Crypto Ransomware

Crypto Ransomware

Data and information are becoming the new wealth day by day. The evolution of crime becomes more and more sophisticated in time. There is a new threat named ransomware just entered. These ransomware are just malwares that encrypts all your data. Hackers are willing to exploit data and information as much as possible to make it for their own economic benefit.

Crypto-ransomware are malicious malware that encrypt a victim’s most important files and hold them reserved with them from user until a payment is made to the hacker. Most of the payments they demand in form of crypto currency like bit coins. 

There are some professional hacking agency who develop and distribute the malware. They are building invincible malware variants, such as TorrentLocker and CryptoWall etc.

A brief about TorrentLocker

TorrentLocker malware was initially observed in 2014. It uses a symmetric block cipher AES to encrypt target’s files and system. This was affected to European countries more. 

This ransomware is being sent through infected spam emails and sometimes they use a infection chain which involves three steps such as;

• URL redirection
• Leading or routing to malicious page
• CAPTCHA verification.

In first step, the hacker compromise the web servers and inject them with a redirect rule. Then it constantly redirects or changes the URL address to avoid detection.

Eventually victims land on to web pages that seem to be legitimate and those are backed, controlled by the hackers. Again it asks for CAPTCHA code for feeling more authentic to the victim.

Then, when the victim fills the captcha, the ransomware downloads its package and encrypts all the files who have extensions like, .DOCx, .PDF, and .ZIP.  

Security experts warned not to trust those unknown sites, always keep back up of your data. A consistent backup can help to rebuild the business without hassle in case of any attack happens.

Everyone should use antimalware programs to prevent in downloading to system or it can warn the user before downloading.

And last but not least a lot of user level training or awareness is required to learn this type of attacks and their consequences.

-DR

Cyber News | TalkTalk Data Breach

Talk Talk Data Breach

In 2015 there was one data breach incident occurred at TalkTalk, a telecommunication service provider from UK. The breach happened as there was vulnerability at the website and the website was compromised.

In October 21, 2015 TalkTalk initially informed the website is just taken down. But later on October 23, TalkTalk have confirmed they have suffered a cyber attack. The CEO confirms that the firm received a ransom message and as well, names, addresses, date of birth, credit card / bank details etc. Of approximately 4 Million customer has been compromised. As of a result of this potential risk to customers’ personal data, Dido Harding, the CEO, urges customers to be cautious of unexpected phone calls that ask for personal information with respect to their TalkTalk accounts.

On October 24, one customer complained that scammers stole cash from her bank account and used it to purchase £600 worth of goods before the card was blocked, whereas another user reports that the hackers interfered with the broadband connection.

Next day on October 25, TalkTalk released an update in which it reveals that the attack was targeted to website not customers. As well company told that they do not keep credit card details on their website.

So very less amount of financial data may have been compromised. Behind this incident one 15 year teen was arrested by the Cyber Crime Division who was associated with the breach. There was SQL Injection attack. 

In November in an update, TalkTalk reports that the total cost of the damages it expects to incur as a result of the October data breach will range between £30 million and £35 million. These damages, the company goes on to explain, are largely due to a “loss of online sales and service capability.”

Security blogger Brian Krebs, citing sources “close to the investigation,” reported that a hacker group had demanded a ransom of £80,000 in bitcoins (about $122,000) in exchange for a stolen cache of customer data.

Just for the update and information on how personal and sensitive information can be stolen.

-DR