WHAT IS EMAIL BOMBARDMENT?

-
Image
An email bombing is an attack on your inbox that involves sending massive amounts of messages to it. Sometimes these messages are incomprehensible. But more often, they will be confirmation emails for newsletters and subscriptions. Thus, in the latter case, the attacker uses a script to search for forums and newsletters on the internet. Then they sign up for an account with your email address. Each will send you a confirmation email, asking you to confirm your address. Also, this process is repeated on as many unprotected sites as the script can find. The term Email Bombing or Email Bombing; it can also refer to flooding an email server with too many emails. In an attempt to overwhelm the server and disable it. But that's not the goal here; it would be a challenge to cut down on the modern email accounts used. Meanwhile, Google or Microsoft email servers, anyway. So instead of a denial of service (DOS) attack; against the email servers you are using. Also, the flood of messages...
2 comments

THANOS RANSOMWARE

-

Ransomware has become one of the most important threats that we can find on the Internet. As we know, it is a type of malware that aims to encrypt our files and systems and later ask for a ransom in return. It really affects both the private users and the private companies. With the passage of time, hackers have also perfected their techniques. In this article, we are going to talk about Thanos, who has become the first ransomware to use the RIPlace technique to avoid detection.

Thanos Ransomware


Thanos, the first ransomware to use the RIPlace technique

It is true that we have more tools and techniques and better quality antivirus to protect ourselves. Systems are better prepared to detect threats like ransomware. The problem is that cybercriminals have also perfected their techniques. They improve the way in which they spread the threat and especially in how they avoid being detected.

Thanos is one of the many ransomware that are unfortunately on the network and that compromise the security and privacy of users. However, it has an important novelty, and that is that it is the first to use the RIPlace technique, something that allows it to bypass security and make it more difficult to avoid it. This threat affects Windows users.

It should be mentioned that Thanos is a RaaS ransomware, or as a service, where it has affiliates who share the profits. This means that there are more actors that can infect computers with this threat.

Now, what really makes Thanos different is the fact that he uses the RIPlace technique. What does this technique consist of? It is a way to evade the detection of ransomware by the system.

When the ransomware changes its file name in symbolic code, than the anti-ransomware software is not at all able to detect that file. That's what Thanos does, becoming the first ransomware known to use this technique.

By activating this technique, your monitoring functions would get an error, while the name change would still work and thus bypass the anti-ransomware program.

Some antivirus modified their software

It should be noted that when this technique came in front of companies and users many security tools regarded it as somewhat a theoretical technique and that it would not actually be used. However, other security software companies (the minority) modified their software to avoid this technique.

Now it seems that those responsible for Thanos have decided to exploit this technique called RIPlace and thus become the first ransomware to do so.

Ransomware, as we see, is a very important threat that is very present in our daily lives. That is why we must always take measures to avoid being victims.


MEASURES TO TAKE

·       Use of virtual machines, which reduces the cases of infection by Ransomware.

·       Inclusion of access control lists for network mapped units.

·       Installation of JavaScript blockers for the browser that will prevent the execution of scripts that are a possible threat to our computer.

 

WHAT TO DO WHEN FACED WITH A RANSOMWARE INFECTION?

Although with a good prevention policy we can considerably reduce the risk of suffering an attack, despite all the security systems that exist today, minimizing threats by 100% is impossible.

The best defense against Ransomware is protection and prevention, but if one of our computers is infected, it is important to have a defined action protocol.

The first step is to disconnect the infected computers from the network to stop sending information and reduce the risk of contagion.

Second, we will proceed to try to find out if the malware is still running by dumping memory from the Windows Task Manager. In the case of detecting the harmful process, we can stop it from the Administrator itself.

Finally, you should start the device in safe mode and make a backup copy of all the data on the computer.

Once the infection is contained, it will be time for a more in-depth evaluation of the consequences of the attack by the IT technicians of the company or the companies and contracted cybersecurity solutions that allow us to check the level of damage suffered, what information has been lost, if it is recoverable and try to find out how the contagion occurred to establish a higher level of security and prevent it from happening again.

Comments

Post a Comment

Popular posts from this blog

WHAT IS EMAIL BOMBARDMENT?

-
Image
An email bombing is an attack on your inbox that involves sending massive amounts of messages to it. Sometimes these messages are incomprehensible. But more often, they will be confirmation emails for newsletters and subscriptions. Thus, in the latter case, the attacker uses a script to search for forums and newsletters on the internet. Then they sign up for an account with your email address. Each will send you a confirmation email, asking you to confirm your address. Also, this process is repeated on as many unprotected sites as the script can find. The term Email Bombing or Email Bombing; it can also refer to flooding an email server with too many emails. In an attempt to overwhelm the server and disable it. But that's not the goal here; it would be a challenge to cut down on the modern email accounts used. Meanwhile, Google or Microsoft email servers, anyway. So instead of a denial of service (DOS) attack; against the email servers you are using. Also, the flood of messages...
Read more

TESTING THE ANTIVIRUS THAT YOU USE

-
Image
Have you ever wondered how antivirus is tested before it is available on the market? The truth is that, despite what you may think at first, these applications pass a series of tests that have the mission, obviously, of verifying their effectiveness. Well, for most IT security vendors these assessments are now out of date. Testing an antivirus before its launch is something that is done regularly. Thus, the AV Tests (name by which the aforementioned tests are known) allow users to choose which antivirus they want to install on their computers, knowing what their main characteristics are and what they protect against. So far everything normal. So what is the problem? Some manufacturers of security solutions have raised their voices against the fact that these tests are “not modernized”. In what sense? Some companies claim that, although the complexity of security applications has grown considerably in recent times, when conducting evaluations they do not test the new technologies w...
Read more

WHAT IS PAZERA TROJAN AND HOW TO AVOID IT

-
Image
Pazera Trojan is a recently discovered computer malware that spreads in active attack campaigns. The current wave of infections is due to a complex Android mobile threat, including this Windows-based malware. The mechanisms of infection depend on the manipulation of the victim. Once installed on a given computer, the built-in engine will lead to many dangerous actions. Read our in-depth analysis of the samples and learn how to eliminate active infections in this article. Pazera Trojan - Virus Infection Methods The Pazera Trojan is a dangerous threat that is sent as part of a targeted campaign with the main malware being the Trojan. Originally, this has been used in an attack carried out by an Android Trojan, seeking to infect mobile users. Through the elaborate and complex chain of infections, the Pazera Trojan will install itself. Some of the observations made by security experts who analyze this malware are that the main Trojan infection that has been created by an unknown hackin...
Read more