Avast_Blog_Security_News: German ransomware victim hacks back

[harlan4096]

Plus, the FBI cautions some cyberattacks can bypass MFA; 37,000 Canadian TransUnion customers may be compromised; and French experts warn of multiple cyber-espionage incidents

After paying his attacker €670, ransomware victim Tobias Frömel sought revenge by hacking into the attacker’s command and control center and generating decryption keys for all the other victims who suffered the same attack. Frömel explained to Bleeping Computer that he was able to pull from the attacker’s server the Hardware IDs for each of the 2,858 victims stored in the server’s database, along with each victim’s unique decrypter key. Called “Muhstik” Ransomware because the encrypted files get a .muhstik extension, the attack locks victims out of their files unless they pay a ransom by a given date. Frömel, a German programmer, shared the fruits of his hacking labor on Twitter and Bleeping Computer’s forum, providing victims with their decryption keys as well as a decryptor tool they would also need to restore their files. Hacking back may have served justice in this case, but it’s not necessarily the right approach for all victims, says Avast Evangelist Luis Corrons. “A better approach might be to contact law enforcement instead of going public,” Corrons says. “Although it could take longer, chances are that the cybercriminals behind ransomware could be charged and arrested.”

This week’s stat

Companies that reported above-average diversity on their management teams also reported innovation revenue that was 19 percentage points higher than that of companies with below-average leadership diversity. Read Robin Selden on rethinking diversity.

FBI warns attacks can bypass multi-factor authentication

The FBI warned in a security advisory of the rising threat of cyberattacks that circumvent MFA (multi-factor authentication), ZDNet reported. MFA is an extra security protocol offered by many online accounts in which users validate their identity through an extra step, such as a PIN sent to their phone or an additional security question to answer. The FBI specifically called out SIM swapping, MFA webpage vulnerabilities, and targeted attacks by credential-stealing phishing tools as the leading methods used by cybercriminals. The FBI said MFA remains a powerful safeguard, and Avast’s Corrons agreed: “MFA is a must, and cybercriminals will first go after the low hanging fruit of people not using it.” Strong passwords remain a powerful defense before attackers reach the MFA stage of a hack. Learn more about strong passwords here.

This week’s quote

"Low awareness of the problem is a problem, as well. At Avast, we believe people should have more control personally over their data and how it is manipulated." – Avast CEO Ondrej Vlcek on privacy risks related to AI and the IoT.
...  

Continue Reading