Led 31

Bitcurex: Owner ‘Disappears’ After Failing to Return 2,300 BTC

· January 31, 2017 · 8:00 am

Poland’s oldest exchange Bitcurex has mysteriously “disappeared” with users losing access to capital and locking 2,300 bitcoins out of users’ hands.

2,300 BTC Gone Forever

Local news sources report that following problems reaching back to October, the platform has now ceased operation altogether, with staff failing to release clear information.

Only social media pages survive, while it appears that a Polish public prosecutor investigation instigated by the exchange is no nearer returning lost funds.


Bitcurex’s problems began when an attack caused accounts to become unusable for customers. It subsequently transpired that “external interference in automated data collection and processing of information” meant all bitcoins on the platform had gone, Gazeta.pl reports, adding:

One thing is for certain: all the bitcoins in the Bitcurex portfolio have disappeared.

Owners’ Houdini Impression Continues

The exchange’s owners have meanwhile been making a name for themselves for the wrong reasons. Following the initial issues, hardly any official information has surfaced, while users are appealing to each other for leads regarding their identity.

“Anyone got any leads on an owner bitcurex or his next of kin?” one post on Bitcurex’s still live Facebook page read Monday.

Lawyers are also getting involved on the page, offering advice for those affected by the loss of funds.

Similarly, Gazeta postulates that this month’s final disappearance had deliberately fraudulent motives, coming as it did prior to a major uptick in Bitcoin’s price. Evidence for this theory is lacking, however.


The loss of funds marks the final fallout from another of 2016’s exchange casualties. Overall, at least eleven major hacks were recorded last year, underlining the continuing security issues faced by exchanges, as well as trust issues faced by the community, which have been touched on by commentators such as Andreas Antonopoulos.

Bitcoinist reiterates to readers never to leave bitcoins on platforms operated by third-parties, such as exchanges of any sort, which they do not control themselves.

“Not your private keys, not your bitcoin,” should be the mantra of every Bitcoin user. 

It is interesting to note that Bitcurex’s fall from grace was precipitous. Just in July, the company added what it described as a “certified compliance department” to its outfit, ostensibly to ensure stable operations in line with relevant governmental legislation such as AML and KYC requirements.

Launched in 2012 in the Polish city of Lodz, the exchange processed over $50 million worth of BTC transactions in its final six months.

What do you think about the loss of Bitcurex? Let us know in the comments below!

Images courtesy of Shutterstock, Crunchbase

Show comments

Čvn 15

Apple Plans To Introduce Differential Privacy Very Soon

Source: bitcoin


Apple is taking an unusual stance on privacy. The company has no plans to collaborate with law enforcement on decrypting their own devices, though. Instead, the technology giant will focus on differential privacy, to compete with Google and Facebook.

Also read: One Bitcoin is Worth 51 Million Hacked iMesh Accounts

Apple has been making media headlines regarding privacy in the past few months. Ever since the San Bernardino case, the company has been adamantly clear on its position. CEO Tim Cook stated how Apple will not weaken device encryption because law enforcement agencies feel they need to. After all, the company is primarily in the business of hardware, instead of advertisements.

Differential Privacy is Coming To Apple Devices

But there is more, as Apple wants to introduce differential privacy in the future. Rather than sending data to Apple servers and creating a personal profile of the user, on-device intelligence, and crowdsourced learning will be used. To be more precise, this technology will be part of iOS 10 and macOS, which will replace OS X.

As a result of this different approach, iOS 10 devices can personalize apps for its users. For example, it would be possible to identify objects in Photos, or get more relevant information through the News app. Having these options available without getting information sent to Apple first is a positive take on protecting user privacy.

“Starting with macOS Sierra, Apple is using technology called Differential Privacy to help discover the usage patterns of a large number of users without compromising individual privacy. In macOS Sierra, this technology will help improve autocorrect suggestions and Lookup Hints in Notes.”

Differential privacy is an interesting concept, which can combine great features with high privacy protection. Moreover, it is important to note this technology is rather statistical analysis, rather than a single piece of technology. Obscure data will be locked behind multiple techniques, including hashing, subsampling, and noise injection.

It is positive to see technology giants taking a clear stance in the privacy world. Although it remains to be seen how Apple will pull off differential privacy, in the long run, the concept holds a lot of promise. Technological solutions like these need to be thoroughly tested before being deployed to the masses, though.

What are your thoughts on Apple venturing into the world of differential privacy? Let us know in the comments below!

Source: Sophos

Images courtesy of Shutterstock, Apple

The post Apple Plans To Introduce Differential Privacy Very Soon appeared first on Bitcoinist.net.

Apple Plans To Introduce Differential Privacy Very Soon

Čvn 07

Ransomware Infections Set To Spike Due To Angler Bypassing EMET

Source: bitcoin

Bitcoinist_Ransomware Malware Angler

Ransomware remains a threat looming over every Internet user in the world today. Protecting one’s computer from this type of malware is becoming harder once again, thanks to the EMET-evading exploit. Security experts feel the number of ransomware infections will ramp up exponentially once again.

Also read: Poloniex Exchange Confirms Funds Are Safe Despite Outage

EMET protection is found on the Windows operating system, as Microsoft designed this tool to block Windows-based exploits. However, internet criminals have come up with a way to bypass this protection. Moreover, they bundled the instruments in the Angler exploit kit, which remains one of the most popular choices for hackers to this very day.

EMET Is Not Impenetrable

Up until this point, many security experts felt that EMET was the most efficient ways to prevent Windows computers from being attacked or infected. Moreover, it has never been possible to bypass this layer of protection entirely. FireEye researchers discovered the new code in the Angler exploit kit on Monday, June 6.

TeslaCrypt used to be a favorite among Internet criminals looking to execute drive-by attacks.This particular type of ransomware has caused a lot of havoc in the past, albeit the creators unveiled the master decryption key not too long ago. Spreading ransomware through an exploit kit that can evade security measures opens up a whole can of worrisome opportunities.

FireEye security experts explained the significance of this news as follows:

“The ability of Angler EK to evade EMET mitigations and successfully exploit Flash and Silverlight is fairly sophisticated in our opinion. These exploits do not utilize the usual return oriented programming to evade DEP. Data Execution Prevention (DEP) is a mitigation developed to prevent the execution of code in certain parts of memory. The Angler EK uses exploits that do not utilize common return oriented programming (ROP) techniques to evade DEP. Instead, they use Flash.ocx and Coreclr.dll’s inbuilt routines to call VirtualProtect and VirtualAlloc, respectively, with PAGE_EXECUTE_READWRITE, thus evading DEP and evading return address validation-based heuristics.”

That being said, it is important to note there are limitations as to what internet criminals can do. For the time being, it appears this method only works on Windows 7. Additionally, targeted computers need either Flash or Silverlight installed to execute the attack. But at the same time, there is nothing stopping hackers using the Angler exploit kit from installing malicious applications and ransomware.

What are your thoughts on internet criminals being able to bypass EMET on Windows machines? Let us know in the comments below!

Source: Ars Technica

Images courtesy of EMET, Shutterstock

The post Ransomware Infections Set To Spike Due To Angler Bypassing EMET appeared first on Bitcoinist.net.

Ransomware Infections Set To Spike Due To Angler Bypassing EMET

Kvě 25

CryptXXX 3.0 Beats Kaspersky Labs Decryption Tool Again

Source: bitcoin

Bitcoinist_Bitcoin Ransomware CryptXXX 3.0

Just a few days ago, we reported how Kaspersky Labs has been able to crack the CryptXXX decryption code and create a tool which lets users restore file access without paying the Bitcoin ransom. The latest CryptXXX update nullifies this tool entirely, and security researchers are back to square one.

Also read:Deloitte Blockchain Lab in Dublin Will Create Fifty Jobs

RannohDecryptor is the tool Kaspersky Labs has created to let users bypass the Bitcoin ransom after getting infected with CryptXXX. It did not take long for the malware creators to come up with a solution that makes this tool all but useless, and version 3.0 of this ransomware was released a few days ago.

CryptXXX Version 3.0 Is Here

Albeit there is no available tool to combat CryptXXX 3.0 right now, computer users dealing with this infection are advised not to pay the Bitcoin ransom. Given these recent changes to the encryption algorithm, security researchers are concerned that paying the fee will not necessarily result in received a decryption key.

Kaspersky Labs advises users to hold off on acting on the infection itself until security researchers come up with a revised version of RannohDecryptor. However, that may be easier said than done, as it can take anywhere from a few days so several weeks until a solution has been found. Given the fact Kaspersky Labs managed to break the CryptXXX encryption algorithm twice already, there is a good chance they will continue that streak, though.

This new evolution of CryptXXX comes on the heels of TeslaCrypt developers shutting down their ransomware strain and releasing the master decryption key to the public. Some people assumed this was the end for ransomware infections around the world, but it is safe to say this threat seems far from over.

Cerber, which is another strain of Bitcoin ransomware, has undergone some major changes recently as well. Other than infecting a device and ensuring the user can’t access the computer files, the new version of Cerber will make infected devices part of a botnet to execute DDoS attacks. Ransomware keeps evolving into a more severe threat than the previous generation, and CryptXXX seems to be following that lead by example.

How long will it take before this new version of CryptXXX can be decrypted through a free tool? Let us know your thoughts and predictions down below!

Source: Bleeping Computer

Images courtesy of Shutterstock, Kaspersky Labs

The post CryptXXX 3.0 Beats Kaspersky Labs Decryption Tool Again appeared first on Bitcoinist.net.

CryptXXX 3.0 Beats Kaspersky Labs Decryption Tool Again

Kvě 17

Kaspersky Labs Outsmarts CryptXXX Bitcoin Ransomware Developers Again

Source: bitcoin

Bitcoinist_Kaspersky Labs CryptXXX Bitcoin Ransomware

CryptXXX Ransomware has been on the Kaspersky radar for quite some time now, as they are doing everything they can to let victims restore file access without paying the Bitcoin fee. A similar attempt had been made earlier this year, but the CryptXXX creators quickly patched the flaw allowing for this scenario to take place.

Also read: BitHope Foundation Partners With Counterparty For HOPECOIN Token

Kaspersky Is Not Giving Up On Fighting CryptXXX

There is hardly anything more annoying than dealing with Bitcoin ransomware these days. Not only does this malware encrypt nearly every file on one’s computer or network, but it is also impossible to restore file access with a backup. This has been a thorn in the side for consumers and enterprises all over the world for several months now.

But there is a silver lining, as Kaspersky Labs is trying to outsmart the CryptXXX creators. Or to be more precise, this is the security firm’s second attempt at doing so, after pointing out how the developers made several critical errors back in April of 2016. The security firm released a decryption tool that would allow victims to restore file access without paying the Bitcoin ransom.

However, the CryptXXX ransomware developers took exception to this attempt by Kaspersky Labs and updated their code shortly afterwards. Once the new version of this malware was released, security experts were back to square one in an attempt to come up with a decryption tool for victims all over the world.

After announcing a new update to the decryption tool – called RannohDecryptor – it appears as if the team has managed to break the revamped CryptXXX encryption. Victims will no longer need a copy of an original file which has not been encrypted by the ransomware, which then allows RannohDecryptor to find a decryption key.

It will be interesting to see how long this solution will work, as it is doubtful the CryptXXX developers will give up the fight so easily. Bitcoin ransomware distribution has proven to be a very lucrative business model. Computer user all over the world need to be vigilant at all times and ensure their antivirus definitions and operating system are always up-to-date.

What are your thoughts on this new attempt by Kaspersky? Will this be the nail in the coffin for CryptXXX? Let us know in the comments below!

Source: ZDNet

Images courtesy of Kaspersky, Shutterstock

The post Kaspersky Labs Outsmarts CryptXXX Bitcoin Ransomware Developers Again appeared first on Bitcoinist.net.

Kaspersky Labs Outsmarts CryptXXX Bitcoin Ransomware Developers Again

Kvě 02

New Ransomware Strains No Longer Want Your Bitcoin

Source: bitcoin

Bitcoinist_Lansing Board of Water and Light

Most people around the world are well aware of the potential effect ransomware could have on their computer. But in some cases, the effects are far more dire, as a Michigan municipal utility had to shut down all of their services. However, instead of asking for a Bitcoin ransom, the Internet criminals want gift cards.

Also read: UniChange Giveaway: Free Virtual Bitcoin Debit Card

Ransomware Developers Moving Away From Bitcoin?

Although the world of ransomware is constantly evolving, several features and properties have remained the same through the past few years. One of those properties was how ransomware victims would have to pay a fee in Bitcoin, as internet criminals felt this was the best way to  receive anonymous payments online.

As it turns out, that situation is coming to change, albeit internet criminals are becoming far more aggressive with their attacks. A utility company in Michigan was recently infected with malware, which was spread through a malicious email attachment. Due to this infection, the company was forced to shut down all of their internal systems, as well as the customer assistance phone line.

It appears as if there is a new form of ransomware making the rounds, which does not want victims to pay in Bitcoin. This comes as quite a surprise, considering how crypto-ransomware has been quite the profitable business for internet criminals in recent years. Moreover, the installed antivirus on the utility company’s network was unable to detect the malware, as only three types of software are currently capable of doing so.

What is rather surprising is how ransomware developers are currently looking to get victims to pay in gift cards, rather than Bitcoin. Although a gift card does not necessarily include personal information of the recipient, these codes are easier to track than Bitcoin payments ever have been. Cards from Amazon and iTunes seem to be among the favorites, for the time being.

But there is also a good reason as to why internet criminals would like to obtain these gift cards, as they can be easily resold on the Internet. This removes any form of leaking information regarding the involved parties altogether, as the recipient who uses this gift card will be the one getting flagged in the databases.

What are your thoughts on ransomware developers preferring gift cards over bitcoin for ransom payments? Let us know in the comments below!

Source: NetworkWorld

Images courtesy of Shutterstock, BWL

The post New Ransomware Strains No Longer Want Your Bitcoin appeared first on Bitcoinist.net.

New Ransomware Strains No Longer Want Your Bitcoin

Dub 29

Toy Manufacturer Website Spreads Crypto-ransomware Through Joomla

Source: bitcoin


Internet users are facing an uphill battle when trying not to get infected with malware and crypto-ransomware these days. The latest source of ransomware infections is Maisto International, a well-known toy maker specializing in remote-controlled toy vehicles.

Also read: BitcoinAverage: The Evolution of an Index

Maisto International Distributes Crypto-ransomware

Visiting a toy manufacturer website would be the last of concerns for Internet users worried about malware and crypto-ransomware. At the same time, these types of platforms present an excellent opportunity for Internet criminals, as toy manufacturer websites attract a lot of website traffic every day.

As it turns out, Maisto International has been hosting malicious files provided by the Angler exploit kit on their homepage. This attack vector was made possible due to the manufacturer using an outdated version of the Joomla CMS, and the attack code exploiting various vulnerabilities in modern applications ranging from Silverlight to Adobe Flash and Java.

Visiting the Maisto International homepage would put users at risk of getting infected with CryptXXX, one of the latest strains of crypto-ransomware. Computer users who did not have the latest security updates installed on their computer would risk getting infected with the malware, and they would have to pay a fee in Bitcoin to restore file access. However, Kaspersky Labs recently unveiled a solution to regain control over the computer without paying the fee.

For the time being, it remains unclear as to whether or not Maisto International has upgraded their Joomla version by now. Content management systems are the bread and butter of just about any website these days, and installing updates as soon as they are released should be at the top of the priority list. Unfortunately, that is not the case for most website owners these days.

This news is quite disconcerting, especially when considering how various ad networks had started spreading crypto-ransomware and malware little over a month ago. With so many different websites and servers being vulnerable all over the world, these threats will continue for the coming months unless companies step up their security.

What are your thoughts on toy manufacturers such as Maisto International inadvertently spreading crypto-ransomware? Let us know in the comments below!

Source: Ars Technica

Images courtesy of Maisto International, Joomla

The post Toy Manufacturer Website Spreads Crypto-ransomware Through Joomla appeared first on Bitcoinist.net.

Toy Manufacturer Website Spreads Crypto-ransomware Through Joomla

Dub 25

AppLocker Vulnerability Creates Enterprise Malware Threats

Source: bitcoin

Bitcoinist_Security Vulnerability

Several versions of Microsoft Windows had an extra feature – called AppLocker – for business-minded users to blacklist or whitelist particular applications. This should reduce the risk of being infected with malware or virii, but the feature can rather easily be bypassed by the look of things.

Also read: Industry Report: Kraken, Others Receive Large Investments

Bypassing Windows AppLocker With Relative Ease

Windows is often targeted by Internet criminals all over the world, as it is the most popular operating systems across computers and some tablets. Given the recent increase in crypto-ransomware threats, it only seems normal most of these malware infections occur when Windows machines are involved, and it looks like the threat is far from over.

The AppLocker security features found in business-focused versions of Microsoft Windows can easily be disabled by making a small change to the computer register. Although most enterprises use this feature to restrict application usage and access in an attempt to prevent malware infections, it looks like they will have to find alternative solutions.

A recent study by security researcher Casey Smith shows how AppLocker is vulnerable to an exploit that will actually disable this checking procedure. Granted, the computer itself would need to have modifications made by Regsvr32, so it points to a remotely hosted file, but doing so would let systems run just about any application in the world.

Unfortunately, there is no patch to address this vulnerability just yet, although Windows users can rest assured Microsoft is well aware of this situation. One temporary solution enterprises could make use of is by letting Windows Firewall block Regsvr32, preventing it from accessing any online file. For companies dealing with dozens of computer son their network, this is far from a perfect solution, though.

Until this AppLocker flaw can be fixed, hackers and Internet criminals will be able to exploit this vulnerability and target enterprises with all kinds of malware. It is not unlikely we will see more crypto-ransomware infections in the coming weeks. Given the stealthy nature of this alteration to Regsvr32, there is hardly a way to detect these changes either, as no administrator access is required to do so.

Are you using AppLocker, and if so, are you concerned about this vulnerability? Let us know in the comments below!

Source: Engadget

Images courtesy of Microsoft Windows, Shutterstock

The post AppLocker Vulnerability Creates Enterprise Malware Threats appeared first on Bitcoinist.net.

AppLocker Vulnerability Creates Enterprise Malware Threats

Dub 22

Inner Workings of Nuclear Exploit Kit Spreading Crypto-ransomware

Source: bitcoin

Bitcoinist_Nuclear Exploit Kit

The topic of crypto-ransomware is still fresh in the minds of consumers and enterprises all over the world. Security experts have revealed the inner workings of the Nuclear exploit kit, which keeps making waves despite attempts to shut down its original servers. It appears the creators of this kit prefer to use DigitalOcean to spread their malware to unsuspecting users.

Also read: BitFury Group To Develop Blockchain-based Land Titling Project in Georgia

What Makes The Nuclear Exploit Kit Tick?

As most people are well aware of, most types of crypto-ransomware are spread to computers through so-called exploit kits. Although Angler is the most common EK in that regard, Nuclear is well worth keeping an eye on as well. In fact, this particular exploit kit is rather hard to eliminate, despite the hosting company taking down the servers spreading this malware.

This is where things get fascinating, as it turns out DigitalOcean is the place-to-be for the Nuclear exploit kit creators. By deploying cheap instances serving websites with malicious code to spread the malware, these internet criminals have been successful in their attempts to spread Locky and other types of crypto-ransomware in the past few months.

Unfortunately, the server shutdown by DigitalOcean did not do much in the end, as the Nuclear operators set up new instances of their servers in mere hours. What makes their approach so brilliant in its simplicity is how they use coupon codes, which grant an x number of free hours of running a DigitalOcean instance. All it takes is a random email address and a coupon, effectively giving users a way to bypass traditional payment solutions.

Setting up the exploit kit servers is just one aspect of this story, though. The Nuclear exploit kit itself packs quite the punch under the hood, as there is a multi-tier server architecture. One master server provides automatic “updates” to console servers, which are used by paying clients to customize and distribute their payload of malware and crypto-ransomware.  Every console server manages several landing page servers, which is where the real magic happens.

Among the security vulnerabilities Nuclear attempts to exploit are Flash security flaws, as well as a Javascript weakness targeting Internet Explorer 10 and 11 users specifically. Moreover, a VBScript vulnerability is being looped in as well, which is – according to the security experts – most likely used to execute phishing attacks.

It is also interesting to note the Nuclear exploit kit is mostly used to target Spanish speakers, for some unknown reason. It appears as if a large portion of the traffic visiting these exploit pages were coming from a Spanish ad for adult webcams. That is not the most worrying part, however, as one particular server saw as much as 60,000 unique IP addresses accessing the platform in a single day.

At this time, it looks all but impossible for the Nuclear exploit kit to go away entirely. Disrupting the DigitalOcean servers has done absolutely nothing other than buying a small amount of time. Both Cisco and Check Point are stepping up their security to try and identify these landing pages and exploit attacks, but it will be an uphill battle, to say the least.  

What are your thoughts on the inner workings of the Nuclear exploit kit? Let us know in the comments below!

Source: Ars Technica

Images courtesy of Shutterstock

The post Inner Workings of Nuclear Exploit Kit Spreading Crypto-ransomware appeared first on Bitcoinist.net.

Inner Workings of Nuclear Exploit Kit Spreading Crypto-ransomware

Dub 12

Security Experts Create Solution For Petya Bitcoin Ransomware

Source: bitcoin

Bitcoinist_Petya Ransomware

Petya is one of the most recent strains of Bitcoin ransomware that has been wreaking havoc in various countries. But that may be coming to an end, now that security experts from Leostone have come up with a software solution to bypass the ransom demand.

Also read: Porn Ransomware on Android Does Not Demand Bitcoin Payment

Bypassing The Petya Bitcoin Ransom Demand

Despite only being in circulation for little over two weeks so far, the Petya Bitcoin ransomware has proven to be particularly nasty so far. Not only does this malware encrypt files on the computer itself, but it performs the same action on any backups the user might have. In the end, this forces users to pay the Bitcoin ransom, or completely format a computer and lose data.

Security experts have been working hard to come up with solutions to the looming Bitcoin ransomware threats. However, considering how every individual strain seems to bring something different to the table, it is incredibly difficult to create a solution for all types. Some types of malware even use completely random encryption methods when infecting computers, making it all but impossible to find a pattern.

But in the case of Petya, things are coming to change. Leostone has come up with a software solution that bypasses the ransom demand completely, and it can create the decryption password needed to restore file access.  However, there is a catch, as the process is a lot more complicated than it sounds.

For this solution to work, users infected with the Petya Bitcoin ransomware will need to remove the hard drive from their computer, and connect it to a non-infected machine. Once that is done, the user needs to use a particular web application to “conjure up” the password to restore file access.  Doing so should allow for the decryption of the master boot file, and restore computer access.

It is positive to see security experts coming up with software solutions to fight Petya. However, the process involved is rather complicated, and might be a bit too technical for the average computer user. However, it might learn people a valuable lesson or two about being more cautious when using their computer on a daily basis.

What are your thoughts on this web app to get rid of Petya ransomware? Do you know someone who has been infected? Let us know in the comments below!

Source; Engadget

Images courtesy of Shutterstock

The post Security Experts Create Solution For Petya Bitcoin Ransomware appeared first on Bitcoinist.net.

Security Experts Create Solution For Petya Bitcoin Ransomware