Friday, January 6, 2017

Detail on How One form of Ransomware Works, What it Looks Like, and What to do About it (Windows 10)

I found this article, https://blogs.technet.microsoft.com/mmpc/2016/12/21/no-slowdown-in-cerber-ransomware-activity-as-2016-draws-to-a-close/?MC=MSAzure&MC=Windows&MC=SQL&MC=SecSys with the interesting headline:

No slowdown in Cerber ransomware activity as 2016 draws to a close

The picture that went along with the the title was:  

I thought it was kind of peculiar, no?  No slowdown?  Hmmm.  Well, maybe they are discounting the last couple weeks. 

However, the article itself was very interesting and educational and a must read for those serious about their on-line security.  You'll see how it works, how it is coded, and how to fix it. 

Ransomware kits can be bought or, in some cases, just downloaded by anyone.  Couple that with freely available botnet software to distribute the emails, and it is clear that everyone will get compromised emails from multiple sources.  If you think that just because you can't do it, it has to be some very sophisticated "state-sponsor" that is doing it, you're wrong!  Even a 14 year old living in Somalia  can do this!  And make it look like anyone else they want to point the finger at has done it.

Again, the key security point is to not open attachments or click on links.  I urge everyone to keep hammering any vendors, such as insurance companies, credit card companies, and your own clubs and social groups, to not send attachments or rely on links  Tell them you won't open the attachment or click on a link.  The organization should use a document repository instead and tell you to go to the website, not follow a link.  

It is important to remember that most email addresses and address books are in the black domain, so even if you get an email from an email address you know, and it might even show in the address detail as the right address, it is kindergarten work to spoof a valid email address.   

No comments:

Post a Comment

Printfriendly

Print Friendly and PDF