The Ultimate Guide to Ransome ware

WHAT IS RANSOMWARE? AND WHY SHOULD YOU CARE?

Ransomware is a kind of malicious software that, takes over your Computers and advances you with outrage, by creating a barricade from accessing your data. Later the attackers demand a ransom from the prey, ensuring to restore access to the data upon payment.
Users are given instructions on how to pay ransom to get the decryption key. The ransom can range from a few hundred dollars to millions, and the mode of payment is accepted only in Bitcoins.

Functioning Of Ransomware:

There are various vectors ransomware that can take control of your computer. One of the best and most commonly used attacks is phishing spam, where the attacker attachers the ransomware virus to the victim’s mail and is sent to him. Masking as an original and important trustworthy mail. Once the attachments are downloaded and opened, the attacker can take our the victim’s computer, particularly if they are built-in social engineering tools which give the administrative access to the attackers. There is still the worst impact of these attacks like NotPetya or by exploiting the loopholes to affect the virus without even the need for tracking the victim’s computers.

There are several things the attacker’s malware might do once it takes over the victim’s computer, the first and most important the malware does is that it encrypt all the data and files in the computer. The most important thing to be known at the end of the process is that the files cannot be decrypted without the mathematical key which is only known to the attacker. The attackers will also leave a message saying that the files in the system is accessible by the attacker and will only be decrypted if the victims agree to send an untraceable Bitcoin transaction payment to the attackers

In the certain form of malware, the attackers might even claim to be a law enforcement agency by shutting down the victim’s computer due to the carriage of pornography or pirated software in it and demanding the payment of FINE. In these cases, the victim cannot move a legal step against the attacker because of his loopholes. There is also a variation called Leakware or Doxware, in which the attacker threatens the victim to display his sensitive information to the public until and unless a ransom is paid. But finding this kind of extracts is not a toy play for the hackers. The most common type of ransomware attack is encryption attack.

Targets Of Ransomware Attack

Attackers choose any organization or Companies under many criteria. Sometimes it is just the matter of the opportunities, for example, attackers targets universities because they tend to have very weak defense systems and smaller security systems and lots of sharing of files happen on the server-based system so it is easy to penetrate the defense system.

On the other hand, many organization is attracting targets because they are most likely to pay the ransom. For examples, government agencies like Income Tax and medical departments need urgent access to their files which contains all the sensitive and important data and amenable to pay the ransom. And these organizations are most likely to be sensitive to leakware attacks.
But don’t feel like you’re safe if you don’t fit these categories: as we noted, some ransomware spreads automatically and indiscriminately across the internet.

Prevention Of Ransomware

There are various levels of defenses that can be taken to prevent yourself from ransomware attacks. These steps are good security practices in general, so following these steps will help you to prevent yourself from falling as prey to ransomware attacks:

  1.  Keep your system vulnerabilities free or with fewer vulnerabilities to exploit by updating your system up-to-date and by keeping your system patched.
  2. Never ever install software or give them administrative permissions unless and until you know what exactly the software does.
  3. Install antivirus software and keep it up-to-date, which helps in the detection of malicious programs or blocks malicious program download. It also prevents the unauthorized application from downloading from any unknown sources in first place.

Removal Of Ransomware

If your computers have been injected with a ransomware attack. And if u need to regain control of your computer then please do follow these steps:
The following step has all the details on how to remove Ransomware.

  1.  Boot Windows to safe mode.
  2. Install antivirus and antimalware software.
  3.  Perform a full system scan for malware and ransomware.
  4. Restore the computer to its earlier settings.

But Here Are A Certain Important Thing That Needs To Keep In Mind

While you are following the process, these steps can remove the malware from your computer and restore it back to your control, but these steps will not decrypt your files.Their conversion into the unread ability has occurred,

 if the malware is at all complicated it will be mathematically or technically impossible for anyone to decrypt them without the access of the key code. In fact, if you have removed the malware, then you have still had still prevented a chance from restoring your files by paying the attacker the ransom he has demanded.

Facts And Figures On Ransomware

Ransomware is a huge business across the globe. The market of ransomware is expanded rapidly from decades and there is a lot of money in ransomware, which resulted in $5 billion dollars approx in losses this includes both ransom paid and time is taken to recover the files and data. At the beginning of 2018 ransomware named SamSam collected around a $1 million in ransom money.

Many companies are prone to ransomware attacks and to pay the ransom. The biggest ransomware attacks are targeted at hospitals or other medical organizations, which are easy targets. Attackers know the fact that the organizations will never risk their names by not paying the ransom as not only there name even they are even risking patients life, so they are most likely to pay the ransom. It is estimated that 45% of ransomware attacks hospitals, medical institutes and on record that 85% of malware infectious at health organizations are ransomware. And another attracting industry for the attack is “The Financial Sector” it is approximated that 90% of financial organizations were targeted in 2017.

The anti-malware software won’t protect you cent percent. But the developers constantly tweaks the ransomware so, its signatures are not caught by the typical antivirus programs. On a serious note, most of the victims had running up-to-date antivirus which means an end to end protection on the infected machines.

The one and only “Good news on ransomware” is, that it is not widespread. The number of attacks, popping the mid-10s, has gone into a great decline, though the beginning numbers were high enough. But at the beginning of 2017 the attacks were up to 60% but in the present days, it is reduced to 5% which is a great fall of attacks.

 

A Sudden Decrease Of Attacks:

What was the reason in the huge decline of the attack? It was the strict rules and regulation made by the cybersecurity against cybercriminals. And it was the economic decision based on the cybercriminal’s currency of preference “Bitcoin” Extracting the ransom form a victim is anyways a success or waste of time. Sometimes even if the company wants to pay the ransom but they are not familiar to the bitcoins currency and how it actually works.

According to Kaspersky antivirus, the decline in ransomware has raised in so-called crypto mining malware, this malware infects the victim computer and uses its computing power to create bitcoin without the knowledge of the owner. This is the most know route to uses someone else’s resource to get bitcoin that bypasses most of the barricades by scoring a ransom, and it has got more scope in 2017 because of the hike in the price of bitcoins.

As they explained there are two kinds of ransomware attacks: “Commodity” attacks that try to inject computers indiscriminately by enormous volume and includes so-called ransomware as a service these are the platforms where the criminals rent cybercriminals for attacks. And they target the most vulnerable market and organization.

With the price of bitcoins decreasing gradually from 2018, the cost-benefit analysis for attackers may drop down. Ultimately using of any ransomware or crypto mining is a game decision for the attackers.

The Most Famous Ransomware Attacks:

1. WannaCry
2. NotPetya
3. Locky
4. CryptoLocker
5. TeslaCrypt
6. SimpleLocker
And the list gets going longer.

Should The Ransom Be Payed:

In certain situations, there is no way other than paying the ransom. But there are situations where you can even recover the files if the attacker is a script kid.

For Ransomware Removal Contact:texial

Top 5 Indian Ethical Hackers in 2020

1. Vivek Ramachandran :

Vivek Ramachandran is a security researcher and cybersecurity specialist. His field of expertise includes computer and network security, wireless security, exploit researcher. computer forensics, compliance, and e-Governance, compliance. He has written many books which are published worldwide in mid of 2011- Few of his books are ” Wireless Penetration Testing ” and ” The Metasploit Megaprimer”. Vivek is a B.tech graduate from IIT Guwahati and an advisor to the computer science department’s security lab.

top 5 cyber security expert blog

Vivek is an internationally acclaimed speaker and has spoken in hundreds of conferences worldwide. Some of his known and renowned talks include – “WEP Cloaking Exposed” at Defcon 15, USA, Las Vegas and “The Caffee Latte Attack” at Toorcon, San Diego, USA. Both of these conferences talks were covered extensively by international media BBC Online, The Register, Mac world, Network World, Computer Online etc. He also has conducted Corporate training around the world and workshops apart from his speaking engagements.

In 2006, Microsoft announced Vivek as one of the winners of the Microsoft Security Shootout Contest held in India among an estimated 65,000 participants. The competition was focused on finding leading Security Experts in India. Vivek was also rewarded a Team Achievement Award by Cisco Systems for his contribution to the Port security modules in the catalyst 6500 series of switches and 802.1x. These are the high-end security features used.

Vivek was recommended in the evening edition of CBS5 in the US where he coached the general public on the dangers of using WEP in wireless. He also worked as Cybersecurity consultant at Fortune 500 companies in the field of Information Security. The Caffe Latte Attack discovered by Vivek was covered by CBS5 news. Vivek is now a part of Wireless Security textbooks and various other wireless Penetration testing tools.

He is also one of the known hacking and cybersecurity community, as the founder of Security.net, a free video based on the computer security educational portal. SecurityTube gets an average of 80,000 visitors monthly and is considered as one of the most visited sites for security education.

 

2. Ankit Fadia :

Ankit Fadia was born on 24 May 1985, he is an author, speaker, television host, and an “ethical hacker”, his field of specialization is OS and Networking based tips and tricks, proxy website and lifestyle.

In 2008 Ankit started a television show on MTV India called “What The Hack”, Which he co-hosted with Jose Covaco. This show was mainly about how to make good use of the internet and answered people’s technology-related questions. In 2013, Ankit started with a YouTube channel “Geek On The Loose”, in collaboration with PING networks, where he started giving technology related tips and tricks.

A number of his achievements have been disputed by others within the cybersecurity industry, and he was awarded a “Security Charlatan” of the year at DEF CON20 in 2017. Attrition.org also surveyed his alleged credential and added him to their Security Charlatans list. He is also been accused of plagiarism in his work. His claims of hacking grow since he has been trashed by many magazines

After Ankit’s first book “The Unofficial Guide to Computer Hacking” came in the limelight, Ankit became popular among the corporate clients in India as well as on the Conference speaking panels. He published more books on Computer Security, started giving seminars across schools and colleges in India. Ankit started providing his own computer security training courses, including the “Ankit Fadia Certified Ethical Hacker” programme in coordination with Reliance World.

In 2008, the IMT Ghaziabad Center for Distance Learning signed an agreement with Ankit to host its own one-year Post-Graduate Diploma in Cyber Security.
In 2009, Ankit said that he was working for in New York as an Internet Security expert for many prestigious companies. Ankit also supports the Flying Machine jeans brand of Arvind Mills
Ankit was dismissed as a fancy by some security and cryptography enthusiast, who assigned his success to the tech-illiterate media.

3. Sunny Vaghela:

Sunny Vaghela founder of Tech defense labs, was graduated from Nirma University.
Sunny Vaghela exposed the loopholes in SMS and Calls in mobile network at the age of 18. He also launched websites where the complaint against cybercrime was registered and solved.


Sunny also finds loopholes like “Cross-site scripting” and “session Hijacking” in popular websites one among them is “www.orkut.com” at his age of 19.
Sunny Vaghela solved many challenging cases of cyber-crimes for Ahmedabad crime branch including credit card Fraud cases, Biggest Data theft cases, Phishing cases, Orkut fake profile cases, etc.

Sunny Vaghela has also been leading training and consulting team at Techdefence for last 7 years. More than 60000 people are trained under Sunny from 650+ Educational Institution under HackTrack & CCSE verticals of Techendence. He also assists Financial Institutions, E-Commerce, Logistic Industry, and Media.

4. Trishneet Arora :

Trishneet Arora was born on 2nd November 1993. Arora is an entrepreneur who found a Cyber Security company that provides protection to corporations against data theft and network vulnerabilities. Few of his clients are Central Bureau of Investigation, Reliance Industries, Gujrat Police and Punjab Police. Arora helps the Punjab and Gujarat Police in cyber crimes, for which he has also conducted training sessions with Police Officials.

Trishneet Arora’s company TAC Security provides penetration testing and vulnerabilities assessment services. According to Trishneet Arora, there has been an enormous increase in the number of attacks against many portals of many international companies. TAC Security raised funding in 2016 for Pre-series funding from Indian investors Vijay Kedia, Earlier to this TAC Security also had approached Subider Khurana former Vice president of Cognizant on its board. By the mid of 2017 TAC was also recognized by Vice President of IBM, William May, and Singapore based former regional sales director of Imperva. Arora has also written many books on Cyber Security, Web Defence and ethical hacking. Arora was named 30 under 30 2018 Asian list.

Trishneet Arora was awarded many awards. In 2018 he was awarded Leaders of Tomorrow by St. Gallen Symposium, Forbes 30 Under 30 by Forbes Asia, Entrepreneur 35 Under 35 by Entrepreneur (magazine), In 2017 he was awarded News Maker of 2017 by Man’s World (magazine), The 50 Most Influential Young Indians by GQ Magazine so on, Arora has won many more awards in a row.

5. Sai Satish :

Sai Satish is one of the young Entrepreneur, Founder, and CEO of Indian Servers. He is also the Administrator of Andhrahackers which is the elite hacking awareness forum in INDIA.

Being an author a renewed Ethical Hacker and Cyber Security Expert at International Cyber Security, Microsoft Security Researchers. Awareness is spread between thousand of college and Professionals are benefited by his awareness lectures over the world. Satish also worked as Net Trainer, Microsoft Student Partner etc. Satish was rewarded by IAS Officer for pentesting on government sites, which gave him huge exposure and helped them to improve security, Forensics Investigator and safe transaction.

Few of Sai Satish Achievements:-
> Enhancing quality in training & teaching in INDIA.
> Development of resources in Humans of INDIA.
> Desalination of seawater.
> Interlinking of Indian rivers.

The Guide to OWASP top 10 (updated)

THE GUIDE TO OWASP TOP 10 VULNERABILITIES IN WEB APPLICATION

Owasp stands for Open Web Application Security Project, non-profitable organization and founded in 2001, it is one of the major concepts in data application security field. It only focuses on the Back-End part than the designing issues. It is an open forum for discussion regarding web app security field and free resources for the free development team. It guides you to business critical issues related to web app which are more popular nowadays. They come up with standards and conferences to help the organization as well enthusiast and researches in the domain of security.

Owasp top 10 is the list of the most encountered application vulnerability,
It shows their risks, impact, and countermeasures. It keeps updating and the latest release has been released this year. The organization publishes a list of top web security vulnerabilities based on the data from various security organizations. It appeals to all companies to adopt this awareness document within their organization and start the process of ensuring that their web application for minimizes risks.

owasp-topp-10-complete-guide-by-texial

OWASP Top 10 Web Application Vulnerabilities

 

1. Injection

 

2. Broken Authentication

 

3. Sensitive Data Exposure

 

4. XML External Entities (XXE)

 

5. Broken Access Control

 

6. Security Misconfiguration

 

7. Cross Site Scripting (XSS)

 

8. Insecure Deserialization

 

9. Using Components With Known Vulnerabilities

 

10. Insufficient Logging And Monitoring

 

1.Injection

If your application receives user inputs and fetches data without validating them then your application falls under this category. The big company are hit by this type of attack, a successful attack may result in viewing unauthorized user lists, altering the entire tables and may also have full access and rights to the database which leads actually to business loss.

 How It Works

using SQL queries, the attacker can request to view, alter the content of a database

Initially, SQL is a language to talk with a database, it is fairly like English, you can actually say things like “select from this table”, it does not seem to be a complicated language like the remaining programming languages and you get results back from the database. This was fine until the www came along and attackers have got a different view when it comes to searching for a piece of information from a database

A hacker visits a website, navigates to its application where it is tied to some sensitive data, he/she can use the login page by knowing that it is tied to a database, whenever the attacker enters some strings in the username and password fields, there has to be some type of functionality that ties the credentials to the database, there has to be some type of validation that checks for the entered credentials before being able to make it through to the next page or to the account page

Prevention

  • Prepared statements force the developer to first define all the SQL code and then pass in each parameter to the query later
  • Stored procedures require a developer to build SQL statements that are parameterized
  • Use of safe API

 

2.Broken Authentication

the prevalence of broken authentication is widespread due to the design and implementation of most identity and access controls. The attacker can detect this vulnerability using manual methods and exploit them using automated tools with password lists and dictionary attack, the attacker has to gain access to only a few accounts or just one admin account to compromise the system depending on the domain

 How It Works

A broken authentication vulnerability can allow an attacker to use a manual or automated tool to try to have control over an account. If it validates then a valid session ID is given to the user, it also allows bypassing the authentication methods that are used by a web application. The objective is to take over one or more accounts to get the same privileges as the victim.

Default password could also be tried in such an attack where knowing the default manufacturer’s device for example ‘admin’ ‘admin’ , ‘root’ ‘password’, ‘root’ ‘toor’ as username and password.

Prevention

  • Credentials have to be protected when it is stored using a robust cryptographic algorithm.
  • Session ID should not be exposed in the URL.
  • There should be a timeout for every session when it exceeds its limit.
  • Credentials should not be sent over HTTP protocol.
  • Implement multi-factor authentication where possible

 

3. Sensitive Data Exposure

Every data has to be treated with high confidentiality but Letting unauthorized users read what it contents then it leads to this type of attack. A hacker takes advantages of inadequate security and unencrypted data stored while being transmitted or processed. It occurs when a secure channel is not implemented correctly if so, it leaves a hole for the attacker to steal sensitive information such as password, payment details or anything else.

Prevention

  • Encrypt the data and define accessibility
  • Secure authentication gateways using HTTP
  • Prevent weak password

 

4. XML External Entities (XXE)

An application is vulnerable to this attack if it enabled users to upload a malicious XML which further exploits the code and this can be used to steal, execute data, execute a remote request from the server, scan internal systems and perform other malicious tasks.

The attacker can exploit vulnerable XML processors if they can upload XML or include hostile content in an XML document, exploiting vulnerable code, dependencies or integrations

Prevention

  • Use a web application firewall to detect and block.
  • Code review.
  • Useless complex data formats whenever possible.
  • Patch or upgrade all XML processor and libraries.

 

5.Broken Access Control

It refers to the policies that users cannot get access outside of their intended account, failure will typically lead to unauthorized information disclosure, stealing user’s credentials to impersonate a user and perform malicious activities with all permissions that had been set for the user during the first day of its existence and this allows the attacker to exploit and access unauthorized functionalities.

This type of vulnerability is common due to the lack of automated detection and effective functional testing. The most critical situation depends on what kind of information or features the attacker can get access to from a basic a small to a big amount of data.

Prevention

  • Strong password policy
  • Secure password files
  • Use of multifactor authentication
  • Restrict access to systems
  • Account management
  • User awareness
  • Log access control failures to alert admin

 

6.Security Misconfiguration

This type of vulnerability could occur when there is an unnecessary feature enabled in the web application. It can happen at any level of an application stack, including its platform, web server, etc. This can happen when leaving open unused operating system ports or using outdated software libraries and the main issue is due to the wrong application logic

The attacker will often attempt to exploit unpatched flaws or access default account, unprotected files and directories to gain unauthorized access or knowledge of the system, these flaws result in a complete system compromise.

Prevention

  • Remove any unnecessary features or plugins
  • Change username and password for any default account
  • Not to present stack traces to users
  • Set the appropriate settings
  • Setting up an automated process to check all the necessary features after adding any new feature
    or updates

 

7.Cross Site Scripting (XSS)

Cross Site Scripting known as XSS is a code injection attack allowing the injection of malicious code into the website and targeting the visitors of the site It is currently one of the most common websites attacks, with almost every website requiring the user to have JavaScript turned on, rather than being an attack on the website itself, it uses the website as a mean to attack the users of that website. When you can get your XSS permanently on a website, all those who visit that page will have the JavaScript executed by their browser.

Malicious code can be used to do all sorts of malicious tasks, like stealing user’s cookies, allowing for someone to use the website pretending to be that user, redirect to phishing, force a user to make an action, It can modify the page to make it look different or behave differently. It may be obvious to see a code on the end of a URL, techniques of hiding it are also possible. It needs to be something that interacts with either a database or file storage.

Prevention

Input validation is necessary wherever the website takes something from the user such as a parameter from a URL or data from a text post, an obvious way to mitigate this attack is to limit allowable user inputs and this can be done by establishing a list of restricted characters, for example, you can prevent user from inputting certain scripting characters like < > or quotes and this work only as you include every potentially dangerous character and sometimes it is difficult to come up with everything so another technique should be implemented to add additional security. Applying context-sensitive encoding. Escaping untrusted HTTP request.

 

8.Insecure Deserialization

Serialization is a way to store an object or structure as text that can be easily stored and transmitted, an example would be a game that stores the state locally as an object. When a game is finished, the state would be sent to the server that logs all the high scores, it is not possible to directly send the object, which is why it is serialized, the server now retrieves the data from the client but to do anything with the data, the server needs to reverse the serialization process which is nothing but deserialization.

Developers know to sanitize normal user input as it could contain anything, but as serialized data is handled as an object, this is often forgotten. Another example when you finished playing a game and want to submit your high score a serialized object of the game state is included in the URL, an attacker can insert a payload into the URL, the server will deserialize the object and make it part of the query which will result in showing the score of everybody instead

Prevention

Some tools can discover deserialization flaws but human assistance is frequently needed to validate the problem. This flaw can lead to remote code execution attack also. Implementing integrity checks such as digital signatures on any serialized objects, logging deserialization exceptions, and failures such as where the incoming type is not the expected type or the deserialization throw exceptions. Restricting or monitoring incoming and outgoing network connectivity from containers or servers that deserialize and alerting if a user deserializes constantly

 

9.Using Components With Known Vulnerabilities

Some vulnerable components like framework or application or anything else that can be identified and exploited. Defining third-party components is like any part of the web application developed outside your organization. Let’s consider components as either binary or source code distributed to you from outside your company, these could be open source and accessible in the public domain or commercial and available to limited paying customers. Developers find and use libraries from a variety of places, nearly every web application on the planet uses open source components on either the server side or the client side.

For example, open source like JavaScript libraries such as JQuery is used ubiquitously for web applications, server-side frameworks such as Ruby on Rails struts spring and .net, model-view-controller are extremely popular for enforcing architectural patterns, in addition, innumerable other libraries such as hibernate log4j and bouncy castle are used to facilitate the implementation of targeted feature requests within the application, clearly, a substantial amount of our application is not actually developed in house,

some companies have a very open policy with regards to selecting components allowing developers to use their discretion during the development process, other organizations restrict the use of outside components allowing only those components considered approved by some formal internal process.

If you do not know the versions of all components you use including client side and server side, if the software is vulnerable, or outdated, this includes the operating system, database, APIs and all
components and libraries.

Prevention

  • It is the architect’s responsibility to design a highly secure base model with a good design pattern as per the business requirements
  • It is the developer’s job to write the code in a secure way with efficient testing.
  • Maintain a secured network and firewall to monitor.
  • Conduct often security audits to be safe from any attack.
  • All components have to be up to date
  • Obtain components only from official sources only.
  • Remove unused features, unnecessary dependencies, and file.

 

10.Insufficient Logging And Monitoring

Crucial to network security or any organization that wants to deploy any kind of network security and this is mandatory otherwise if you do not log network events and you do not monitor the state of the network then how to know your network and users are behaving as expected, not breaking policies, it can be that users are trying on purpose to bypass the built-in configured network security policies and technologies or if an intruder trying to take over the network and leaking sensitive data.

For example, users trying to get more access to the internet than they are allowed to or they are in systems are infected and without them even knowing there was an infected system and the malicious code residing on the system trying to leak information out of the company to the attacker in the internet. Monitoring means that is you are going to have the more devices that you are going to send logs from and again the more device is going to monitor them which means that you have a huge amount of data to be processed and interpreted by your logging system which is not possible by a human being, imagine like you have a huge network where you have many users and similar devices and a lot of traffic happening back and forth, a human cannot correlate, grab all of those logs and understand what happens.

Prevention

  • Ensure that logs are generated in a way that can be easily interpreted by a centralized log
    management system
  • Establish an incident response and a backup
  • Establish a security auditing regularly
  • Establish an effective monitoring and alerting