Slorunner.eu

Just another coding blog

The Cost of Ransomware

Alina Simone’s gripping 2015 account of her mother’s extortion ordeal was the first time many non-tech people had heard the term “Ransomware”. It presented a threat that felt intensely personal. It blocked access to data we use to define ourselves: family photos, letters to relatives, tax and financial records, and beloved music and movies.

Flash forward a year, and ransomware is all over the media. The reason for its rise is simple: money.

Before the emergence of ransomware, criminals mainly used (and still use) malware to take control of machines. Malicious code harvested user names, passwords, and credit card numbers. It might have also used infected PCs in a botnet for sending spam or launching attacks that shut down major websites, usually as a decoy while hackers broke in elsewhere.

For Criminals, Ransomware Is Lucrative

Ransomware cuts out the digital middlemen. Rather than collect credit card details that must then be sold on the dark web for a few cents to a few dollars, ransomware demands money directly from the victims. While the amount varies, it tends to be few hundred dollars for individuals.

Yet these small sums are taking a heavy toll. The exact number of ransomware attacks is hard to gauge, as many go unreported. But according to our data they are rising fast. While official complaints about ransomware (and ransoms paid) to the US Department of Justice amounted to only around $24 million in damages in 2015, other numbers are much higher. In April, CNBC estimated the cost of ransomware at around $200 million in the first three months of 2016 alone. Late last year, the Cyber Threat Alliance stated that a single piece of ransomware, CrytopWall v3, resulted in an estimated $325 million in damages worldwide over the course of its lifetime. And as far back as June 2014, the FBI issued a report saying CryptoLocker swindled more than $27 million from users over a two-month period.

Bigger Targets May Mean Bigger Paydays

These numbers speak to the audacity of ransomware purveyors. The long-tail effect of attacking individuals has proven so lucrative, it is unlikely to ever go away. But many organizations also hold sensitive customer data that needs to be protected both to ensure effective service and consumer privacy. That makes them particularly juicy targets to hackers.

Healthcare provides are a case in point. If they lose control of patient information, they may be unable to deliver treatment when needed. There are also strict legal requirements governing the protection of patient data. Both make them subject to lawsuits that could cost them far more than what they would have to pay in ransom. A hospital in Hollywood, California, paid $17,000 in bitcoin to hackers after being locked out of their data. Fortunately, so far, other reported attacks have fared less well. Healthcare providers in Kentucky and Ottawa refused to pay, as no patient data was compromised; and an attack in Germany was quickly contained by fast-acting IT staff.

Still, the hospitals have had to invest considerable time and resources into fighting the attacks. They will also need to launch multiple efforts internally and externally to restore patient trust.

And hospitals are not alone. A 2016 report by the Institute for Critical Infrastructure Technology, an industry think tank, declares 2016 the year of ransomware, suggesting few organizations are safe. For instance, systems at an Israeli electrical utility were infected by ransomware after a phishing attack. A utility in Michigan has been allegedly attacked. Multiple police stations have been hit and paid ransoms to regain access to their systems. Local governments are increasingly feeling the pressure, with attacks reported in places as diverse as Alto City, Texas, and Lincolnshire, UK. And criminals have subverted online adverts of venerable media organizations, such as the BBC and NYT, turning their websites into potential sources of drive-by ransomware.

The Right Protection Saves Money

This is why protection is essential, especially for individual users, most of whom lack the expertise and resources of even modest city councils and small hospitals. Over a three-month period earlier this year, a conservative estimate by AVG is that its antivirus prevented around $47 million in extortion demands through the interception of just three types of ransomware: Cryt0L0cker, CryptoWall, and TeslaCrypt. And that number says nothing of the mental and emotional costs that would have resulted from feeling violated or the costs of replacing machines, software, and media if a victim decided not to pay.

slorunner.eu does not recommend paying. There is no guarantee criminals will release the files. They may also leave a piece of malicious code behind that allows them to strike again. It is better to call tech support, salvage what you can, make frequent backups, and get good antivirus protection – and thus prevent the writing of another news story like Alina Simone’s.

 
2 Kudos
You are
awsome 🙂

How do Hackers Look Like and What They Think?

How do Hackers Look Like and What They Think?

How do Hackers Look Like and What They Think?

EDUCATIONAL PROFILE: Almost all hackers finished college or reached that level by self-education. Self-educated hacker is  more respected in hackers community because you really need to have passion to become professional hacker. The most common areas in which people can engage in hack, with computers electrical engineering, physics, mathematics, linguistics and philosophy. However, as every developer is not necessarily the hackers, so hackers do not always have the skills of programming (I think they have to know programming)!

DRESS STYLE: Hackers are dressed simply, casually: jeans, T-shirt and shoes. T-shirts are usually with some humorous slogans. By 1990, they were distributed T-shirts with computer imagery, but as the hacker culture eventually developed their own symbols, today there are T-shirts with pictures of Penguin (trademark Linux) or daemon (BSD). A small number of hackers prefer hiking boots. After 1995, hackers are falling under the influence of punk, gothic and rave subculture. This was reflected in the wearing of black clothes. Hackers care more about comfort, functionality and ease of maintenance wardrobe. They don’t like business suits. Even if they wear it, be sure to break the conventionality with a humorous tie.

OTHER INTERESTS: Hobbies that hackers exercise are widespread. These are primarily science fiction, music, medievalism, chess, war games and intellectual games of all types, logical puzzles and other areas that are closely related to hacking or that include linguistics and acting.

THINGS HACKERS AVOID: On this list are all Microsoft products, Smurfs and all forms of striking beauty. THEY HATE bureaucracy and stupid people, do not like to listen to soft music, or to watch television, except for cartoons and science fiction films. THEY HATE dishonesty, incompetence and boredom. From programming languages avoid COBOL and BASIC, as well as programs whose appearance is based on the text (not the icons).

PHYSICAL ACTIVITY AND SPORT: The largest number of hackers are generally not engaged in physical activities. Some of them practice it, but interest in the sport is not that big. Avoid team sports. Hacker sports are always individual, including concentration and motor skills: cycling, auto racing, skating, sailing, hiking, gliding … (I actually like to play football, but hate to watch it and I don’t have any favorite team).

Most hackers consume cigarettes and alcohol. In 1995, there was a trend among Linux hackers to drink exotic beers, influenced by Linus Torvalds who like Guinness. The limited use of cannabis, LSD, nitrus oxide used to be more accepted than in mass culture. On the other hand, the use of opioids is rare because hackers do not want to use a drug that blunts them. Most hackers use a coffee and / or sugar (ENERGY DRINKS, mmm 😉 ) in order to stay up all night during the hacking.

 
2 Kudos
You are
awsome 🙂

Microsoft will Inform You If Government is Spying on You

Following in the footsteps of Twitter, Facebook and Google, Microsoft promises to notify users of its e-mail (Outlook) and cloud storage (OneDrive) services if government hackers may have targeted their accounts.
The company already notifies users if an unauthorized person tries to access their Outlook or OneDrive accounts. But from now on, the company will also inform if it suspects government-sponsored hackers.

Ex-Employee: Microsoft Didn’t Notify When China Spied Tibetans Leaders

The move could be taken in the wake of the claims made by Microsoft’s former employees that several years ago Chinese government hacked into more than a thousand Hotmail email accounts of international leaders of Tibetan and Uighur minorities, but the company decided not to tell the victims, allowing the hackers to continue their campaign.
Instead of alerting those leaders of the hacking attempts, Microsoft simply recommended them to change their passwords without disclosing the reason, after an internal debate in 2011, Reuters reported.
However, Microsoft announced Wednesday that if the company strongly suspects that your account is being hijacked or targeted by hackers working in the interest of a nation-state, it will notify you via an email.
Here’s what Microsoft Vice President Scott Charney writes:

“We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others. These notifications do not mean that Microsoft’s own systems have in any way been compromised.”

Just last week, Yahoo promised to alert its users whom it suspected were being spied on by state-sponsored hackers. Other big tech companies including Twitter, Facebook and Google, had previously assured their users that they would notify them of any potential government spying.
And now Microsoft is the latest company to join the list.

Government: We’ll Sue You if You Do That!

This is a good news for Microsoft users, but it seems that the United Kingdom is not happy with this decision by all the major tech firms, because the country seeks access to personal communications in order to fight terrorism and protect national security.
The UK government is pushing a new Investigatory Powers Bill that will take the bosses of any company that warns its users that security organizations, such as GCHQ (the Government Communications Headquarters), MI5 and MI6, are spying on them.
Specifically, UK ministers want to make it a criminal offence for Twitter, Google and other tech firms under which they could face up to two years in prison.

 

 
0 Kudos
You are
awsome 🙂

Twitch ’s latest insane adventure: Installing Linux

Twitch’s latest insane adventure: Installing Linux

Twitch playing Pokémon was easy mode. Tomorrow, Twitch viewers will be invited to do something altogether more challenging: install Arch Linux. Using the same Twitch chat-driven concept as the collaborative Pokémon playthrough, anyone will be able to enter commands and control the installation process.

Normally, installing Linux is quicker and easier than winning Pokémon. The install processes have been made broadly idiot-proof, especially if you’re installing into a safe virtual machine environment and so don’t even run the risk of clobbering a disk accidentally. But if Twitch chat has accomplished anything, it’s breeding a better idiot, one that is mindlessly bloody-minded, and so we fully anticipate that there will be trolling. Trolling Pokémon revolved principally around getting stuck repeatedly in menus and releasing captured Pokémon—annoying to those trying to complete the game but little that would force players to start from scratch.

Linux, in contrast, opens the door to a whole world of exotic trolling opportunities. There are old classics such as rm -rf / to wipe the disk, or dd if=/dev/zero of=/dev/hda to really wipe the disk. There’s the casual annoyance of kill -9 1, or comedy options such as the bash fork bomb of :(){ :|:& };:. We wouldn’t be surprised to see the machine casually trapped in a reboot loop or have its hardware removed to leave it incapable of I/O.

And who knows, even more exotic options are also possible; security attacks to break into the virtual machine host, recruiting of the machine into botnets, or denial of service attacks. Also possible: a ton of copy-pasta and Kappa spam. Twitch wouldn’t really be Twitch without it.

The project kicks off on Saturday October 31 at 4pm Eastern.

 
3 Kudos
You are
awsome 🙂

Password secrets: Your Passwords Aren’t As Secure As You Think

There is one thing that make us so vulnerable is ignorance. Today, everything is going to be depended on the internet. Yes, and you know it better! and a concept that we use to secure our internet accounts and all is our passwords. but is it enough to set password and feel that we are secure? Are you really aware about of how to use passwords?

(more…)

 
3 Kudos
You are
awsome 🙂