Alina Simone’s gripping 2015 account of her mother’s extortion ordeal was the first time many non-tech people had heard the term “Ransomware”. It presented a threat that felt intensely personal. It blocked access to data we use to define ourselves: family photos, letters to relatives, tax and financial records, and beloved music and movies.
Flash forward a year, and ransomware is all over the media. The reason for its rise is simple: money.
Before the emergence of ransomware, criminals mainly used (and still use) malware to take control of machines. Malicious code harvested user names, passwords, and credit card numbers. It might have also used infected PCs in a botnet for sending spam or launching attacks that shut down major websites, usually as a decoy while hackers broke in elsewhere.
For Criminals, Ransomware Is Lucrative
Ransomware cuts out the digital middlemen. Rather than collect credit card details that must then be sold on the dark web for a few cents to a few dollars, ransomware demands money directly from the victims. While the amount varies, it tends to be few hundred dollars for individuals.
Yet these small sums are taking a heavy toll. The exact number of ransomware attacks is hard to gauge, as many go unreported. But according to our data they are rising fast. While official complaints about ransomware (and ransoms paid) to the US Department of Justice amounted to only around $24 million in damages in 2015, other numbers are much higher. In April, CNBC estimated the cost of ransomware at around $200 million in the first three months of 2016 alone. Late last year, the Cyber Threat Alliance stated that a single piece of ransomware, CrytopWall v3, resulted in an estimated $325 million in damages worldwide over the course of its lifetime. And as far back as June 2014, the FBI issued a report saying CryptoLocker swindled more than $27 million from users over a two-month period.
Bigger Targets May Mean Bigger Paydays
These numbers speak to the audacity of ransomware purveyors. The long-tail effect of attacking individuals has proven so lucrative, it is unlikely to ever go away. But many organizations also hold sensitive customer data that needs to be protected both to ensure effective service and consumer privacy. That makes them particularly juicy targets to hackers.
Healthcare provides are a case in point. If they lose control of patient information, they may be unable to deliver treatment when needed. There are also strict legal requirements governing the protection of patient data. Both make them subject to lawsuits that could cost them far more than what they would have to pay in ransom. A hospital in Hollywood, California, paid $17,000 in bitcoin to hackers after being locked out of their data. Fortunately, so far, other reported attacks have fared less well. Healthcare providers in Kentucky and Ottawa refused to pay, as no patient data was compromised; and an attack in Germany was quickly contained by fast-acting IT staff.
Still, the hospitals have had to invest considerable time and resources into fighting the attacks. They will also need to launch multiple efforts internally and externally to restore patient trust.
And hospitals are not alone. A 2016 report by the Institute for Critical Infrastructure Technology, an industry think tank, declares 2016 the year of ransomware, suggesting few organizations are safe. For instance, systems at an Israeli electrical utility were infected by ransomware after a phishing attack. A utility in Michigan has been allegedly attacked. Multiple police stations have been hit and paid ransoms to regain access to their systems. Local governments are increasingly feeling the pressure, with attacks reported in places as diverse as Alto City, Texas, and Lincolnshire, UK. And criminals have subverted online adverts of venerable media organizations, such as the BBC and NYT, turning their websites into potential sources of drive-by ransomware.
The Right Protection Saves Money
This is why protection is essential, especially for individual users, most of whom lack the expertise and resources of even modest city councils and small hospitals. Over a three-month period earlier this year, a conservative estimate by AVG is that its antivirus prevented around $47 million in extortion demands through the interception of just three types of ransomware: Cryt0L0cker, CryptoWall, and TeslaCrypt. And that number says nothing of the mental and emotional costs that would have resulted from feeling violated or the costs of replacing machines, software, and media if a victim decided not to pay.
slorunner.eu does not recommend paying. There is no guarantee criminals will release the files. They may also leave a piece of malicious code behind that allows them to strike again. It is better to call tech support, salvage what you can, make frequent backups, and get good antivirus protection – and thus prevent the writing of another news story like Alina Simone’s.
Apart from Official WordPress repository there are hundreds and thousands of websites which provides free WordPress themes and Plugins but the problem is you can not trust them always.
Yes, Most of them add a malicious code to themes and plugins which is not too easy for you to find out.
Before learning about the cure lets discuss about the cause.
Here is why they add their custom codes
- To get backlink from your blog unknowingly
- To get access to your blog
- To redirect your blog to spam links
- To add their advertisements and banners.
- or to simply get your website down
Not only free themes and plugins also the premium nulled plugins and themes that you have download from Warez and torrents may also infected by these malicious codes.
Did you wonder what triggered me write this article ?
Yes, I too fell prey to these free plugins.Few days back, I was desperate to download a very famous nulled plugin from warez and after installing it in my blog I got to know that the plugin was infected and it redirects my blog to a spam blog.
I immediately disabled the plugin and checked for the code that caused the redirection in plugin files. After an hour I found the code and immediately removed it [ I don’t use that plugin now ]
This incident taught me very important thing.
Never trust nulled WordPress plugins and themes
However many of you might want to use those nulled or free plugins and themes for God’s Sake, If you are one of them then read the remaining article
Detecting Malicious codes
After downloading the plugin or theme,The first thing you should do is to check for virus,trojans and other worms that you may not like it.
Check for Virus and Trojans
Go to VirusTotal.com and upload the zip file to check for virus.
If your file is infected you will get a red signal and if not then you can move on to next step.
VirusTotal Scan result
Check for unwanted codes in Plugins
Now lets check for unwanted codes in plugins using another WordPress plugin called Exploit Scanner,which can be securely downloaded from WordPress website.
After installing it go to Dashboard >> Tools >> Exploit Scanner and run the scan.It will take some time to complete the scan and the time depends on number of plugins you have installed.
After the scan you can see a list of codes that are suspected.You can use the browser search function to find the plugins that you installed from outside WordPress repository.
[mybox]Note : This plugin will also scan themes but you might to be interested to try the tip that I am about to give next.[/mybox]
Check for Theme authenticity
Adding a backlink in a free theme is very common technique but you can easily find those exploited themes by the plugin called Theme Authenticity Checker (TAC).
Install the plugin and go to Dashboard >> Appearance >> TAC
You can see the list of themes installed with their authenticity result.It will give a warning if any encrypted links are found in a theme.
Theme Authenticity Checker
Security is in your hands
Its very rare to get hacked unless,We make mistake.So,security is in your hand : Either Act wisely or get fooled easily.
How do Hackers Look Like and What They Think?
EDUCATIONAL PROFILE: Almost all hackers finished college or reached that level by self-education. Self-educated hacker is more respected in hackers community because you really need to have passion to become professional hacker. The most common areas in which people can engage in hack, with computers electrical engineering, physics, mathematics, linguistics and philosophy. However, as every developer is not necessarily the hackers, so hackers do not always have the skills of programming (I think they have to know programming)!
DRESS STYLE: Hackers are dressed simply, casually: jeans, T-shirt and shoes. T-shirts are usually with some humorous slogans. By 1990, they were distributed T-shirts with computer imagery, but as the hacker culture eventually developed their own symbols, today there are T-shirts with pictures of Penguin (trademark Linux) or daemon (BSD). A small number of hackers prefer hiking boots. After 1995, hackers are falling under the influence of punk, gothic and rave subculture. This was reflected in the wearing of black clothes. Hackers care more about comfort, functionality and ease of maintenance wardrobe. They don’t like business suits. Even if they wear it, be sure to break the conventionality with a humorous tie.
OTHER INTERESTS: Hobbies that hackers exercise are widespread. These are primarily science fiction, music, medievalism, chess, war games and intellectual games of all types, logical puzzles and other areas that are closely related to hacking or that include linguistics and acting.
THINGS HACKERS AVOID: On this list are all Microsoft products, Smurfs and all forms of striking beauty. THEY HATE bureaucracy and stupid people, do not like to listen to soft music, or to watch television, except for cartoons and science fiction films. THEY HATE dishonesty, incompetence and boredom. From programming languages avoid COBOL and BASIC, as well as programs whose appearance is based on the text (not the icons).
PHYSICAL ACTIVITY AND SPORT: The largest number of hackers are generally not engaged in physical activities. Some of them practice it, but interest in the sport is not that big. Avoid team sports. Hacker sports are always individual, including concentration and motor skills: cycling, auto racing, skating, sailing, hiking, gliding … (I actually like to play football, but hate to watch it and I don’t have any favorite team).
Most hackers consume cigarettes and alcohol. In 1995, there was a trend among Linux hackers to drink exotic beers, influenced by Linus Torvalds who like Guinness. The limited use of cannabis, LSD, nitrus oxide used to be more accepted than in mass culture. On the other hand, the use of opioids is rare because hackers do not want to use a drug that blunts them. Most hackers use a coffee and / or sugar (ENERGY DRINKS, mmm 😉 ) in order to stay up all night during the hacking.
Here is how to install Tomato firmware on your cheap Wi-Fi router to attain functionality of a high cost router.
What if you could simply enhance your router’s functionalities just by some software alteration. well, Few people understand why some routers cost $15 and some hundreds of dollars.
There are hardware differences and… software differences.
Using a custom firmware (if supported by the router) can give you options/features available on much more expensive hardware.
Such a firmware is Tomato USB. Its an open source firmware for Broadcomm based routers.
The first step is to see if your router is supported by Tomato, so please check Shibby Tomato Builds. If it is, get the newest version and flash it on the administration interface.
Usually, there are some flavors: AIO (All in One) or VPN (few features, smaller size, perfect for most users).
If it cannot be flashed through Web interface (like Asus RT-N53), you must use the emergency procedure (see router documentation) to upload the custom firmware to the router.
After you install and set up all the usual settings on Tomato (WIFI, LAN etc.), you can go further, and with some work, you can install many programs, for example a webserver with PHP support or Transmission Torrent client (the router must have USB ports).
Different routers have different flash memory sizes. Inside the flash reside the firmware and settings. Depending on the flash size and firmware size (VPN or AIO), some unused space might still remain, so you can create a JFFS partition to install software. This is critical for routers without USB or if you do not want to use a USB drive. If you do want to use a USB drive, read here how to create a partition, and after you create it, continue this tutorial from Step 3.
Okay lets start.
Step 1: Create a JFFS partition.
Go to Administration – JFFS – Enable – Format Erase
In the text box paste:
mount -o bind /jffs /opt
Wait a few minutes, and if you do not get any message, reboot the router.
Go to Administration – Admin Access and modify the default port settings for router administration (ex: 8082).
This will allow you to access your router on specified port.
3. Access the router on SSH using Putty (Windows) or Terminal (Mac).
On Mac, the command is:
ssh -l root IP
Username must be root and the password of the admin user.
Install Optware package manager by using the following code.
wget http://tomatousb.org/local–files/tut:optware-installation/optware-install.sh -O – | tr -d ‘\r’ > /tmp/optware-install.sh
chmod 755 optware-install.sh
Note that it may take time depending on your internet speed and your router’s processing power.
Install nano (text editor), lighttpd (webserver), and PHP
ipkg install nano
ipkg install lighttpd
ipkg install php-fcgi
Step 6: Edit the lighttpd configuration file.
and add this:
Modify the default running port of the webserver (default is 8081).
server.port = 80
Save everything and close nano.
Restart the webserver.
Now you can put files and scripts in /opt/share/www/
If you want your webserver to be accessible from WAN, you need to add those lines to the Firewall script (Administration – Scripts – Firewall):
iptables -t filter -A INPUT -p tcp –dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp –dport 443 -j ACCEPT
Its done! now enjoy the features on your budget router. Do post your queries or suggestions in the comments.
Following in the footsteps of Twitter, Facebook and Google, Microsoft promises to notify users of its e-mail (Outlook) and cloud storage (OneDrive) services if government hackers may have targeted their accounts.
The company already notifies users if an unauthorized person tries to access their Outlook or OneDrive accounts. But from now on, the company will also inform if it suspects government-sponsored hackers.
Ex-Employee: Microsoft Didn’t Notify When China Spied Tibetans Leaders
The move could be taken in the wake of the claims made by Microsoft’s former employees that several years ago Chinese government hacked into more than a thousand Hotmail email accounts of international leaders of Tibetan and Uighur minorities, but the company decided not to tell the victims, allowing the hackers to continue their campaign.
Instead of alerting those leaders of the hacking attempts, Microsoft simply recommended them to change their passwords without disclosing the reason, after an internal debate in 2011, Reuters reported
However, Microsoft announced Wednesday that if the company strongly suspects that your account is being hijacked or targeted by hackers working in the interest of a nation-state, it will notify you via an email.
Here’s what Microsoft Vice President Scott Charney writes
“We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others. These notifications do not mean that Microsoft’s own systems have in any way been compromised.”
Just last week, Yahoo promised to alert its users whom it suspected were being spied on by state-sponsored hackers. Other big tech companies including Twitter, Facebook and Google, had previously assured their users that they would notify them of any potential government spying.
And now Microsoft is the latest company to join the list.
Government: We’ll Sue You if You Do That!
This is a good news for Microsoft users, but it seems that the United Kingdom is not happy with this decision by all the major tech firms, because the country seeks access to personal communications in order to fight terrorism and protect national security.
The UK government is pushing
a new Investigatory Powers Bill that will take the bosses of any company that warns its users that security organizations, such as GCHQ
(the Government Communications Headquarters), MI5
, are spying on them.
Specifically, UK ministers want to make it a criminal offence for Twitter, Google and other tech firms under which they could face up to two years in prison.
Several Grand Theft Auto V for PC mods found to have viruses and malware
In the world of PC gaming, the Mods play a very important role in it. Mods take an original base of a game, and with some twists, you get carried to a totally different world. However, it looks though at least one person has decided to take advantage of the circumstances and include the malicious code within without the knowledge to those who download it.
The hugely popular No Clip and Angry Planes mods for Grand Theft Auto V are said to come with malicious code. This only emphasizes the importance of performing scans on the files you download with proper and updated anti-virus and anti-malware tools before you install them.
GTA Forum consisting of seven members carried out an investigation after realizing that Angry Planes had began to misbehave. It was found that an odd C# compiler program was running in the system processes, transmitting and receiving data across the web. A Fade.exe executable was found in his PC’s Temporary Files folder that kept a watch on his activity and changed his Windows registry to silently launch at system boot.
The other user who checked out the malware stated that he had used his PC to take part in a DDoS attack against a Twitch game streamer. Other modules that were found to be active inside the malware include a Facebook spam/credential stealing module, a Messenger.com spam/credential stealing module, a Twitch spam/credential stealing module, a Keylogger module, a Steam spamming module, and a UDP flooding module.
Malwarebytes, a Security firm that thorough examined the malicious files that were shared via the fraud has been identified by the security firm as Trojan-Agent-TRK – in a Malwarebytes blog post.
As told to EI Reg, Chris Boyd, a security researcher at Malwarebytes and an enthusiastic gamer stated that the flexible malicious ad-ons towards gamers is a fairly common action.
“Game mods have been a target for many years, with an older version of GTA coming under fire from a notorious GTA: Hoodlife fake mod containing malware back in 2007,” Boyd explained.
“Fans of the series traditionally enjoy extending the lifespan of the title through modding, so it’s a rich area of exploitation for malware authors. Rockstar could potentially increase mod safety by opening up the Steam workshop to mod downloads, but it seems that option isn’t available yet,” he said.
“If there is no push to host mods on Steam, then gamers will have to rely on third-party sites for downloads. It’s a lot easier for bad files to slip through on forums and fan-made websites than a service such as Steam with various checks and security features in place behind the scenes,” he added.
In case, you are using No Clip or Angry Planes with any mod or GTA V, it is advisable to carry out an anti-malware scan with one of the AV programs that identified the malicious file. It is also advisable to change your passwords to be more secure.
Security researchers the world over have been digging through themassiveHackingTeam dump for the past five days, and what we’ve foundhas been surprising. I’ve heard this situation called many things, and there’s one description that I can definitely agree with: it’s like Christmas for hackers.
“On the fifth day of Christmas Bromium sent to me a malware analysis B-L-O-G” – You
Cross-Site Request Forgery (CSRF) is an attack outlined in the OWASP Top 10 whereby a malicious website will send a request to a web application that a user is already authenticated against from a different website. This way an attacker can access functionality in a target web application via the victim’s already authenticated browser. Targets include web applications like social media, in-browser email clients, online banking and web interfaces for network devices.