Tuesday, September 20, 2016

FBI Alert, 9/15/16 - Ransomware Victims Urged to Report Infections to Federal Law Enforcement

9/20/16 - CPAM Alert received from the FBI for consumers and businesses. R. Coleman, CPAM



Ransomware Victims Urged to Report Infections to Federal Law Enforcement
The FBI urges victims to report ransomware incidents to federal law enforcement to help us gain a more comprehensive view of the current threat and its impact on U.S. victims.

What Is Ransomware?

Ransomware is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. Ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs the malware, or through drive-by downloads (which does not require user-initiation) from a compromised Web site.

Why We Need Your Help

New ransomware variants are emerging regularly. Cyber security companies reported that in the first several months of 2016, global ransomware infections were at an all-time high. Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day.
Ransomware infections impact individual users and businesses regardless of size or industry by causing service disruptions, financial loss, and in some cases, permanent loss of valuable data. While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement.
Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.
The FBI is urging victims to report ransomware incidents regardless of the outcome. Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.

Threats to Users

All ransomware variants pose a threat to individual users and businesses. Recent variants have targeted and compromised vulnerable business servers (rather than individual users) to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network. Actors engaging in this targeting strategy are also charging ransoms based on the number of host (or servers) infected. Additionally, recent victims who have been infected with these types of ransomware variants have not been provided the decryption keys for all their files after paying the ransom, and some have been extorted for even more money after payment.
This recent technique of targeting host servers and systems could translate into victims paying more to get their decryption keys, a prolonged recovery time, and the possibility that victims will not obtain full decryption of their files.

What to Report to Law Enforcement

The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at www.IC3.gov, with the following ransomware infection details (as applicable):
  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement

The Ransom

The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.

Defense

The FBI recommends users consider implementing the following prevention and continuity measures to lessen the risk of a successful ransomware attack.
  • Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
  • Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline. It should be noted, some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real-time, also known as persistent synchronization.
  • Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust. When possible, verify the integrity of the software through a digital signature prior to execution.
  • Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
  • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
  • Disable macro scripts from files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications.
  • Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.
Additional considerations for businesses include the following:
  • Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
  • Patch all endpoint device operating systems, software, and firmware as vulnerabilities are discovered. This precaution can be made easier through a centralized patch management system.
  • Manage the use of privileged accounts by implementing the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; they should operate with standard user accounts at all other times.
  • Configure access controls with least privilege in mind. If a user only needs to read specific files, he or she should not have write access to those files, directories, or shares.
  • Use virtualized environments to execute operating system environments or specific programs.
  • Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units. For example, sensitive research or business data should not reside on the same server and/or network segment as an organization’s e-mail environment.
  • Require user interaction for end user applications communicating with Web sites uncategorized by the network proxy or firewall. Examples include requiring users to type in information or enter a password when the system communicates with an uncategorized Web site.
  • Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy.
Follow the ic3 link to file a report.

Friday, September 16, 2016

CNET / Symantec - Ransomware a growing problem, If you are a victim review these recommendations & view the video before you pay!

CNET Author: Lancy Whitney ,11/12 2012

Cybercriminals gangs are creating a surge in ransomware, says a new report from Symantec.

Ransomware is a type of malware best described as an online extortion racket. Malware locks or disables your PC in some way and then demands payment in the form of a "fine" to render your PC usable again. Like most scams, the ransomware message claims to come from a legitimate organization, such as the government or a public corporation, to try to convince victims that they did something wrong to incur the fine.
But paying the fine does nothing since the initial malware remains on the PC and must still be manually removed.

This scam has risen in popularity over the past several years, but 2012 witnessed an increase in both the number and variety of ransomware campaigns, Symantec said in its report. That growth is due largely to a upsurge in the number of worldwide criminal gangs using this scheme to make a buck.

"From just a few small groups experimenting with this fraud, several organized gangs are now taking this scheme to a professional level and the number of compromised computers has increased," the report noted. "Symantec has identified at least 16 different versions of ransomware."

One malware investigation mentioned in the report discovered 68,000 affected computers in a single month. Another one caught a Trojan attempting to infect 500,000 PCs over the course of just 18 days.

Criminals go where the money is, and ransomware can be a cash cow. As much as 2.9 percent of all people affected by ransomware end up paying the ransom, Symantec said. Criminal gangs have stolen more than $5 million a year from unsuspecting victims, according to one estimate, however, Symantec believes the dollar amount to be much higher.

Though a variety of different gangs are active, many get their ransomware from the same source, the report said. A single individual, who remains unknown, seems to have a full-time job of developing ransomware to fill requests from the criminal gangs.

Symantec Video: Ransome ware a growing problem

Symantec - Video on addressing ransome and malware



Federal Trade Commission - When your computer life is held for ransom

When your computer life is held for ransom

August 31, 2016
by  Aditi Jhaveri              
Consumer Education Specialist, FTC              
 
Imagine if everything on your computer was “kidnapped” — including all of your precious family photos and important personal documents. And the only way you could access any of it again was if you paid a lot of money — or bitcoins — to a hacker. Even if you pay, there’s no guarantee you’ll get your stuff back.
 
Sounds like something out of a movie, right? Unfortunately, it’s happening in real life. It’s called ransomware. You might’ve heard news stories about ransomware attacks on hospitals, universities, and other large organizations, too.
 
Hackers do it by encrypting files on your computer — and files you’ve saved to connected hard drives or any shared folders. Once the files are encrypted you won’t be able to open them without the encryption key — which you can get only if you pay the amount hackers demand. That could be hundreds or thousands of dollars.
 
It’s a serious problem. That’s why the FTC is holding a ransomware event on September 7 in Washington, DC. We’ll talk with security experts, law enforcers, and others about what steps people and businesses can take to protect their computers — and what to do if you’re a victim.
 
Check out the event details — it’s free and open to the public. Or tune in to the webcast — we’ll post the link here a few minutes before the event starts. In the meantime, check out this video on protecting your computer from malware:
 
 
*Make sure to report it to the Internet Crime Complaint Center (IC3) at www.ic3.gov
 
 

FTC - Protect your computer from Malware

9/16/16, Hacking  of websites and emails has been a big issue this year and daily in the news. Here are some tips from the FTC about how to protect your computer. This is the first in a series of how to protect your computers, emails, servers, and cell phones from being hacked into. The most important step that all consumers and business that host blogs, websites, and social media, is go into your analytics to see "who is accessing your site" and viewing your pages. Governmental entities / Businesses IT professionals should remind employees not to open suspicious emails or open links.

Use the highest filters possible and scan your computers daily to check for viruses. If you host a blog, or a social media site for your work place / business, it is recommend that you remove all "work related" emails from your site use Gmail or some other Email site to avoid  your system from being comprised.

To our surprise CPAM's site has had just as many views from Russia as in the USA over the past year. Rich Coleman, CPAM  

Transcript from the FTC : Protect your computer from Malware

Malware is short for “malicious software."  It includes viruses and spyware that get installed on your computer or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. Learn more about how to avoid, detect, and get rid of malware.


Would it surprise you to learn that millions of computers in the US are infected with malware? That's a lot of computers. So what's malware, and why should you care?
Malware, short for malicious software, includes viruses and spyware that get installed on your computer or mobile device without you knowing it. Criminals use malware to steal personal information and commit fraud. For example, they may use malware to steal the login information for your online accounts or to hijack your computer and use it to send spam. An infected computer can lead to serious problems, like identity theft.
The good news, there's a lot you can do to protect yourself and your computer. One of the most important steps you can take, install security software from a reliable company and set it to update automatically. The bad guys constantly develop new ways to attack your computer, so your software must be up to date to work.
Set your operating system and your web browser to update automatically too. If you're not sure how, use the help function and search for automatic updates. Don't buy security software in response to unexpected calls or messages, especially if they say they scanned your computer and found malware. Scammers send messages like these to trick you into buying worthless software, or worse, downloading malware.
 What else can you do? Use a pop up blocker, and don't click on links and popups. Don't click on links or open attachments in emails unless you know what they are, even if the emails seem to be from friends or family.
Download software only from websites you know and trust. Free stuff may sound appealing, but free downloads can hide malware. Make sure your web browser's security setting is high enough to detect unauthorized downloads. For example, use at least the medium security setting.
Even if you take precautions, malware can find its way onto your computer. So be on the lookout for these signs. Your computer runs slowly, drains its battery quickly, displays unexpected errors or crashes, it won't shutdown or restart, it serves a lot of popups, takes you to web pages you didn't visit, changes your home page, or creates new icons or toolbars without your permission.
If you suspect malware, stop doing things that require passwords or personal info, such as online shopping or banking. Use a different computer, maybe one at work or at your local library, to change your passwords. Update your security software and run a system scan. Delete files it flags as malware.
If you can't fix the problem on your own, get help from a professional. Your computer manufacturer or internet service provider may offer free tech support. If not, contact a company or retail store that provides tech support.
Keep in mind, the most important thing you can do to prevent malware is to keep your computer software up to date. And remember, it's easy to find trusted information about computer security. Just visit onguardonline.gov, the federal government site to help you stay safe, secure, and responsible online.
FTC, dealing with Malware video

Wednesday, September 14, 2016

Apple Warning --ITune gift cards Scams

iTunes Gift Card Scams

* 9/14/16- Information from the Apple Website:
Be aware of scams involving iTunes Gift Cards.

Regardless of the reason for payment, the scam follows a certain formula: The victim receives a call instilling panic and urgency to make a payment by purchasing iTunes Gift Cards from the nearest retailer (convenience store, electronics retailer, etc.). After the cards have been purchased, the victim is asked to pay by sharing the 16-digit code on the back of the card with the caller over the phone. 
It's important to know that iTunes Gift Cards can be used ONLY to purchase goods and services on the iTunes Store, App Store, iBooks Store, or for an Apple Music membership. If you're approached to use the cards for payment outside of the iTunes Store, App Store, iBooks Store, or Apple Music, you could very likely be the target of a scam and should immediately report it to your local police department as well as the FTC
Please do not ever provide the numbers on the back of the card to someone you do not know. Once those numbers are provided to the scammers, the funds on the card will likely be spent before you are able to contact Apple or law enforcement.  

Tips to avoid becoming the victim of a scam

  • If you are NOT purchasing an item from the iTunes Store, App Store, iBooks Store, or an Apple Music membership, do NOT make a payment with iTunes Gift Cards. There's no other instance in which you'll be asked to make a payment with an iTunes Gift Card.
  • Do not provide the numbers on the back of the card to someone you do not know.
  • Immediately report potential scams to your local police department as well as the FTC (ftccomplaintassistant.gov).

Contact Apple

If you have additional questions, or if you’ve been a victim of a scam involving iTunes Gift Cards, you can call Apple at 800-275-2273 (U.S.) or contact Apple Support online.

More information