Thursday, 20 July 2017
Wednesday, 19 July 2017
The purpose of ransomware
Ransomware, a phenomenon now very well known, serves one ultimate and obvious purpose:
- Monetary gain for the cybercriminal(s).
However, multiple scenario's are, in fact, possible. Consider any and all of the following:
- Deployed as ransomware, extortion;
- Deployed to showcase skills, for fun or for testing purposes;
- Deployed as smokescreen;
- Deployed to cause frustration;
- Deployed out of frustration;
- Deployed as a cover-up;
- Deployed as a penetration test or user awareness training;
- Deployed as a means of disruption and/or destruction.
Let's go over all of these briefly:
Deployed as ransomware, extortion
This has been the traditional approach - ransomware is installed on the victim's machine, and its only purpose is to create income for the cybercriminal(s).
In fact, ransomware is simple extortion, but via digital means.
I could give 100s, if not 1000s of links as example, but this search query should suffice and show the current boom or trend in the cybercriminal landscape:
https://www.bleepingcomputer.com/search/?q=ransomware
Deployed to showcase skills, for fun or for testing purposes
Some cybercriminals like to show off, and as such create the side-business of ransomware, or, more particularly to showcase their coding skills: "Ransomware? I/We can do that too!", or just "because".
An example of this may well be the nRansomware (or "Nude Ransomware"), in which the author demanded nudes, rather than a monetary arrangement:
https://motherboard.vice.com/en_us/article/yw3w47/this-ransomware-demands-nudes-instead-of-bitcoin
Another example may be to send ransomware 'as a joke' or for fun to your friends, and giving them a bad time. Please don't.
Some cybercriminals may be testing the waters by deploying ransomware in an organisation, to stress-test the defenses, or to test their own programming skills, or the lack thereof.
Deployed as smokescreen
A very interesting occurrence indeed: ransomware is installed to hide the real purpose of whatever the cybercriminal or attacker is doing. This may be data exfiltration, lateral movement, or anything else, in theory, everything is a possible scenario... except for the ransomware itself.
This may happen more than you think and begs the question - what is the real purpose here?
Ransomware is obvious: files are encrypted, warning or extortion messages are scattered, and users as well as companies are unable to proceed working for days, depending on backup and recovery strategy.
Once you're hit by ransomware, more than 1 alarm bell should start ringing - you are royally compromised and, as such, should take appropriate measures immediately. There may be more than meets the eye.
There's an article on Carnal0wnage, describing one of these events:
http://carnal0wnage.attackresearch.com/2016/03/apt-ransomware.html
Deployed to cause frustration
Another possible angle that goes hand in hand with the classic extortion scheme - deploying ransomware with intent of frustrating the victim. Basically, cyber bullying. While there may be a request for a monetary amount, it is not the purpose.
A notorious example of this is the Jigsaw ransomware:
https://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/
In a related example; a victim of a tech support scam tricked the scammer into installing ransomware:
https://nakedsecurity.sophos.com/2016/08/15/tech-support-scammer-tricked-into-installing-ransomware/
Deployed out of frustration
Sometimes, an attacker may gain initial access to a server or other machine, but consequent attempts to, for example, exfiltrate data or attack other machine, is unsuccessful. This may be due to a number of things, but often due to the access being discovered, and quickly patched. On the other hand, it may have not been discovered yet, but the attacker is sitting with the same problem: the purpose is not fulfilled.
Then, out of frustration, or to gain at least something out of the victim, the machine gets trashed with ransomware.
Another possibility is a disgruntled employee, leaving ransomware as a 'present' before leaving the company.
Darryl from Kahu Security has written an excellent article on the former occurrence:
Deployed as a cover-up
This may sound ambiguous at first, but imagine a scenario where a company may face sanctions, is already compromised, or has a running investigation.
The company or organisation deploying ransomware itself, is a viable way of destroying data forever, and any evidence may be lost.
Another possibility is, in order to cover up a much larger compromise, ransomware is installed, and everything is formatted to hide what actually happened.
Again, there is also the possibility of a disgruntled employee, or even an intruder: which brings us back to 'deployed as a smokescreen'.
There are some statistics referring to this as well, in a report by SentinelOne:
Deployed as a penetration test or user awareness training
Ransomware is very effective in the sense that most people know what its purpose is, and the dangers it may cause. As such, it is an excellent tool that can be used for demonstration purposes, such as a user awareness training. Another possibility is an external pentest, with same purpose.
An example is given by Malwarehunterteam, where KBC Group employed a phishing test, and consequently 'ransomware', meant as user awareness training:
This is a very good idea for any organisation or business in general. Are your users aware of the dangers that lie in, and beyond, ransomware?
Deployed as a means of disruption and/or destruction
Last but not least - while ransomware can have several purposes, it can also serve a particularly nasty goal: destroy a company or organisation, or at least take them offline for several days, or even weeks.
Again, there are some possibilities, but this may be a rivalry company in a similar business, again a disgruntled employee, or to disrupt large organisations on a worldwide scale.
A recent and notorious example of such an attack is the latest Petya variant, also referred to as EternalPetya, or NotPetya. A blog post from Kaspersky suggests the main purpose is a wiper:
In a way, this also falls back to the frustration, and cover-up scenario's.
Closing thoughts
As we've seen, ransomware can serve a plethora of purposes; whether it is deployed by a nation-state actor, the more common cybercriminal, or your neighbor disgruntled at your tree hanging over their wall, one thing is for sure: you are, and have been compromised!
In more recent years, targeted ransomware has become a common phenomenon, this means ransomware either tailored to your environment, or manually installed - the latter often via hacked RDP or VNC services.
The most famous example is no doubt Samas, also known as SamSam:
Other examples include: CrySiS and derivatives, RSAutil and PetrWrap.
While targeted ransomware attacks are occurring as early as 2013, in most recent years, they have become more fearful, due to the ransomware also encrypting files.
Conclusion: ransomware is and will always be ransomware - but it may have a twist and an additional purpose.
For further reading, I gladly introduce a shameless plug by referring you to 2 of my blog posts:
Ransomware prevention
This blog post also exists as a dedicated page here: the purpose of ransomware.
This blog post also exists as a dedicated page here: the purpose of ransomware.
If you can think of any other targeted ransomware, or purposes for ransomware, do not hesitate to leave some feedback in the comment section, or contact me on Twitter.
Saturday, 15 July 2017
MS Office 2013 Free Download
Microsoft Office 2013 (some time ago Microsoft Office 15) is a form of Microsoft Office, an efficiency suite for Microsoft Windows. It is the successor of Microsoft Office 2010 and incorporates expanded record design bolster, UI updates and support for touch among its new elements. Office 2013 is appropriate for IA-32 and x64 frameworks and requires Windows 7, Windows Server 2008 R2 or later form of either. A form of Office 2013 comes included on Windows RT gadgets.
Improvement on this variant of Microsoft Office was begun in 2010 and finished on October 11, 2012 when Microsoft Office 2013 was discharged to manufacturing.[10] Microsoft discharged Office 2013 to general accessibility on 29 January 2013. This rendition incorporates new components, for example, coordination bolster for online administrations (counting SkyDrive, Outlook.com, Hotmail, Skype, Yammer and Flickr), enhanced configuration bolster for Office Open XML (OOXML), OpenDocument (ODF) and Portable Document Format (PDF) and support for multi touch interfaces.
Office Professional Plus 2013 is the fate of profitability. Office Professional Plus 2013 incorporates Word, PowerPoint, Excel, Outlook, OneNote, Access, Publisher, and Lync.
Profitability with present day, touch-empowered encounters
Rapidly shape business bits of knowledge with Excel
Breath life into thoughts with PowerPoint and Word
Remain associated with the general population you work with utilizing Outlook and Lync
Oversee Office with continuous execution checking and controls.
Components
Everything about this program got an overhaul with regards to looks and appearance; there was a total make-overA ton of the old elements are accessible alongside a considerable measure of new ones; all of which were intended to help spare the client a huge amount of time
Can get to your records whenever, regardless of where you are; this is on the grounds that this office has can associate with and work with tablets, advanced mobile phones, in the cloud and even on PCs that don't have Office introduced on them
The updates are programmed; this is done as such everything will dependably be a la mode and you will dependably be working the most recent form that is accessible
With office 2013 break you can introduce it up to five times on the double, so everybody in the house can have their own particular suite to work with and spare records on
20 GB of free storage room with Sky Drive is given and additionally hour long of free calling with Skype is given when bought and introduced
A whole lot more, and so on.
Cons for Office 2013 split:
Windows XP is not bolstered with this product program
Despite the fact that there have been a ton of changes and upgrades since the Office 2010 variant, they are not something to spill drain over
The costs are substantially higher; this is for the unending permit which is extremely costly in itself
Click Here to Download
Friday, 14 July 2017
Saturday, 8 July 2017
BitTorrent For Mac And Window Latest Version 2017
BitTorrent, the convention, is practically synonymous with distributed record sharing. In case you're new to document sharing and still somewhat uncertain, BitTorrent, the record sharing convention's own particular restrictive programming, is maybe the best choice for you, as it is anything but difficult to utilize and it offers all the most imperative components most clients require. With BitTorrent, you get a steady and proficient downpour customer that can download and transfer your records at extraordinary paces with.
Furthermore, it's loaded with awesome elements that will enhance your document sharing background. For instance, it is anything but difficult to pick which particular record inside a heap of deluges you need to download, or deal with your web interface to make your downpour download considerably more productive. It additionally gives you charts so you can track the advance of your transfers and downloads, too the strength of the media records you are managing. Also, in the event that anything turns out badly, BitTorrent can recoup, which implies you won't lose your advance. BitTorrent additionally offers an arrangement of 13 applications that will upgrade your deluge understanding, including an antivirus and free downloadable amusements. In addition, the program is totally free, simple to introduce and design.
Well known downpour record sharing administration
BitTorrent is a broadly utilized program that empowers distributed record sharing through the BitTorrent document sharing convention. It can be utilized to transfer and download documents, for example, music records, films, books and then some, quickly and proficiently. The interface is essentially laid out, containing just what is vital for a simple document sharing knowledge. This means a simple path for apprentices to transfer, scan for and download the documents they need. The program likewise gives extensive insights about the records accessible, including the source and size of the documents. BitTorrent likewise highlights a programmed recuperation framework that recoups from an inappropriate shutdown of the program. At the point when clients download BitTorrent, they additionally access App Studio, a gathering of applications that empowers quicker downloads, and in addition an association between the client's BitTorrent record and informal communities. BitTorrent is for nothing out of pocket as it is upheld by (unintrusive) promotions. It is upheld by both Windows and Mac OS X, and is open in 66 dialects. The discretionary paid rendition, BitTorrent Pro, offers a souped-up adaptation with elements, for example, moment gushing of deluge documents, even before download is finished, antivirus security and the capacity to change over downloaded records to various arrangements, enabling them to be replicated in an assortment of gadgets.
Click Here For Window
Click Here For Mac
Subscribe to:
Posts (Atom)