Úno 26

Bitcoin Demand Rises as U.S. Corporations are Stocking Up

· February 26, 2017 · 9:00 am

Bitcoin has attracted a great deal of interest over the last couple of years, and mainstream investing has skyrocketed with the ever-growing Bitcoin price. Now, a new market sector is starting to emerge as American corporations are stocking up on digital currency to combat cybercrime.


Corporations Fuel Bitcoin Demand as Ransomware Spreads

Hackers with an eye towards gaining valuable Bitcoins are hitting corporations more and more with dreaded ransomware, and this problem seems to be getting worse and worse. How to handle this growing epidemic is also a matter of some controversy. It seems to put companies in a no win situation.

“The official FBI policy is that you shouldn’t pay the ransom,” said Leo Taddeo, chief security officer for Crypt-zone to Newsfactor. Taddeo ran the cyber division of the FBI’s New York City office.

It’s an option to pay the ransom to get back up and running. Sometimes it’s the only option. But it has downsides. Paying ransom just invites the next attack.

2

A vicious cycle has begun. The more companies pay out in Bitcoin, the more attacks become likely. The more valuable Bitcoins become, the more attacks become likely. Those who do not pay the ransomware demands may lose the trust of their customers or their valuable business data altogether. From the criminal’s side of it, they can rationalize their dastardly deeds by blaming the victims for not expecting this outcome from now on.

“They’ll actually explore your system to see how much money they can squeeze from you,” said Andrei Barysevich, director of advanced collection at Recorded Future. “They actually think they are on the moral high ground. They think the companies should have paid more for security.”

Ransomware Attacks Hit $1 Billion

A corporate cyber-hitman can demand up to $75000 USD in Bitcoin, or about 65 BTC. Individuals can get hit as well, but they can only be taken for a few hundred dollars. Recorded Future, a Somerville, Mass., threat intelligence firm, says ransom payments skyrocketed 4,000 percent last year, reaching $1 billion. Another firm, Kaspersky Lab, estimates that a new business is attacked with ransomware every 40 seconds, becoming a true epidemic.

Bitcoinist_Kaspersky Labs CryptXXX Bitcoin Ransomware

Another problem is just because you have paid a cyber-criminal does not mean they will kindly do as they said and provide you decryption keys to restore your files. Criminals aren’t the most ethical people in the world, so you may have to pay a couple of times. Authorities say backing up all your computer files on a regular basis may be the best way to protect yourself.

This may save file information, but may not restore computer systems that are needed to continue running the business on a daily basis. It depends upon the attack if you will need to pay up or not. About 25% of companies never get restoration after an attack.

Have you been the victim of a ransomware attack? What’s the best way to prevent such an attack besides backing up your files? Share below!


Image provided by Business Insider, Shutterstock

Show comments

Share
Čvc 31

Industry Report: No Bitcoin Crime Goes Unpunished

Source: bitcoin

Bitcoin Industry Report

A bitcoin buyer is robbed, the latest game to pay in digital currency, and new initiatives for fighting ransomware are set forth. Want to catch up on your latest digital currency news? Take a look below.

Also read: Industry Report: Bitcoin Fraud Never Works

BITCOIN ROBBERY

A bitcoin buyer has undergone quite a scare after being robbed at knifepoint. 32-year-old Steve Manos of Lake Worth, Florida set out to take part in what he thought was a routine bitcoin sale last Sunday in a nearby parking lot. The thieves, whom Manos had done business with before, held him at knifepoint in the street before making off with the $28,000 USD he had brought for the respective purchase.

While unable to chase the thieves down, Manos later provided the phone number he used to contact the men before to the local sheriff’s office, which was able to arrest one of the burglars. 34-year-old Andre Allen now faces charges of armed robbery, burglary, and battery, and is being held in a Palm Beach County Jail.

TAKARA

Bitcoin-collection game Takara is giving Pokemon Go a “run for its money.” The new game is earning attention from bitcoin enthusiasts everywhere, who have the opportunity to collect cryptocurrency, as well as “tokens representing coupons, tickets, loyalty points, company stocks.”

Players follow a GPS map, which shows various locations where tokens have been “dropped.” Users can pick up these tokens only if they answer very specific questions, usually regarding the locations housing the tokens. The game has recently added support for Counterparty assets, which means players can pick up an essentially unlimited variety of tokens during their travels.

RANSOMWARE

Private and public party members such as Kaspersky Lab, Intel Security, and the Dutch National Police are joining forces to combat ransomware attacks.

Known as “No More Ransom,” the initiative is a means to bring groups together to battle ransomware and make it hard for cyber-criminals to prey on Internet users and finance magnates by “outsmarting them.” Criminal investigation director Wilber Paulisson of the Netherlands explains:

“We, the Dutch police, cannot fight against cybercrime and ransomware alone… This is a joint responsibility of the police, the justice department, Europol, and ICT companies, and requires a joint effort.”

The initiative is providing four decryption platforms that can allegedly stop up to two dozen forms of different ransomware. Nearly 30,000 attempts have been halted worldwide thanks to their combined strength.

Know of any stories that should be included in our regular industry reports? Post your thoughts and comments below!


Image courtesy of makikomi.jp.

The post Industry Report: No Bitcoin Crime Goes Unpunished appeared first on Bitcoinist.net.

Industry Report: No Bitcoin Crime Goes Unpunished

Share
Čvc 02

Worrisome Locky Ransomware Variant Zepto is Making The Rounds

Source: bitcoin

Zepto Ransomware

There is a now form of Bitcoin ransomware on the block, going by the name of Zepto. At its core, this is a different variant of the Locky malware, which has been making the rounds for quite some time now. Security researchers detected a spike in the distribution of this new ransomware. As one would expect, Internet criminals are using spam emails to distribute this payload.

Also read: Are the Winklevoss Twins Bringing the Bitcoin Price Back Up?

Bitcoin ransomware has proven to be a very lucrative business, assuming one can distribute the malware on a large scale. Spam emails are a preferred method of distribution, as it allows criminals to reach a lot of potential targets with little effort. Security researchers detected a spike in Zepto distribution as of June 27.

Zepto Ransomware Arrives On The Scene

What makes Zepto so interesting is how it is sharing similarities with Locky. This latter malware has been causing a lot of headaches for individuals and enterprises around the world. While there are obvious similarities between the two strains, there is something different about Zepto. Security researchers are trying to figure out how to classify this new type of malware.

On June 27, over 137,000 spam messages were sent out, all of which contain the Zepto payload. Malicious attachments in emails are an effective manner to distribute malicious code. Even though there have been plenty of warnings regarding downloading email attachments, the potential for infection remains very high.

Specific aspects of this ransomware make it appear very similar to Locky. Both types use the same type of RSA encryption keys, they leave similar file types behind, and the ransom text is nearly identical. Despite these similarities, the new kind of ransomware is far from ineffective, though.

Cisco Talos Sr Technical Leader Craig Williams explained the threat as follows:

“If Zepto sticks with this attack vector it may never become a serious threat. However, it’s very likely Zepto moves into exploit kits as time goes on. A move by Zepto to malvertising, for example, could get bad very fast. “

Ransomware developers have stepped up their game in recent months, by continuously improving their malicious software. Security researchers are concerned Zepto has the potential to infect thousands of users in the coming weeks. So far, over 3,300 unique samples of the malware have been identified, which is a rather staggering number.

What are your thoughts on yet another new form of ransomware? Let us know in the comments below!

Source: Cisco Talos

Images courtesy of Shutterstock, Cisco Talos

The post Worrisome Locky Ransomware Variant Zepto is Making The Rounds appeared first on Bitcoinist.net.

Worrisome Locky Ransomware Variant Zepto is Making The Rounds

Share
Čvn 18

Symantec Report Indicates End of Locky Ransomware Threat

Source: bitcoin

Bitcoinist_End of Locky

Although malware threats and exploit kits are a significant threat to our society, various types are showing a decrease in activity. Angler, Locky, and Dridex are the three top categories which see less interest all of a sudden. For now, it remains unclear as to why this decrease is taking place, albeit it is possible criminals are turning toward new solutions.

Also read: Industry Report: Digital Currency Is Booming Across the Globe

Ransomware and malware have been the top two threats since 2015. Many institutions and consumers have fallen victim to these threats, but it looks like Dridex and Locky are slowing down regarding usage. Moreover, the Angler exploit kit, which is often used to deliver these two types of malicious software, is losing popularity as well.

Locky Ransomware On The Way Out

According to a recent survey by Symantec, all of these three groups have all but ceased operating. Some of the other significant threats affecting customers and enterprises are also scaling back their activity. That being said, it is not unlikely to think other types of malware and ransomware will start seeing an increase in popularity over the next few months.

The decrease in Locky activity is quite noteworthy, as the ransomware was showing significant success a few weeks ago. However, over the past two weeks, nearly no activity has been noted by Symantec. Whether This is due to a disruption in their operations, or just a business decision to scale back, is unknown at this time.

Dridex and Angler Are Losing Ground

Dridex, one of the leading types of financial fraud Trojans, has seen its presence drop to near zero over the past month. That being said, the malware is still roaming in the wild, albeit far less frequent than ever before. Moreover, some of the botnets associated with spreading the Dridex banking malware are still in operation to this very day. It also appears as if Word macro downloaders are still delivering Dridex through email spam campaigns.

But the biggest shock comes in the form of the Angler exploit kit showing a significant decrease in usage. For quite some time, this toolset has been a fan favorite among internet criminals. It is worth noting that, ever since CryptXXX started showing a decrease in activity, so did the Angler exploit kit. Other types of exploit kits are showing similar results, which may indicate internet criminals will look for different tools to wreak havoc on computers and networks.

What are your thoughts on this Symantec report? Let us know in the comments below!

Source: Symantec

Images courtesy of Symantec, Shutterstock

The post Symantec Report Indicates End of Locky Ransomware Threat appeared first on Bitcoinist.net.

Symantec Report Indicates End of Locky Ransomware Threat

Share
Čvn 14

Cerber Bitcoin Ransomware Now Includes Malware Factory Automation

Source: bitcoin

Bitcoinist_Bitcoin Ransomware

As the summer draws ever closer, the chances of getting a computer infected with malicious software seem to increase exponentially. The latest version of Cerber ransomware is introducing new challenges for security experts. Malware factory has been introduced, which creates different versions of Cerber every 15 seconds.

Also read: Industry Report: Bitcoin Continues Breaking Boundaries

Cerber Becomes Completely Random

To this very date, Cerber is the most feared and destructive type of Bitcoin ransomware in circulation. Developers of this malware threat are becoming more crafty than ever before, and they keep updating the source code as well. In the latest version of this malware, disconcerting new features have been added.

Popular types of Bitcoin ransomware attract attention from security experts, as they want to beat the malicious code. Ever since the first version of Cerber came around, experts have been trying to remain one step ahead of this malware. But the battle is long and tough, as the ransomware developers continue to step up their game as well.

The latest iteration of Cerber included a feature called “malware factory”, which creates different versions of this ransomware every 15 seconds. Doing so effectively bypasses installed security programs by potential victims.  It is the first time such a critical feature is introduced to ransomware, and it makes the job of security experts even more challenging.

The file hash associated with Cerber binaries is being changed by the command & control service every 15 minutes.  Moreover, this process is fully automated, and it significantly increases the chances of infecting computers and networks. Evading detection is the biggest concern for security experts, and they will have to come up with a new way to remove the threat presented by Cerber.

This news is just the latest form of innovation hitting the world of Bitcoin ransomware. As if encrypting files alone is not enough to deal with, certain types of malware will execute DDoS attacks using the computers held hostage. Consumers are advised to keep backups of their filesystem at all times, and ensure their security software and operating system are up-to-date.

What are your thoughts on this new Cerber development? Let us know in the comments below!

Source: Deep Dot Web

Images courtesy of Shutterstock, IB Times

The post Cerber Bitcoin Ransomware Now Includes Malware Factory Automation appeared first on Bitcoinist.net.

Cerber Bitcoin Ransomware Now Includes Malware Factory Automation

Share
Čvn 07

Industry Report: Is Security in the Finance Sector Too Weak?

Source: bitcoin

Bitcoin Industry Report

A Deutsche double-debit; Poloniex strikes “out” for a short while; and ransomware isn’t as profitable as people think. Are these technical glitches and criminal hackers seriously threatening security in the finance sector? Take a gander at the stories below.

Also read: Industry Report: PayPal Gets Into the Bitcoin Game

DEUTSCHE BANK: DO GLITCHES LEAD TO INSECURITY IN THE FINANCE SECTOR?

Several thousand customers at a Deutsche Bank have become the victims of a double-debit. In other words, they were charged twice! The first charge occurred June 1, and the other on June 2, resulting in double rents, double utility bills, just about double everything!

Naturally, a lot of people are unhappy, and analysts are proclaiming that there’s nothing normal about the situation. While mistakes have occurred in the banking sector before, blunders of this nature are relatively rare.

Several customers recently found themselves in the negative as a result of the debiting, and are unable to withdraw funds from ATMs. Mobile and online apps have also been affected.

A Deutsche Bank representative explained:

“We have noticed several customers are affected by this double charge. Customers can rest assured these balances are not effectively debited from their account, but only represent a visual bug in the software. We are investigating the cause of this issue, which has affected the majority of our clients in Germany.”

POLONIEX

 

Account holders with Poloniex were dealt a scary blow when the exchange platform experienced an outage that left a lot of people in the dark and unable to gain access to their accounts.

While Poloniex had issued a statement ensuring that everyone’s funds were safe and sound, several digital currency traders were feeling the frustration, to say the least.

Poloniex stated on Twitter:

“There is a widespread datacenter outage affecting connectivity of several servers. Coins are safe.”

The exchange later issued a new statement via social media, explaining:

“All functionality has been restored.”

Users can now gain access to their accounts once again and get back to their “trading ways,” but after experiences with Mt. Gox, Cryptsy and MintPal, it’s not unusual to see a little fear from customers.

Poloniex has since calmed that fear, and all operations are back to normal.

RANSOMWARE

Is ransomware that effective? Not really, according to a new study by Flashpoint.

After studying Russian ransomware operations for five months, it is estimated that the highest ranking officials in the ransomware world are making just under six-figures each. Not much considering ransomware’s notorious reputation.

Several return funds are often used to organize campaigns in the first place or hire partners. Apparently, criminals don’t like to work alone, and the costs of hiring an entire team can be quite staggering. In fact, affiliates only take about 40 percent of the proceeds, more often than not.

Furthermore, in recent years, ransomware have become more willing to accept bits of data loss rather than fork out their hard-earned dough, cutting down on hackers’ revenue even more.

The monitored operations only took home about 30 payments of $300 USD. At the end of the day, despite all that hard work and effort, not a lot of money wound up in initiators’ hands.

Know any stories that should be included in our industry report segments? Post your thoughts and comments below!


Images courtesy of seekingalpha.com, Poloniex, Wired.

The post Industry Report: Is Security in the Finance Sector Too Weak? appeared first on Bitcoinist.net.

Industry Report: Is Security in the Finance Sector Too Weak?

Share
Čvn 07

Ransomware Infections Set To Spike Due To Angler Bypassing EMET

Source: bitcoin

Bitcoinist_Ransomware Malware Angler

Ransomware remains a threat looming over every Internet user in the world today. Protecting one’s computer from this type of malware is becoming harder once again, thanks to the EMET-evading exploit. Security experts feel the number of ransomware infections will ramp up exponentially once again.

Also read: Poloniex Exchange Confirms Funds Are Safe Despite Outage

EMET protection is found on the Windows operating system, as Microsoft designed this tool to block Windows-based exploits. However, internet criminals have come up with a way to bypass this protection. Moreover, they bundled the instruments in the Angler exploit kit, which remains one of the most popular choices for hackers to this very day.

EMET Is Not Impenetrable

Up until this point, many security experts felt that EMET was the most efficient ways to prevent Windows computers from being attacked or infected. Moreover, it has never been possible to bypass this layer of protection entirely. FireEye researchers discovered the new code in the Angler exploit kit on Monday, June 6.

TeslaCrypt used to be a favorite among Internet criminals looking to execute drive-by attacks.This particular type of ransomware has caused a lot of havoc in the past, albeit the creators unveiled the master decryption key not too long ago. Spreading ransomware through an exploit kit that can evade security measures opens up a whole can of worrisome opportunities.

FireEye security experts explained the significance of this news as follows:

“The ability of Angler EK to evade EMET mitigations and successfully exploit Flash and Silverlight is fairly sophisticated in our opinion. These exploits do not utilize the usual return oriented programming to evade DEP. Data Execution Prevention (DEP) is a mitigation developed to prevent the execution of code in certain parts of memory. The Angler EK uses exploits that do not utilize common return oriented programming (ROP) techniques to evade DEP. Instead, they use Flash.ocx and Coreclr.dll’s inbuilt routines to call VirtualProtect and VirtualAlloc, respectively, with PAGE_EXECUTE_READWRITE, thus evading DEP and evading return address validation-based heuristics.”

That being said, it is important to note there are limitations as to what internet criminals can do. For the time being, it appears this method only works on Windows 7. Additionally, targeted computers need either Flash or Silverlight installed to execute the attack. But at the same time, there is nothing stopping hackers using the Angler exploit kit from installing malicious applications and ransomware.

What are your thoughts on internet criminals being able to bypass EMET on Windows machines? Let us know in the comments below!

Source: Ars Technica

Images courtesy of EMET, Shutterstock

The post Ransomware Infections Set To Spike Due To Angler Bypassing EMET appeared first on Bitcoinist.net.

Ransomware Infections Set To Spike Due To Angler Bypassing EMET

Share
Čvn 03

Flashpoint Study Shows Spreading Ransomware Is No Cash Cow

Source: bitcoin

Bitcoinist_Flashpoint Resaearch

For the longest time, people have assumed the profits made from ransomware attacks is very lucrative. But a recent study by Flashpoint paints an entirely different picture. While there is still money to be made, the numbers are far lower than most people think they are.

Also read: Mathematics Drives Crix Bitcoin Futures Trading

Flashpoint conducted a five-month study of a Russian ransomware operation to see how lucrative this business model is. As it turns out, the operators of this service make far less money than most people anticipated. The “upper brass” makes US$90k per year, which is still a nice amount, but not that high all things considered.

Flashpoint Study Reveals Intriguing Details

The study by Flashpoint investigated a particular group of criminals offering ransomware-as-a-service. Their primary targets seem to be corporations and individual users in the Western world. Organizing these campaigns and hiring partners to ensure the malware is delivered, nets criminals US$7,500 per month.

What is noteworthy is how the Flashpoint research indicates these crime rings usually rely on personal relationships. With no central command and control infrastructure, affiliates get carte blanche as to how they distribute ransomware. Moreover, they need to keep tabs on how many and which systems have been infected successfully.

Despite the growing number of reported ransomware infections, the Russian crime group only collected thirty payments of US$300 per month. This goes to show consumers and enterprises are becoming far more vigilant when it comes to malware. Moreover, fewer people are willing to pay the fee and will take a small data loss after restoring file access from a backup.

Ransomware-as-a-service bosses take a 60% of the fee paid, whereas affiliates receive 40% for their efforts. Spreading malware is far from a glorious job, to say the last, and the pay is not all that great either. However, there are nearly no entry barriers for anyone willing to venture into the world of internet criminality.

There is also a vast distinction to be made between the widespread ransomware distribution attack, and its more sophisticated and targeted counterpart. This latter approach will net far bigger rewards, albeit it requires a lot more work. Victims have to be carefully selected and vetted before spreading the payload. However, the reward is well worth the effort.

What are your thoughts on the amount of money to be made with ransomware/? Let us know in the comments below!

Source: Dark Reading

Images courtesy of Flashpoint, Shutterstock

The post Flashpoint Study Shows Spreading Ransomware Is No Cash Cow appeared first on Bitcoinist.net.

Flashpoint Study Shows Spreading Ransomware Is No Cash Cow

Share
Kvě 25

CryptXXX 3.0 Beats Kaspersky Labs Decryption Tool Again

Source: bitcoin

Bitcoinist_Bitcoin Ransomware CryptXXX 3.0

Just a few days ago, we reported how Kaspersky Labs has been able to crack the CryptXXX decryption code and create a tool which lets users restore file access without paying the Bitcoin ransom. The latest CryptXXX update nullifies this tool entirely, and security researchers are back to square one.

Also read:Deloitte Blockchain Lab in Dublin Will Create Fifty Jobs

RannohDecryptor is the tool Kaspersky Labs has created to let users bypass the Bitcoin ransom after getting infected with CryptXXX. It did not take long for the malware creators to come up with a solution that makes this tool all but useless, and version 3.0 of this ransomware was released a few days ago.

CryptXXX Version 3.0 Is Here

Albeit there is no available tool to combat CryptXXX 3.0 right now, computer users dealing with this infection are advised not to pay the Bitcoin ransom. Given these recent changes to the encryption algorithm, security researchers are concerned that paying the fee will not necessarily result in received a decryption key.

Kaspersky Labs advises users to hold off on acting on the infection itself until security researchers come up with a revised version of RannohDecryptor. However, that may be easier said than done, as it can take anywhere from a few days so several weeks until a solution has been found. Given the fact Kaspersky Labs managed to break the CryptXXX encryption algorithm twice already, there is a good chance they will continue that streak, though.

This new evolution of CryptXXX comes on the heels of TeslaCrypt developers shutting down their ransomware strain and releasing the master decryption key to the public. Some people assumed this was the end for ransomware infections around the world, but it is safe to say this threat seems far from over.

Cerber, which is another strain of Bitcoin ransomware, has undergone some major changes recently as well. Other than infecting a device and ensuring the user can’t access the computer files, the new version of Cerber will make infected devices part of a botnet to execute DDoS attacks. Ransomware keeps evolving into a more severe threat than the previous generation, and CryptXXX seems to be following that lead by example.

How long will it take before this new version of CryptXXX can be decrypted through a free tool? Let us know your thoughts and predictions down below!

Source: Bleeping Computer

Images courtesy of Shutterstock, Kaspersky Labs

The post CryptXXX 3.0 Beats Kaspersky Labs Decryption Tool Again appeared first on Bitcoinist.net.

CryptXXX 3.0 Beats Kaspersky Labs Decryption Tool Again

Share
Kvě 18

Malware-as-a-service Is A Cheap Way To Spread Bitcoin Ransomware

Source: bitcoin

Bitcoinist_Malware-as-a-service

Cyber security is on the minds of everybody in the technology world these days, yet hackers and internet criminals seem to be outsmarting the masses yet again. One particular cyber criminal syndicate is using malware-as-a-service through the Nuclear exploit kit.

Also read: Kaspersky Labs Outsmarts CryptXXX Bitcoin Ransomware Developers Again

Malware-as-a-service Is A Thing Now

Everything is being turned into some “as-a-service” model, whether it is technology, the blockchain, or in this case, malware. A syndicate of cyber criminals are using the Nuclear exploit kit to spread malware worldwide, and they control a total of fifteen active control panels. Up until now, no one has any idea as to who is behind this “business model”, although there are indicators Russian hackers are involved.

Check Point, a security research team, recently uncovered how the malware-as-a-service business model brings in roughly US$100,000 a month in revenue. That is a rather staggering amount, which goes to show how much interest there is by internet criminals to infect computers around the world with malware and ransomware.

By using these 15 Nuclear control panels, the malware-as-a-service providers infected nearly two million devices last month. Although the success rate was only 9.95%, that still leaves over 184,000 machines infected with malware. This number does not come as a complete surprise either, as exploit kits facilitate the execution of ransomware and banking Trojans remotely.

What makes the malware-as-a-service business model so dangerous is how cyber criminals help other malicious individuals attack unsuspecting users. Nuclear has been one of the top exploit kits for quite some time now, and it looks like this trend will continue for the foreseeable future.  

However, it is important to note this entire malware-as-a-service business model has a critical flaw, as there is a central point of failure. The master server for all of these portals is controlled by the service provider, which inserts a certain level of “trust among criminals”. If the service provider would be arrested, law enforcement may be able to shut down all of the other portals.

Check Point also reports that ransomware is the dominant payload for this malware-as-a-service business model. Their statistics indicate close to 110,000 Locky droppers have been sent out, leading to US$12.7m in financial losses for victims. However, it appears some of the Nuclear portals have already been shut down, according to the report, which is a rather surprising turn of events.

Are you concerned about the malware-as-a-service phenomenon? What can we expect from internet criminals in the future/ Let us know in the comments below!

Source: Check Point

Images courtesy of Shutterstock, Check Point

The post Malware-as-a-service Is A Cheap Way To Spread Bitcoin Ransomware appeared first on Bitcoinist.net.

Malware-as-a-service Is A Cheap Way To Spread Bitcoin Ransomware

Share