programming language and obscure data format for vulnerabilities.

The first method of tycoon Ransomware attacks is no more uncommon than the initial intrusion which insecure the internet-facing RDP server. This is a normal common attack for the malware campaigns and it often exploits the server with weak or compromised the weak password.

Once the attacker entered the network which maintained persistence by using images. File Execution options(IFEO) injection settings that more often provide the developer with the ability to debug software. The attackers also use privileges to disable the anti-malware software using Process Hacker in order to stop the removal of their attack.

When the execution is done then the ransomware encrypts the network with files encrypted by tycoon given extensions including .redrum, .grinch, and .thanos which attackers demand a ransom in exchange for the decryption key. The attackers ask for the payment in bitcoin which claims the price depends on how quickly they get in touch with email.

The campaign is still going on and suggests that those behind it are finding success extorting payments from victims. Tycoon could potentially be linked to another form of ransomware.

Organizations should make sure that the accounts that do need access to this porta aren’t using the default passwords and weak passwords because that password can easily be guessed for breaking the system security.

The post Ransomware target Windows and Linux again. appeared first on Vednam.

Malware is transferred or delivered in the form of a link or file over email and requires the user to click on the link to open or execute it.
Malware has actually been a threat to a specific user or organization It started in the early 1970s when the creeper virus came into the market.

According to the Technology company Intel, the world has been under attack from thousands of different and functioning its variants, all it causes the most disruption and damage as possible.

Let’s Talk Malware Do :

It Delivers payload in different ways It depends on the attackers who want to steal sensitive data and ask for Ransom to give it back. The Cyber attackers know what to steal if the malware is working on your system and its effects through the network.

Malware Types:

VIRUS: The most common word used or all malware. It all works as a biological Virus where the virus needs to get intact with your system and spread in between the code to get all access to your systems. It corrupts your files and affects the core functionality of systems and also locks the user computers. The virus always carries executable files.

WORMS: Worms work the way it gets named by the attackers. When a system in your network gets infected by Worm, then it uses your network to infect the other machines in order to continue the spread of infections. The process of spreading is faster from others if the entire machines are on the same network.

SPYWARE: Spyware name says it all that this member of malware is meant to spy on your machines and it hides the background of your system and collects all your activities performed on your machine. This spyware collects your credit card details, password, and other sensitive data.

TROJANS: You heard the story of Greek Soldiers hiding in a giant horse and attacking enemies. It uses the same method with machines. It hides with legitimate software. It will attack the system security by creating a backdoor that gives other malware variants easy access.

RANSOMWARE: Another name is called scareware, this scares people a lot in the year 2017. This Malware locks your system and start time and asks to pay Ransom in the form of bitcoin. It happens with lots of big organizations -the result was worse and expensive.

How Does Malware Spread in Your Machines? 

Every malware doesn’t work the same and they all have their own unique way of causing havoc and relying on user action. Some attackers use Emails and links to transfer it and execute them in your machine. Even these days mobile phones are vulnerable to attack. The organization Mainly takes all effective methods to lay down the attack of malware.

How Do You Protect your machines From Malware attacks?

There are two methods you can get aware of the malware : 
First, is often the easiest way to implement the malware protection tools to manage the attacks on your machines. The other way is to stop visiting the website which is having no secured link. Check email and other links you got from mail and other stuff. Verify every step you take to not cause root problems related to it.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post What is Malware ? What are the Types ? appeared first on Vednam.