Posts made by lance

@scottalanmiller Awesome!

@Dashrender said:

Yeah Mine popped in a few mins ago, just finished reading it.

Trying to decide if I should send this to my users - 90% of them will simply delete the message anyway.

Same here, and sometimes if they find out about stuff like this I get a million questions and some users start to panic.

I just received an e-mail about a new cryptolocker competitor as the called it, which is named CryptoDefense. Below are the details of the email. Anyone else hear about this?

This is a rare Cyberheist NewsFlash that we send out when we run into something important enough to alert you about right away. Please forward this to your friends and colleagues.

More data became available since the first time I reported on this, so here is a more in-depth warning about new very nasty ransomware.

As we said before, there is furious competition between cybergangs. Late February 2014, a CryptoLocker ransomware copycat competitor called CryptoDefense was released which outdoes the original.

They did their test-marketing in many other countries like the UK, Canada, Australia and others. They are now targeting the U.S. as you can see in this infection heatmap picture generated by Symantec. They are making tens of thousands of dollars per month with this technically sophisticated scam.

If an end-user opens the infected attachment, the CryptoDefense ransomware encrypts its target files, and the criminals charge approx. $U.S. 500 in Bitcoin to decrypt the files. If their four-day deadline passes by, the amount goes to about $U.S. 1,000. Note that Bitcoin exchange rates vary so these numbers are ballpark, and that CryptoDefense is much more expensive to unlock than CryptoLocker.

The ransomware target files are text, picture, video, PDF and MS Office files and CryptoDefense encrypts these with a strong RSA-2048 key which is hard to undo. To add insult to injury, it wipes out all Shadow Volume Copies. Instructions with the ransom demands are added to every folder containing encrypted files. This stinks.

When the hapless end-user clicks the attachment, CryptoDefense connects to four remote domains and sends basic information about the infected workstation. Then, the files on the end-user machine are encrypted, and the private key is sent back to the Control & Command server.

Last, the malware makes a screenshot of the active screen of the end-user workstation and uploads this to their C&C server. That screenshot appears on the payment page where the victim can upload the Bitcoin payments. To reach this page you first need to install the Tor Browser as the payment page is only available via the Tor network, which helps the criminals hide from the law to some degree.

This new CryptoDefense ransomware does not seem to be a derivative of CryptoLocker as the code is completely different, confirming this is a competing criminal gang. Malware has bugs too, and the Symantec researchers wrote: "Due to the attackers poor implementation of the cryptographic functionality they have, quite literally, left their hostages a key to escape". But by the time you read this, that bug has probably (and unfortunately) been fixed.

RANSOM

If the victim does not pay within a month, the private key of the encrypted files will be deleted so that access to the encrypted files is no longer possible. They are using RSA-2048 encryption using Microsoft’s own cryptographic infrastructure and Windows APIs to perform the key generation before sending it back in plain text to the attacker’s server. Getting the files back is very hard if you do not have recent backups (made without using Shadow Volume copies).

INFECTION VECTOR

It appears that this infection initially was installed through programs that pretend to be flash updates or video players required to view an online video, and then moved on to a variety of different phishing attacks that all show an email with a zip file and ask to "open the attached document" with is supposed to have been "scanned and sent to you".

PAYMENT ADDRESSES

CryptoDefense allows you to pay the ransom by sending Bitcoins to an address shown in the malware's Decrypt Service page. Often people wind up paying the Bitcoins, as they find their backups could not be restored for a variety of reasons.

It is obvious that this again is a social engineering play and that effective security awareness training will prevent your end-users from opening these infected attachments when they make it through the filters (which they regularly do).

Once infected, the only way to fix this relatively fast is to make sure you have a recent backup of the files which actually can be restored. Wipe and rebuild the machine from scratch, and restore the files. We see an average of three hours of admin work for this.

Recent ransomware infections were users opening an attachment with a "voice mail message" from AT&T, but there are variants from other Telco companies. Users then admit to opening the attachment but saying it did nothing, however they could not open their files afterward.

I will acquire one of these in my lifetime!

@Dashrender said:

@lance said:

@scottalanmiller said:

@lance said:

I've been reading Steve Jobs on and off.

What he wrote or about him?

The biography by Walter Isaacson

I read this right after it came out. I learned a lot. It wasn't a bad read either.

The man lived an interesting life to say the least.

@Richard said:

While I would love to say that I spend all my time doing marketing for Webroot, my evenings/nights/early mornings/weekends tend to be filled with various other work. As a trained journalist, I love to write, and have worked with a group of seasoned writers to build our new e-zine to go after the GQ/Esquire reader crowd. I am also a photographer with prints for sale on metal sheets.. So have a look sometime.

The ezine: www.factorytwofour.com
My portfolio: www.flickr.com/rcmelick
My metal prints: displate.com/rmelick/landscape

Thanks for sharing, I will have to check these out.

@scottalanmiller said:

@lance said:

I've never actually used one and we are having our laptops refreshed, so I thinking of checking one out.

Simple way to sample one. Try living with Chrome as your only application. That's what a Chromebook is.

Wow, that could be interesting. They do have a lot of extensions for chrome.

I've never actually used one and we are having our laptops refreshed, so I thinking of checking one out.

@scottalanmiller said:

@lance said:

I've been reading Steve Jobs on and off.

What he wrote or about him?

The biography by Walter Isaacson

@scottalanmiller said:

http://blogs.computerworld.com/itbwcw/20140402/chromebook-sales-abi-research

Owning one, I can see why they are popular. So easy to use and so affordable.

Would you consider buying a chromebook over a macbook pro?

@Dashrender said:

Oh.. come on.. I killed many an hour during server upgrades on Minesweeper!

I remember I used spend so much time playing snake on my Nokia 5110

I've been reading Steve Jobs on and off.

@Carnival-Boy said:

As I wrote last week, I love the HP Chromebook I've just got. But to use for business you'd need to be running Google Apps rather than Office, and even then I doubt they'll succeed in 90% of cases. I've a few niche applications where they might be a good fit - but ultimately they'll remain just that: a niche product.

I think they recently started working with VMware on some stuff. http://blogs.vmware.com/euc/2014/02/vmware-horizon-view-extends-chromebooks-enterprise.html

@scottalanmiller said:

If Linux is a necessity, Untangle is the most common product found in the SMB. But it tends to be too complex for its own good. We used to use SmoothWall long ago, they were good.

I've also heard a lot of good things about untangle.

@technobabble said:

I stopped using favorites and started using Evernote web clipper.

I've never heard of this. I might have to check it out.

I want one!

I guess a good spot to start is do you have a budget or are you trying to use old hardware and free software to accomplish this.

What are you eating for lunch? I've got some egg rolls and wonton soup here.

I think out of the places that I've traveled to, I would have to pick San Fran, otherwise Australia

@Joyfano said:

Hello Everyone after done working with Linux Web server, I am now planning to Set up a Linux Firewall.
This firewall will be used in our Company Basically, just for only more than 15 computers.
Any advise on how will i get started?
Can i set up this using our Old Machine?
Thank you in Advance:)

I think the community would suggest using CentOS. Here is a good guide that will help you get started with IPtables. http://wiki.centos.org/HowTos/Network/IPTables