Naavi.org

Considering the threat that ransom ware poses to all businesses, it is possible that even small businesses and individuals may get trapped though they are not the primary target for the fraudster in view of their small value. While the big businesses need to secure themselves with the best of the tools with realtime updation and realtime back up facility, small businesses may need to look for a combination of personalized backup with a good anti malware software.

In this connection apart from the fundamental anti virus and anti malware software, there are some specific anti-ransomware tools that one needs to look for. Ransomware’s primary behaviour is “Encryption” and hence these anti ransomware tools may focus on spotting any signature that attempts to encrypt files.

The following page gives details of some of the available free tools in this regard. http://www.thewindowsclub.com/free-anti-ransomware-tools.

1] BitDefender Anti-Ransomware will immunize your computer. What it does is, basically it does not allow executable files from %appdata% and %startup% to run.

2] Kaspersky Anti-Ransomware Tool for Business offers complimentary security to protect corporate users from ransomware, It identifies ransomware behavior patterns and protects Windows-based endpoints effectively.

3] Trend Micro AntiRansomware Tool remove ransomware on infected computers. To use this tool, enter Safe Mode with Networking. Download the Anti-Ransomware software and save it to your desktop. Next double-click on it to install it. Once it has been installed, restart your computer and go to the normal mode where the screen is locked by the ransomware. Now trigger the Anti-Ransomware software by pressing the following keys: Left CTRL+ALT+T+I. Run the Scan, Clean and then Reboot your computer. This tool is useful in cases of ICE Ransomware infections.

4] CryptoMonitor will actually kill an encryption infection, blacklist it from running again, and notify you as soon as the infection starts. The tool detects ransomware as soon as the latter tries to take over your computer. It then alerts you via email and removes ransomware in most cases. In some cases, where it cannot remove ransomware, it will lock down the computer so that ransomware cannot take over until you get professional help.

5] CryptoPrevent modifies a few group policy settings to prevent executable files from running from some specific locations. CryptoPrevent can change about 200 such settings depending on the version and OS you are using. Some locations it keeps its eyes on are, Recycle Bin, default app directory, local temporary files, All Users application and local data settings folder and more.

6] HitmanPro.Alert is a free browser integrity & intrusion detection tool that alerts users when online banking and financial transactions are no longer safe. The latest version HitmanPro.Alert also contains a new feature, called CryptoGuard that monitors your file system for suspicious operations including CryptoLocker ransomware. When suspicious behavior is detected, the malicious code is neutralized, and your files remain safe from harm.

7] Cryptolocker Prevention Kit is a tool that automates the process of making a Group Policy to disable files running from the App Data and Local App Data folders, as well as disabling executable files from running from the Temp directory of various unzipping utilities.

8] CryptoLocker Tripwire follows a different approach. It runs on the file server.  After loading your data share folders, the free tool will copy a witness file that you choose, to a hidden subfolder in each of the folders you have selected.

9] Kaspersky WindowsUnlocker can be useful if the Ransomware totally blocks access to your computer or even restrict access to select important functions, as it can clean up a ransomware infected Registry.

10] Malwarebytes Anti-Ransomware is a simple software, light in weight capable of running in the background while quietly monitoring the behavior of the machine associated with file encrypting ransomware. Currently, this program is in the beta stage – and free to download and use. Once it goes out of beta, it is likely that it may not remain free.

Also added:

11. WinAntiRansom+ from the makers of WinPatrol (Not a Free Tool: For one computer costs US$14.95 per year)

Hope it would be useful. Please note that this is only given for information and I have not made any evaluation of any of these tools. I invite experts to submit their views if any

Naavi

Happy Digital Society Day of India

This day in the year 2000, India stepped into the world of Cyber Space with a recognition of electronic documents as equivalent to paper. Along with the recognition of digital signature as equivalent to “Signature” in law, the world of Digital Contracts became a Judically recognized reality. Thus was born the legally recognized Digital Society of India.

Let’s commemorate the day with some positive action that helps in the development of a Responsible Cyber Society in India.

Naavi.org takes a Digital Society Day resolution to fight a war against ransom ware by creating greater awareness in all stake holders about the dangers of Ransomware and how to fight it.

The theme for the year is

Naavi

Our war against ransomware  should start with better awareness about the epidemic as it is evolving. Ignorance is not the the concern only in India. Even in US it is stated that more than two thirds of US office workers are unaware of ransomware threat.

A recent survey of 1000 workers in US conducted by a security firm Avecto revealed that widespread ignorance prevails about the ransomware threat. About 39% of the respondents expressed that they donot have confidence that their employer may have adequate safetguards for their online safety.

Nearly 40% of businesses were hit by ransomware atacks in the past one year with more than one third of them losing revenue and 20% forced to close down.  More than 4000 ransomware attacks happen every day making it the leading threat in the cyberworld. The average ransom demand is reportedly doubled to $679 from $294 at the end of 2015 and over 100 new families of ransomware has been discovered.

Ransomware on Android has grown in several parts of Europe spreading through malicious APK files which users download and install, as well as through tricky spam messages, and malvertising. The malware may some times simply lock the screen and change the PIN to demand ransom.

The next wave of ransom ware is expected to attack the IOT s making life miserable for the tech savvy digital society resident. While the traditional ransomware attacks data residing inside the computing devices, IOT ransomware may take control of the devices and make them act under their control leading to dangerous consequences such as crashing of Cars, burning out of devices, causing fire and other physical hazards including causing death of a person using the IOT devices near his person.

The growing problems observed in Samsung mobile devices could also be a manifestation of a malware meant to hurt the company. Similar malwares can also turn into ransomware to threaten… “Pay up or else, your mobile/device will burst”.  With the kind of social engineering that precedes a targetted attack, it is possible that ransomware may be installed in a user’s family device such as the son/daughter’s mobile and threat sent to the father so that immediate compliance is guaranteed.

The risk becomes larger since  “Ransomware as Service” (RaaS) is being increasingly offered by the underworld. This  ensures that it can be used just as “Supari Killers” are used in the physical world for committing murders. This empowers all and sundry to adopt ransomware to settle personal scores and make money.

The raise of “Crime ware as a Service” requires to be tackled at the same level as we handle “Terrorism” as a part of global security. I wish global leaders like Mr Modi as well as the ISIS baiters like Donald Trump donot forget to fight the threat of “Crime ware as a Service” to protect the digital world of the next decade”.

The Fight against ransomware in corporate world has to focus on reducing the possibility of the employees falling victim to spearphishing attacks. While most infections are being caused by “Opening of Attachments” from e-mails and we often say “Donot open attachments from unknown persons”, the fraudsters who use spearfishing spend time in researching the victim and finding out his weaknesses before sending out an attachment. It may be possible to teach an employee not to open an attachment that says “Exclusive Pictures of the URI attack” or “A Bollywood star in Bed with a Cricketer”, it would be difficult to make him not open an attachment which appears to come from his boss and says, “Proposed Salary Revision”.

Phishing of e-mails and websites have become so sophisticated that we need “Two factor authentication” for every e-mail to add to its trustworthiness.

Recently, in India a phishing website in the name of “lCICI” was found to confuse the Netizen with “ICICI” (The leading Bank in India).

Watch the adjoining picture and let me know if you can spot the difference in the URL from a URL that would represent the genuine ICICI Bank.

If such phishing succeeds, as in most cases it would, one cannot blame the eye sight of the Netizen.

(Let RBI which is holding up the limited liability circular under the vested interest’s pressure take note that Customer cannot be held responsible for negligence if he is tricked into believing that such phishing e-mails are genuine).

Cylance, a security firm has recently put out a detailed account of how Cerber Ransomware operates which is an excellent guide for everyone watching this space to study.

Cerber  is the third most prevalent ransomware  in the wild with a market share of 24% behind CryptoWall (41%) and Locky (34%). Its uniqueness is that it uses a continuous change of its file name make it impossible for anti virus software to identify it by its signature file name. It is known to spread via weaponized Microsoft Word documents and also exploiting the vulnerabilities such as Adobe Flash Player. Sophisticated distribution mechanisms with “Affiliate Programs” are on offer. It is using “Bitcoins” as the payment made.

It is said that the average cost of ransomware in large corporations could be $1 mllion to $10 million making it a risk that cannot be ignored. The Bitcoin community which wants to legitimize the use of Bitcoin as a recognized currency needs to take steps to ensure that ransomware does not become the new “SilkRoute” as the war against Ransomware will start with the complete shutting down of “Bitcoin” as a legit currency.

I urge the Government of India and Mr Narendra Modi to use the occassion of the anniversary of the Digital Society Day of India falling on 17th October to declare the “War on Ransomware” open.

To start with the Government should announce its intention to tackle this as “Cyber Terrorism”, register cases under Section 66F of ITA 2008 so that it falls within the international cooperation treaties to enlist the support of law enforcement agencies in other countries. The rest of the strategy can be dicussed subsequently.

It would be better if the Government sets up an expert committee to develop the strategy for tackling the menace of Ransomware (without limiting it to the coterie in Delhi)..

Dear Mr Modi…. are you listening?

Naavi

After the surgical strikes by the Indian army on Pakistan terrorist launch pads, there has been a series of attacks by physical terrorists in different parts of Kashmir. At the same time, it appears that there is a low intensity cyber terrorist attacks across the Cyber LOC.

Just as there is little difference between the physical terrorist attacks and a “War” when it comes to Pakistan (since they have adopted terrorism as a tool of war), the cyber attacks on IT firms in Hyderabad also are not different from a Cyber War.

Refer article here

It is a fine line of distinction between Cyber War and Cyber Terrorism. Cyber War is conducted by state actors and Cyber terrorism is conducted by non state attacks. Cyber War is mostly on military targets while Cyber terror strikes on soft public targets.

The convention for Cyber Wars is yet to be developed internationally and are therefore non existent in practical terms. (Tallin Manual is under development and could eventually become an international agreement on Cyber warfare).

The Hyderabad attack is reported to be a ransom ware attack on many finance companies. Though there has been a denial from the Hyderabad police sources, it is possible that there could at least be a “Defacement Attack” probably at the ISP level. There was also an earlier report of Indian hackers hacking into Pakistani Government websites and planting ransomware.

These mutual attacks have raised an important issue of the role of “Cyber Attacks” in national defense. Obviously, if the attacks are launched by the Government sources, it will be part of the military operations just like the “Surgical Strikes”. But such attacks need to be confined to military targets and not civil targets. When civil targets are hit, it is more akin to a terror attack than a military operation unless it can be justified as collateral damage. If such attacks are launched by non military personnel, there is every right for Pakistan to call it a Cyber Terror attack by Non State Actors in India.

In order to ensure that Indian hackers are not drawn into legal battles in international courts, it is necessary for the Government to define a proper policy for such cross border cyber attacks.

Firstly, the Government of India should develop (If they have not so far done), a Cyber Army which is part of the Military operations. This Cyber Army should focus on military targets. It is not necessary that this should be manned only by the current defense personnel. Other private teams can be used for the purpose. Along with it, if the Government wants to develop a supported non state actor group, it is the Government’s call. China already must be having such an outfit. It will be like the RAW in Cyber Space and part of the intelligence network.

As regards other private parties, it is necessary to classify them as “Non State Actors”. If therefore cyber attacks do take place by hackers on either side, they are open to international legal action and the Governments of each country may disown them if they are identified.

It is open to such hackers to take the risk if they so like but should not expect much support from the Government.

We understand that Mr Modi may have a Cyber Attack Collaboration agreement with Russia which should be the starting point for developing a Cyber Army in India. If this happens, we welcome the move.

We therefore watch the BRICS summit in Goa closely to see if an agreement is signed in this regard between India and Russia.

Naavi

An unprotected open-source data base of Modern Business Solutions (MBS) based in Austin, TX is said to have compromised 58 million to 258 million data base records of its customers because of faulty configuration of its security.

According to this report from riskbasedsecurity.com  the firm provides cloud based data management platform called Hardwell Data allowing the customers to collect, store and transfer data records regardless of format, including a cloud based hosting system for databases. It is stated that the IP address of the insecure data base was identified on an internet search and shared within a small group of friends which ultimately resulted in the mega data breach.

Leaked information included names, IP addresses, birth dates, email addresses, vehicle data and occupations.

It is understood that the data base has now been secured and is no longer accessible. This however confirms that the breach was a result of a gross negligence by the information security managers of the firm.

While the IS professionals look at the problem from their perspective, there is another angle to the whole episode.

“Modern Business Solutions” is a common name used by many businesses and websites many of them in India. At least one of them is known to be providing services to ICICI Bank.  It is possible that the MBS of Austin might not have any connection with the company having business relationship with ICICI Bank.

However, as a part of the “Compliance Requirements”, it is necessary for ICICI Bank to come out with a public disclaimer that there is no business relationship between the MBS of Austin, TX and the Bank and no data of any Indian is involved in the data breach.

The same advisory holds good for all business entities in India who deal with any company called “Modern Business Solutions” to issue necessary disclaimers. Such companies who are “Lookalikes” also need to issue their own disclaimers.

For the future every company  should consider using the services of “www.lookalikes.in” so that when such reputation loss occurs on account of any shared name, their own customers feel re-assured.

Naavi

October 17 is a special day in the Digital history of India since it was this day in the year 2000 that India first provided legal recognition for electronic documents by notifying the Information Technology Act 2000. Since then the life of many IT professionals in India has changed for ever. Along with recognition of electronic documents came the Digital/Electronic signatures and a whole set of business opportunities around that. Cyber Lawyers saw a new field of activity emerging and professionals in law enforcement had to recognize the new domain of Cyber Law enforcement. E Commerce and E-Governance as well as E Banking in particular has also contributed to millions of job opportunities that can be attributed directly to the event of October 17, 2000 notifying the ITA 2000.

Now under the leadership of Mr Modi, India is talking of a new era of Digital progress beyond the e-commerce and e-Governance. We are deep into Mobile Commerce, use of Aadhar as a universal digital ID. Smart Cities and IOTs are slowly making it a part of our life. Electronic circuits are part of many of our day to day gadgets including the wearable Watches, the Cars, the Washing Machines etc.

Along with these developments in technology, the Cyber Crimes are also increasing and Police are under constant challenge to tackle the new age crimes.

In such an environment, it is the duty of every one of us who has directly or indirectly been affected by the advent of Cyber Laws in India and created Netizens out of Citizens to commemorate October 17 with the respect it deserves.

I therefore urge all Cyber Professionals to conduct their own special activities on this October 17 to just remember that this is the day when the “Digital Society of India” was born.

If you are in an educational institution, call your students and hold an awareness meeting.

If you are in a Company, have a “ITA 20008 Compliance Meeting”.

If you are a Bar Council member, call a meeting to discuss “Cyber Laws in India”,

If you are in the Police, conduct a meeting of your subordinates and increase the awareness of Cyber Crimes….

If you are in Indian Defense, develop an awareness of the world of Cyber Wars…the next war will be dominated by Cyber attacks.

And if you are Mr Narender Damodar Das Modi, call a cabinet meeting and make the Cabinet colleagues aware of the importance of developing and managing a “Cyber Law Compliant E Governance system”.

…………Just as “International Yoga Day”, the “Digital Society Day” deserves to be commemorated.

Naavi