by Dan Para | Feb 9, 2016 | Industry Intel, Threat Lab
Many of you are probably familiar with VirusTotal, a service that allows you to scan a file or URL using multiple antivirus and URL scanners. VirusTotal results are often used in write-ups about new malware to show how widely a sample is detected by the AV community. We receive links to VirusTotal results via our support system and on the Webroot Community. Computer support forums will also suggest a user submit a file to VirusTotal in order to determine whether or not a file is malicious. VirusTotal can be a very useful service – if you know how the service works and how to interpret the results. A good place to start is the About page, paying special attention to the Important notes and remarks section of the page.
I’ve written before about how inconsistent the results for a file can be, and this makes a bit more sense when you understand more about how VirusTotal works. To put it simply, because of the way that VirusTotal works, files that show no detections in VirusTotal may actually be detected by the scanners used in real-world situations, and the opposite is also true. (Knowing how it works can also help understand why a next-generation cloud-based solution like Webroot SecureAnywhere is not one of the scanners used in VirusTotal.) I’ve seen many instances where a write-up on new malware shows few detections in VirusTotal, but a quick check of our database shows that we had seen and were detecting the sample prior to the date it was submitted. There have also been countless times where our own Webroot SecureAnywhere process showed as being detected by multiple scanners in VirusTotal.
As VirusTotal clearly states, “the service was not designed as a tool to perform antivirus comparative analyses” yet we see it used to gauge how widely detected a new malware sample is all the time. When looking at VirusTotal results, I tend to make two assumptions. The first is that I always assume that all of the scanners are set to their highest heuristic settings – what I like to refer to as “tin-foil hat heuristics” – which will cause a much higher number of False Positives.
The second assumption is that the scanners will be using their full Enterprise signature set which will detect various legitimate programs that administrators might not want on their networks such as administrative tools or remote access tools. Over time, you can become familiar with some of the more common detections and naming conventions used by the various scanners that can help make a more informed interpretation of the results.
As with any tool, knowing the intended use and limitations helps use it more effectively.
by Blog Staff | Feb 9, 2016 | Home + Mobile
In a 2016 survey of 500 PC gamers, Webroot discovered statistically significant differences in the ways that male and female gamers approach internet security, 3rd party modifications, and the way they choose to portray their gender online. In fact, we found surprisingly large discrepancies between those who identified as male and those who identified as female in terms of online gaming and security.
The following infographic reveals the findings of our survey:
by Connor Madsen | Feb 5, 2016 | Industry Intel
A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
U.S. Police Union Data Breach
In the past week, a security breach affected the Fraternal Order of Police’s computer systems, resulting in a significant data loss. Currently, only 2.5 GB of data has been released, according to the hacker/activist Thomas White, who claims to have an additional 18 TB of data stored. The FBI are still investigating the breach, which contains information that could expose possible police corruption or other classified government data.
Read More: http://www.net-security.org/secworld.php?id=19394
Java Browser Plug-In Hits End of Life
This week, Oracle announced that is was killing off the vulnerability-prone plug-in, with the version 9 release of their Java Developer Kit. While thousands of applications were built around the Java plug-in, most Internet browsers stopped supporting it in 2015, due to the unending exploits. Unfortunately, some companies still require legacy versions of Java to run custom-built applications, that may not have a counterpart in the marketplace.
Read More: https://nakedsecurity.sophos.com/2016/02/02/goodbye-and-good-riddance-oracle-finally-ditches-java-browser-plug-in/
U.S. Restaurant Chains Experience Credit Card Hack
It has been reported that venues owned by Landry’s have been targeted multiple times in the last two years with major payment data breaches. Currently, the information that has been exposed contains names, card numbers, expiration dates, and other sensitive data of customers. It appears that the attack was aimed at the payment processing devices, which would pull customer data when the card was swiped for the transaction.
Read More: http://www.infosecurity-magazine.com/news/hundreds-of-landrys-golden-nugget/
Super Bowl Stadium, Possible Hacking Target?
With Super Bowl 50 coming up this weekend, there looms a question of how well the high-tech stadium will handle any possible cyber attacks. With nearly 13,000 wi-fi points, it would be a prime target, considering the large volume of high-profile attendees. If a security leak was found by an attacker, any malicious payload could spread rapidly through the over-logged network, and cause significant data loss. For those travelling to the game in Santa Clara, stay safe and Go Broncos!
Read More: http://www.theatlantic.com/technology/archive/2016/02/silicon-valleys-high-tech-super-bowl-stadium-could-be-a-target-for-hackers/434673/
eBay Resolves Security Issue
Recently, an Israeli security firm found a vulnerability in eBay, that would allow an attacker to create a vendor store and, using a malicious Javascript payload, could launch an attack on unsuspecting site visitors. The vulnerability itself comes from the “store” allowing dynamic content to appear, such as pop-ups or ads, and leading the victim to a compromised page. The specific issue was dealt with, but the use of active/dynamic content remains.
Read More: http://www.forbes.com/sites/thomasbrewster/2016/02/03/ebay-severe-security-weakness/
by David Dufour | Feb 4, 2016 | Industry Intel, Threat Lab
Bring Threat Intelligence to the world of IoT
Threat Intelligence has become common throughout the cyber security landscape used in traditional information technology platforms from next generation firewalls, application load balancers, SIEM and other threat monitoring and prevention tools. With the pervasive growth of IoT initiatives and concerns around how to protect operational infrastructures from malicious actors an understanding of how existing threat intelligence can play a role in protecting an organization’s technology infrastructure is needed. Additionally, the existing methods for collecting and analyzing threat data do not directly translate to meet all of the potential security issues found in the IoT space. Therefore, a deep dive into what existing security technology can and cannot do for an organization’s operational infrastructure will help determine what can be done today and what technologies need to be developed to better secure entire ecosystems.
This five-part blog will walk through each aspect of threat intelligence from a general overview to help provide a basic understanding to the future of threat intelligence as it relates to IoT. Part 1 will give a high-level overview of what threat intelligence is, how it is gathered, analyzed and consumed. Parts 2 and 3 will focus on IP and URL data, how it can be applied to IoT and an example of implementing this data in an IoT Gateway. The last two articles will discuss what the future holds in store for protecting devices and creating purpose-built protection for the IoT.
Threat Intelligence: An Overview
Traditional Threat Intelligence consists of the collection and analysis of four main data types: IP Addresses, URLs, Files and Mobile Applications. The focus of this data collection and analysis revolves around protecting workstations and servers from becoming infected with malicious software, preventing command and control servers from activating dormant code living in an organization’s network and helping to identify and prevent the exfiltration of data. This was initially done through the use of human analysts who spent time manually identifying and evaluating threats but has now evolved to a more automated process through the use of machine learning and big data analytics.
As stated above, threats in the cyber security space can be broken down into four main components. Of course, there are other vectors a malicious actor can use to attack an organization but the elements below comprise the bulk of threats a typical organization will regularly face:
- IP Addresses: IPv4 and IPv6 addresses that are typically analyzed for threats inbound to an organization. Typical attacks include spam sources, command and control servers, and botnet servers.
- URL: Not often thought of as a threat category as many organizations consider URLs as policy control but they are heavily used as dynamic embedded delivery endpoints for phishing and malware. It should also be noted that URLs can contain IP addresses.
- Files: Traditional malicious files, think viruses, used to encrypt user data, listen to user activity, destroy systems and/or exfiltrate data.
- Mobile Applications: These have been identified separately from traditional files as they require special analysis due to their specific platforms and the functionality they provide in terms of network connectivity and application performance.
There are three main steps to any threat intelligence system:
- Data Collection and Aggregation: There are three main ways to gather data in the wild for analysis.
- Active: This includes web crawlers and IP port scanning techniques. Since it can be controlled this method provides a robust amount of data but does not typically result in identifying the high-value zero-day threats.
- Passive: By deploying victim machines, web app honeypots, endpoint agents and other exploitable devices on the Internet it is possible to attracted attackers and record malicious activity as it occurs. This technique results in a better set of threat data but requires patients while waiting for a malicious actor to attempt to take advantage of weakened system.
- 3Rd Party Data: There are several international, governmental and independent bodies that collect threat data for use by security teams. This data, though valuable, must be vetted for accuracy and often times because outdated quickly as threat actors subscribe to the same data sets and change or avoid the items published in these lists.
- Classification: Once data has been gathered and aggregated it can be fed into purpose-built machine learning engines for analysis. This involves the creation and training of engines for each of the data types identified above. Analysts move from doing deep dive identification of threats to maintaining and tuning the engines for better accuracy. This is done by continually feeding the engines more highly refined data for the engine type.
- Analysis and Consumption: Once the data has been collected and classified it is a simple Big Data issue of provided tools such as APIs or SDK to access each of the individual data types.
A relatively new component to the threat intelligence space is the generation of contextualized data made possible through advancements in big data analytics. Contextualization involves walking through disparate data sources looking for linkages between the data in an effort to help prevent future threats before they occur or allow an analyst to better understand the effect of an identified threat may have on an organization.
Typical applications of threat intelligence range from policy management in next generation firewalls to network traffic analysis in security operation centers. Depending on the type of threat data an organization uses and their ability to apply that data to their infrastructure will directly correlate with how well they can detect, identify and resolve threats.
Next week Part Two of this series will explore what traditional URL and IP data can and cannot do for the IoT.
by James Garcia | Feb 3, 2016 | Home + Mobile
Here at Webroot, we take security seriously. With that being said, there is always more that you can do to improve your security and privacy while browsing online. Below is a list of browser plugins that we recommend you check out.
Webroot Filtering Extension
This one is pretty much a given as we are Webroot. Our filtering extension provides you with the reputation of websites within your browser and helps to protect you from harmful websites. This extension is available to all Webroot users.
Webroot Password Manager
Password managers are almost a necessity in today’s landscape. You should have multiple passwords that differ across your accounts. The Webroot Password Manager assists with managing and maintaining all of these with the click of the mouse. We also ensure that all of the stored passwords are encrypted and you should always ensure this is the case with any password manager you choose to use. This utility is available to Webroot Internet Security Plus and Webroot Internet Security Complete customers. If you are using a security program (you should be) may as well throw in a password manager.
HTTPS Everywhere
More websites are shifting to HTTPS and should be, but redundancy is never a bad thing when it comes to security. This extension encrypts your communications with major websites to make your browsing even more secure.
Privacy Badger
This one comes as more of a personal preference and an honorable mention to Disconnect here. Privacy Badger blocks ads and trackers that use your browsing information to show you tailored results. Privacy Badger learns from your browsing habits so the more you browse, the better it is going to work for you. While not as strong out of the gate as some of the alternatives, in the long run I feel as if this is more useful.
Adblock Plus
You’ve likely heard of this one before, and for good reason. Adblock Plus helps to block popups, video ads, and malware domains on many different websites. The caveat here is that some websites (we are looking at you, Forbes) will ask that you disable this extension to view the website. This happens because many websites receive revenue from the ads located on their website. Some websites solely rely on this revenue to function and provide content to you.
I hope that these recommendations assist you in securing your browsing experience. With the same layered approach that we recommend for enterprise networks, you can keep enhance the security of your browser, keeping you and any other users safe and secure. Share any additional browser plug-in ideas you have on our Webroot Community.
by Connor Madsen | Jan 29, 2016 | Industry Intel
A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot ThreatBrief, highlighting 5 major security news stories of the week.
Indian Banks Hit with Ransomware
Recently, several Indian banks were infiltrated by an unknown hacker, who used this access to launch a ransomware attack. Using LeChiffre, a manually-executed ransomware program, the hacker was able to encrypt the already infected machines, and set a ransom of 1 Bitcoin (currently worth ~$400 USD). Though not meant to be used in a large-scale malware distribution campaign, hundreds of bank computers were infected, with several top bank executives paying the ransom. A decryptor for LeChiffre is available; though only useful for version 2.6.
Read More: http://news.softpedia.com/news/lechiffre-ransomware-hits-three-indian-banks-causes-millions-in-damages-499350.shtml
New Technology Leads to Car Issues
With the improvements in vehicle technology, there is bound to be a rise in exploitable vulnerabilities. Using the existing OBD II ports in consumer vehicles, researchers were able to wirelessly gain access to the system network and make changes to critical components. Unfortunately, these issues are industry-wide and the automakers are playing catch-up to a whole string of problems that were previously nonexistent. This is only the beginning of a long road for car companies, in terms of keeping ahead of these issues.
Read More: http://time.com/4195332/hacking-cars-security/
PayPal Resolves Java Exploit
This week, it was found by an independent researcher, that there was a critical bug in PayPal’s servers. The bug allowed access to databases used by the PayPal app, which gave the attacker access to information that had been deserialized for communication between various programs. Using the information that was gathered, the attacker could then drop a malicious payload onto the servers, and gain further access to sensitive information.
Read More: https://nakedsecurity.sophos.com/2016/01/27/critical-java-bug-found-in-paypal-servers/
Android Ransomware Evolving
Ransomware is nothing new for the Android OS, and now there have been updates that can allow a fake screen overlay to be created over an administrator access dialog box, with the user then clicking on the fake button and unknowingly giving full access to the malicious software. Fortunately for most Android users, the multiple dialog boxes that are being exploited have been changed with Android 5.0, to no longer display above system dialog messages.
Read More: http://www.pcworld.com/article/3027123/new-android-ransomware-uses-clickjacking-to-gain-admin-privileges.html
Payment Data Security Needs Update
A survey was recently completed that asked 3,700 IT security professionals, in several different industries, questions covering their data security policies and actual practices. Over half of those surveyed stated that they had no idea where some of their customer data was stored, while a similar number allowed third-party access to customer payment data, with no multi-factor authentication required. Hopefully, with the rise in data breaches over the last year, many of these companies will strive to improve payment data to better protect themselves and their customers.
Read More: http://www.net-security.org/secworld.php?id=19369
by Blog Staff | Jan 28, 2016 | Industry Intel, Threat Lab
As a concept, the IoT (Internet of Things) has been with us since the late 1990’s, and has evolved from simple M2M (Machine-to-Machine) connectivity into a vision for Operational Productivity enabled by Interoperability. Innovation and investment in new IoT technology and business models are driven by the pursuit of key operational benefits such as:
- Provisioning Assets as Services
- Efficiency through Automation
- Resource Utilization
- Environmental Impact
- Safer and more productive Critical infrastructure
Next-generation IoT devices and platforms are now being deployed in critical infrastructures such as Integrated Transportation (auto, railway, airports,…), oil & gas operations, industrial & manufacturing facilities, energy distribution, and ‘SmartCity’ systems. Operations are becoming dependent on these efficient and high-availability IP-aware systems.
New systems are being deployed and older non-IP based systems are being modernized with IP-aware functions at a rapid rate. Supporting this movement has driven device manufacturers to deploy new classes of devices and systems that can take advantage of direct and indirect internet connectivity in order to leverage public and private IoT Cloud Services Platforms. Theses next-generation smart systems can perform many advanced functions such as data aggregation and storage, advanced analytics, prediction, prognostication, and even limited decision-making. What was considered advanced data processing and decision- making in a data center just two years ago is now being deployed regularly in stand-alone IP-connected devices at the internet edge. This along with rapid developments in semiconductor and control technology is paving the way for a new wave of robotics and autonomous systems where cloud processes like machine learning are being brought down to the edge (FOG computing).
In order to deliver the vision of IoT business models, the lines between traditional enterprise IT systems (IT) and the high-availability autonomous operational infrastructures are undergoing radical evolution with new standards and vendors. As with many new waves of technology advancement, there are those who seek to leverage weaknesses for criminal exploit, state-sponsored espionage, or simply mischief on a grand scale. These new systems are very enticing to those who specialize in advanced exploits. Increasingly, malicious actors who have targeted personal computing with malware, viruses and phishing exploits, are now targeting critical infrastructure elements for profit and other motives. Modern cyber attacks on critical infrastructure take advantage of compromised IP addresses (servers, websites, etc.) to carry out DDoS, botnet and other forms of remote command and control exploits.
Webroot deployed the cyber-security industry’s first, most advanced, and most effective real-time cloud-based Threat Intelligence. We have been providing this service exclusively to leading Security Appliance, NGFW, and Access Point OEMs for over 5 years. These OEMs are leaders in bringing the latest cyber security approaches to corporate and public IT enterprises. This same technology, which has armed advanced networking equipment providers with a real-time defense against Internet launched attacks, is now made available to non-telecom equipment developers for cyber protection to support the growing new classes of IoT systems, such as connected automobiles, industrial automation, process control, aviation, railway, power management, and home energy management.
As system designers look to protect new and existing IoT devices and networks, they are increasingly applying techniques formerly used by the most advanced firewall and network security appliance manufacturers. IoT gateways are emerging as this new class of OEM appliance. They are being designed to locally integrate single and multi-vendor platforms. Common functions are real-time data stream analytics, protocol translations, networking control, endpoint control, storage, and manageability. However, until recently, IoT gateways were being built without sufficient security or intelligence to properly protect critical infrastructure. What is new and very exciting now is that non-security appliance vendors are now able to bring advanced cyber-security into IoT Gateways and offer Cyber-Security-as-a-Service to critical infrastructure. IoT Gateways can now utilize cloud-based cyber-security to securely connect legacy and next-generation devices to the Internet of Things.
I am pleased and excited to be part of the efforts by Webroot and our partners to ensure that the latest techniques are leveraged across these new IoT devices, appliances, systems and platforms. We look forward to our continued dialogue with you in advancing collective threat intelligence.
by Nathan Wyman | Jan 27, 2016 | Industry Intel
When it comes to digital security, little is as important as knowing how to create a strong password. An ideal password is easy enough to remember so that it doesn’t need to be written down, yet complex enough to prevent someone else from guessing it. For many, this is a challenging and even frustrating experience, a delicate balancing act. However, there are a few techniques that can help you to reliably create strong passwords. The first thing to know is what passwords you should NEVER use.
SplashData, an online security company who’s “SplashID” software allows you to securely store your passwords, has recently released a list of the Worst Passwords of 2015. This list was compiled from more than 2 million passwords that were publicly leaked during the last year:
- 123456
- password
- 12345678
- qwerty
- 12345
- 123456789
- football
- 1234
- 1234567
- baseball
- welcome
- 1234567890
- abc123
- 111111
- 1qaz2wsx (first two columns of main keys on a standard keyboard)
- dragon
- master
- monkey
- letmein
- login
- princess
- qwertyuiop (top row of keys on a standard keyboard)
- solo
- passw0rd
- starwars
This is the fifth year that SplashData has released a Top 25 list, and many of the entries have been seen year after year. The passwords “123456” and “password” have been the top two entries since SplashData has started publishing an annual Top 25 list. However, due to the popularity of “Star Wars: The Force Awakens”, this is the first year that related passwords like “solo”, “princess”, and “starwars” have appeared on the list.
What we can take away from this list is that many people continue to put themselves at risk by using weak, easily guessed passwords. “We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers,” Morgan Slain, CEO of SplashData, said in a statement.
“As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.”
So, what can you do to ensure that your passwords are strong?
- Avoid using full words and names. Hackers regularly use “dictionary attacks” to guess passwords, and any word or name that is commonly known is considered unsafe to use.
- Create passwords or passphrases of twelve characters or more with mixed types of characters. A password longer than 12 characters, if created with the appropriate complexity, will be nearly impossible to guess quickly.
- Use a different password for each website you log into. If someone is able to discover your password for one site, they will not be able to use that same password to log into another site with your information.
- Use a password manager such as LastPass or SplashID to organize and protect passwords, generate random passwords, and automatically log into websites. This is also a feature that is offered with some Webroot SecureAnywhere software packages.
- Test your password for complexity with a password checker, such as Password Meter.
To create a strong password, try using the “Letter/Number Substitution” technique, which generate seemingly random jumbles of letters and numbers that only you would remember. First, think of a phrase that you want to associate with the site or service you are setting up.
- Example: “testpassword” (DO NOT USE)
Next, substitute characters for some of the letters using numbers and special characters which resemble those letters.
- Example: “t3$9@S$w0rD” (DO NOT USE)
This example password is rated as 100% “Very Strong” using the Password Meter. By using this technique with even longer words in combination with numbers or special characters placed between the words, you can create passwords that will be nearly impossible to guess. With these tips in mind, you can ensure that your password won’t appear on next year’s list!
by Connor Madsen | Jan 22, 2016 | Industry Intel
A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot ThreatBrief, highlighting 5 major security news stories of the week.
Kiev Airport Cyber Attack
In recent weeks, Ukraine’s infrastructure has been under attack by Russian hacktivists, with Kiev’s main airport as the primary focus of the latest attack. It would seem that the BlackEnergy malware platform was in use, once again, to gain access to several computers on the airport’s network, including access to air traffic control systems. Ukrainian authorities are still unsure if the Russian government is involved, as this string of attacks comes at a volatile time for both countries.
Read More: http://www.reuters.com/article/us-ukraine-cybersecurity-malware-idUSKCN0UW0R0
British Banks Fighting Malware Improvements
With over a dozen British banks being targetted by the persistent banking trojan, known as Dridex, it’s latest update is capable of altering crucial DNS settings. By changing these settings, it directs the unknowing user to a fake banking website, which allows sensitive information to be gathered and sent off to a command-and-control server for verification. Dridex is most commonly transmitted using macro-enabled MS Office documents sent as attachments via email.
Read More: http://www.csoonline.com/article/3024323/security/dridex-banking-malware-adds-a-new-trick.html#tk.rss_news
Top US Cities Hit With Malware in 2015
In the past week, a study revealed the cities in the US that were the most common targets for malware attacks in 2015; the highest being Little Rock, Tampa, St. Louis, Orlando, and Denver. Each of the top five cities had rates over 650% of the national average, with Little Rock reaching 1,412% above. While it is unclear whether geographical location has any effect, the New England region was not present in the top 20 regions listed.
Read More: http://www.networkworld.com/article/3023432/malware-cybercrime/little-rock-tampa-and-st-louis-hardest-hit-by-malware-among-us-cities-study-finds.html
Encryption Still Major Issue for Companies
Encryption issues have plagued companies and customers alike for many years, and there are no signs of it slowing, as many companies still refuse to implement it on a widescale. This comes as no surprise as nearly two-thirds of companies only use encryption for “proprietary company data”, while most companies cite “employee data” as their reason for implementing encryption at all, it seems to be often pushed aside or forgotten.
Read More: https://nakedsecurity.sophos.com/2016/01/19/survey-shows-many-businesses-arent-encrypting-private-employee-data/
Apple Corrects Cookie Theft Bug
It was noted recently that a bug found in Apple’s iOS that allowed for unauthorized access to unencrypted website cookies has been resolved with the release of iOS 9.2.1. The bug itself could allow attackers to impersonate unsuspecting users on their commonly browsed sites, and allow for a malicious javascript payload to execute on subsequent site visits.
Read More: http://arstechnica.com/security/2016/01/ios-cookie-theft-bug-allowed-hackers-to-impersonate-users/
by George Anderson | Jan 21, 2016 | Industry Intel
This week, we held our first BrightTALK webinar of 2016 (January 19th), talking about crypto-ransomware. I’ve got to admit I’m always overwhelmed at the numbers of people interested in this as a topic, and I called in help from one of our top threat researchers Tyler Moffitt to help me out with answering the more technical questions. In fact, Tyler and I double-handed the presentation as we’re both getting used to discussing the issues. It always helps when you have a real expert on hand, my background isn’t a coding one.
We tried as always to be terrifyingly truthful. At Webroot, we have had a lot of success with our next-generation behavioral approach of stopping customers from getting infected by all the variants of Crypto. Inevitably that leads to malware authors’ taking an interest in finding ways around our defenses, which admittedly has lead to a few very regrettable failures in stopping the infections) Right now though we are holding our own and, in fact, have been forced to innovate more to be even better at stopping this threat.
None-the-less, we do not believe we can stop every crypto threat, but we do believe we can protect against these attacks far faster and more effectively than other endpoint solutions. I might add no testing or results I’ve seen anywhere else or claims from expensive machine learning next generation vendors makes me believe anything different. There are a lot of Emperor’s new clothes out there, and as my namesake Hans Christian Andersen’s points out, “They haven’t got anything on!”
I’ve also done something I don’t normally do and that’s send out slides to those that requested them, if for a good reason. Which usually is to persuade a recalcitrant or unbelieving customer they need to spend some cash on protecting their only real asset, their irreplaceable data. I did mention a story I was told by a Webroot Partner in Australia about a friend (not a Client of his) who’d paid-up AUS $100,000 to get his server unencrypted after an attack, much what the FBI were forced to admit they often advise too.
These days if the crypto-ransomware has encrypted your files and unless you have other precautions in place, you are in trouble. Even paying up is not a guarantee. And this isn’t just for businesses but home consumers as well; this infection will and does target anyone with a connected PC.
The presentation which I am referring to above can be accessed here: https://www.brighttalk.com/webcast/8241/181075. This is a very logical approach when it comes to discussing what crypto-ransomware is; it’s history; its variants; some ways it avoids detection and probably most valuable what to do to protect yourself from having to pay extortion money for your own data.
On a more emotional level, I’d like to take the treasured programming from the malware authors of crypto-ransomware and delete it forever. I’m sure they’d agree with their own assertion that CryptoWall is not malicious. I agree it isn’t – it’s pure evil in a digital age.
