If you are having trouble viewing this email, click here to view this online

 

VOLUME 77

   ISSUE 77

15 December 2017
Article of the Month Around the World

RANSOMWARE CAN LOCK YOU OUT!!

 

�Ransomware is a popular term that frightened people around the world recently. It is a malware that is created to obtain a ransom from the person of an infected system. The most famous ransomware type is encrypting ransomware which can encrypt the hard drive of your computer and prevent you from accessing your data inside it. In order to decrypt your data, the attacker request you to pay a ransom. However, ransomware is being around for a while and recent reports show that the attackers have greatly improved and use ransomware in more effective ways even evading the mobile phones. 2017 was a year that created havoc for businesses worldwide due to the Ransomware such as NotPetya, WannaCry, Locky and Bad Rabbit.


The growth in digital payment methods, mainly Bitcoin has also become a supportive factor for the fast growth of ransomware attacks. Bitcoin helps to anonymize the transactions and to prevent the identification of the criminals. Hackers request to pay the ransom in bitcoins so it will be impossible to trace back the criminal.


According to the reports, NotPetya considered to be the most destructive ransomware attack in 2017. Not only NotPetya was able to cripple down the Ukrainian power plants, banking services and supermarkets but also it was able to get infected in to hundreds of thousands of computers of 100+ countries around the world.


WannaCry is the other destructive malware which was able to get infected more than 300,000 devices around the world and scared many more in May 2017 and was able to cripple the banks, law enforcement agencies, and other infrastructure.



In Bad Rabbit ransomware, users got affected through fake Adobe Flash software updates. When the software is downloaded and run, the user is infected with ransomware where their files were encrypted. All these three attacks were targeting the Microsoft Windows based systems exploiting SMB protocol using the EternalBlue vulnerability.


DoubleLocker, was a ransomware which got infected in Android devices and encrypted the victims mobile phone and modified its PIN also. Attackers gave 24 hours� deadline to the victims to pay the ransom.

Once your device is infected with a ransomware, you will lose access to your data and will see an image that says the files are encrypted and to recover the files you should submit the payment and get the decryption key. For example, the attackers behind Bad Rabbit were demanding 0.05 Bitcoin (�220) from victims, in exchange to provide the decryption key for their encrypted devices.


Cybersecurity Ventures predicts ransomware damages will cost the world $5 billion in 2017 and climb to $11.5 billion in 2019. Therefore, protecting ourselves from ransomware is very important and a timely requirement. Through the good cyber practices, the users will be able to protect themselves not only from ransomware but also from other security related threats as well.


Stay up to date - Ensure you apply all updates on all your devices. The operating system patches and software patches are important. The patches are used to fix the vulnerabilities. Do not run software updates that are prompted by third-party sites. If you do need to update your software, directly get it updated through the vendor�s website.
Virus guard to protect your system - Use a good anti-virus software and keep it up to date. Regular updating of the virus-guard is very important to keep your system healthy and secure.


Think before you click - Do not click on any suspicious links or do not download any suspicious attachments. They can contain malicious codes which can infect your system or which can lock you out from using your own device.


Back it up - Make sure you back up your system. Store your files securely offline. If you maintain regular backups and keep it safe and secure even you get infected with the ransomware you can lessen the pain since you can restore everything from the backup.
 

Should you pay the Ransom? � According to the Security experts� advice YOU SHOULD NOT PAY the ransom in order to obtain the decryption key. There are two reasons for this. One is even though you pay the requested ransom, receiving the decryption key is not guaranteed. Therefore, paying the ransom can be a waste of your money. And the other reason the experts say is, by paying the ransom you are becoming a willing participant in a crime.

 




By

Shammi Hewamadduma

Shammi is an Information Security Analyst at Sri Lanka CERT|CC



 

 

 

 

 

 

 

 

 

 


 




 

 

 

 

 

 

 

 

 

 

 

 

References

1 Statistics on the Internet growth in Sri Lanka
http://www.trc.gov.lk/images/pdf/
statis_sep_2012.doc
2.The Dragon Research Group (DRG)
http://www.dragonresearchgroup.org/
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
https://www.jpcert.or.jp/english/tsubame/
4.Shadowserver Foundation
http://www.shadowserver.org/wiki/
5. Team Cymru
http://www.team-cymru.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
  
  7 Items You Must Add to Any Incident Response Plan
  

  

"....It�s a bad day when you�ve got a severe security incident to respond to. But the difference between a bad day and a disastrous one can be the quality of the response plan you�ve built. You did build a plan, didn�t you? Here are some key points you may have overlooked....."

 

Symantec Publishes Shadow Data Report on Latest Security Risk Trends in Cloud Apps for 1H 2017

  

"...Organizations continued to rapidly embrace the cloud in the first half of 2017. Symantec researchers found that data exposure and loss continues to dominate the risk landscape. And organizations continue to increase the number of cloud applications they use � both sanctioned and unsanctioned cloud apps often referred to as Shadow IT. ...."

  Apple plugs IoT HomeKit hole
   

 

'...Apple just can�t seem to get away from the theme of security flaws right now.

Last month it was the macOS 10.13 root password issue, hot on the heels of the news that the iPhone�s X�s much-vaunted Face ID authentication could be bypassed using a prosthetic mask.

And it only seems fair to mention the small matter of the �show your password hint in encrypted APFS volumes� issue macOS High Sierra users were told about in October.....'

Dear Amazon and Google: Enough.

   

  

'...Gang, we need to talk. Here in the land o' tech (no relation to the Land o' Lakes, aside from a shared love of butter), things are starting to get silly.

Google and Amazon, if you haven't heard, are in the midst of a very public schoolyard spat. And their little game of corporate one-upmanship shows no sign of slowing anytime soon...'

5 top data challenges that are changing the face of data centers

  

'....Data is clearly not what it used to be! Organizations of all types are finding new uses for data as part of their digital transformations. Examples abound in every industry, from jet engines to grocery stores, for data becoming key to competitive advantage. I call this new data because it is very different from the financial and ERP data that we are most familiar with. That old data was mostly transactional, and privately captured from internal sources, which drove the client/server revolution. ....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in November 2017
     
  Statistics - Sri Lanka CERT|CC

5 cloud storage predictions for 2018

'...At this point, the cloud is old news. This does not, however, diminish its continuing impact on individuals and businesses worldwide. As cloud-based services strive towards ubiquity, their impacts will likewise scale, as will their effects. In fact, 74 percent of CTOs today believe that cloud computing will have the most measurable impact on their business this year....'

The Rising Dangers of Unsecured IoT Technology

"...Earlier this year, the Food and Drug Administration (FDA) recalled 450,000 pacemakers that are currently in use by patients out of fear that these devices could be compromised. Although the agency said there is not any reported patient harm related to the devices, the FDA is rightly concerned that attackers will exploit pacemaker vulnerabilities and have the ability to affect how a medical device works. .."
How to Stay Secure While Holiday Shopping

�..After the turkey and pumpkin pie is finished, Americans have only one thing on their mind: Christmas shopping.

Whether you opt for frenzied Black Friday or Cyber Monday deals, 'tis the season of increased cyber threats from online shopping and scams. Staying safe online while shopping and making sure that the smart devices you buy are secure should be an integral part of your holiday plans....�
GOOGLE CRACKS DOWN ON NOSY ANDROID APPS

."...Google is cracking down on unwanted and harmful Android apps with a new effort that will show warnings on applications and on third-party websites distributing apps that collect personal data without user consent.

The effort is an expansion of the Google Safe Browsing team�s mission to enforce the company�s recently updated Unwanted Software Policy for Android devices, announced in August. Starting at the end of January, Google said it will begin delivering warnings to users of apps and websites deemed in violation of its policies...."

 
Notice Board
  Training and Awareness Programmes - December  2017
  
DateEventVenue

Brought to you by:                           

  
 

Sri Lanka Computer Emergency Readiness Team | Coordination Centre
Room 4-112, BMICH, Bauddhaloka Mawatha, 
Colombo 07 
Tel. +94 - 112 691 692
www.cert.gov.lk