Igor Delovski Board

[delovski]

HN - RansomFree Tool Detects Never-Seen-Before Ransomware
Before It Encrypts Your Data

"Boston-based cyber security firm Cybereason has released RansomFree - a
real-time ransomware detection and response software that can spot most
strains of Ransomware before it starts encrypting files and alert the user to
take action."

[delovski]

y - Ransomware spiked 6,000% in 2016 and most victims paid the hackers, IBM finds

"The problem is, the business model works: 70 percent of business victims
paid the hackers to get their data back, the study found. Of those who paid,
50 percent paid more than $10,000 and 20 percent paid more than $40,000."

[delovski]

HN - Mac Malware Can Secretly Spy On Your Webcam and Mic - Here's How to Stay Safe

"Patrick Wardle, an ex-NSA staffer who heads up research at security intelli-
gence firm Synack, discovered a way for Mac malware to tap into your live
feeds from Mac's built-in webcam and microphone to locally record you even
without detection.

Wardle is the same researcher who has discovered a number of security
weaknesses in Apple products, including ways to bypass the Gatekeeper
protections in OS X.

Wardle also released a free tool called RansomWhere? earlier this year that
has generic detection capabilities for Mac OS X ransomware variants."

[delovski]

tr - I infected my Windows computer with ransomware to test
RansomFree's protection

"The secret to RansomFree's success is not in signature files similar to
antivirus applications, but rather in how it detects ransomware-like be-
havior (e.g., the local encryption of user data). This makes the appli-
cation good at doing its job, since all ransomware thus far has displayed
the same characteristics regardless of its payload."

[delovski]

c - WannaCry hackers had no intention of giving users their files back

"Firstly, the software is not like normal ransomware in that it hasn't used
a unique payment address that would identify which user has paid for their
files to be decrypted. Consequently, there is no way for the hackers to actually
know who has paid and who hasn't."

[XNote]

https://www.reddit.com/r/IAmA/comments/6cmmdf/iama_the_accidental_hero_who_helped_stop_the/

[Ike]

https://blog.fortinet.com/2017/06/09/macransom-offered-as-ransomware-as-a-service

Just recently, we here at FortiGuard Labs discovered a Ransomware-as-a-service (RaaS) that uses a web portal hosted in a TOR network which has become a trend nowadays. However, in this case it was rather interesting to see cybercriminals attack an operating system other than Windows. And this could be the first time to see RaaS that targets Mac OS.

[delovski]

hacker - New Fileless Ransomware with Code Injection Ability Detected in the Wild

"According to Trend Micro, Sorebrect was initially targeting Middle Eastern
countries like Kuwait and Lebanon, but from last month, this threat has started
infecting people in Canada, China, Croatia, Italy, Japan, Mexico, Russia, Taiwan,
and the U.S."

[delovski]

osee - OSX.EvilQuest Uncovered

"Today, we triaged an interesting piece of new malware - detailing its
persistence, and capabilities.

Though new, our (free!) tools such as BlockBlock and RansomWhere? were able
to detect and thwart various aspects of the attack... with no apriori knowledge!"