Ransomware and More Ransomware!!

More ransomware! Everybody gets ransomware!!

Why has everything been falling into this abyss of stupidity?

The more I start to learn and look more into ransomware, the more prevalent it becomes. Every hour and every article I just read about another darn ransomeware strain being found as well as the advances in it its propagation method.

Source

HECK! Like really? Samsam and Maktub Locker… first of all what are those names? In popular meme slang, “WHAT ARE THOSE!?!?!?”

Ransomware - What are those??

Attackers are getting smarter and smarter, while users are becoming more and more dumb and gullible. How many times do I have to say, you did not win that free cruise, so please don’t send your email and credit card information to reserve the spot!

The ransomware Samsam gains access to an organization’s network by exploiting vulnerabilities in JBoss servers, such as a missing patch, and spreads to all machines connected to the network.

Maktub Locker, for its part, enters through spam or phishing emails with a virus hidden in an attachment, like a .ZIP file. Once opened, MakTub encrypts all data and systems connected to the network.

Ransomware is becoming more and more intuitive, very rarely requiring user interaction now. Maktub Locker was found to not only be sent in an email and downloaded, but when the .zip file (carrying file typically) is opened, a malicious RTF file (I know saying file is redundant, but it makes more sense — Rich Text File) infects the entire system. In fact Maktub Locker is commonly downloaded because it looks like a legitimate Terms of Service/Terms of Use document. Different from other known ransomware, Locky, which was a “hit and run” kind of deal in that everything was encrypted together. In addition, Samsam and Maktub Locker were both found to have local encrypting and transmission capabilities, which makes it that much more dangerous. Because it is local, even if the network is off, they can encrypt anything and everything.

A common method of defense was creating backups for the files to be used in the case, especially being stored off on an off-site storage facility. However, it appears that both malware not only encrypt the local data and files, but also backups on the network as well. Maktub Locker goes as far as compressing and encrypting the files too before being sent back to the attacking host. Aside from backups, there needs to be deduplication of real-time data. In addition, there needs to be another look at firewalls and IDS/IPS for security purposes in routine risk and vulnerability assessments.

“It really is a battle between these cyber criminals and the rest of us,” she said. “There definitely is a learning curve, but we can benefit as a community to try to build these solutions together.”

Article by Sir. Lappleton III

I'm a happy-go-lucky college student that started a blog as a way to not only document my education and my experiences, but also to share it with whoever stumbles upon my site! Hopefully I can keep you guys entertained as well as learn about a few things from IT as well as from my time and experiences as I plunge deeper and deeper into healthcare! A couple of my areas of focus is data management, system security (cyber security), as well as information technology policy.