Distributed cybercrime is a type of attack that is launched on a large scale with an aim to target many victims though the same campaign. Recent attacks like WannaCry, BadRabbit, NotPetya and other cybercrimes have created a havoc, thus highlighting the alarming increase of distributed cybercrimes.

Launching a massive ransomware attack on masses is the most preferred choice of cyber attackers. Such attacks are on rise and as per a prediction by Cyber Security Venture, a new organization will fall victim to ransomware every 14 seconds in 2019 and every 11 seconds by 2021. The number is soaring high and is growing at a fast pace.

What Makes Distributed Cybercrime A Preferred Choice To Cyber-criminals?

A cyber-criminal is not required to possess specialized knowledge of cybersecurity or cryptography to launch an attack. They use sample exploit codes and tools that are available on the dark web.

This way hackers develop malware and malicious software that run on professional platforms. The attack is not targeted to a specific set of people and usually cyber criminals don’t know their victims personally. They are simply interested in the ransomware amount. Their primary victims are individuals and organizations with sub-par security.

Following are some reasons why distributed cyber-attack is a lucrative option for cyber-criminals:

• Since the distributed ransomware attack is aimed to target masses, it requires less effort.
• Highly specialized skill & knowledge is not required to launch a distributed cybercrime.
• There are endless possibilities of earning revenue as every standard endpoint is a potential source of revenue.

Hackers often send an email or website link, which when clicked by the victim installs a malware on their device. Ransomware attacks have affected almost every sector like healthcare, finance, transportation, etc. 

How To Protect Against Distributed Cybercrime?

• Make sure that your organization meets the baseline security standards.
• Follow a threat-centric vulnerability management (TCVM) approach.
• Install an anti-virus software.
• Update and patch your devices regularly.

How Does Threat Centric Vulnerability Management Work?

Cyber-crimes have been commercialized and so following this approach can significantly help in minimizing the risk of a distributed cybercrime.

• The first step is assessment and discovery of vulnerabilities within an organization’s system.
• Next step is threat intelligence research to consolidate and understand which exploits are active, available or packaged in the crimeware.
• Then analyze the vulnerabilities and flag the ones that are exposed in the network or actively exploited.
• Implement patches or other remedial factors such as IPS signatures, segmentation, etc. to avoid exploitation.
• Check if something has been done to neutralize the effect of threat or reduce the overall risk. Vulnerabilities which have not been mitigated should be closely monitored.

For more information, contact Centex Technologies at (972) 375 - 9654.

View Full Image

Ransomware is undoubtedly one of the most harmful types of virus attacks for any corporate network. When a computer system is infected with the malware, it locks down all the files stored on the local hard disc, demanding a certain amount of ransom from the victim to get access to the data. Over the last few years, ransomware attacks have increased and have become a lot more targeted. Therefore, you need to stay proactive and protect your network from getting infected with this malware.

Here are some steps you need to take to ensure that your network is ransomware proof:

Perform Regular Backups

Though this is the most basic defense against ransomware, performing regular backups goes a long way in minimizing the consequences you have to face in the event of an attack. Create and implement a policy that requires the employees to backup their files at frequent intervals. When you have a copy of the files, your business activities would not be hampered due to a ransomware attack.

Disable Remote Access

In most cases, ransomware exploits the vulnerabilities in the computer systems or mobile devices used to access your network remotely. Though remote access allows employees to work from anywhere, it also increases the chances of a hacker being able to infiltrate the corporate network. Therefore, you should disable remote access, particularly on the systems where it is absolutely not required.

Deploy A Firewall

Install a reliable firewall software to prevent ransomware from getting access to your network. When you have set the rules on what type of content can or cannot be accessed on a computer system, you can significantly limit your network’s attack surface. It will also scan all the file downloads in real time and block the ones that potentially contain a malicious code.

Setup correct file and folder level permissions

Just like a firewall software protects you from external attacks, setting up file and folder permissions is important to secure your network internally. Make sure that the employees have access to only those files which they need to perform their tasks. For instance, marketing employees should not be able to view, modify or share the HR department folder. This will not only provide protection from ransomware, but lead to a more secure network environment on the whole.

For more information on ransomware and how you can safeguard your corporate network, feel free to contact Centex Technologies at (972) 375 – 9654.

ImageGate is a recent form of ransomware that attempts to spread malware through images and graphic files on social media websites. It has been discovered by two security researchers at Check Point Software Technologies Ltd., Roman Ziskin and Dikla Barda. The ransomware works in the same way as Locky virus that automatically encrypts the victim’s files and demands a ransom in order to reveal the decryption key.

Considering the massive increase in the use of social media platforms, such as Facebook and LinkedIn, hackers are directing their focus on breaching the security of these websites. They are continually looking for ways to use these platforms as hosts to carry out their malicious activities.

How Does ImageGate Work?

According to the security researchers, ImageGate works by embedding malicious code into the image files and posting them on ‘white listed’ social media websites. The targeted image files usually have extensions other than ‘.jpg’ or ‘.jpeg’. The malware aims at manipulating the misconfigurations in the social media platforms to purposely compel the users to click on the image. Once the file has been downloaded and the user clicks to open it, all the files on the computer system are encrypted. In order to regain access to the locked files, the user is required to pay the hackers a certain amount as ransom in bitcoins.

Tips To Protect Against ImageGate Ransomware

• Make sure you do not click on any unidentified file downloaded to your computer system.
• If a file gets forcibly downloaded, do not open or execute it. You should carefully delete the file so that the ransomware is not able to infect the files stored on the device.
• You should avoid clicking and downloading images as well as graphic files from social media websites.
• Do not open image files that have unknown file extensions, particularly ‘.svg’, ‘.hta’ and ‘.js’.
• The anti-virus and anti-malware software on your computer should be regularly updated to stay protected against latest forms of ransomware.
• It is recommended to be vigilant while accessing your social networking accounts. Even a single malicious download can make you lose access to your device and all the files stored within it.

Centex Technologies provides complete cyber security solutions to the business organizations in Dallas, TX. For more information on ImageGate and other forms of malware, feel free to contact us at (972) 375 – 9654.

ZCryptor is a malicious software that infects removable devices and network drives to encrypt files stored on a computer. It mainly spreads through spam emails, macro malware or fake installers. ZCryptor was first discovered by a security researcher named Jack, after which Microsoft also investigated the potential threats caused by the ransomware. The company issued an alert for the users stating:

“We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. It leverages removable and network drives to replicate itself and infect more systems. We detect this ransomware as Ransom:Win32/ZCryptor.A.”

According to the researchers, the ransomware was initially designed to target systems with Windows XP 64 bit, but computers having the latest version of the operating system can also be infected.

How Does ZCryptor Work?

To infect a computer system, ZCryptor uses the common phishing techniques, such as camouflaging an executable file as a known software, usually Adobe Flash Player, or through macro files in Microsoft Office. Once executed on the system, the ransomware starts encrypting the files stored in it. It creates a registry key to ensure auto-execution on every start-up. Next, an ‘autorun.inf’ file is installed on the removable drives so that the malware spreads to all computer systems that these devices connect to. It replicates by creating copies in different network drives and using multiple file attributes in order to avoid detection by the users.

ZCryptor is known to encrypt a wide range of file formats including documents, audio, video, image, archive, database, APK, Java source code etc. and change their extension to ‘.zcrypt’. Upon encryption of all the files, a pop-up appears on the computer screen, asking the user to pay a ransom amount to get access to the unique decryption key.

How To Protect Against ZCryptor?

• Keep your operating system and other software updated to stay protected against the known vulnerabilities.
• Avoid visiting suspicious websites, opening unknown email attachments and downloading software from unidentified developers.
• Use a reliable anti-virus software to prevent and detect malware infections.
• Disable macro files in Microsoft Office.
• Keep a backup of your files on a removable media device to minimize the consequences of a ZCryptor attack.
• Format the infected removable drives before you connect them to other computer systems.

For more information about ZCryptor ransomware, you can contact Centex Technologies at (972) 375-9654.