Ransomware And Its Impact

Picture this.

It’s another normal day. You wake and head over to the office, grab a cuppa and settle down to begin going about your daily business. You hit the power on button on your computer and instead of the usual login screen you are accustomed to, you are instead confronted by an on-screen message, very likely featuring the image of a large padlock, informing you that your computer is permanently inaccessible until you make a payment via in a prescribed form.

Welcome to the world of ransomware. You have just become a victim.

So what is a ransomware?

Without getting into technical jargon, ransomware is any malicious software program that infects your computer and restricts access either by locking the screen, encrypting files or both, until you pay the hacker that created the program a ransom.

The first such program to be distributed widely was a program known as Cryptolocker in 2013. Thousands of people had their lives disrupted.
Unlike other malware that spies on your computer silently and sends stolen login details and other personal data to hackers, ransomware announces itself. It’s actually quite audacious on the part of hackers.

Like most viruses and malware, ransomware uses many of the same attack vectors. For example, email attachments and links, botnets, torrents and other technical means such as piggybacking on genuine software updates. The recent Goldeneye/Petya ransomware that affected users in late June 2017, gained access to computers via a software update of a popular accounting application in the Ukraine. The hackers somehow managed to infiltrate the software company that designed the program and injected the ransomware into the software update files. Everyone who performed the update caught the infection.

Unlike other forms of viruses and malware, you can’t get rid of ransomware by flashing the BIOS, wiping the drive or returning the computer to a restore point. The hackers make sure you can’t access any of these features. Also, a unique decryption key is created during the install and stored on the hacker’s server. In the event, you fail to pay the ransom in time or the ransomware detects an attempt to tamper with it, a “self-destruct” is triggered, deleting the decryption key and destroying all the encrypted files on the user’s machine. If the ransom is paid in time, the hacker sends the decryption key to the user and the user enters the key in an area provided on-screen. This unlocks/decrypts the files. Ransom payments are usually demanded via digital currency Bitcoin which makes sure the identity of the hacker remains anonymous.

Because hackers have been known to release the decryption key once paid, many people have resorted to paying the ransom rather than seeking other ways to deal with the problem. This has added fuel to the fire because so long as hackers can make money with ransomware, they aren’t going to stop anytime soon.

Ransomware isn’t simply a nuisance. It is a serious problem that has law enforcement agencies working around the clock to bust hacker rings. While some infected computers are still usable, loss of data has a serious impact on productivity for businesses. Small businesses may never be able to recover if they lost important data.

The best defense

The best defense is data backups. If you have a backup of your data, you won’t have to pay the ransom. You will only lose time trying to get your computer to work properly again. Secondly, install an antivirus program that offers strong ransomware protection and always ensure it is up to date. Don’t ignore operating system security updates. Set your computer to automatically install security updates. And, don’t click on links in emails or open attachments from people you don’t know. Avoid pirated software and torrent sites because these often host ransomware.

Conclusion

If the unimaginable happens and you find yourself having to deal with ransomware, do not panic. Antivirus companies have a number of solutions for the most common types of ransomware. Check out their sites and from another computer and follow the instructions. Unfortunately, if it is a new type, you may have to wait a little longer for a fix. All the same, security researchers are making great strides but it will be a while before they beat the hackers at this game. With ransomware, prevention is better than cure.

Quantum Cryptography: The ‘Key’ To Perfect Security?

Since the dawn of the computer era with the Apple I, the need for security has been crucial. Although simple encryption was strong enough to fend off some of the first real hackers, the popularization and advancement of technology in our society has made even the strongest means of encryption all but null in comparison.

However, for the last few years scientists have been working on what they believe to be the future of encryption, and a way to ensure encrypted files are completely unhackable no matter what they face. Although some skeptics speculate that this form of cryptography has its flaws like any other, the future is bright with this new means of data security, and the likelihood of a brighter future is all but sealed in exchange. However, to know just how this form of encryption could alter the way we secure our data forever, we must first know exactly what it is, determine whether it truly is unhackable, and back these statements with evidence presented through testing of the actual encryption itself.

What is quantum cryptography?

Quantum cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks. One of the most popular forms of quantum cryptography is quantum key distribution, which is where two parties use a shared secret key to encrypt and decrypt messages between them.

The main reason that this form of cryptography is so effective is the fact that it allows the completion of multiple cryptographic tasks that were otherwise proven or conjectured to be impossible using other forms of non-quantum communication. There are multiple different ways that this form of cryptography can be used, including quantum commitment, quantum coin flipping, bounded- and noisy-quantum-storage model, position-based quantum cryptography, device-independent quantum cryptography, and post-quantum cryptography.

However, although many have claimed that these different procedures are utterly unhackable in the past, many of these systems have been proven to be flawed in multiple ways, leaving them completely open to even the weakest hackers out there in a matter of seconds. The main reason for this is the fact that the code can be easily written incorrectly and, in turn, can quite easily lead to a data breach.

In fact, despite this seeming to be a completely unhackable, tried and true solution to the issue of data security, it appears to be far from it at this point in time. However, the question remains: if it were done correctly, would it actually be unhackable?

Is it actually unhackable?

In short, the answer is simply “no”. However, this does not mean that this will be the case indefinitely. In fact, many scientists believe its flaws all come in the form of simple careless human errors in the basic code that creates these cryptographic methods. For instance, on the subject, physicist Renato Renner from the Institute of Theoretical Physics in Zurich stated, “If you build it correctly, no hacker can hack the system. The question is what it means to build it correctly.”

Although we have quite a ways to go, testing continues to occur and, as with all technological advancements, things are certainly looking up for the fans and advocates behind this rather innovative form of data security. In fact, in September of last year, a group of scientists, engineers, and pilots tested quantum cryptography using photon detection in an airplane. These scientists were able to receive encrypted messages through photons from the ground below with ease, making them the first to prove quantum cryptography’s success when used in long distance situations. This test further reveals its ability to be used for things other than point-of-presence technology, as it makes its way towards military applications.

Therefore, although this form of encryption may be currently hackable due to weak keys and mistakes in coding, the likelihood of this form of encryption becoming the norm is extremely high. In turn, the world may be changed forever, and the safety of our most personal information may be an afterthought in the long run.

How can it impact our world?

Although the use of this form of cryptography in the military is already an important factor to keep in mind, this is far from the only way that quantum cryptography can be used. Another massive industry that may be positively affected by this form of data encryption is the job industry. For big companies, the data they receive is not only private, but also highly valuable as well. Because of this, the way this data is secured is extremely important. For instance, if an individual chooses to utilize a system such as FileMaker in the cloud, this completely opens up their company and all of their data to cyber attacks. However, using quantum key distribution, these pieces of data being transferred back and forth can be quickly and meticulously encrypted to ensure their security — no matter what the case scenario is. Because of this particular use, quantum cryptography is an amazing example of workplace cyber security.

Similarly, some scientists believe they can utilize this form of encryption to create networking equipment dedicated to the security of any and all transferred messages throughout entire companies. Although this is a technology that appears to be something we will not successfully achieve until much further in the future, the idea of being able to encrypt messages without doing any work in the process is yet another way that this form of cryptography makes for a highly enticing security future.

Lastly, another way that this form of security may be used in the future is for telemedicine and various other technologies in the healthcare industry. Recently, the use of technology and advancement in healthcare has become an issue of much concern, as multiple individuals have feared that connecting the health of individuals to the cloud could lead to hazards, and even deaths, in the process. From heart monitors leading to the instant death of multiple individuals, all the way to VR attacks on headsets used specifically to rehabilitate stroke victims, quantum cryptography could eliminate these deadly possibilities.

The use of encryption to secure a patient’s information and forms of healthcare is what makes quantum cryptography so enticing to healthcare professionals. By encrypting forms of healthcare which utilize technology such as heart monitors and VR headsets, and by examining the technologies used to create things such as medical images and store personal patient information, quantum cryptography can completely transform the way we look at healthcare as a whole.

In the end, these are only a few examples out of many. The truth is that this form of encryption could very well lead to a brighter future for our country, if built correctly. After all, it takes one big idea to change the world forever, and even the smallest of people can make the biggest of dents.

Stealing data via a desktop telephone?

Data protection is a hot topic. In many countries worldwide new data protection laws are implemented. These laws are created to ensure that personal data as stored and processed by companies and organizations will be protected against theft and modification.

A well-known example is the General Data Protection Regulation (GDPR) as approved by the EU last year, which will become active in 2018. It will become law in all member countries. It is not a directive which can have different interpretations and timelines per country but will be the same law in all member states.

Data protection regulation is relevant when data can identify or provide information about a specific person. Personal data can be anything. Names, addresses, etc. of course. But also photos, financial documents or medical data. And – taking the European laws as an example – not just for the data owner, but also for third parties processing the data (e.g. cloud service providers) on his behalf. It also means that most regulation crosses international borders. The EU regulation applies to all companies who process personal data of European citizens.

What does data protection regulation cover? Typically, companies need to have a proper administration of which data are stored where (including local spreadsheets with customer data). They also should make it possible for customers to have their data erased and the design of their systems should guarantee data protection (called ‘privacy by design’). Finally, they have to inform the regulator and public about data breaches that occurred and penalties are increased to the level which can mean a serious financial risk for a company.

However, it is not just about your data infrastructure

Of course, everything is data nowadays. Also, voice telephony is a data service, and that is specifically the case for VoIP infrastructures and services as deployed in many companies and organizations. We noticed however that the key focus of many data protection projects is on traditional ICT infrastructures. VoIP is often a blind spot.

While…it is also about voice communications

Ignoring VoIP could mean a serious mistake, however. Let’s have a look for example at a medical institute. Patients definitely don’t like the idea that their information becomes public. Nevertheless, the phone can provide easy access to these data. First of all, a modern desktop telephone provides access to the complete contact list of the user of that extension. A customer list, or – in the medical institute – the list of patients for example. This is just a beginning. The desktop phone also gives direct access to the voicemail system, which may disclose some very sensitive information. For example, if one medical specialist shares his diagnosis with a colleague. The biggest risk is however that office phones are the perfect social engineering tool. If someone has unauthorized access to a business telephone, just his caller ID makes him a trusted person to other employees of the organization as well as staff from other organizations. This trusted personal contact is the best way to acquire sensitive information and other personal data.

So, are your business telephones secured?

Most people think that advanced business desktop telephones can be secured by a PIN or something similar. Which is true. However, this security is often not used. The security mechanism most of the time means that employees have to enter a username (for example an email address) and PIN via the very basic keypad of their telephone, which is a very inconvenient procedure. So in many occasions, once logged in, people keep their phones logged in as long as possible. Or the login mechanism is disabled completely. There are examples of professional service managers actually giving such advice to their end-users.

The impact is that many office telephones provide open access to private and other sensitive data. Not at a level that millions of customer or patient records can be downloaded at once. But still, via the telephone, private documents and other information can be stolen from your organization right now. Therefore, protecting your office telephones may be an essential step in your companies data security plans.

Tips And Tricks To Regain Your Stolen Identity

Stolen identity is a frightening experience, and it causes a lot of headaches and frustration. The trick is to stay protected whether you’re shopping online or simply giving out your credit card to a live cashier. If you’re already a victim of identity theft, here are a few tips and tricks for regaining your identity:

Understand Identity Theft

Identity theft is more than just a stolen credit card number. Many thieves are now using private information, such as your social security number, birthdate, and/or name to commit fraud, such as applying for loans or credit cards under your name. Approximately 9 million Americans are part of an identity scam, but most aren’t as extreme. Even mild cases of identity theft are difficult to resolve, but with the right support, financial experts can help.

Act Fast When Your Identity is Stolen

The first thing to do is contact each of the credit reporting agencies: TransUnion, Equifax, and Experian. They can put an alert on all of your open accounts, and can also freeze your social security number from any other accounts being opened or accessed. Next, utilize resources on the FTC website. Many of the forms available on this site will help expedite the process. Depending on the type of theft, you may choose to file a police report with your local precinct.

Keep Track of all Your Information

Next, close any fraudulent accounts and if there are suspicious charges on your own accounts, close them out too. You can do this by calling your banks, credit card companies, and any other businesses with which you have accounts. Keep detailed records of how much time you spend, because if the case ends up going to court, you can seek damages for these hours. Several months after the loss, obtain a credit report to make sure that all the fraudulent charges are gone. Once you complete these steps, your credit will return to its original status.

Learn to Prevent Future Identity Theft

You can also take preventive steps to avoid identity theft before it happens. One tip is to never carry your social security card. If you use a debit card, don’t keep the Personal Identification Number with it. Some experts recommend that you never use a debit card for online purchases. Since this links to your checking account, a thief can drain your bank account in just a few transactions. A credit card is much more secure, since it’s much easier to reverse a charge and issue a credit instead of trying to replace stolen money. Be cautious when using websites to shop, and make sure they have valid security and encryption.

Use Tools That Help

If you receive credit card applications, bank statements, or other personal documents by mail, make sure to shred them instead of tossing them in the trash. Keep careful track of your credit card and bank statements, and report any unauthorized activity immediately. Another great tool is LifeLock id protection, which helps monitor your patterns and alert you of any changes in spending.

With so many resources, identity theft becomes more manageable, and those affected can resolve the problems and return to financial freedom.

Motorola Increasing The Security Of Its Android Phones – Buys 3LM

The security on Blackberry phones is impeccable, there is no doubting that. So, Motorola is planning to do the same with its Android phones – make them as secure as possible for which they have bought 3LM. 3LM is a security device developer that designs security softwares for Google’s Android based phones, thus making the Android devices as secure as Blackberry. This is in fact a good move by Motorola as it is planning to implement the phone’s startup security on the phone itself than asking users to buy a security application from the Android Market Web Store.

3LM apparently is planning to start security solutions for other companies that produce Android based smartphones as both Motorola and 3LM do not want a conflict with other companies about security solutions for Android devices.

iPhones Easily Vulnerable To Hacks

The iPhone that we are using can be cracked and all the passwords and data on the phone can be stolen. All this can happen in less than six minutes time. Wondering how? Two researchers from the Fraunhofer Institute Secure Information Technology, Germany have been able to achieve this feat. These two researchers used a jailbreak on the iPhone and installed an SSH server (a secure shell or a network protocol used for network exchange) after which they ran a script to access the keychain and in under six minutes passwords along with their screen names popped up on their home screen.

Along with the phone’s security, the script used by the researchers was also able to break into one’s Gmail, MS Exchange and the VPN as well and recovered the usernames and passwords asociated with these programs too.

The researchers have suggested to change passwords immediately in case you have to lose the phone. Beware folks.

Sophos Antivirus Now On iOS and Android Phones

Sophos which offers enterprise security solutions has now launched the Sophos Mobile Control for mobile phones that run on Goolge’s Android OS and the iPhones. It has to be noted that Sophos does not offer any solutions for home based computers and only concentrates on enterprise solutions. This new mobile security is also for businesses that are run on hand held smart devices like the iPads, iPhones, Android based phones and the Windows phones. This Mobile Control Security adds extra security to the data on these phones.

This mobile security options on phones is also centralised allowing the users to wipe off any confidential data from the phones or lock them in case the handset gets lost. This new security control also restricts the use of other unwanted devices like the camera,youtube et. allowing the users to carry on with their work unhindered.

Android 2.3 Gingerbread Update Vulnerable to Identity Theft?

The most anticipated update, Google’s Android Gingerbread 2.3 which is currently available only for the Nexus S users may not be that hail and hearty after all. According to a warning posted by a researcher from the North Carolina University, this update is vulnerable and can lead to identity thefts. The researcher warns that the security vulnerability of this update can easily allow hackers to access photos, voicemail, videos, bank details and even the contents on an inserted memory card. Not only can they access, but they can also upload this data on to their servers.

Millions of Nexus S and Nexus One users across the world are still plagued with the Android SMS bug even though a fix to this bug was made available. Google has started working on a fix, but in the meanwhile, users are sure to have some security problems with this unavoidable bug.

Kaspersky Anti-Virus Website Caught Sending Malware To Users

How ironic! The website of the popular anti-virus service provider Kaspersky has been compromised by hackers who reportedly pushed malware to Kaspersky users for more than three and a half hours before it was brought under control. This is not the first time Kaspersky has fallen prey to malicious hackers. The website has fallen prey close to 36 times since 2000 and the most recent hack before this one was in early 2009 when a security lapse resulted in hackers getting access to the back-end database of the website.

In a statement released now, Kaspersky has admitted to the hack but has noted that no secure information was compromised.

“The website was simulating a Windows XP Explorer window and a popup window showing scanning process on the local computer and offering the user a fake antivirus program to install. The domain was making these redirections for 3.5 hours in total.”

Symantec Releases Norton AntiVirus 2011 & Norton Internet Security 2011

Symantec has released the latest version of its antivirus software along with the new Internet Security product that is aimed at minimizing cybercrime. The popular security software provider has supplemented the launch with the release of its latest Cybercrime report where it claims that close to 65% of the global internet users have fallen prey to cybercrime – including online credit card theft, identity theft and computer viruses.

Speaking about the products itself, the new Norton Antivirus comes with features such as the Reputation service that instantly checks for the source of files, Pulse updates that dynamically updates the local virus database as well as a SONAR Behavioral protection system. The Internet Security 2011 software too comes with similar features in addition to the Download Insight that warns users of dangerous files before they are installed.

The two softwares are available on the Symantec website at an annual cost of $39.99 and $69.99 respectively.