ONI or Devil Malware Hits Japanese Businesses

We have seen so many new strains of ransomware like WannaCry, GoldenEye, CryptoLocker, Petya and Bad Rabbit (to name a few) that it’s beginning to become a full time job just to keep up with this new strain of computer virus/ malware.

This new strain of ransomware (we’ll just call it Devil to make things simple) began searching through the network to gain control of key machines like servers using a Trojan virus variation. The targeted servers that did not have this Microsoft security update were then infected but this particular malware code did not activate right away but remained hidden. Then, after lying dormant, the ransomware struck and encrypted all machines that it touched.

While this new malware was most likely created for monetary gain, there is much debate in the cyber security world about this, with questions arising about Devil possibly being created simply as a cyber attack. One clue has been found inside the code of Devil when researchers found bits of the Russian language. This has led researchers to believe that Devil originated in Russia and may have been designed to simply damage it’s targets.

New Ransomware Variant – Bad Rabbit – Spreading Worldwide

The new ransomware is a variant of Petya and is spread via a fake Flash update. So far, several antivirus companies are claiming that their updated security products protect users from bad rabbit.

According to the US-CERT warning, “US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.”

ATM Hacking Malware Being Sold On The Dark Web – Cheap!

The website is called ATMjackpot and sells the malware title Cutlet Maker. The name comes from Russian slang “Cutlet” which means a “roll of money.”

The malware coders claim that it works on any Wincor Nixdorf ATM. Most ATMs are vulnerable to hackers because the machines have a computer inside that run an operating system just like a desktop PC.  Many ATM computers still use old operating systems like Windows XP which is no longer supported or updated to fight the latest threats. This fact, coupled with open and available USB ports makes the machines the perfect targets for hackers.

What Industry Is Experiencing 2,500% Growth? Ransomware

WannaCry, Locky, GoldenEye and Cryptolocker are just a few of the ransomware titles that emerged in 2017 and with them, an estimated cost of 1 Billion dollars (go ahead, do the Dr. Evil pinky thing) to businesses worldwide.

According to research by Carbon Black, from 2016 to 2017 there’s a $2,502% increase in the sales of ransomeware within the dark web. Cybercriminals are happily buying code that is producing fast profits for their fledgling organizations

The report has uncovered a rapidly growing industry with some surprising findings.

A marketplace with 45,000 product offerings, including “DIY Kits” for ransomware code
This dark marketplace has gone from $249,287.05 in sales for 2016 to $6,237,248.90 in sales.
Some sellers are making over $100K annually

For more interesting findings please see the original article by Carbon Black.

Some Equipment Is Built To Last 10 Or More Years – Your PC Isn’t

cat.ma.du is located in West Texas – farm and ranch country. For the most peart are a hearty bunch – spending many hours outdoors in extreme weather working with our hands and with heavy machinery.

When I first started driving in the city – and still to this day – I was complaining about how slowly everyone drove. A friend told me, “Don’t get mad at the guy driving slowly in front of you, he spent all day yesterday on a tractor driving 15 MPH in a circle.” I still get mad, but this perfectly illustrates how the lines between life in the country and life in the city often blur here in West Texas.

What does all of this have to do with computers? Did you just fall for clickbait and this is actually an attempt to sell you farm equipment? No. Here’s my point and my theory.

Farmers and ranchers spend hundreds of thousands of dollars on equipment but they expect that type of technology to last for decades. My theory is that they expect this from all of the equipment that they buy, even a new computer.

Unfortunately, PCs just don’t last that long anymore. While there is no definitive answer as to how long they will last or how often you should replace your computer, here is our collective experience that matches many in our industry.

Plan to replace your PC every 3 – 5 years (the life expectancy of a laptop is slightly less). Here are a few reasons why.

Hardware fails.

The hard drive (where the data is stored) fans, power supply and the motherboard all fail eventually. These are man made components that are prone to giving out. We often see lower end computers have hardware failure what we call “a year and a day.” We started using this term to describe failures that happen just outside of the manufacturer’s warranty and it happens quite often.

Software constantly evolves and software companies stop supporting older versions.

Unlike a John Deere tractor (which you can typically find someone who can work on even a very old one), computer software companies eventually stop supporting and updating old versions. The cost is just too great.

Modern PC users run more applications and programs on the same computer than ever before and as each software title updates, it often uses more resources.

I remember my first Windows PC, it had Windows 3.1 installed on it. I ran MS Money and AOL on it. That’s it! Now, a new PC comes with dozens of apps right out of the box. Then the typical user begins to install the different apps that they need. All of these apps take system resources and with each upgrade they use more and more. This often makes it necessary to buy new hardware to upgrade or simply buy a new PC over time.

Proactively replacing a PC before a catastrophic failure typically costs less money and definitely takes less time and causes less stress.

When a PC is completely dead it takes different tools and a different approach to retrieve the data, find software keys (or buy new software) and get the new PC up and running than it does to transfer everything from one operational computer to another.

A thrifty person can sometimes squeeze an extra year out of a computer but sometimes that gamble is a bust and it actually costs them more money than just purchasing a new one when the time comes.

Fighting Viruses Get’s Tougher – Popular Cleanup App Targeted

Over 2 million users recently installed a version of CCleaner that had been hacked and included a trojan virus, according to the software developer.

This isn’t the first time that software that is designed to help and protect computers has contained malicious code It is, however, the first time that a popular tool (used many computer repair companies and technicians) has been successfully targeted. And while the software company has given the all clear, it was recently discovered that the newer (not compromised) version is also affected.

It get’s worse, in addition to the Trojan injected into the code, the infection contains a second payload that hasn’t been executed as of yet.

This form of infecting a victim with viruses and malware is being called a “supply chain” attack because it relies on the fact that the person downloading and installing the software trusts the source and the software company.

The truth is, if the end users or the computer techs that they are trusting to remove viruses don’t stay on the cutting edge of technology (and news of this nature), they will end up eventually doing more harm than good due to future attacks like this one.

As cat.man.du enters it’s 15th year helping home PC users and home businesses battle the constant threat from hackers and viruses, we are committed to constantly monitoring the tools and apps that we use to fight malware, spyware and viruses and never become complacent.

Who’s Calling? Not Equifax!

Just in case you are living under a rock, 143 million Americans (that’s almost half of the population) just had their Social Security numbers, names, driver’s license and birth dates stolen when Equifax was hacked.

It doesn’t help that Equifax itself has made it confusing and difficult to check to see if you are one of the victims by creating a confusing web page that gives users conflicting information AND a weak PIN, AND is vulnerable to spoofing which would create even more victims.

If you want to know how to NOT handle a data breach, Equifax just wrote the definitive rulebook.

Now, hackers and the scammers are taking full advantage of the situation by calling people and pretending to be Equifax.

The Federal Trade Commission has issued a warning asking people to not interact with anyone calling and claiming to be with Equifax. They aren’t calling you, they don’t do that (neither does Microsoft or Google or any major company) they don’t have the resources and frankly don’t care enough to try.

The scam starts off with something like “This is Equifax calling to verify your account information.” It may be an automated call or a live person.

Do not press one, do not trust your caller ID, do not interact with the call in any way.

Email Phishing Scam Looks Like It Is Sent From The BBB

The BBB is warning businesses about an email phishing scam. The phishing email claims to be from the BBB with official sounding subjects like “violating the Fair Labor Standards Act” and “Safety and Health Act.” They also will appear to notify the recipient that a complaint has been lodged against their business. Contained within the email is a clickable link that will download malware which will then steal the victim’s passwords and/or hack company data.

The reason these emails are so successful, is that the BBB does send emails to businesses in order to inform or notify.

If you receive an email from the BBB, stop and take the time to read it over. Check for any grammatical errors and if it has a local signature located at the bottom. If there is a question about the legitimacy of the email, call your local BBB.

If you have already received one of the phishing emails and clicked on a link, immediately change passwords and contact cat.man.du.

US And European Electrical Grid Targeted In Massive Cyber Attack

The report states that hackers in Dragonfly has reemerged after about a four year hiatus and now has the ability to take control over the compromised power grids. Symantec is calling this new wave of attacks Dragonfly 2.0 in their report.

This isn’t the first time that hackers have set their sites on the power grid. In 2015 and 2016, hackers disrupted the Ukraine’s power grid and that attack resulted in hundreds of thousands of people without power. More recently, hackers linked back to the Russian government have developed malware in order to target the US.

Dragonfly 2.0 has used a sophisticated email campaign containing content specific to the energy sector which has tricked power company workers into opening the emails. Once the emails are opened, the malware sends the user’s network credentials back to the hacker’s server. The hackers also used attacks called ‘water hole’ to compromise websites frequented by users in the energy sector. Once a user visited the compromised sites, their network credentials were harvested. In one case, after the user visited a compromised website, a computer virus named Backdoor.Goodor was installed on the user’s computer which allowed the hackers to take control of the system.

According to Symantec, “Sabotage attacks are typically preceded by an intelligence-gathering phase where attackers collect information about target networks and systems and acquire credentials that will be used in later campaigns. The most notable examples of this are Stuxnet and Shamoon, where previously stolen credentials were subsequently used to administer their destructive payloads.”

The Oldest White Supremacist Site Shut Down!

A former Ku Klux Klan leader, Don Black, was operating stormfront.org which had over 300,000 registered users. According to Black, the sites traffic had greatly increased since violence erupted in Charlottesville, Virginia. The site has been operated by Black since 1995 and included forums that were popular with KKK and Nazi groups.

In a telephone interview with the Associated Press, Black said “‘I’m talking to my lawyers, and that’s about all I can do right now, I can switch to another domain, but it might wind up the same way.’”

Black has been involved with the white supremacist and KKK movements since the 70’s and was even convicted for attempting to overthrow the island nation of Dominica in 1981.

This follows after another popular white supremacist site, The Daily Stormer, was also taken offline.

According to the AP article, Kristen Clarke, executive director of the Lawyers’ Committee for Civil Rights Under Law said in a statement, “’Especially in the wake of tragic events in Charlottesville and the spike in hate crimes across the country, Stormfront crossed the line of permissible speech and incited and promoted violence.’”