Hi Friends,
Got some news on a new ransomware making a name for itself. It doesn't appear to spread itself through spam, but researchers aren't really sure how it's spread yet. The one thing they do know is that it's pushed out to servers using a Domain Controller. The ransomware is named RobinHood and unlike good Robin of Loxley, this ransomware doesn't take money from rich people and give it to the poor, it just takes money.
RobinHood is a ransomware, which means when it's kicked off, it goes to work encrypting your files. Yep, encrypting files is good when you have the key to unlock it, but in this case you can only get the key if you've paid the ransom.
Think of it like this. Some guy breaks into your house when you're at work. He changes all the locks on the doors and when you come home he says, "Hey, I've locked up your house and you can't get in. All of your things are still in the house and I'll give you the new key only if you give me $5000. If you don't give me $5000 in a few days, you can come in, but all your stuff will be gone." That would suck!
Ransomware has been declining due to Bitcoin losing a bunch of it's value. In December of 2017 it was almost up to $20,000 per coin (yes 20,000), but quickly lost value in 2018. (https://en.wikipedia.org/wiki/History_of_bitcoin) The first couple months in 2019 it was around $3500-$4000 per Bitcoin. That's a heck of a loss!
Ah, but if you've taken a look at the price of Bitcoin lately, it's starting to creep up again. I checked today's prices and it's almost $8000 a coin, so with the price of cryptocurrency going up, so does the prevalence of ransomware.
One of the first highly publicized instances of RobinHood is when it attacked the city of Greenville in North Carolina in April. (https://www.baltimoresun.com/news/maryland/politics/bs-md-ci-ransomware-attack-20190517-story.html) According to the article in the Baltimore Sun, 5 weeks after the April attack, the city was still recovering!
Can you imagine that? Shutting down a city for over a month! Now this isn't to say that Greenville was teleported back to the dark ages because their servers were locked-up, but can you imagine the headache that this caused? Everything is being computerized!
Now shift gears to May and another city is hit by RobinHood. This time Baltimore in Maryland was hit. Adding insult to injury, Baltimore was hit last year with malware that took down their 911 system. So I'm sure the cities IT folks, officials and citizens are less then happy.
Baltimore has decided not to pay the ransom and it is rebuilding it's servers as I write this article.
Can you imagine the huge pain in the behind this causes a city? Now imagine this happening to a hospital!
It's a brave new world folks and things like this are becoming common place. You can't stop threat actors from attacking your city or your hospital (Unless you're a security person working for your city or hospital.), but you can educate yourself.
If you get a weird email about your accounts being locked or compromised or needing additional information, don't click on anything! If you're truly concerned, go to the actual companies website and login from there.
Be careful out there!
Neil
Tuesday, May 21, 2019
Friday, May 3, 2019
Got a Ransomware? Check Here Before Paying!
Hi Friends,
I was reading BleepingComputer this morning and came across and article about ransomware and they talked about a free decrypter made by Emsisoft. There are FREE decrypters out there?! How cool is that?! Sorry if I'm a little late to the party, but that is super awesome! If you're late to the party too, let me help enlighten you. :-)
Let me first say, I'm not an employee of Emsisoft nor have I used or tested their decrypters. Use at your own discretion.
So head on over to https://www.emsisoft.com/ and highlight the Support tab. You should see Ransomware Decrypter as an option. Select that and you'll go to the page with all of the decrypters on it.
There are 48 decrypters on the page going back to August of 2013 and they just released a new decrypter yesterday, May 2nd!
Bravo to Emsisoft for trying to help out folks who have unfortunately been infected by ransomware.
I don't wish ransomware on anyone, but if in the unfortunate event you become infected with it, hopefully one of the Emsisoft decrypters can help you without having to pay the ransom.
Neil
I was reading BleepingComputer this morning and came across and article about ransomware and they talked about a free decrypter made by Emsisoft. There are FREE decrypters out there?! How cool is that?! Sorry if I'm a little late to the party, but that is super awesome! If you're late to the party too, let me help enlighten you. :-)
Let me first say, I'm not an employee of Emsisoft nor have I used or tested their decrypters. Use at your own discretion.
So head on over to https://www.emsisoft.com/ and highlight the Support tab. You should see Ransomware Decrypter as an option. Select that and you'll go to the page with all of the decrypters on it.
There are 48 decrypters on the page going back to August of 2013 and they just released a new decrypter yesterday, May 2nd!
Bravo to Emsisoft for trying to help out folks who have unfortunately been infected by ransomware.
I don't wish ransomware on anyone, but if in the unfortunate event you become infected with it, hopefully one of the Emsisoft decrypters can help you without having to pay the ransom.
Neil
Subscribe to:
Posts (Atom)