Jump to content


Photo

Worldwide ransomware attack every 10 seconds-Russia


  • You cannot start a new topic
  • Please log in to reply
10 replies to this topic

#1 ranchhand

ranchhand

    Moderator

  • Moderators
  • 1,423 posts
  • LocationMidwest

Posted 14 February 2017 - 12:27 PM

Scary....be sure to have a current image backup at all times!

 

https://www.bleeping...king-criminals/

 

 

The Russian antivirus maker says that the frequency of ransomware attacks has intensified during the past year from one at every 20 seconds to one at 10 seconds towards the end of the year, with businesses being hit every 40 seconds.

 


Fishing Fanatic - gimme a fishing rod, point me North and turn me loose.


#2 Angoid

Angoid

    Administeriosis Extremus

  • Administrators
  • 1,567 posts
  • LocationEast Midlands, UK

Posted 14 February 2017 - 12:36 PM

If you look at Malware Hunter Team's ID Ransomware service, you'll see a list of the known ransomware variants it supports.

I just now yanked that list into a Notepad++ session and counted the commas.  308 commas.

 

That means 309 KNOWN strains of ransomware.

 

:killjoy-emoticon:


If you don't know what eschatology is then don't worry; it's not the end of the world.
Please do not send uninvited PMs requesting support; post into the appropriate forum instead and we'll all learn. See our Private messaging policy.


#3 AppleIsEverything

AppleIsEverything

    Banned

  • Banned
  • Pip
  • 21 posts

Posted 15 February 2017 - 10:52 AM

Angoid, it depends on how

#4 Angoid

Angoid

    Administeriosis Extremus

  • Administrators
  • 1,567 posts
  • LocationEast Midlands, UK

Posted 15 February 2017 - 04:36 PM

Depends on how what?  I'm sorry, I don't understand ....


If you don't know what eschatology is then don't worry; it's not the end of the world.
Please do not send uninvited PMs requesting support; post into the appropriate forum instead and we'll all learn. See our Private messaging policy.


#5 AppleIsEverything

AppleIsEverything

    Banned

  • Banned
  • Pip
  • 21 posts

Posted 15 February 2017 - 08:17 PM

Angoid, how do they monitor this - who knows. Maybe VPNs may toxify the results. I'd also suspect the Chinese to be perpetrators.

I may have clicked post before finishing off as I needed to head off - apologies !

#6 Angoid

Angoid

    Administeriosis Extremus

  • Administrators
  • 1,567 posts
  • LocationEast Midlands, UK

Posted 16 February 2017 - 08:49 AM

The ID Ransomware service is updated by security researchers as they come across them.

The ransomware is developed and sold on the Dark Web, and security researchers dive down there to hunt them out so they can get hold of the code, analyse it for weaknesses, and release free decrypters.

Russia is another main source of this stuff - most I have seen have involved Russia more than China.


If you don't know what eschatology is then don't worry; it's not the end of the world.
Please do not send uninvited PMs requesting support; post into the appropriate forum instead and we'll all learn. See our Private messaging policy.


#7 ranchhand

ranchhand

    Moderator

  • Moderators
  • 1,423 posts
  • LocationMidwest

Posted 16 February 2017 - 02:39 PM

Too bad Vladimir seems more interested in finding out USA spy information than cleaning his own country of international digital muggers. Same goes for India.


Fishing Fanatic - gimme a fishing rod, point me North and turn me loose.


#8 AppleIsEverything

AppleIsEverything

    Banned

  • Banned
  • Pip
  • 21 posts

Posted 16 February 2017 - 04:00 PM

The ID Ransomware service is updated by security researchers as they come across them.
The ransomware is developed and sold on the Dark Web, and security researchers dive down there to hunt them out so they can get hold of the code, analyse it for weaknesses, and release free decrypters.
Russia is another main source of this stuff - most I have seen have involved Russia more than China.

I meant how can they analyse if it's Russia ? Who is the analysis conducted by - I doubt law enforcement have the time to conduct such research. Can security researchers even know the location of attackers ?



#9 AppleIsEverything

AppleIsEverything

    Banned

  • Banned
  • Pip
  • 21 posts

Posted 16 February 2017 - 04:01 PM

I'm just not the type to believe vidence readily Angoid

#10 Angoid

Angoid

    Administeriosis Extremus

  • Administrators
  • 1,567 posts
  • LocationEast Midlands, UK

Posted 17 February 2017 - 08:50 AM

Vidence?  I presume you mean "evidence"?

 

Depends on how credible the evidence is.  If the source code has comments in Russian, the ransom notes are in Russian and English, the servers are tracked back to Russia, then that's fairly strong evidence.

Or if the broken English demonstrates typical mistakes a Russian speaker would make in translating Russian to English, then that's also quite strong evidence.


If you don't know what eschatology is then don't worry; it's not the end of the world.
Please do not send uninvited PMs requesting support; post into the appropriate forum instead and we'll all learn. See our Private messaging policy.


#11 manunkind

manunkind

    Valued Member

  • Gold Star Member
  • Pip
  • 908 posts

Posted 18 February 2017 - 12:57 PM

True attribution is hard.  As a joke, somebody in the industry created an "attribution generator" that would take code and modify certain aspects of it such as adding language specific keywords/comments, adding some broken English phrases, modifying certain language libraries, etc.  When dropped into the public web from Tor or from an out-of-country VPN provider, it would certainly fool most researchers.  At the end of the day though, we have to work with whatever evidence we have.


PC Sympathy

s++=ENDIKSA;++y(;-p)}d ms++n;suajsmn+ky(n-qi}?print:??;