Ransomware is slowing down, but not going away

It’s been a busy month for crooks and security researchers alike. Many new variants of Dharma, Kraken, new scarab, Rektware, New IT.Books, Matrix ransomware and mongodb locker were quite active in this month.

New variant of the Dharma ransomware that appends the .brrr or .cmb extension and drops a ransom note named Info.hta that all your files are encrypted. A new variant of the variant Scarab-DiskDoctor ransomware that uses the .mammon extension for encrypted files.

New HiddenTear variant called IT.Books Ransomware that looks like Jigsaw. Drops a ransom note named READ__IT.txt and extension of .f*cked. IT.Books is a high-risk ransomware designed to infiltrate the system and encrypt most of stored data, thereby making it unusable. The created text file and desktop wallpaper contain similar messages saying that data is encrypted and that victim must pay a ransom in order to restore it. Meanwhile, pop-up window states that files are periodically being deleted and that victims must pay a ransom in order to stop the deletion process.

An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, encrypting them, and then demanding a ransom in order to get the contents back. Mongo db has provided mitigation steps for developer to review these.

A new version, called Kraken Cryptor 1.5, was recently released that is masquerading as the legitimate SuperAntiSpyware anti-malware program in order to trick users into installing it. A new ransomware called Rektware that appends the .CQScSFy extension also came in action.

Users of any computing device must pay close attention when browsing the Internet and downloading/installing/updating software. Always be sure to carefully analyze all email attachments received. If you think that the file is irrelevant or it has been sent by a suspicious/unrecognizable email address, do not open it. Moreover, be sure to download programs only from official sources, using direct download links. Third party downloaders/installers are likely to include rogue/malicious apps, which is why using is not recommended. Users should also keep installed applications updated. To achieve this, however, users should employ only implemented features or tools provided by the official developer. Having a reputable anti-virus/anti-spyware suite installed and running is also paramount. Our recommendation is Max Total Security and we can not emphasize enough Backup , Backup and Backup, use the free Backup / Restore tool provided with the Max Total Security Tools.

Ransomware attack blacks out screens at Bristol Airport

airport-2373727_960_720

Bristol Airport has blamed a “speculative” cyber attack for causing flight information screens to fail for two days.

A spokesman said the displays were taken offline early on Friday as a precautionary measure to contain the attack, which has been described as similar to “ransomware”, with holidaymakers having to read departure times off whiteboards scattered around the airport.

The infection appears to have entered the airport systems on Friday morning (UK time), according to the Bristol Airport social network accounts. The airport authorities warned the passengers all over the weekend of the incident and asked them to arrive early and give additional time for the check-in process.

Throughout the weekend, airport officials resorted to the use of paper posters and white boards to announce the check-in and arrival information of flights passing through the airport between Friday, Saturday and Sunday.

In statements to the local press over the weekend, airport officials mentioned that they did not intend to pay for the ransom requested by the attacker and opted to withdraw their systems while specialists in ethical hacking attended the affected computers.

Bristol authorities confirmed that no flight was affected by this incident. Most of the screens are now back online, including in areas such as departures and arrivals

New AI module in Max Secure Security products

infusing-ai-machine-learnin

With overwhelming more than 100’s of millions new malware every quarter, every Anti-virus company struggles to fight off these. Trying to analyze so much data by an army of human teams of thousands is also not enough. Malware are more sophisticated and releasing new variant every day. We introduced AI (artificial intelligence) module to help solve this problem and identify new attacks as soon as they appear. It analyzes file characteristics to find potential threats as soon as they come in the wild, better known as “Zero day exploits” , which have been profiled in our anti-virus lab.

We are having great success with AI based machine learning and have been able to identify new traces of malware and quarantine them. Using intelligent algorithms we have good control on false positives, a problem mostly encountered by most anti-virus companies while using such generic technology.

So, as suggested always, do not click on emails you do not recognize, do not download from unknown sources and use a good end point security product such as Max Total Security to protect you from all kinds of malware with unbeatable 24×7 technical support team.