Kvě 02

New Ransomware Strains No Longer Want Your Bitcoin

Source: bitcoin

Bitcoinist_Lansing Board of Water and Light

Most people around the world are well aware of the potential effect ransomware could have on their computer. But in some cases, the effects are far more dire, as a Michigan municipal utility had to shut down all of their services. However, instead of asking for a Bitcoin ransom, the Internet criminals want gift cards.

Also read: UniChange Giveaway: Free Virtual Bitcoin Debit Card

Ransomware Developers Moving Away From Bitcoin?

Although the world of ransomware is constantly evolving, several features and properties have remained the same through the past few years. One of those properties was how ransomware victims would have to pay a fee in Bitcoin, as internet criminals felt this was the best way to  receive anonymous payments online.

As it turns out, that situation is coming to change, albeit internet criminals are becoming far more aggressive with their attacks. A utility company in Michigan was recently infected with malware, which was spread through a malicious email attachment. Due to this infection, the company was forced to shut down all of their internal systems, as well as the customer assistance phone line.

It appears as if there is a new form of ransomware making the rounds, which does not want victims to pay in Bitcoin. This comes as quite a surprise, considering how crypto-ransomware has been quite the profitable business for internet criminals in recent years. Moreover, the installed antivirus on the utility company’s network was unable to detect the malware, as only three types of software are currently capable of doing so.

What is rather surprising is how ransomware developers are currently looking to get victims to pay in gift cards, rather than Bitcoin. Although a gift card does not necessarily include personal information of the recipient, these codes are easier to track than Bitcoin payments ever have been. Cards from Amazon and iTunes seem to be among the favorites, for the time being.

But there is also a good reason as to why internet criminals would like to obtain these gift cards, as they can be easily resold on the Internet. This removes any form of leaking information regarding the involved parties altogether, as the recipient who uses this gift card will be the one getting flagged in the databases.

What are your thoughts on ransomware developers preferring gift cards over bitcoin for ransom payments? Let us know in the comments below!

Source: NetworkWorld

Images courtesy of Shutterstock, BWL

The post New Ransomware Strains No Longer Want Your Bitcoin appeared first on Bitcoinist.net.

New Ransomware Strains No Longer Want Your Bitcoin

Dub 29

Toy Manufacturer Website Spreads Crypto-ransomware Through Joomla

Source: bitcoin


Internet users are facing an uphill battle when trying not to get infected with malware and crypto-ransomware these days. The latest source of ransomware infections is Maisto International, a well-known toy maker specializing in remote-controlled toy vehicles.

Also read: BitcoinAverage: The Evolution of an Index

Maisto International Distributes Crypto-ransomware

Visiting a toy manufacturer website would be the last of concerns for Internet users worried about malware and crypto-ransomware. At the same time, these types of platforms present an excellent opportunity for Internet criminals, as toy manufacturer websites attract a lot of website traffic every day.

As it turns out, Maisto International has been hosting malicious files provided by the Angler exploit kit on their homepage. This attack vector was made possible due to the manufacturer using an outdated version of the Joomla CMS, and the attack code exploiting various vulnerabilities in modern applications ranging from Silverlight to Adobe Flash and Java.

Visiting the Maisto International homepage would put users at risk of getting infected with CryptXXX, one of the latest strains of crypto-ransomware. Computer users who did not have the latest security updates installed on their computer would risk getting infected with the malware, and they would have to pay a fee in Bitcoin to restore file access. However, Kaspersky Labs recently unveiled a solution to regain control over the computer without paying the fee.

For the time being, it remains unclear as to whether or not Maisto International has upgraded their Joomla version by now. Content management systems are the bread and butter of just about any website these days, and installing updates as soon as they are released should be at the top of the priority list. Unfortunately, that is not the case for most website owners these days.

This news is quite disconcerting, especially when considering how various ad networks had started spreading crypto-ransomware and malware little over a month ago. With so many different websites and servers being vulnerable all over the world, these threats will continue for the coming months unless companies step up their security.

What are your thoughts on toy manufacturers such as Maisto International inadvertently spreading crypto-ransomware? Let us know in the comments below!

Source: Ars Technica

Images courtesy of Maisto International, Joomla

The post Toy Manufacturer Website Spreads Crypto-ransomware Through Joomla appeared first on Bitcoinist.net.

Toy Manufacturer Website Spreads Crypto-ransomware Through Joomla

Dub 25

AppLocker Vulnerability Creates Enterprise Malware Threats

Source: bitcoin

Bitcoinist_Security Vulnerability

Several versions of Microsoft Windows had an extra feature – called AppLocker – for business-minded users to blacklist or whitelist particular applications. This should reduce the risk of being infected with malware or virii, but the feature can rather easily be bypassed by the look of things.

Also read: Industry Report: Kraken, Others Receive Large Investments

Bypassing Windows AppLocker With Relative Ease

Windows is often targeted by Internet criminals all over the world, as it is the most popular operating systems across computers and some tablets. Given the recent increase in crypto-ransomware threats, it only seems normal most of these malware infections occur when Windows machines are involved, and it looks like the threat is far from over.

The AppLocker security features found in business-focused versions of Microsoft Windows can easily be disabled by making a small change to the computer register. Although most enterprises use this feature to restrict application usage and access in an attempt to prevent malware infections, it looks like they will have to find alternative solutions.

A recent study by security researcher Casey Smith shows how AppLocker is vulnerable to an exploit that will actually disable this checking procedure. Granted, the computer itself would need to have modifications made by Regsvr32, so it points to a remotely hosted file, but doing so would let systems run just about any application in the world.

Unfortunately, there is no patch to address this vulnerability just yet, although Windows users can rest assured Microsoft is well aware of this situation. One temporary solution enterprises could make use of is by letting Windows Firewall block Regsvr32, preventing it from accessing any online file. For companies dealing with dozens of computer son their network, this is far from a perfect solution, though.

Until this AppLocker flaw can be fixed, hackers and Internet criminals will be able to exploit this vulnerability and target enterprises with all kinds of malware. It is not unlikely we will see more crypto-ransomware infections in the coming weeks. Given the stealthy nature of this alteration to Regsvr32, there is hardly a way to detect these changes either, as no administrator access is required to do so.

Are you using AppLocker, and if so, are you concerned about this vulnerability? Let us know in the comments below!

Source: Engadget

Images courtesy of Microsoft Windows, Shutterstock

The post AppLocker Vulnerability Creates Enterprise Malware Threats appeared first on Bitcoinist.net.

AppLocker Vulnerability Creates Enterprise Malware Threats

Dub 22

Inner Workings of Nuclear Exploit Kit Spreading Crypto-ransomware

Source: bitcoin

Bitcoinist_Nuclear Exploit Kit

The topic of crypto-ransomware is still fresh in the minds of consumers and enterprises all over the world. Security experts have revealed the inner workings of the Nuclear exploit kit, which keeps making waves despite attempts to shut down its original servers. It appears the creators of this kit prefer to use DigitalOcean to spread their malware to unsuspecting users.

Also read: BitFury Group To Develop Blockchain-based Land Titling Project in Georgia

What Makes The Nuclear Exploit Kit Tick?

As most people are well aware of, most types of crypto-ransomware are spread to computers through so-called exploit kits. Although Angler is the most common EK in that regard, Nuclear is well worth keeping an eye on as well. In fact, this particular exploit kit is rather hard to eliminate, despite the hosting company taking down the servers spreading this malware.

This is where things get fascinating, as it turns out DigitalOcean is the place-to-be for the Nuclear exploit kit creators. By deploying cheap instances serving websites with malicious code to spread the malware, these internet criminals have been successful in their attempts to spread Locky and other types of crypto-ransomware in the past few months.

Unfortunately, the server shutdown by DigitalOcean did not do much in the end, as the Nuclear operators set up new instances of their servers in mere hours. What makes their approach so brilliant in its simplicity is how they use coupon codes, which grant an x number of free hours of running a DigitalOcean instance. All it takes is a random email address and a coupon, effectively giving users a way to bypass traditional payment solutions.

Setting up the exploit kit servers is just one aspect of this story, though. The Nuclear exploit kit itself packs quite the punch under the hood, as there is a multi-tier server architecture. One master server provides automatic “updates” to console servers, which are used by paying clients to customize and distribute their payload of malware and crypto-ransomware.  Every console server manages several landing page servers, which is where the real magic happens.

Among the security vulnerabilities Nuclear attempts to exploit are Flash security flaws, as well as a Javascript weakness targeting Internet Explorer 10 and 11 users specifically. Moreover, a VBScript vulnerability is being looped in as well, which is – according to the security experts – most likely used to execute phishing attacks.

It is also interesting to note the Nuclear exploit kit is mostly used to target Spanish speakers, for some unknown reason. It appears as if a large portion of the traffic visiting these exploit pages were coming from a Spanish ad for adult webcams. That is not the most worrying part, however, as one particular server saw as much as 60,000 unique IP addresses accessing the platform in a single day.

At this time, it looks all but impossible for the Nuclear exploit kit to go away entirely. Disrupting the DigitalOcean servers has done absolutely nothing other than buying a small amount of time. Both Cisco and Check Point are stepping up their security to try and identify these landing pages and exploit attacks, but it will be an uphill battle, to say the least.  

What are your thoughts on the inner workings of the Nuclear exploit kit? Let us know in the comments below!

Source: Ars Technica

Images courtesy of Shutterstock

The post Inner Workings of Nuclear Exploit Kit Spreading Crypto-ransomware appeared first on Bitcoinist.net.

Inner Workings of Nuclear Exploit Kit Spreading Crypto-ransomware