RansomWare Trilogy Condensed...ASIQ.ORG RansomWare Lands – (TRILOGY Condensed) Crypto Wars Defense Strikes Back Futures Weird Awakens “ You could spend a fortune purchasing technology

ASIQ.ORG

RansomWare Lands – (TRILOGY Condensed)

Crypto Wars Defense Strikes Back

Futures Weird Awakens

“You could spend a fortune purchasing technology and services, and your network infrastructure could still remain vulnerable to old-fashioned manipulation.”

— Kevin Mitnick

par >_Franck Desert

>_Get-TRILOGY

NOD – Attack - Cryptos GDI – Defense - Decipher SCRIN – Future - Skynet

The 3 biggest security threats of 2016

1. Data breaches 2. Ransomware 3. Browser plug-ins

Présentateur

Commentaires de présentation

https://www.usatoday.com/story/tech/columnist/komando/2016/01/15/3-biggest-security-threats-2016/78839018/ 1. Data breaches OK, this threat isn't a new one. In fact, it's been at the top of everyone's watch list since the massive Target breach at the end of 2013, which exposed information on up to 110 million customers. However, the nature of this threat is going to be shifting in 2016. Breaches at major retailers where hackers steal payment information are going to continue for the foreseeable future. Hotels are the target of choice at the moment with Hilton, Starwood and others experiencing attacks in 2015. However, as more retailers switch to point-of-sale terminals that work with the EMV chips in the latest credit and debit cards, and people start using mobile payment systems, hackers should move on to easier targets. Find out how the chip in your new cards works to limit the danger of data breaches, and how mobile payment on Apple and Android makes you safer. The growing worry for 2016 is medical data breaches. In 2015, more than 100 million patient records were exposed, with the majority coming from the Anthem Insurance hack earlier in the year. That trend is going to continue as hospitals, insurance providers and other medical services struggle to get a handle on digital security. To be fair, it's a problem they've never had to deal with before, but that's small comfort when your medical records are being sold on the black market. Speaking of the black market, another reason hackers are going to focus on medical information is money. The black market is flooded with stolen financial and personal information, which means your identity is selling for a few bucks, if even that. Medical information is in shorter supply, so hackers can sell it for more. Plus, most people now know to keep an eye on their credit and bank statements for signs of fraud. However, few people keep an eye on their medical insurance, which means that hackers can get more use out of your information before they're discovered. Besides medical data breaches, you're going to see breaches in other industries you wouldn't expect to find them, such as the toy industry. For example, a recent breach at VTech, a toy manufacturer, compromised information on more than 6 million children, including their names, addresses and even photos. A data breach at Hello Kitty exposed information on 3.3 million users. Newer high-tech toys that store information about kids and interact with them, like "Hello Barbie," could reveal a lot to hackers. So, before you buy a high-tech toy or let your child use an online site, see what information it asks for that could be stolen one day. 2. Ransomware Just like data breaches, ransomware isn't a new thing. It's been a serious concern since a virus called CryptoLocker arrived at the end of 2013. However, it is still a serious threat and getting worse every year, especially since hackers can now get it for free to modify as creatively as they want. As you probably know, ransomware encrypts your files so you can't open them, and the only way to get them back is to pay a ransom. Even the FBI is advising victims to pay if they want their files back. Ransomware isn't just a worry for individual computers. It can lock up files on a network, which means one infection can bring down an entire company. It's also possible to get it on smartphones and tablets via a malicious text, email or app. Fortunately, it isn't all doom and gloom. Ransomware still needs your help to install. If you avoid falling for phishing emails with malicious links or downloads, such as this tricky one, you can keep ransomware off your machine. You can also take the precaution of backing up your computer files regularly. That way, if your files do get locked, you can wipe your drive and restore your files. Learn more steps to keeping ransomware off your gadgets. 3. Browser plug-ins Britain's Ofcom recently found that adults spend an average of 20 hours a week online, and most of that time is spent in a Web browser. So it's no surprise that's where hackers are focusing their efforts. If they can find a flaw in your browser, then they just need you to visit a malicious website to slip a virus on to your system. Learn how to spot a malicious site before it's too late. 2015 saw hackers target a number of browser weaknesses, but by far the worst was Adobe Flash. There were times it seemed to have an endless string of emergency patches, with at least three instances in July and four instances between the end of September and the beginning of November. Firefox even blocked Flash for a time in July to keep people safe. Because many online ads use Flash, even legitimate sites could infect a computer if hackers got an ad network to run a malicious ad. While companies are quickly moving away from Flash, Facebook for example just switched its video player to HTML5, Flash isn't going anywhere for a while. In fact, just like Java, which was the security nightmare before it, Flash could hang around on computers for years after people no longer need it. Learn why you might not need Flash as much as you think. You can expect to see plenty more attacks against it this year. And hackers are probably already probing for the next big hole in browser security. Don't wait. Learn five steps to making your browser hacker proof. Keep an eye out There are always new threats out there, and even we don't know which ones will suddenly explode. One to keep an eye on is bootkits. These are incredibly hard viruses to detect and remove, and they've started showing up in hacker toolkits. Find out how bootkits work. Fortunately, right now they're delivered the same way as any other virus: phishing emails, malicious downloads, etc. As long as you pay attention to what you click, you should be OK.

>_About-FD

6 ans

6 ans 8 ans

5 ans 4 ans

>_Get-RansomWare?

Broadly speaking, Ransomware is malicious software designed to either lock a victim’s screen (locker ransomware) or encrypt their files (crypto-ransomware). Successful ransomware infections allow criminals to demand payment from the victim (generally in anonymous Bitcoin) in exchange for restoring access. All of them in general use the TOR for anonymous. - Summary of all “Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back.” - Trend Micro

“Ransomware is designed for direct revenue generation. The four most prevalent direct revenue-generating risks include misleading apps, fake antivirus scams, locker ransomware, and crypto-ransomware.” - Symantec

Présentateur


�Ransomware is the name given to a class of malware whose end-goal is to deny access to user data by various means. Early variants would use various techniques to lock down access to the computer or deny access to files (e.g. modifying ACLs and disabling access to system tools, the desktop, etc.), while newer variants simply encrypt user files with strong encryption algorithms (e.g. AES, RSA, etc.). Ransomware specifically targets user files, while avoiding damage to system files. This is to both ensure that the user can be notified of what happened to their files, as well as providing a viable means for the user to pay the ransom in order to get their files back. Once the files are encrypted, the malware usually self-deletes and leaves behind a document of some sort. This document instructs the victim on how to provide payment and regain access to their files. Some variants display a countdown timer to the victim, threatening to delete the key/decryption tool if payment is not received before the timer reaches zero or, in other cases, increase the price of the ransom.��Ransomware is commonly delivered through exploit kits, waterhole attacks, malvertising, or mass phishing campaigns. Once delivered, ransomware typically identifies user files and data through some sort of an embedded file extension list. It is also programmed to avoid interacting with certain system directories (such as the WINDOWS system directory, or certain program files directories) to ensure system stability for delivery of the ransom after the payload finishes running. If the files are in a certain location and match one of the listed file extensions, encrypt the file. Otherwise, leave the file(s) alone. After the files have been encrypted, it typically leaves a notification for the user, with instructions on how to pay the ransom[1].

>_Set-Evolution Locker ransomware denies access to the infected host and extorts the victim for money in exchange for ”unlocking” the host. Such variants are quite popular among mobile ransomware families. The first mobile ransomware families of this type “locked” the device by constantly bringing the ransom window to the foreground in an infinite loop, whereas newer variants often try gaining device administrator privileges in order to set the phone’s PIN lock. Fake AVs which are also known as rouge security software, are programs that “warn” the user against malware, which has already allegedly infected the host and can only be removed by purchasing the fake security software. While many of these fake AVs are harmless (just a bit annoying) and could be considered as PUA (Potentially Unwanted Applications), some variants are becoming more aggressive, leaving no choice other than purchasing the AV, often practically behaving as locker ransomware. Crypto ransomware is currently the most common ransomware type in the wild. Such variants encrypt data on an infected host, and demand ransom in exchange for decrypting it. The data can arrive from all drive letters on the PC, including removable drives, network shares, and even DropBox mappings. The malware also removes backup files to prevent the option of restoring the encrypted files (shadow volume copies). MBR overwriters are a more recent type of variants, that prevent the operating system from booting by overwriting the MBR (Master Boot Record). The consequences of this type of ransomware are similar to those caused by locker ransomware, but the mode of operation is more sophisticated. PETYA Data wipers are an additional ransomware type which has recently gained popularity among attackers. Data wiping ransomware variants render all data on a hard drive unreadable, and demand ransom for recovering wiped data, instead of for encrypted data. Hybrid ransomware are the most aggressive variants, using all possible means to maximize profits. Such ransomware families may possess banking Trojans’ capabilities, along with worms’ spreading methods. IoT exploitation is yet another destructive capability that can be leveraged by attackers; In the last DefCon, the security firm Pen Test Partners demonstrated a PoC ransomware for a smart thermostat. Such ransomware could set extreme temperatures, waste vast amounts of power, and even cause physical damage, unless the ransom is paid. Doxware is the newest ransomware type in the wild (as we predicted a few months ago in our ransomware white paper). ‘Doxxing’ (derived from ‘docx’ – documents), means gathering and publishing information about a person/organization, for the purpose of extortion/harassment/shaming. Also known as ‘extortionware’, doxware threatens to publish victims’ sensitive data unless the demanded ransom is paid, rather than just encrypting it. The data could contain private photos, fake/real subscriptions (e.g. mobile doxware variant Ackposts), or confidential documents, collected from end-users/businesses (e.g. Windows doxware variant Chimera).

http://blog.trendmicro.com/trendlabs-security-intelligence/petya-crypto-ransomware-overwrites-mbr-lock-users-computers/

https://www.pentestpartners.com/blog/thermostat-ransomware-a-lesson-in-iot-security/

https://blog.lookout.com/blog/2013/04/10/sibling-rivalry-the-ackposts-family/

http://www.computerworld.com/article/3002120/security/new-ransomware-program-threatens-to-publish-user-files.html

The first one – 1989 (December) AIDS, also known as Aids Info Disk or PC Cyborg Trojan, is a trojan horse that replaces the AUTOEXEC.BAT file, which would then be used by AIDS to count the number of times the computer has booted. Once this boot count reaches 90, AIDS hides directories and encrypts the names of all files on drive C: (rendering the system unusable), at which time the user is asked to 'renew the license' and contact PC Cyborg Corporation for payment which would involve sending 189 US$ to a post office box in Panama). There exists more than one version of AIDS, and at least one version does not wait to munge drive C: but will hide directories and encrypt file names upon the first boot after AIDS is installed.

>_Get- RetroCrypto

Présentateur


History AIDS was introduced into systems through a disk called the "AIDS Information Introductory Diskette", which had been mailed to a mailing list of which the AIDS author, Dr. Joseph Popp, subscribed. Popp was eventually identified by the British anti-virus industry, named on a New Scotland Yard arrest warrant. He was detained in Brixton Prison. Though charged with eleven counts of blackmail and clearly tied to the AIDS trojan, Popp defended himself by saying money going to the PC Cyborg Corporation was to go to AIDS research. A Harvard-trained anthropologist, Popp was actually a collaborator of the Flying Doctors, a branch of the African Medical Research Foundation (AMREF), and a consultant for the WHO in Kenya, where he had organized a conference in the new Global AIDS Program that very year [MG92]. Popp had been behaving erratically since the day of his arrest during a routine baggage inspection at Amsterdam Schiphol Airport. He was declared mentally unfit to stand trial and was returned to the United States[Ta99]. Jim Bates analyzed the AIDS Trojan in detail and published his findings in the Virus Bulletin [Ba90a,Ba90b]. He wrote that the AIDS Trojan did not alter the contents of any of the user's files, just their file names. He explained that once the extension and filename encryption tables are known, restoration is possible. AIDSOUT was a reliable removal program for the Trojan and the CLEARAID program recovered encrypted plaintext after the Trojan triggered. CLEARAID automatically reversed the encryption without having to contact the extortionist. The AIDS Trojan was analyzed even further a few years later. Young and Yung pointed out the fatal weakness in malware such as the AIDS Trojan, namely, the reliance on symmetric cryptography. They showed how to use public key cryptography to implement a secure information extortion attack. They published this discovery (and expanded upon it) in a 1996 IEEE Security and Privacy paper [YY96]. A cryptovirus, cryptotrojan, or cryptoworm hybrid encrypts the victim's files using the public key of the author and the victim must pay (with money, information, etc.) to obtain the needed session key. This is one of many attacks, both overt and covert, in the field known as Cryptovirology.[1] AIDS trojan disk AIDS, also known as Aids Info Disk or PC Cyborg Trojan, is a trojan horse that replaces the AUTOEXEC.BAT file, which would then be used by AIDS to count the number of times the computer has booted. Once this boot count reaches 90, AIDS hides directories and encrypts the names of all files on drive C: (rendering the system unusable), at which time the user is asked to 'renew the license' and contact PC Cyborg Corporation for payment (which would involve sending 189 US$ to a post office box in Panama). There exists more than one version of AIDS, and at least one version does not wait to munge drive C:, but will hide directories and encrypt file names upon the first boot after AIDS is installed. The AIDS software also presented to the user an end user license agreement, some of which read: If you install [this] on a microcomputer... then under terms of this license you agree to pay PC Cyborg Corporation in full for the cost of leasing these programs... In the case of your breach of this license agreement, PC Cyborg reserves the right to take legal action necessary to recover any outstanding debts payable to PC Cyborg Corporation and to use program mechanisms to ensure termination of your use... These program mechanisms will adversely affect other program applications... You are hereby advised of the most serious consequences of your failure to abide by the terms of this license agreement; your conscience may haunt you for the rest of your life... and your [PC] will stop functioning normally... You are strictly prohibited from sharing [this product] with others... The Payload of the AIDS I virus has become relatively well-known. The virus will play a continuous high-pitched note, and display the following text: ATTENTION I have been elected to inform you that throughout your process of :collecting and executing files, you have accdientally (sic) ¶HÜ¢KΣ► [PHUCKED] :yourself over: again, that's PHUCKED yourself over. No, it cannot be; YES, it CAN be, :a √ìτûs [virus] has infected your system. Now what do you have to say about that? :HAHAHAHAHA. Have ¶HÜÑ [PHUN] with this one and remember, there is NO cure for AIDS The final mentioning of 'AIDS' in the payload is displayed in a far larger font than the rest of the payload.

>_Get-Families

>_Get-Families

>_Get-Families

Présentateur


The History of Ransomware [1989 - 2016 Updated] The ransomware stepped its feet into the digital word in late 80’s. The first ever ransomware was populated in the year 1989 by Harvard-trained biologist Joseph L.Popp. The first ransomware was called as AIDS Trojan, it also had other names as PC Cyborg. This ransomware was sent to 20,000 infected diskettes which was labelled as “AIDS Information – Introductory Diskettes”. This used very simple symmetric cryptography.��17 years after the main ransomware malware was appropriated, another strain was discharged however this time it was substantially more intrusive and hard to evacuate than its forerunner. In 2006, the Archiveus Trojan was discharged, the main ever ransomware infection to utilize RSA encryption. The Archiveus Trojan encoded everything in the My Documents registry and obliged casualties to buy things from an online drug store to get the 30-digit secret key.��June 2006��- the GPcode, an encryption Trojan which spread by means of an email attachment implying to be an job application, utilized a 660-bit RSA open key.�In the meantime GP Code and it's numerous variations were tainting casualties, different sorts of ransomware circled that did not include encryption, but rather basically bolted out clients. WinLock showed explicit pictures until the clients sent a $10 premium-rate SMS to get the opening code. Ransomware moves into the big deal because of the utilization of unknown instalment administrations, which made it much less demanding for ransomware creators to gather cash from their victims. There were around 30,000 new ransomware tests distinguished in each of the initial two fourth of 2011.��Amid the second from last quarter of 2011, new ransomware location multiplied to 60,000.��1989 - A Trojan named “Aids” aka PC Cyborg was the first Ransomware that affected most of the Systems in 1989. 2006 - Ransomware came up with different names with the emergence of Gpcode. Troj.ransom.a, Archiveus, Krotten, Cryzip, and MayArchive are few of the notable malwares that made use of sophisticated RSA encryption algorithms. 2008 – Gpcode.AK was developed with 1024-bit RSA keys strong encryption that made it difficult for users to break. 2010 - In Russia many of the machines were displayed with porn because of the Ransomware named WinLock and were forced to call a premium category number for $10. 2011 - A Trojan that locked up several windows system making users to redirect to a fake set of phone numbers through which they could reactivate their OS. 2012 - A Trojan named Reveton displayed a pop up that informs users that their machine has been used to download illegal material or child pornography and demands ransom as a fine. 2013 – The most well know ransomware were developed in this time��- CryptoLocker with the toughest encryption that became very hard to break.�- CrytoLocker began demanding Ransom of $150 against a Virtual Credit card.�- TOR was used by CryptoLocker 2.0 to maintain its anonymity�- Cryptorbit also used Tor for its encoding and also used Bitcoin miner for extra profit.2014�- CTB-Locker targeted Russian machines�- Cryptowall emerged that infected machines through online advertisements.�- Later Cryto blocker emerged that encrypted the files�- Synolocker developed to target sinology NAS devices will encrypt every files found on those devices.��2015 - CryptoWall 2.0 used Tor for maintaining its anonymity and emerged as a powerful ransomware��- Gaming ransomwares such as TeslaCrypt and VaultCrypt were developed�- Later CryptoWall 3.0 came with packaged exploit kits.�- The encrypted files were scrambeled for making its evasion stronger in CryptoWall 4.0.�- Chimera not only demands ransom but will publish the files online if not paid.��2016 - Locky ransomware emerged that locks all the files and makes a .locky extension to those encrypted files.

>_Get-Top2016

10. CryptoWall 9. SamSam 8. Jigsaw 7. Chimera 6. Petya and Mischa 5. Cerber 4. CryLocker 3. HDDCryptor 2. TeslaCrypt 1. Locky

>_Get-ModusOperandi

>_Get-ModusOperandi

Locky

Présentateur


Locky Ransomware Locky ransomware was first seen in February 2016 and is a very sophisticated malware that infects networks via Microsoft Word attachments containing malicious macros. Threat actors social engineer victims twice, first getting them to open the attachment and then getting them to enable macros in the files. The code is written in VBA and looks a lot like Dridex infections which suggests this new flavor is from the Dridex Bank Trojan gang. Spear phishing emails in the earliest version of Locky had a subject line like ATTN: Invoice J-98223146 with a message to see the invoice and remit payment according to the invoice terms. The attached Word document even has a message stating to enable macros if the 'invoice' can't be read. As soon as macros is enabled, the macros will download an executable, store it in the %Temp% folder and execute it. Another version seen in May targeted Amazon customers with a message regarding recent orders, again with a Word file attached prompting victims to enable macros. What's significant about Locky is it targets a large amount of file extensions and even encrypts data on unmapped network shares which we have seen previously with DMA Locker. Similar to CryptoWall, Locky also completely changes encrypted filenames making it very difficult to restore correct data. This is a typical attack flow for Locky ransomware: In June 2016 a new, smarter Locky strain was discovered with a couple of new features. First, it can detect whether it is running within a sandbox test environment versus a live infection. Second, attackers can relocate Locky instruction code in order to make manual analysis of memory dumps more difficult. Another Locky update in July allowed the strain to encrypt files offline, meaning shutting down a computer as part of a larger network would not save other machines from being infected. Locky is currently one of the three biggest ransomware threats along with CryptoWall and Cerber.

>_Get-ModusOperandi

Présentateur


TeslaCrypt Ransomware TeslaCrypt ransomware is a copycat of the CryptoLocker strain that infects user's workstations through multiple exploit kits including Angler EK, Sweet Orange and Nuclear EK. An exploit kit (EK) is software designed to locate and exploit vulnerabilities on web servers. They are sold on the dark web, and allows cybercriminals to infect legitimate websites. TeslaCrypt started by using social engineering to make a user click on a link in a phishing email and later added malicious attachments to those emails. It also used malvertising (malicious ads on legitimate websites) as an attack vector. Victims have been redirected to compromised Wordpress sites that have the Nuclear EK installed, in at least one case it exploited a vulnerability in an out-of-date version of Flash player (13.0.0.182). In addition to encrypting a list of file types normally targeted by other strains of ransomware, TeslaCrypt also tried to cash in on the gaming market by encrypting over 40 file types associated with popular computer video games, like Call of Duty, Minecraft, and World of Warcraft as well as files related to/from iTunes. In other words: "all your files belong to us". When a victim is infected, the ransomware looks almost identical to CryptoLocker. It's not until the payment site with instructions on how to pay the ransom comes up that it's obviously TeslaCrypt: The payment process is run through a website located in the TOR domain. Each instance of the ransomware has a unique Bitcoin address. The files are encrypted by using the AES cipher, and encrypted files gain the .ecc extension. TeslaCrypt V2.0 was first seen around July 2015 and instead of copying CryptoLocker, this version behaving like CryptoWall in that it's demaning that its victims pay ransom as soon as possible. The new encryption is more sophisticated than V1, a free decryption became available but with V2.0 keys are generated using the ECDH algorithm. Version 3.01 of TeslaCrypt was updated with unique encryption for each victim, making it impossible to use a master decryption key to use for multiple victims. UPDATE: In May 2016 the threat actors behind TeslaCrypt shut down the ransomware and released the master decryption key:

>_Get-ModusOperandi 1. Ransomware? This is now not a new malware. Over the past 3-4 years, ransomware has made sure it is one such malware which has made quite an (damaging) impact on not just individuals but big and small corporations alike. 2. WannaCry Ransomware is no different than the rest of the ransomware's that we see today. - It infects the computer. - Encrypts files and documents. - Demands ransom in bitcoins. - Upon ransom amount being met, they release files. 3. Special about WannaCry Ransomware? It uses of “ETERNALBLUE” exploit that target SMB vulnerability. 4. “ETERNALBLUE” is an exploit derived from an NSA exploit leaked by the Shadow Brokers in April 2017. 5. The massive scale of this attack is because most users have not patched their Windows systems. The exploit makes use of vulnerability in SMB server(4013389) (MS17-010).

Présentateur


One page reference: All things WannaCry Ransomware Shaunak Ganorkar Created: 13 May 2017 Where did it all began?��1. Ransomware? This is now not a new malware. Over the past 3-4 years, ransomware has made sure it is one such malware which has made quite an (damaging) impact on not just individuals but big and small corporations alike.��2. WannaCry Ransomware is no different than the rest of the ransomware's that we see today.��- It infects the computer.�- Encrypts files and documents.�- Demands ransom in bitcoins.�- Upon ransom amount being met, they release files.��3. Special about WannaCry Ransomware? It uses of “ETERNALBLUE” exploit that target SMB vulnerability.��4. “ETERNALBLUE” is an exploit derived from an NSA exploit leaked by the Shadow Brokers in April 2017.��5. The massive scale of this attack is because most users have not patched their Windows systems. The exploit makes use of vulnerability in SMB server(4013389) (MS17-010).��How did it spread quickly?��WannaCry Ransomware attack is considered to be one of the biggest attack in the past decade of malware history.The attack started spreading on massive scale on 12th May 2017. It is observed that this malware is self-spreading. It makes pre-infection checks to unregistered domain, if domain it checks is unregistered then it proceeds to encrypt the system; But if the domain is registered then it stops its process.��What can Users do at the Moment?��At present, there is no free decrypter available and so the users are strongly advised to take to following actions:��1. Update Windows System immediately! Especially make sure that the MS17-010 patch from https://technet.microsoft.com/en-us/library/security/ms17-010.aspx is applied.��2. Windows XP, Windows 8 and Windows Server 2003 have been cut off from the mainstream support by Microsoft, Windows has separately released patches (Microsoft KB4012598) for these systems and can be updated from this link http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598��3. System Administrators can update their YARA Rules using this link: https://docs.google.com/spreadsheets/d/1XNCCiiwpIfW8y0mzTUdLLVzoW6x64hkHJ29hcQW5deQ/pubhtml#��4. Take Backup of the Systems, Database and keep the backup on a different storage which is on a network different than a machine.��The Research Team at Paramount is currently working on the initial analysis on the WannaCry ransomware. Stay tuned to this blog for more regular updates… Popular posts like this: WannaCry Ransomware : Initial Analysis How to Disable SMB on Windows Machines to prevent WannaCry Ransomware

http://www.vinransomware.com/blog/wannacry-ransomware-initial-analysis



http://www.vinransomware.com/blog/how-to-disable-smb-on-windows-machines-to-prevent-wannacry-ransomware

>_Get-RaaS Tox was one of the first Ransomware as a Service kits. To be able to create a custom ransomware sample with Tox, an interested party simply needs to get registered on a specially crafted Tor site for free. Building a crypto malware with Tox is a three-step experience. The affiliate has to set the ransom amount, enter the text of ransom notes to be displayed to victims, and type a verification code. The service then produces an executable disguised as a 2MB .SCR file. This obfuscation technique allows the ransomware to fly under the radar of most antivirus suites. The Tox affiliate dashboard accurately monitors the number of infected PCs and total profit in real time. As opposed to Tox, the FAKBEN ransomware kit isn’t free. Those who want to try their hand at digital extortion with the notorious Cryptolocker Trojan have to pay $50 for the opening fee. The service provides an extensive range of customizable ransomware properties. The criminals on the so-called FAKBEN Team earn 10% of the ransoms, and the affiliates get the rest. The administrative panel keeps track of the quantity of infected machines and the submitted Bitcoin ransoms. The malefactors also upsell additional services such as the distribution of the ransomware loader through the use of exploit kits, where computer users get compromised via unpatched software vulnerabilities. The creator of Encryptor RaaS uses The Onion Router anonymity network to avoid attribution. The fee to use the kit amounts to 5% of the gross revenue generated by an affiliate. The ransoms are payable in Bitcoins as usual. The ransomware distributor can set the deadline for payments and a preferred price for data decryption before and after the timeout. The customer gets a unique Bitcoin address that acts as an identifier throughout the campaign. The publisher performs payment processing, submits affiliate commissions and provides the decrypt solution. The way of spreading the offending program is up to the customer.

http://www.darkreading.com/cloud/tox-offers-ransomware-as-a-service/d/d-id/1320616

http://www.darkreading.com/cloud/tox-offers-ransomware-as-a-service/d/d-id/1320616

http://securityaffairs.co/wordpress/41950/cyber-crime/fakben-ransomware-as-a-service.html

https://blog.fortinet.com/2015/07/29/encryptor-raas-yet-another-new-ransomware-as-a-service-on-the-block



>_Get-RaaS This kit is the only one on the list that was originally intended to be benign. Devised by Utku Sen, a malware researcher from Turkey, Hidden Tear is an educational project that demonstrates how ransomware works. The author posted the open-source code on GitHub so that everyone interested could understand the anatomy of a ransomware attack. Hidden Tear uses the AES block cipher to encrypt data, has a very small loader of only 12KB, and features antivirus evasion capabilities. Cybercrime actors, unfortunately, used this kit to build real-world ransomware. More than 20 malicious spinoffs of Hidden Tear have appeared since November 2015 till the present day, including Linux.Encoder, Cryptear.B, and Trojan-Ransom.MSIL.Tear. To create a ZIP file with the ransomware binary using ORX Locker kit, the customer needs to sign up for the service, put in a 5-digit build ID and define the unlock price of at least $75. Having encrypted one’s personal files, the Trojan stealthily downloads a Tor client in order to communicate with its Command and Control securely. An interesting trait of this RaaS is that the ransom payments are collected and processed by a third party that distributes all the shares according to prior agreement between the author and the affiliate. Most of the popular AV suites don’t detect ORX because it implements advanced obfuscation of its malicious behavior. Ransom32 stands out from the crowd because it reflects a kit for propagating the first known JavaScript ransomware. All it takes to join this underground service is enter a Bitcoin address on the authentication screen and customize the malicious software. The admin panel allows the affiliate to define the ransom size, enter the ransom warning, and optionally configure the Trojan to have a mild effect on the target system’s performance during the process of encrypting files with the AES-128 algorithm. The developer takes 25% of the ransom payments. The large WinRAR installer of 22MB is on the minus side of Ransom32. However, since it’s written in JavaScript it is cross-platform, so it can potentially infect Windows, Mac and Linux computers alike.

http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/hidden-tear-project-forbidden-fruit-is-the-sweetest/

https://www.alienvault.com/blogs/security-essentials/orx-locker-a-web-platform-to-create-ransomware

https://www.grahamcluley.com/2016/01/ransom32-javascript-ransomware-service/

https://www.grahamcluley.com/2016/01/ransom32-javascript-ransomware-service/

>_Get-SurveyTrends

>_Get-SurveyTrends

Présentateur


https://heimdalsecurity.com/blog/the-malware-economy/

>_Add-Shocking 10 shocking ransomware stats: 54% of UK companies hit by ransomware attacks

40% attacked

54% of UK companies hit

58% of UK companies pay up

28% lost files 34% lost money

9 hours spent on remediation 60% demand over $1,000

3.5% fear loss of life 63% experienced severe downtime

4% confident in dealing with ransomware

One in five were either not confident at all or only minimally confident is their ability to deal with ransomware.

A company is hit with ransomware every 40 seconds

>_Get-Mobile

Présentateur


https://www.thequint.com/technology/2017/05/30/android-mobile-threat-judy-malware-google-play-store

>_Get-Mobile

Judy Malware: Not As Big As WannaCry But Still a Threat on Android

>_Get-Predicat What’s next? The popularity of ransomware is not going to decline anytime soon. Available for sale on the dark web in the form of CaaS (Crime as a Service), easy to operate and distribute, ransomware has become accessible to any inexperienced attacker. Furthermore, ransomware has proved its efficiency and potential for gaining large-scaled profits in several major attacks on hospitals, financial institutions and even an electric and water utility. Therefore, attackers are expected to target more businesses, which are more likely to pay large amounts of money, in comparison to private users. In our latest white paper on ransomware, we predicted that we expect to start seeing ransomware focusing on data collection rather than data encryption, and we hit the mark.

6 in 10 malware payloads was ransomware in Q1 2017 There were 4.3x new ransomware variants in Q1 2017 than in Q1 2016 15% or more of businesses in the top 10 industry sectors have been attacked 71% of companies targeted by ransomware attacks have been infected Phishing emails carrying ransomware dropped nearly 50% in Q1 2017 Global ransomware damages are predicted to exceed $5 billion in 2017

http://www.csoonline.com/article/3033160/security/ransomware-takes-hollywood-hospital-offline-36m-demanded-by-attackers.html

http://www.securityweek.com/lechiffre-ransomware-hits-indian-banks-pharma-company

http://www.securityweek.com/lechiffre-ransomware-hits-indian-banks-pharma-company

https://twitter.com/BWLComm/status/724643002149408768

http://blog.deepinstinct.com/2016/10/25/what-will-ransomware-attacks-on-corporate-networks-look-like/

http://info.deepinstinct.com/deep-instinct-ransomware-whitepaper-sep-2016

>_Get-Top2017

February 2017 - A new app claims to have login data for leaked Netflix accounts, allowing users to get free access. What you actually get is fake account credentials, while your data is being encrypted in the background. DynA-Crypt ransomware

January 2017 - Spora ransomware gives its victims options to just pay for file decryption, or they can pay more for immunity against future attacks.

March 2017 - Cryptolocker has been pretty quiet the past 6 months but it’s back, jumping from a handful of infections per day to over 400 per day

April 2017 - The IT director for a private school reported that after getting hit with Samas ransomware, their entire Veeam backup repositories were wiped out as a result

May 2017 - Fatboy Raas (ransomware-as-a-service) uses the Big Mac index from The Economist in determining how much ransom to ask for. The WanaCry ransomware worm took the world by storm in mid-May, starting with an attack on vulnerable SMB services railways, telcos, universities, the UK's NHS, and so on. In all the strain infected over 300,000 computers in over 150 countries, making the criminals $90,000 which is really not that much compared to the amount of infections.

June 2017 - NotPetya was the new worldwide ‘ransomware’ attack following May’s WannaCry outbreak, hitting targets in Spain, France, Ukraine, Russia, and other countries

https://blog.knowbe4.com/alert-dyna-crypt-ransomware-steals-and-deletes-your-data

https://blog.knowbe4.com/sophisticated-spora-ransomware-demands-future-protection-money

https://blog.knowbe4.com/samas-ransomware-deletes-your-veeam-backups

https://blog.knowbe4.com/ransomware-attack-uses-nsa-0-day-exploits-to-go-on-worldwide-rampage

https://blog.knowbe4.com/notpetya-is-a-cyber-weapon-not-ransomware

Ransomware – a specialized form of malware that encrypts files and renders them inaccessible until the victim pays a ransom – is an extremely serious problem and it’s quickly getting worse. The FBI estimated that ransomware payments were $1 billion in 2016, up from “just” $24 million a year earlier. 2017 will likely see another dramatic increase in extortion payments with tens of thousands of ransomware victims paying several hundred dollars each to recover their encrypted files. In some instances, the ransom is larger, such as South Korean web hosting company Nayana, which paid 397.6 Bitcoin (about $1 million) in June 2017 and Hollywood Presbyterian Medical Center, which paid $17,000 in Bitcoin in February 2016.

>_Get-Wallet @actual_ransom

Présentateur


Twitter Bot https://twitter.com/actual_ransom https://blog.malwarebytes.com/cybercrime/2017/07/real-problem-ransomware/

http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crime-growing-n704646

http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crime-growing-n704646

https://www.htbridge.com/blog/the-biggest-ransomware-payment-ever-discovered.html

https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time#4

>_Get-WTF

>_Add-Dream _Set-Wink

Présentateur


Ici nous mettons FreeBSD, OpenBSD, QubeOS, ZeroPc abandonné, D’autres actions sont en cours sur ces modèles dont QubeOS en l’occurrence. VMWare, XEN, HyperV, le Cloud c’est exactement cela bien entendu. https://www.qubes-os.org/ http://www.openbsd.org/ https://www.freebsd.org/

>_Set-Hunter

Chimera: 18 seconds Petya: 27 seconds TeslaCrypt 4.0: 28 seconds CTB-Locker: 45 seconds TeslaCrypt 3.0: 45 seconds Virlock: 3 minutes CryptoWall: 16 minutes

Thanks to research from Invincea, we can see Locky is also a member of this club, having been clocked at taking just 54 seconds between execution and notification:

Présentateur


https://blog.barkly.com/how-fast-does-ransomware-encrypt-files Explication Préventif et/ou Curatif Les professionnels du métiers et dans le monde des sociétés (aussi professionnels mais pas dans la sécurité) Le monsieur tout le monde (les N-users) comme on les appelle. C’est le temps qui nous manques Le temps de contaminations et le temps de mise à jours du code est trop rapide.

https://www.invincea.com/2016/02/dridex-crew-bets-on-ransomware/

>_Get-Mitigation Educate: Business people to common men, everyone falls victims to ransomware due to their negligence. When something is to be under control, it is very important to spread awareness. Educate people by spreading knowledge about what, why, How, where sides of ransomware. Patch: Update all software’s regularly on OS, network devices, mobile phones, anti-virus, anti-spyware products and other software’s on computers which avoids malicious intrusions. Access Controls: Access controls of resources are to be designed in a way that no third party other than the actual could read or write files and resources. This mitigation helps to avoid infections or data breach. Privileges: Applications are to be designed with privilege based access features, allowing Resources to avail with assigned access options, which may lead to serious issues if unattended. This could lead to easy privilege escalation and to misuse data. It is recommended to provide Minimal Privilege to all users. Backup: A proper Backup mechanism should be made mandate and to be taken at regular intervals. Also those backups should be placed at some other location such that any infection at the working network could avoid infection to the backup system. Backups should be checked for damage to make sure and to be prepared for any critical situations. Restoration Plans: Systems can be checked for restoring options that helps to get back to the previous functional state of the system. For those who cannot afford for powerful backups or those who do not trust the backups usage can opt for restoration plans. Best Practices: • Use Live, Active anti-virus which are regularly updated that detects and cleans malwares. • Organizations with RDP, VPN, proxies and servers are to be provided with better IT Security standards. • Standard Configurations should be done for Firewalls. • Understand that data synchronization and back-up are different processes. Back-up is to maintain a separate copy of your data in different hardware where as sync is to get the current stage of any application online in any other device or browser. If one synced data is corrupted the entire data in different devices is lost or made inaccessible. • Be cautious in clicking any hyperlink, check whether the mails are from legitimate source. • Use separate browser for surfing and critical works such as transactions in separate browsers • Bookmark every pages that are used frequently so as to avoid phished websites. • Enable pop-up blocker on all browsers to prevent Url redirection attacks where the page or website would contain malicious crafted contents. • Spam filtering of emails must be implemented • In-addition to links and mails, attachments from unexpected recipients can be strictly avoided, which could run or infect your system. • Usage of pirated software’s, downloading files from unauthorized websites should be avoided. Use legitimate software’s.

>_Get-SurvivalKit Ransomware survival checklist Do you have up-to-date antivirus installed on your endpoints? Do you have behavior-based endpoint protection installed that can stop attacks antivirus can’t? Are you using an automated patch management system? If not, do you have an organized method of discovering, evaluating, and deploying software updates? Have you conducted security awareness training for your users, with an emphasis on identifying potential phishing emails and reporting any suspicious or unusual activity as soon as possible? If possible, have you disabled Microsoft Office macros? Do you understand how an attack can spread through shared network drives? Have you limited user access and privileges to the bare minimum they need to do their jobs? Do you have backups on their own separate network? Do you have an up-to-date inventory of the backup recovery point objective (RPO) and recovery time objective (RTO) for all your workstations and servers? Do you have a schedule for regularly testing your backups? Have you conducted a risk assessment to identify and assign value to your organization’s critical data assets? Do you know your cost of downtime? Figuring this out will help you put a dollar amount on keeping your systems up and ransomware-free.

>_Get-Backup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup BackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackupBackup

>_Get-Trackers 486 different ransomwares: https://id-ransomware.malwarehunterteam.com/ AND

https://ransomwaretracker.abuse.ch/tracker/ AND https://www.cryptowalltracker.org/

4rw5w, 777, 7ev3n, 7h9r, 7zipper, 8lock8, AAC, ABCLocker, ACCDFISA v2.0, AdamLocker, AES_KEY_GEN_ASSIST, AES-Matrix, AES-NI, AES256-06, Al-Namrood, Al-Namrood 2.0, Alcatraz, Alfa, Alma Locker, Alpha, AMBA, Amnesia, Amnesia2, AnDROid, AngryDuck, Anubis, Apocalypse, Apocalypse (New Variant), ApocalypseVM, ApolloLocker, ArmaLocky, ASN1 Encoder, AutoLocky, AxCrypter, aZaZeL, BadBlock, BadEncript, Bam!, BandarChor, Bart, Bart v2.0, BitCrypt, BitCrypt 2.0, BitCryptor, BitKangoroo, Bitpaymer, Bitshifter, BitStak, Black Feather, Black Shades, Blackout, Blocatto, BlockFile12, Blooper, Booyah, BrainCrypt, Brazilian Ransomware, BrickR, BTCamant, BTCWare, BTCWare Aleta, BTCWare Gryphon, BTCWare Master, Bubble, Bucbi, BuyUnlockCode, Cancer, Cerber, Cerber 2.0, Cerber 3.0, Cerber 4.0 / 5.0, CerberTear, Chimera, ChinaYunLong, CHIP, ClicoCrypter, Clouded, CockBlocker, Coin Locker, CoinVault, Comrade Circle, Conficker, Coverton, CradleCore, Cripton, Cry128, Cry36, Cry9, Cryakl, CryFile, CryLocker, CrypMic, CrypMic, Crypren, Crypt0, Crypt0L0cker, Crypt12, Crypt38, CryptConsole, CryptFuck, CryptInfinite, CryptoDefense, CryptoDevil, CryptoFinancial, CryptoFortress, CryptoGod, CryptoHasYou, CryptoHitman, CryptoJacky, CryptoJoker, CryptoLocker3, CryptoLockerEU, CryptoLuck, CryptoMix, CryptoMix Revenge, CryptoMix Wallet, CryptON, Crypton, CryptorBit, CryptoRoger, CryptoShield, CryptoShocker, CryptoTorLocker, CryptoViki, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptoWire, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CryPy, CrySiS, Crystal, CTB-Faker, CTB-Locker, Damage, DarkoderCryptor, DCry, DCry 2.0, Deadly, DEDCryptor, Defray, DeriaLock, Dharma (.cezar), Dharma (.dharma), Dharma (.onion), Dharma (.wallet), Digisom, DilmaLocker, DirtyDecrypt, DMA Locker, DMA Locker 3.0, DMA Locker 4.0, DMALocker Imposter, Domino, Done, DoNotChange, Dviide, DXXD, DynA-Crypt, eBayWall, ECLR Ransomware, EdgeLocker, EduCrypt, El Polocker, EnCrypt, EncrypTile, EncryptoJJS, Encryptor RaaS, Enigma, Enjey Crypter, EnkripsiPC, Erebus, Evil, Executioner, Exotic, Extractor, Fabiansomware, Fadesoft, Fantom, FartPlz, FCPRansomware, FenixLocker, Fenrir, FindZip, FireCrypt, Flatcher3, FLKR, Flyper, FrozrLock, FS0ciety, FuckSociety, FunFact, GC47, GhostCrypt, Globe, Globe (Broken), Globe3, GlobeImposter, GlobeImposter 2.0, GOG, GoldenEye, Gomasom, GPAA, GPCode, GX40, Hacked, HadesLocker, HappyDayzz, HDDCryptor, Heimdall, HellsRansomware, Help50, HelpDCFile, Herbst, Hermes, Hermes 2.0, Hi Buddy!, HiddenTear, HollyCrypt, HolyCrypt, Hucky, HydraCrypt, IFN643, ImSorry, InfiniteTear, iRansom, Ishtar, Israbye, Jack.Pot, Jaff, Jager, JapanLocker, JeepersCrypt, Jigsaw, Jigsaw (Updated), JobCrypter, JuicyLemon, Kaenlupuf, Karma, Karmen, Karo, Kasiski, KawaiiLocker, Kee Ransomware, KeRanger, KeyBTC, KEYHolder, KillerLocker, KimcilWare, Kirk, Kolobo, Kostya, Kozy.Jozy, Kraken, KratosCrypt, Krider, Kriptovor, KryptoLocker, L33TAF Locker, Lalabitch, LambdaLocker, LeChiffre, LightningCrypt, LLTP, LMAOxUS, Lock2017, Lock93, LockBox, LockCrypt, Locked_File, Locked-In, LockedByte, LockLock, Lockout, Locky, Lortok, LoveServer, LowLevel04, MafiaWare, Magic, Maktub Locker, Marlboro, MarsJoke, Matrix, Maykolin, Maysomware, Meteoritan, Mikoyan, MirCop, MireWare, Mischa, MMM, MNS CryptoLocker, Mobef, MoonCrypter, MOTD, MoWare, MRCR1, Mystic, n1n1n1, NanoLocker, NCrypt, NegozI, Nemucod, Nemucod-7z, Nemucod-AES, Netix, NewHT, Nhtnwcuf, NM4, NMoreira, NMoreira 2.0, NotAHero, Nuke, NullByte, NxRansomware, ODCODC, OhNo!, OoPS, OopsLocker, OpenToYou, OzozaLocker, PadCrypt, Paradise, PayDay, PaySafeGen, PClock, PClock (Updated), PEC 2017, Pendor, Petna, Philadelphia, Pickles, PopCornTime, Potato, PowerLocky, PowerShell Locker, PowerWare, Pr0tector, PrincessLocker, PrincessLocker 2.0, Project34, Protected Ransomware, PshCrypt, PyCL, PyL33T, QuakeWay, R980, RAA-SEP, Radamant, Radamant v2.1, Radiation, Random6, RanRan, RanRans, Rans0mLocked, RansomCuck, Ransomnix, RansomPlus, RarVault, Razy, REKTLocker, RemindMe, RenLocker, RensenWare, Reyptson, Roga, Rokku, RoshaLock, RotorCrypt, Roza, RSA2048Pro, RSAUtil, Ruby, Russian EDA2, SADStory, Sage 2.0, Salsa, SamSam, Sanction, Sanctions, Satan, Satana, Scarab, SerbRansom, Serpent, ShellLocker, Shifr, Shigo, ShinigamiLocker, ShinoLocker, Shujin, Shutdown57, Sifreli, Simple_Encoder, Skull Ransomware, Smrss32, SnakeLocker, SNSLocker, SoFucked, Spectre, Spora, Sport, SQ_, Stampado, Storm, Striked, Stupid Ransomware, SuperCrypt, Surprise, SynAck, SyncCrypt, SZFLocker, Team XRat, Telecrypt, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TeslaWare, TheDarkEncryptor, TowerWeb, ToxCrypt, Trojan.Encoder.6491, Troldesh / Shade, TrueCrypter, TrumpLocker, UCCU, UIWIX, Ukash, UmbreCrypt, UnblockUPC, Ungluk, Unknown Crypted, Unknown Lock, Unknown XTBL, Unlock26, Unlock92, Unlock92 2.0, UserFilesLocker, USR0, Uyari, V8Locker, VaultCrypt, vCrypt, VenisRansomware, VenusLocker, ViACrypt, VindowsLocker, VisionCrypt, VMola, Vortex, VxLock, WannaCry, WannaCry.NET, WannaCryOnClick, WhatAFuck, WildFire Locker, WininiCrypt, Winnix Cryptor, WinRarer, WonderCrypter, Wooly, X Locker 5.0, XCrypt, XData, Xorist, Xort, XRTN, XTP Locker 5.0, XYZWare, YouAreFucked, YourRansom, Yyto, zCrypt, Zekwacrypt, ZeroCrypt, ZeroRansom, Zilla, ZimbraCryptor, ZinoCrypt, ZipLocker, Zyklon

https://id-ransomware.malwarehunterteam.com/

https://ransomwaretracker.abuse.ch/tracker/

https://www.cryptowalltracker.org/

>_Get-SurvivalKit You have done your backup as like previous screen TODO As ransomAttack or he is already inside : Most Always the process have been able to get NT-AUTHORITY privileges : Cut all network from the laptop or desktop as it’s infected with ransomware. You can try all decryptors technics if you’ve lucky to found the good KEY ? Restore your host with gold image (as malware have been able to run as AUTORITHY-NT, the host can’t be cleaned) Run a full antivirus scan on the backups before restoring the eventual backups! Restore YOUR SUPER BACKUP Antimalware should be updated on the machine before, and a full scan should be run again. Update the Host don’t wait and for the APPs use: https://ww.ninite.com Block the domain if you know on your HOST file system or go to the Tracker Site.

https://ww.ninite.com/

>_Get-NoMoreRansom

Présentateur


https://noransom.kaspersky.com/ https://www.nomoreransom.org/fr/index.html https://www.nomoreransom.org/crypto-sheriff.php?lang=fr Plusieurs forces de police (Europol et la police des Pays Bas) et des sociétés dans le domaine de la sécurité (Kaspersky et Intel Security), se sont regroupés pour lancer le site No More Ransom ("Plus de rançon"). L'objectif est de lutter contre les ransomwares, ces virus qui réclament de l'argent en échange de vos fichiers. Pour cela, ils dispensent de bons conseils (comme les miens )), proposent des déchiffreurs et surtout, ils ont réalisé Crypto Sheriff, un outil qui à partir d'un fichier peut déterminer le type de ransomware qui vous a infecté.

http://korben.info/wp-content/uploads/2016/07/crypto-sheriff.png

>_Set-CompanyTools Program Name Free Beta Ransomware Real-time

Protection Disinfection Supported OS Comments

AbelSoft AntiRansomware no no unknown yes no Windows 7 and up Trial available, full version price is €14.90

Bitdefender Anti-Ransomware yes no CTBLocker, Locky, TeslaCrypt yes no all supported versions of Windows

CryptoPrevent yes no unknown, developer cites "large number of cryptoware" yes no Windows XP to Windows 10

Paid versions available, protects against other malware, folder watch protection

Gridinsoft Anti-Ransomware yes yes unknown yes no all supported versions of Windows

HitmanPro.Alert no no Cryptoware protection yes no Windows XP to Windows 10 requires HitmanPro

HitmanPro.Kickstart no no Lock Screen only no yes Windows XP to Windows 10 requires HitmanPro

Kaspersky Anti-Ransomware yes no unknown yes rollback all supported versions of Windows

Malwarebytes Anti-Ransomware yes yes CryptoLocker, CryptoWall, CTBLocker, Tesla yes no all supported versions of

Windows

Proactive Protection against new ransomware

McAfee Ransomware Interceptor yes yes Most unknown, Locky, TeslaCrypt, WannaCry yes no Windows 7 and up

RansomFree yes no against more than 40 tested variants yes no all supported versions of

Windows Honeypot system

SBGuard yes no hardens the system no no all supported versions of Windows

Trend Micro Anti-Ransomware yes no Lock Screen only no yes all supported versions of Windows

WinPatrol War no no most, if not all, ransomware yes no all supported versions of Windows

Layered protection, File, network and Registry protection

>_Get-Decryptors 777 (Emsisoft, TrendMicro) Al-Namrood (Emsisoft) Alcatraz Locker (Avast) Amnesia (Emsisoft) Apocalypse (Avast, AVG, Emsisoft) AutoLocky (Emsisoft, TrendMicro) BadBlock (Avast, AVG, Emsisoft, TrendMicro) Bart (Avast, AVG) Cerber (TrendMicro) Chimera (TrendMicro) CoinVault (Kaspersky) Cry128 (Emsisoft) Cry9 (Emsisoft) CrypBoss (Emsisoft) Crypt888 (Avast, AVG) CryptInfinite (Emsisoft) CryptoDefense (Emsisoft) CryptOn (Emsisoft) CryptXXX (TrendMicro) CryptoMix (Avast) Crysis (Avast, TrendMicro) Damage (Emsisoft) DemoTool (TrendMicro) DMALocker (Emsisoft) DXXD (TrendMicro) Fabiansomware (Emsisoft) FenixLocker (Emsisoft) FindZip (Avast) Globe (Avast, Emsisoft, TrendMicro) GlobeImposter (Emsisoft) Gomasom (Emsisoft) Harasom (Emsisoft) HiddenTear (Avast) HydraCrypt (Emsisoft) KeyBTC (Emsisoft) Jigsaw (Avast, TrendMicro) Lechiffre (Emsisoft, TrendMicro) Legion (Avast, AVG) Malboro (Emsisoft) Mircop (TrendMicro) MRCR (Emsisoft) Nemucod (Emsisoft, TrendMicro) NMoreira (Emsisoft) NoobCrypt (Avast) OpenTo You (Emsisoft) OzozaLocker (Emsisoft) PClock (Emsisoft) Philadelphia (Emsisoft) Radamant (Emsisoft) Rakhni (Kaspersky) Rannoh (Kaspersky) Shade (Kaspersky, McAfee) SNSLocker (TrendMicro) Stampado (Avast, Emsisoft, TrendMicro) SFZLocker (Avast, AVG) Teamxrat/Xpan (TrendMicro) TeleCrypt (TrendMicro) TeslaCrypt (Avast, AVG, McAfee, TrendMicro) Wildfire (Kaspersky, McAfee) Xorbat (TrendMicro) Xorist (Emsisoft, Kaspersky, TrendMicro) WannaCry (TrendMicro, Wanakiwi, Wanakey)

https://decrypter.emsisoft.com/

https://success.trendmicro.com/solution/1114221-downloading-and-using-the-trend-micro-ransomware-file-decryptor


https://www.avast.com/c-ransomware



http://www.avg.com/gb-en/ransomware-decryption-tools#apocalypse












https://noransom.kaspersky.com/


















































https://www.mcafee.com/us/downloads/free-tools/index.aspx




















https://github.com/gentilkiwi/wanakiwi/releases/

https://github.com/aguinet/wannakey/issues/2

>_Set-DontForgetMeNot

Auto Clicking “GhostClicker” Playstore Android Adware Found in 340 Apps with 5 Million Downloads

Présentateur


https://gbhackers.com/auto-clicking-ghostclicker-adware/ Auto Clicking “GhostClicker” Playstore Android Adware Found in 340 Apps with 5 Million Downloads

>_Get-Future

Tesla a augmenté à distance les batteries des conducteurs qui fuyaient Irma

>_Get-Future-Weird Update on the NIST Post-Quantum Cryptography Project Classical vs Quantum Computers

• The security of crypto relies on intractability of certain problems to modern computers • Example: RSA and factoring • Quantum computers • Exploit quantum mechanics to process information • Use quantum bits = “qubits” instead of 0’s and 1’s • Superposition – ability of quantum system to be in multiples states at the same time • Potential to vastly increase computational power beyond classical computing limit

TESLA STEGANO

2 PAYLOAD

>_Set-Merci >_Get-Questions ?

“Setec Astronomy” est

l’anagramme de “too many secrets”! Un autre moyen de “Reverser”

>_Add-Calendar

Novembre 2017 Hackfest.ca

Venez en nombre…