Researchers Say Office of Personnel Management Hack Leads to Ransomware

In June, 2015, it was revealed by an anonymous source that the Office of Personnel Management was hacked. This office, which administers civil service, is believed to have been the target of the Chinese government. This is one of the largest hacks in history involving a federal organization.

Slowly, the motivation behind the hacking is being understood. At first, it seemed obvious, the stolen data being personally identifiable information, which is what was taken can be used for new account fraud. But in government breaches, they usually look for military plans, blueprints, and documents that deal with policy.

The question, of course, is why did the hackers focus on this information? Well, some of the data that was taken was used to launch other attackers against contractors, and this resulted in the access to several terabytes of data.

Now, those who have become victims of this attack have found themselves being the target of ransomware.

Security experts have recently noticed that the victims have been getting phishing emails, and these messages look like they are coming directly from the Office of Personnel Management. When these emails arrive, the body and subject of the message seem as if the email contains an important file. When the unsuspecting victim downloads the .ZIP file, however, they instead receive a type of ransomware called Locky.

These attacks are much more dangerous than the average phishing attack. This is mainly due to the fact that they are being received by those who have worked with the Office of Personnel Management before. Thus, they have seen the genuine emails from the office, which look remarkably similar to the fake ones. The only thing that set the two emails apart was a typo that said “king regards,” instead of “kind regards,” and a phone number that doesn’t work. These are details that many people overlook, which makes it easy for hackers to be successful with these schemes.

Who was Really Behind This Hack?

Though experts believe that the Chinese government is behind this hack, there are some facts that look a bit fishy. For instance, since personal data was taken and data has been taking hostage, this seems much more like a typical cybercrime operation instead of something that a nation would do. After all, why would China be looking for a few hundred dollars from people who want their files back?

Of course, this could be a smokescreen and someone could just be using this attack as a smokescreen…and while experts are focused on this, the real attack could be planned for the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Ransomware a $2.5 Million Service

One bitcoin = $590.

11DIf you’re sucked into a ransomware scam, you’ll likely be charged at least one bitcoin for the cyber key to unlock your computer’s files—that are being held hostage by hackers.

A report from Check Point Software Technologies and IntSights has discovered a gigantic ransomware-as-a-service (RaaS) ring, raking in $2.5 million yearly. Eight new scam campaigns are launched every day, with dozens of campaigns already in action, tricking people into allowing the ransomware software (namely Cerber) to take control of their computer.

Just in July, it is believed that victims were cleaned out of $200,000. Ransomware specialists have become quite sophisticated, having developed what is called bitcoin mixing: This prevents ransomware profits from being traced. Their technique bypasses even the blockchain, which is a database that records every Bitcoin transaction.

The crooks so not pool all of their profits into one “wallet,” but rather, they mix things up, splintering the profits into thousands of different wallets, creating a jumble that makes it impossible to track individual transactions or their origins.

Cerber is being sent out with automated tools that attack the unsuspecting in large masses; no longer is this ransomware software the weapon of only the highly skilled master hacker. In fact, the software can even be rented for malicious use, and a high level of tech savvy isn’t even required.

All a thief need do is get on the Dark Web and pay a hacker to commit the crime. Of course, the hacker will have to get a nice chunk of the pie. Though several other countries are getting hit harder with Cerber, the U.S. is in the fourth spot for the most targeted country.

Not surprisingly, the phishing e-mail is the scam of choice for ransomware specialists, with malicious attachments that recipients are tricked into opening—which then download the infection. The other way that Cerber takes control of computers is via the exploit kit-based campaign.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Another Successful Ransomware Attack

Ransomware thieves sure know how to pick their victims—institutions that store loads of highly critical data that they need on a daily basis, that without—even just 24 hours without—can have crippling effects. This form of cybercrime is growing by leaps and bounds.

11DRecently a ransomware attacker struck the network of the University of Calgary. An article at arstechnica.com says that the institution’s IT experts have made some headway in isolating the ransomware infection and making some restoration progress.

Why not just pay the thief and get the “key” back to the scrambled data? Because there is never any guarantee that these thieves will provide the cyber key after they are paid the ransom. And even when they do provide this key, there’s no guarantee it will release all of the hijacked data, but only some of it.

“Ransomware attacks and the payment of ransoms are becoming increasingly common around the world,” says a statement out of the arstechnica.com report. Decrypting the scrambled data “is time-consuming and must be performed with care,” continues the report. “A great deal of work is still required by IT to ensure all affected systems are operational again,” and this process requires patience.

The University of Calgary is a research institution that absolutely cannot afford to lose its data, points out the university’s vice president, Linda Dalgetty, in an article from The Globe. She explains, “We are conducting world class research daily and we don’t know what we don’t know in terms of who’s been impacted and the last thing we want to do is lose someone’s life’s work.”

Ransomware crimes have become so commonplace that some thieves have set up call centers for victims who don’t know how to navigate their data hostage situations, such as how to pay in bitcoins—the highly preferred payment methods by the criminals.

Often, the thief imposes a deadline for the payment, and if it’s not met by that deadline, the payment escalates.

This is actually really stupid. Meaning, if the last thing anyone wants to do is lose someone’s life’s work, then BACK IT UP. That’s “Data 101”.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Your ransomware profile: passwords, profiles and protection

If your computer password contains the name of your dog, your favorite vacation spot, and an easy-to-remember numerical sequence, then you are breaking some basic rules of password safety. Even though “BusterBermuda789” might seem impenetrable to you, this is a password security experts say is vulnerable.

ransomwareHere are five things to know about passwords:

  • A long, strong password goes a long way in helping prevent hacking.
  • Every account should have a different password.
  • A hacker’s password-cracking software can easily expose any password composed of an actual word or proper name, or keyboard sequences. (i.e. Mike123)
  • Passwords should be a jumbled mix of upper and lower case letters, numbers and characters.
  • A password manager tool will make all of this easy for you. Here is one of password manager tool that can help you get started creating stronger passwords.

Need to Know: Four data protection tips

  1. Look out for suspicious emails: Hackers send out phishing emails to trick recipients into clicking a link or attachment that downloads a virus. Or, the link may take them to a website that tricks them into typing out login information. Fraudulent e-mails that look as if they could be from your bank, employer, medical plan carrier, the IRS, UPS, etc. But these will typically ask you do things the IRS and your bank would not. It’s unlikely that your bank lost your account information, and now needs it urgently. Also ignore any email claiming you won a prize, or inherited money. Make sure not to click on any attachments in an email. Attachments are a common way that cybercriminals spread ransomware.
  2. Use 2FA when available. Always choose 2FA – two-factor authentication – option whenever it’s available. Two-factor authentication is when a login attempt to an account prompts a text known as a One-Time Password (OTP) or voice-call to your phone with a unique numerical code that you can enter in a login field. Sign up for it if your account offers it. Yes, hackers have been known to lure users into texting them that special code. Always be suspect of any requests for your OTP.
  3. Protect online profiles. Many hackers get personal information from social media and then use those data pieces to figure out user names and your answers to security questions on your various accounts. Think about it: Do you really need to post the names of all your kids and pets, your wedding anniversary date (which you then might use in a password combination) and tell everyone where you work? It might be time to consider more carefully what you make public. And always make sure your settings are kept private, not public.
  4. Web and Wi-Fi safety. Consider multiple email addresses – not just multiple passwords – to distinguish from business and social contacts. Avoid Wi-Fi at hotels, coffee shops, etc. These are prevalent and convenient, yes, but extremely vulnerable. Never conduct financial transactions on public Wi-Fi. Use a VPN to secure Wi-Fi in remote locations. Your home network should use WPA-2 and not WEP connection. Ignore pop-ups.

A new level of awareness is needed as computer users navigate their professional and personal lives, and realize they are vulnerable – and their data is at risk – every time they log on to a system. Keep simple tips like this close by in order to avoid ransomware and other cyber threats.

Robert is a security analyst, author and media personality who specializes in personal security and identity theft and appears regularly on Good Morning America, ABC News and The TODAY Show.

Your Ransomware Response: Prepare for the Worst

A ransomware attack is when your computer gets locked down or your files become inaccessible, and you are informed that in order to regain use of your computer or to receive a cyber key to unlock your files, you must pay a ransom. Typically, cybercriminals request you pay them in bitcoins.

binaryThe attack begins when you’re lured, by a cybercriminal, into clicking a malicious link that downloads malware, such as CDT-Locker. Hackers are skilled at getting potential victims to click on these links, such as a phony e-mail, apparently from a company you do business with, luring you into clicking on a link or opening its attachment.

And if you find your computer is being held hostage:

  • Report it to law enforcement, although it’s unlikely they can provide help. It’s just good to have it recorded.
  • Disconnect your computer from its network to prevent the infection from spreading to other shared networks.
  • You need to remove the ransomware from your computer. Remember, removal of the ransomware won’t restore access to your files; they will still be encrypted. To remove ransomware from your computer, follow the steps provided here.
  • If you already had your data backed up offline, there’s no need to even consider paying the ransom. Still, you will want to remove the ransomware and make sure your backup solution was working.
  • But what if very important files were not backed up? Prepare to pay in bitcoins. The first step is to find out what the experts say about making payments in bitcoin.
  • The crook will be essentially impossible to trace. You’ll be required to make the payment over the Tor network (anonymous browsing).
  • Finally, don’t be shocked if the crook actually provides you the decryption key—essentially a password; ransomware thieves often follow through to maintain being taken seriously. Otherwise, nobody would ever pay them. But it would not be unprecedented to not receive the key. It’s a gamble.
  • The best course of action is to prevent a ransomware attack, and that means looking for all the clues to malware and phishing scams. Don’t let threatening e-mails, saying you owe back taxes or bank fees, jolt you into hastily clicking a suspicious link or attachment. If you regularly back up your data online and to an external drive, then you’ll never feel you must pay the ransom.

Robert is a security analyst, author and media personality who specializes in personal security and identity theft and appears regularly on Good Morning America, ABC News and The TODAY Show.

Ransomware Hackers provide Customer Service Dept. to Victims

Yes, believe it or not, ransomware has become such a booming business for thieves, that these cyber thugs even provide bona fide customer service departments to guide their victims!

4DWhen ransomware infects your computer, it holds your files hostage; you can’t access them—until you pay the hacker (usually in bitcoins). Once paid, the crook will give you a decryption “key.” Sometimes the fee will go up if you don’t pay by a deadline. Fees may a few to hundred to several hundred dollars to way more for big businesses.

Thieves typically include instructions on how to pay up, and they mean business, sometimes being “nice” enough to offer alternatives to the tedious bitcoin process. They may even free one file at no cost just to show you they’re true to their word.

As the ransomware business flourished, particularly Cryptolocker and CryptoWall, hackers began adding support pages on their sites to victims.

An article at businessinsider.com mentions that one victim was able to negotiate a cheaper ransom payment.

Why would thieves support victims?

  • It raises the percentages of payments made; the easier the process, the more likely the victim will pay. The businessinsider.com article quotes one ransomware developer as stating, “I tried to be as [much of] a gentleman thief as my position allowed me to be.”
  • It makes sense: If victims are clueless about obtaining bitcoins and are seeking answers, why wouldn’t the crook provide help?

Perhaps the most compelling reason why bad hackers would want to help their victims is to get the word out that if victims pay the ransom, they WILL get their decryption key to unlock their encrypted files.

This reputation puts the idea into the heads of victims to “trust” the cyberthief. Otherwise, if ransomware developers don’t give the key to paying victims, then word will spread that it’s useless to pay the ransom. This is not good for the profit-seeking hacker.

These crooks want everyone to know that payment begets the key. What better way to establish this reliability than to provide “customer” support on websites and also via call centers where victims can talk to live people?

Apparently, at least one ransomware developer has a call center where victims can phone in and get guidance on how to get back their files.

Prevent ransomware by keeping your devices update with the latest OS, antivirus, updated browser, and back up your data both locally and in the cloud.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Ransomware as a Service: A new threat to businesses everywhere

Cyber criminals have been attempting to extort money from individuals and companies for many years, and the latest attempt to take advantage of others is by using Ransomware as a Service, or RaaS.

4DA ransomware virus infects a computer when a user clicks a link and unknowingly download a malicious file. The ransomware virus then encrypts the computer’s files and promises to render them useless unless the victim pays a ransom. The cost varies greatly and groups sending these out can bring in hundreds of millions of dollars in profits.

RaaS makes it even easier for criminals to deploy ransomware viruses. All they have to choose a ransomware virus, set a ransom amount and deadline, and then trick their victims into downloading it onto their computer.

What to do if systems become infected with ransomware

If you have been attacked with ransomware, consider the following:

  • Tell the hacker you will pay, but that you need time to get the cash.
  • Gather all correspondence from the hacker.
  • Tell the webhosting provider, maybe call the cops, but expect little. If there is a major loss, reach out to the FBI, just know they might not see it as serious.
  • Delete all infected files and download clean versions from your backup system. Remember: If you have a quality backup system in place, you won’t need to pay the ransom.

Handling computer viruses

Ransomware isn’t the only type of virus to be on the lookout for. Symptoms of other types of virus infections include programs opening up on their own and a slow computer. Some viruses may send messages from your email account without you knowing about it. Here are some more ways to protect yourself from ransomware and other computer viruses:

  • Use both firewall and anti-virus software
  • Do not open attachments, links or programs from an email, including those from people you know, until you check for viruses.
  • Do not use public Wi-Fi connections unless on a virtual private network or using encryption software.
  • Keep security software current, use administrative rights and use a firewall.
  • Use the most recent version of your operating system and browser.
  • Back up all data.
  • Train employees on security measures for all devices.

How can you mitigate insider threats? Tune into the Carbonite webinar that I’ll be hosting live on Wednesday, March 15th at 11 am ET, to learn how. Register here: http://go.carbonite.com/security-threat/blog.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

Ransomware Scammers get the Big Bucks

It sounds almost like science fiction, even in this cyber age: A thief hacks into your computer and encrypts your files, meaning, scrambles the information so you can’t make sense of any of it. He demands you pay him a big fat payment to “unlock” the encryption or to give you the “key,” which is contained on the thief’s remote server.

10DYou are being held ransom. The FBI’s Internet Crime Complaint Center has sent out a warning to both the common Internet user and businesspeople about this ransomware, says an article on arstechnica.com.

And if you think this is one helluva dirty trick, it can be worse: The thief gets your payment, but you don’t get the cyber key.

The article says that the biggest ransomware threat is the CryptoWall. The FBI’s IC3 has received reports from 992 victims of this ransomware, but it’s estimated that there are many more victims who have not notified the IC3 (would you or your friends necessarily know to do this?) and instead just paid the ransom—or didn’t, resigning to never being able to access their files again.

In addition to the ransom cost, there are also the costs associated with cleaning up the mess, and the fallout especially hits businesses, because they suffer lost productivity and having to pay IT services.

The arstechnica.com article quotes Stu Sjouwerman, CEO of KnowBe4, a security training company: “CryptoWall 3.0 is the most advanced crypto-ransom malware at the moment.”

According to the IC3, there are $18 million in losses associated with CryptoWall, but remember, that’s only what has been reported. Many businesses do not notify the FBI of breaches: the ransom payment as well as the heavy cost of impaired productivity.

How does an individual or business avoid getting sucked into this trap? The FBI offers the following recommendations:

  • Back up all of your data on a regular basis.
  • Protect all of your devices with antivirus software and a firewall—from reputable companies.
  • Keep your security software updated.
  • Clicking on a malicious website could download ransomware; therefore, you should enable pop-up blockers that will prevent these dangerous clicks.
  • Do not visit suspicious websites.
  • Avoid clicking on links inside e-mails.
  • Protect your WiFi connection. A criminal can insert a virus on your device while on unencrypted WiFi. Use a VPN, a virtual private network encrypts your data over free WiFi.
  • Avoid opening attachments that come from strangers or people for whom it would be out of character for them to send you an attachment or who’d have absolutely no reason to. This includes the IRS, UPS, Microsoft, Walmart, etc.
  • CryptoWall can still make its way into your device if you’ve clicked on a malicious ad that’s on a legitimate website, says the arstechnica.com article. Here is where an updated antivirus software program would come into play to detect the malware.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

The Impact of Ransomware on Small Businesses

What’s going on this September? National Preparedness Month. This will be the time to increase your awareness of the safety of your business, family, pets and community. During disasters, communication is key. National Preparedness Month concludes on September 30 with the National PrepareAthon! Day.

celebrateIt would be like a science fiction movie: You go to pull up the file detailing the records of your last quarter’s profit and loss statement, and instead you get a flashing notice: “Your computer has been compromised! To see your file, you must pay money!”

This is called ransomware: a type of malware sent by criminal hackers. Welcome to the world of cybercrime. In fact, ransomware can prevent you from doing anything on your computer.

Where does this ransomware come from? Have you clicked a link inside an e-mail lately? Maybe the e-mail’s subject line really grabbed your attention, something like: “Your FedEx shipment has been delayed” or “Your Account Needs Updating.”

Maybe you opened an attachment that you weren’t expecting. Maybe you were lured to a website (“Dash Cam Records Cyclist Cut in Half by Car”) that downloaded the virus. Other common ways crooks trick you into downloading ransomware include:

  • Hackers impersonate law enforcement; claim you downloaded illegal material; demand a fine for your “violation.”
  • You receive a message that your Windows installation requires activation because it’s counterfeit.
  • Or, the message says your security software isn’t working.

What should you do?

  • Never pay the ransom, even if you’re rich. Paying up doesn’t guarantee you’ll regain access. Are you kidding?
  • Double check that all of the newly encrypted (and utterly useless) files are backed up, wipe your disk drive and restore the data.
  • Wait a minute—your files weren’t backed up?

An ounce of prevention is worth a pound of hacking.

  • Don’t open links or attachments you’re not expecting! This includes from senders you know or companies you patronize.
  • Install an extension on your browser that detects malicious websites.
  • Use a firewall and security software and keep it updated.
  • Regularly back up data, every day ideally.

Needless to say, ransomware attacks occur to businesses. Small companies are particularly vulnerable because they lack the funds to implement strong security. Attacks on businesses usually originate overseas and are more sophisticated than attacks on the common Internet user at home or at the coffee house.

And just like the common user, the business should never pay the ransom, because this will only prolong the situation.

  • Make the criminal think you’re going to pay. Tell them you need time to prepare the fee.
  • Build your defense by gathering all the correspondence.
  • Present this to your webhosting provider, not the police.
  • The webhoster will get to work on this.
  • If the loss is extensive, present the correspondence to the FBI.
  • If the attack is in virus form, you’re finished.

The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained in how “phishing” e-mails work and other tricks that cyber thieves use. To learn more about preparing your small business against viruses like ransomware, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”

#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures