You are viewing 'ransomware'

Facebook isn’t Safebook!

ImageGate allows Ransomware Infection

David Biser

November 29, 2016 - Posted by David Biser to Security News

Facebook

With so many users accessing Facebook within corporate networks, it is imperative that your security team be up to date on current threats involving social media. A well-known piece of malware, Locky Ransomware, is spreading via Facebook Messenger by pretending to be a harmless image file. Since many companies allow employees to access Facebook, this presents a potentially massive hole in security programs.

The initial reports on this piece of ransomware show a commonality among the type of infection vector and approach used by the attackers. First, the user receives an instant message containing only an image file, or what appears to be an image file. It is usually titled generically with a .svg extension. A .svg (Scalable Vector Graphics) is an XML-based vector image, which is formatted for two dimensional graphics and support for animation and interactivity. These image files can be created and edited with any text... read more >

The SERT Q2 ‘16 Quarterly Threat Intelligence Report

Shrinking variety of attacks, inside Business Email Compromises, update on ransomware, perspective on China’s new Five Year Plan, and highlights from PCI DSS 3.2.

Jon-Louis Heimerl

July 26, 2016 - Posted by Jon-Louis Heimerl to Threat Intelligence

The Solutionary Security Engineering Research Team  (SERT) released its Q2 2016 Threat Intelligence Report today.

Solutionary observed a flattening of attack types during Q2 ’16. In recent quarters, web applications made up as much as 42 percent of observed attacks. In Q2 ’16, web application attacks made up 24 percent of such attacks. The top three attack types – web-application... read more >

Server Victimology

Understanding the How and Why Ransomware Targets are Identified and Pursued

Ramece Cave

June 16, 2016 - Posted by Ramece Cave to Security Insight

Server Victimology - What Makes a Server a Target?

Welcome back to our discussion about the Second Victim. You’ll recall that these are the unknown victims in a ransomware campaign. These are the servers used to deliver a message or accept payment, completely under someone else’s control and all without your knowledge. Today we are exploring some of the aspects that elevates a server from unknown, to target, and finally a victim. Whether its contents are being held for ransom, or they are a pawn in the actor’s nefarious game.

A researcher that I follow recently issued a “Heads Up” warning that new ransomware is targeting servers. At the time of the reporting there were at least 400 affected servers. After doing some digging, I confirmed that at least 40 servers are victims of ransomware and at least two dozen others may be affected, but are taking steps to remediate the problem. But how did this happen? What was it about these servers that made them vulnerable? Plagued by these questions, I... read more >

Top Ten Ways to Fight Ransomware with Backups

Your Backup Strategy Can Minimize the Risk

Bob Bybee

June 09, 2016 - Posted by Bob Bybee to Security Insight

Ransomware Note

Ransomware is grabbing a lot of security news headlines these days, not necessarily because it’s worse than other types of malware, but perhaps because it’s more annoying. Older malware might simply have erased your hard drive.  Ransomware encrypts it, saying “your data is still here, but you can’t have it.” To add insult to injury, it then tells you to pay a ransom “or else.”

Of course, paying the ransom is no guarantee that your data will be recovered. Once a system is infected with ransomware, there is no sure way to recover all of the data. But a robust backup strategy can get you most of the way back, and that’s a lot better than nothing. It’s hard to believe that large organizations or government offices have been caught without adequate backups, but it has happened to hospital groups, law firms, police departments, and even NASA (see links at the end of this... read more >

The Evolution of Ransomware

Think You've Seeen It All from Ransomware?

David Biser

April 26, 2016 - Posted by David Biser to Security Insight

The Evolution of Ransomware

We’ve all seen them. Recent headlines filled with reports of massive ransomware attacks against a multitude of targets. With healthcare organizations, financial institutions, and even the government falling prey, it would appear that none are safe. Many, many blogs and security posts have been issued warning businesses against this attack vector, seemingly to no avail!  So, you might ask: “Why should I continue reading this blog post?” The answer is simple. Ransomware is evolving!

That’s right – you haven’t seen the end of ransomware or its effects. Since so many businesses are learning to effectively recover from devastating ransomware attacks, cyber criminals are adopting new methods to continue their campaign. Recent research from Talos indicates that ransomware authors are changing their weaponry to be even more... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS