Erich’s “What in the (cyber security) world is going on?” 01-12-17 edition

I am running for a spot on the (ISC)2 Board of Directors. Please check out this post and sign my petition if you are a member.  Thanks!

 

Spora ransomware offers future immunity (for a price of course)

This is an interesting strain of ransomware. It offers an option of future “immunity” for a fee. The ransom is calculated and can vary as well. Finally, it uses Windows CryptoAPI for encryption and doesn’t require an outside C&C server infrastructure. This all makes Spora a very unique strain. They even have a really nice victim landing page and offer tech support via chat.

 

Why you shouldn’t trust Geek Squad ever again

There has been quite a stir about this issue and I can see why. These techs are being incentivized to search the computers without a warrant. While I support reporting things if they stumble across something, the way BestBuy is doing this is ripe for abuse and if the techs are actively seeking out things like this, bypasses the rights of the individual with respect to search and seizure. Also, how can you feel confident that the tech wouldn’t plant things to make an extra few bucks for themselves. It’s all a bit too slimy for me.

Heads-Up! Massive New Locky Ransomware Attack Is Coming 

If you have felt like there has been a short break in some ransomware attacks, you aren’t alone. Locky has been pretty quiet for the last few weeks, but it’s not expected to stay that way. Take this slack time to check your backups and get yourself prepared. It’s not going away in 2017, we know that.

Email Slip-Up Exposes 60,000 Bank Customers’ Account Details

In a monumental “Oh crap” moment, an Australian bank let loose of 60,000 of its customers’ account details. The National Australia Bank (NAB) sent confirmation emails to 60k of its customers. They cc:ed themselves on these for record, but sort of messed up their domain name. You see, they cc:ed nab.com instead of nab.com.au. nab.com appears to be a… well… sort of… “dating” site? Whoops. They aren’t really sure if the emails were bounced or what happened to them at this point.

Ransomware extorts Los Angeles school to the tune of $28,000

Los Angeles Community College District (LACDD) ended up paying a ransom of $28k, a choice indicative of not having good backups in place. Weapons-grade backups folks! Test them and monitor them.

ESEA hacked, 1.5 million records leaked after alleged failed extortion attempt

The E-Sports Entertainment Association (ESEA) did not fold to an extortion attempt and the bad guys released about 1.5 million player profiles. There were over 90 fields in each record including registration date, city, state (or province), last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID.

DeriaLock ransomware decryptors available

If you were hit with this, there are a couple of decryptors available right now. Check it out if you have been impacted.


Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere.

Leave a Reply