BLOG

Category: Data Recovery Tips Page 1 of 3

Be alert: Govt issues alerts on “Locky Ransomware” targeting computers

The Indian Government on Saturday issued an alert on the spread of a new malware — Locky Ransomware — that can lock computers and demand ransom for unlocking them. Ransomware is a malicious software and the Locky Ransomware is learnt to be demanding ransom of half bitcoin, which at present rate is equivalent to over Rs 1.5 lakh.

The alert, issued on Cyber Swachhta Kendra, said it has been reported that a new wave of spam mails is circulating with common subject lines to spread variants of Locky Ransomware. There are hundreds of ransomware-type malware infections similar or identical to Locky including, for instance, Cryptowall, JobCrypter,  UmbreCrypt, TeslaCrypt, and DMA-Locker. All have identical behavior – they encrypt files and demand a ransom. The only difference is the size of ransom and type of algorithm used to encrypt the files. Research also shows that there is no guarantee that your files will ever be decrypted even after paying the ransom. By paying, you simply support cyber criminals’ malicious businesses. Therefore, you should never pay the ransom or attempt to contact them.

“Reports indicate that over 23 million messages have been sent in this campaign. The messages contain common subjects like ‘please print’, ‘documents’, ‘photo’, ‘Images’, ‘scans’ and ‘pictures’. However, the subject texts may change in targeted spear phishing campaigns,” the alert, which described severity of the ransomware as “high”, said.

“Users are advised to exercise caution while opening e-mails and organisations are advised to deploy anti-spam solutions and update spam block lists,” the alert stated.

What is Locky?

Locky is ransomware distributed via malicious .doc files attached to spam email messages. Each word document contains scrambled text, which appear to be macros. When users enable macro settings in the Word program, an executable file (the ransomware) is downloaded. Note that Locky changes all file names to a unique 16-letter and digit combination with .diablo6, .aesir, .shit, .thor, .locky,.zepto or  .odin file extension. Thus, it becomes virtually impossible to identify the original files. All are encrypted using the RSA-2048 and AES-1024 algorithms and, therefore, a private key (stored on remote servers controlled by cyber criminals) is required for decryption. To decrypt the files, victims must pay a ransom.

After the files are encrypted, Locky creates an additional .txt and_HELP_instructions.html (or _WHAT_is.html) file in each folder containing the encrypted files. Furthermore, this ransomware changes the desktop wallpaper. Both text files and wallpaper contain the same message that informs users of the encryption.

How to Protect Yourself From Locky?

Currently, there is no decryptor available to decrypt data locked by above Locky ransomware variants, so users are strongly recommended to follow prevention measures in an attempt to protect themselves.

Beware of Phishing emails: Always be suspicious of uninvited documents sent via an email and never click on links inside those documents unless verifying the source.

Backup Regularly: To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.

Keep your Antivirus software and system Up-to-date: Always keep your antivirus software and systems updated to protect against latest threats.

For any support or free guidance please reach Circuit Blue-The Data Management Experts @ www.circuitblue.in

Data Recovery Trends and Forecasts for 2017

Circuit Blue-The Data Recovery Experts the specialists and leaders in data management field,  see a variety of storage devices and technologies come and go over the years when they fail to function and data loss occurs.  As older storage technologies make way for newer technologies – and since no medium or technology is failure-proof, one day it will come into one of our several data recovery labs around the world.

Most Common trends

The last several years in data recovery and data storage technology have seen faster flash storage technology, tremendous growth in adoption of hyper-converged storage, and the proliferation of ransomware cases. In 2017 and beyond, we will be on the lookout for continued changes to technology used in data centers, additional implementation of data encryption, and an increased emphasis on enterprise information security.

Flash/SSD technology continues its proliferation in the storage technology market

As personal devices get smaller and are able to store even more data, so too do enterprise storage technologies.  Flash continues to change the market at a blistering pace.  While the cost of SSD continues to be higher than traditional storage, many enterprises are nevertheless taking a hybrid approach.  Since 2014, Circuit Blue-The Data Recovery Experts have seen a tremendous  increase in the number of drive recovery requests.

Hyper-converged storage continues its ascent

As predicted hyper-converged storage systems have had a major impact on data recovery.  Since these complex systems consolidate storage resources via software and run on any manufacturer’s hardware, they are not easy to recover.  They often require a custom data recovery solution because data is fully integrated into the unit, making it difficult to gain sector-level access to the disks.  Nevertheless, look for enterprises to continue moving data to hyper-converged storage environments because of their many benefits, e.g. cost-efficiency, scalability, and data storage efficiency.

Easy-to-use user interfaces of complex storage systems can result to data loss

At first glance, these highly-sophisticated systems have a more intuitive user interface and tend to be easier to set up.  As a result, organizations are employing less specialized individuals to operate hyper-converged storage systems – employees who may not have the depth of knowledge needed to solve more complex problems.  This presents new challenges when backups need to be verified or when a data loss occurs, for example.  This trend will continue to grow in the future as more complex technologies will be bundled together in even more easy-to-use enterprise storage systems.

Ransomware cases on the rise, no downturn expected anytime soon

As many experts have claimed over the last few months, there has been an incredible increase in global ransomware attacks and companies are becoming more aware of the serious threats these special viruses pose.  Circuit Blue-The Data Recovery Experts also believes that we’ll continue to see a rise in ransomware attacks.  Ransomware poses not only danger to the data of companies, but also individuals, hospitals, government entities and hospitals.  And the experts warn: it’s not only computers where ransomware will target, but wearables are especially vulnerable, as there can be little to no real security on these devices.

When struck by a ransomware attack, turn to a professional data recovery company and don’t pay any money to the criminals.  It’s likely that you will not get your back your data and your money will support other criminal activities, too!  Circuit Blue-The Data Recovery Experts has tools to recover data from 35 different ransomware variants.  As data and devices continue to proliferate our lives in every way, know how to protect yourself. Set strong passwords and dispose of unnecessary data.

High-quality encryption is the go-to standard for information security

Circuit Blue-The Data Recovery Experts also sees an increase in encryption across many verticals, not just government, finance or healthcare.  Every organization that stores sensitive information should take care to protect their data through encryption.

Information security professionals play a bigger role in enterprise IT decisions

Due to additional focus on data security and planned implementation of measures to comply with data protection, information security has become a driving force and a key decision maker in IT departments. Therefore, companies are eager to find solutions and services to meet their data recovery needs without giving their devices and data off-site.

Circuit Blue-The Data Recovery Experts must meet these changing customer demands and offer relevant services. This is the reason why Circuit Blue data recovery engineers have seen a 60 percent growth in onsite and offsite  data recovery requests in the last year.  As data recovery protocols will change in the future due to the increased data security sensitivity, more data recovery requests will be either handled off-site, or when possible, as a remote recovery, which also meets the highest data security standards.

Pic courtesy:-innovativei

Petya Ransomware Strikes Again

Spanning back to the early 1990s and making a brief reappearance in early 2016, a variant of Petya (also called Petrwrap) Ransomware has resurfaced once again, this time referred to as Petya A or NonPetya.  As far as what is already known about the recent attack which hit companies, public health care and governments organizations, as well as airports in the U.S., Russia, Ukraine, Germany, France, Italy, Poland and the UK, the newer and more robust version was inspired by the recent WannaCry Ransomware attack in May.  With this particular Ransomware, criminals do not encrypt all files on your computer, but rather attack a part of the operating system called the Master File Table (MFT), which then overwrites the MBR (Master Boot Record).  Much like the WannaCry Ransomware attack, the virus requires the victim to pay a digital ransom through Bitcoin in order to regain control.

Impact of Petya

The MFT is critical for the system to know where to find files on the computer.  It holds the same effect as if each file had been locked separately.  Why is this significant?  It is a lot faster to attack the MFT than to encrypt each file separately – making this a seamless and fast-moving attack.

According to researchers at the computer security company, Symantec, the new attack is using the same hacking tool (Eternal Blue) that was initially created by the National Security Agency (NSA) to combat the WannaCry Ransomware.  The tool was leaked last April by a group known as the Shadow Brokers.

According to a researcher at Armor, the Petya attacks are projected to be much more damaging than WannaCry.  There is no obvious killswitch with this virus, which has proven to be difficult in mitigating the effects.  Because this version of Petya carries significantly upgraded features, it is expected to infect the latest and even patched Windows PCs, including version 10, whereas WannaCry focused primarily on older systems.

If infected by Ransomware…

Even with the best precautions and policies in place, it is possible to fall victim to an attack. In the event that your data is held hostage by Ransomware, here is some advice to keep in mind:

  • Remain calm. Rash decisions could cause further data loss. For example, if you discover a Ransomware infection and suddenly cut power to a server, versus powering it down properly, you could lose data in addition to the infected data.
  • Check your most-recent set of backups. If they are in-tact and up-to-date, the data recovery becomes easier to restore to a different system.
  • Never pay the ransom because attackers may not unlock your data. There are many cases of Ransomware victims paying the ransom demanded and not receiving their data in return. Rather than running this risk, companies should work with data recovery experts who may be able to regain access to the data by reverse engineering the malware.
  • Contact a specialist for advice and to explore recovery options. We can examine your scenario to see if we have a solution already in place or if we are able to develop one in time.

To date, engineers at Circuit Blue have identified over 188 variations of Ransomware that infect user devices and there are more variations created every day, plus others that may not have been reported already.  The team of engineers in Circuit Blue -The Data Management Experts is working around the clock to identify and find a solution for each type of Ransomware.  There is hope for those who are infected with Ransomware.

Reach us @09962000271 / info@circuitblue.in

Page 1 of 3