<![CDATA[Geeks for your information - Heimdal Security Blog Articles]]>

<![CDATA[Geeks for your information - Heimdal Security Blog Articles]]> https://www.geeks.fyi/ Fri, 08 May 2026 14:17:06 +0000 MyBB <![CDATA[Ransomware Explained. What It Is and How It Works]]> https://www.geeks.fyi/showthread.php?tid=16206 Thu, 30 Sep 2021 11:30:04 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=16206 Quote:

[Image: ransomware-explained-cover-7.png]

Every day, cybersecurity specialists detect over 200,000 new ransomware strains. This means that each minute brings no less than 140 strains capable of avoiding detection and inflicting irreparable damage. But what is ransomware in the end? Briefly, ransomware is one of the most common and most dangerous cyber threats of today, with damaging consequences for individuals and businesses alike.

In this article, I will explain what ransomware is, how it works, its tops targets, how to prevent it, and what to do if attacked. Besides, recent statistics and ransomware examples will show you real facts to make you understand that ransomware really happens and how!

What Is Ransomware?

Ransomware is a sophisticated piece of malware (malicious software) that encrypts all the data on a victim’s PC or mobile device, blocking the data owner’s access to it. After the infection happens, the victims receive a message telling them that a certain amount of money must be paid (usually in Bitcoins) in order to get the decryption key. Normally, there is also a time limit for the payment to be completed, otherwise, the files could be lost forever. It should be noted that there is no guarantee that even if the victim pays the ransom, he/she will receive the decryption key.

How Does Ransomware Work?

Every ransomware has different behavior. There are 2 types of ransomware: locker ransomware and encrypting ransomware. The first locks the victim out of the operating system making it impossible to access the desktop and any apps or files and the latter is the most common which incorporates advanced encryption algorithms and it’s designed to block system files.

However, the result is always the same. Locking files or systems and demanding a ransom for their recovery. Here are some common steps on how ransomware works:

1. Ransomware Delivery and Deployment

Cybercriminals simply look for the easiest way to infect a system or network and use that backdoor to spread the malicious content. Nevertheless, these are the most common infection methods used by cybercriminals:

Phishing email campaigns that contain malicious links or attachments (there are plenty of forms that malware can use for disguise on the web);
Security exploits in vulnerable software;
Internet traffic redirects to malicious websites;
Legitimate websites that have malicious code injected into their web pages;
Drive-by downloads;
Malvertising campaigns;
SMS messages (when targeting mobile devices);
vulnerable Remote Desktop Protocol exploitation.

2. Lateral Movement

After the initial access, ransomware spreads via lateral movement tactics to all devices in your network and tries to get full access. If no micro-segmentation or network segmentation is put in place, the ransomware will move laterally on the network, this meaning that the threat spreads to other endpoints and servers in the entire IT environment, therefore engaging in self-propagation. This way, hackers can use detection evasion techniques to build persistent ransomware attacks.

3. Attack Execution

Data exfiltration

If in the past ransomware used tactics like weak symmetric encryption, now ransomware operators leverage more advanced methods like data exfiltration. Basically, hackers can exfiltrate sensitive business data before making the encryption leading to double extortion: this way, cybercriminals can threaten organizations to make their private information public if the ransom is not paid. Keeping data hostage is no longer the only method.

Destroy backups

Ransomware will look for backups in order to destroy them before encrypting data. This type of malware can recognize backups by file extension and documents stored in the cloud could be at risk too. Offline backup storage or read-only features on backup files might prevent backups recognition and deletion.

Data Encryption

Ransomware is practically the combination of cryptography with malware. Ransomware operators use asymmetric encryption, a.k.a. public-key cryptography, a process that employs a set of keys (one public key and one private key) to encrypt and decrypt a file and protect it from unauthorized access or use. The keys are uniquely generated for the victim and only made available after the ransom is paid.

It is almost impossible to decrypt the files that are being held for ransom without access to a private key. However, certain types of ransomware can be decrypted using specific ransomware decryptors.

Demand Ransom

After encryption, a warning pops up on the screen with instructions on how to pay for the decryption key. Everything happens in just a few seconds, so victims are completely dumbstruck as they stare at the ransom note in disbelief.
... Continue Reading]]> Quote:

Phishing email campaigns that contain malicious links or attachments (there are plenty of forms that malware can use for disguise on the web);
Security exploits in vulnerable software;
Internet traffic redirects to malicious websites;
Legitimate websites that have malicious code injected into their web pages;
Drive-by downloads;
Malvertising campaigns;
SMS messages (when targeting mobile devices);
vulnerable Remote Desktop Protocol exploitation.

[Image: hs-Most-companies-protect-themselves-fro...4F7075.png]

You might think that you’re taking all security measures to protect your company, but have you ever considered that the danger might come from within? Insider threat is a very serious menace, as many big organizations have discovered on their own.

What Is an Insider Threat?

The term insider threat refers to the threats that organizations face from employees, former employees, business associates, or contractors. These people have access to inside information related to the company’s data, computer systems, security practices, so any fraud, theft or sabotage on their part would hover over the organization’s security.

The malicious insiders’ cybercrimes can include espionage, unauthorized disclosure of information, information technology sabotage, loss or degradation of the organization’s resources.

You might think that you’re taking all security measures to protect your company, but have you ever considered that the danger might come from within?

Insider threat is a very serious menace, as many big organizations have discovered on their own.

What Is an Insider Threat?

The term insider threat refers to the threats that organizations face from employees, former employees, business associates, or contractors. These people have access to inside information related to the company’s data, computer systems, security practices, so any fraud, theft or sabotage on their part would hover over the organization’s security.

The malicious insiders’ cybercrimes can include espionage, unauthorized disclosure of information, information technology sabotage, loss or degradation of the organization’s resources.

According to the FBI, the malicious insiders’ motivations can be personal or organizational:

Quote:
Personal Factors

[…]

Greed or Financial Need: A belief that money can fix anything. Excessive debt or overwhelming expenses.

Anger/Revenge: Disgruntlement to the point of wanting to retaliate against the organization.

Problems at work: A lack of recognition, disagreements with co-workers or managers, dissatisfaction with the job, a pending layoff. […]

Ego/Self-image: An “above the rules” attitude, or desire to repair wounds to their self-esteem. Vulnerability to flattery or the promise of a better job. Often coupled with Anger/Revenge or Adventure/Thrill. […]

Compulsive and destructive behaviour: Drug or alcohol abuse, or other addictive behaviours.

Family problems: Marital conflicts or separation from loved ones.

Organizational Factors

[…]

The availability and ease of acquiring proprietary, classified, or other protected materials. Providing access privileges to those who do not need it.

Proprietary or classified information is not labelled as such or is incorrectly labelled.

The ease that someone may exit the facility (or network system) with proprietary, classified or other protected materials.

Undefined policies regarding working from home on projects of a sensitive or proprietary nature. […]

Employees are not trained on how to properly protect proprietary information.

Types of Insider Threats

When it comes to the usual suspects, the press usually points out two types of insider threats: malicious insiders/turncoats and negligent insiders/pawns.

Malicious insiders deliberately steal data. Whatever their reasons might be, they will exfiltrate valuable data like financial or personally identifiable information through various means. They can create backdoors and install remote network administration tools, install malware or other unauthorized software, disable antivirus software and change passwords etc.

Negligent insiders simply refer to regular employees that make mistakes like sending an email with sensitive information to the wrong person, fall for a clever phishing or spearphishing attack, or lose access to their work accounts or devices. Insider Threat IndicatorsAs FBI notes, the clues that point to an insider threat are:

Quote:
Without need or authorization, takes proprietary or another material home via documents, thumb drives, computer disks, or e-mail. Inappropriately seeks or obtains proprietary or classified information on subjects not related to their work duties.

Interest in matters outside the scope of their duties, particularly those of interest to foreign entities or business competitors.

Unnecessarily copies material, especially if it is proprietary or classified.

Remotely accesses the computer network while on vacation, sick leave, or at other odd times. […]

Works odd hours without authorization; notable enthusiasm for overtime work, weekend work, or unusual schedules when clandestine activities could be more easily conducted. […]

Overwhelmed by life crises or career disappointments.

Insider Threat Examples

Sage

The Microsoft data breach happened because, at the beginning of December 2019, the employees misconfigured the security rules of a new version of Azure and the access to the database wasn’t protected with a password or two-factor authentication.

The leaked data didn’t contain any personally identifiable information and Microsoft secured the database as soon as they discovered it and notified the affected users, so the company didn’t suffer any fines or penalties.
... Continue Reading]]> Quote:

According to the FBI, the malicious insiders’ motivations can be personal or organizational:

Quote:
Personal Factors

[…]

Greed or Financial Need: A belief that money can fix anything. Excessive debt or overwhelming expenses.

Anger/Revenge: Disgruntlement to the point of wanting to retaliate against the organization.

Problems at work: A lack of recognition, disagreements with co-workers or managers, dissatisfaction with the job, a pending layoff. […]

Ego/Self-image: An “above the rules” attitude, or desire to repair wounds to their self-esteem. Vulnerability to flattery or the promise of a better job. Often coupled with Anger/Revenge or Adventure/Thrill. […]

Compulsive and destructive behaviour: Drug or alcohol abuse, or other addictive behaviours.

Family problems: Marital conflicts or separation from loved ones.

Organizational Factors

[…]

The availability and ease of acquiring proprietary, classified, or other protected materials. Providing access privileges to those who do not need it.

Proprietary or classified information is not labelled as such or is incorrectly labelled.

The ease that someone may exit the facility (or network system) with proprietary, classified or other protected materials.

Undefined policies regarding working from home on projects of a sensitive or proprietary nature. […]

Employees are not trained on how to properly protect proprietary information.

Quote:
Without need or authorization, takes proprietary or another material home via documents, thumb drives, computer disks, or e-mail. Inappropriately seeks or obtains proprietary or classified information on subjects not related to their work duties.

Interest in matters outside the scope of their duties, particularly those of interest to foreign entities or business competitors.

Unnecessarily copies material, especially if it is proprietary or classified.

Remotely accesses the computer network while on vacation, sick leave, or at other odd times. […]

Works odd hours without authorization; notable enthusiasm for overtime work, weekend work, or unusual schedules when clandestine activities could be more easily conducted. […]

Overwhelmed by life crises or career disappointments.

[Image: Alina-Free-Ransomware-Decryption-1030x360.png]

Got infected with ransomware? Check out these free decryptors that will help you decode your data without paying the ransom

Ransomware is one of the most vicious cyber-threats out there right now. A dangerous form of malware, it encrypts files and holds them hostage in exchange for a payment.

If your network gets infected with ransomware, follow the mitigation steps below and use this list with over 190 ransomware decryption tools.

Steps to recover your data:

Step 1: Do not pay the ransom because there is no guarantee that the ransomware creators will give you access to your data.
Step 2: Find any available backups you have, and consider keeping your data backups in secure, off-site locations.
Step 3: If there are no backups, you have to try decrypting the data locked by ransomware using these ransomware decryptors.

Navigate through these links to learn more.

How to identify the ransomware you’ve been infected with

Oftentimes, the ransom note provides details about the type of ransomware your files have been encrypted with, but it can happen that you don’t have this information at hand. Readers have asked us to show which encryption extensions belong to which ransomware families. Many of these extensions signaled new types of encrypting malware, for which there are no ransom decryptors available.

If you need help with identifying what type of ransomware is affecting your system so that you know what decryption tools to use, one of the two options below can help you out:

Crypto Sheriff from No More RansomID Ransomware from MalwareHunter Team

Ransomware decryption tools – an ongoing listDisclaimer:

You should know that the list below is not complete and it will probably never be. Use it, but do a documented research as well. Safely decrypting your data can be a nerve-wracking process, so try to be as thorough as possible.

We’ll do our best to keep this list up to date and add more tools to it.

Contributions and suggestions are more than welcome, as we promise to promptly follow up on them and include them on the list.

Some of the ransomware decryption tools mentioned below are easy to use, while others require a bit more tech knowledge to decipher. If you don’t have technical skills, you can always ask for help on one of these malware removal forums, which feature tons of information and helpful communities.

.777 ransomware decrypting tool
7even-HONE$T decrypting tool
.8lock8 ransomware decrypting tool + explanations
7ev3n decrypting tool
AES_NI Rakhni Decryptor tool
Agent.iih decrypting tool (decrypted by the Rakhni Decryptor)
Alcatraz Ransom decryptor tool
Alma ransomware decryption tool
Al-Namrood decrypting tool
Alpha decrypting tool
AlphaLocker decrypting tool
Amnesia Ransom decryptor tool
Amnesia Ransom 2 decryptor tool
Anabelle Ransom decryptor tool
Apocalypse decrypting tool
ApocalypseVM decrypting tool + alternative
Aura decrypting tool (decrypted by the Rakhni Decryptor)
AutoIT decrypting tool (decrypted by the Rannoh Decryptor)
AutoLT decrypting tool (decrypted by the Rannoh Decryptor)
Autolocky decrypting tool
Avaddon ransom decryption tool
Avest ransom decryption tool
Badblock decrypting tool + alternative 1
BarRax Ransom decryption tool
Bart decrypting tool
BigBobRoss decrypting tool
BitCryptor decrypting tool
Bitman ransomware versions 2 & 3 (decrypted by the Rakhni Decryptor)
BitStak decrypting tool
BTCWare Ransom decryptor
Cerber decryption tool
Chimera decrypting tool + alternative 1 + alternative 2
CheckMail7 ransomware decryption tool
ChernoLocker ransom decryption tool
CoinVault decrypting tool
Cry128 decrypting tool
Cry9 Ransom decrypting tool
Cryakl decrypting tool (decrypted by the Rannoh Decryptor)
Crybola decrypting tool (decrypted by the Rannoh Decryptor)
CrypBoss ransomware decrypting tool
CryCryptor ransomware decrypting tool
Crypren ransomware decrypting tool
Crypt38 ransomware decrypting tool
Crypt888 (see also Mircop) decrypting tool
CryptInfinite decrypting tool
CryptoDefense decrypting tool
CryptFile2 decrypting tool (decrypted by the CryptoMix Decryptor)
CryptoHost (a.k.a. Manamecrypt) decrypting tool
Cryptokluchen decrypting tool (decrypted by the Rakhni Decryptor)
CryptoMix Ransom decrypting tool + offline alternative
CryptON decryption tool
CryptoTorLocker decrypting tool
CryptXXX decrypting tool
CrySIS decrypting tool (decrypted by the Rakhni Decryptor – additional details)
CTB-Locker Web decrypting tool
CuteRansomware decrypting tool (decrypted by the my-Little-Ransomware Decryptor)
Cyborg ransomware decryption tool
Damage ransom decrypting tool
Darkside ransomware decryption tool
DemoTool decrypting tool
Dharma Ransom Rakhni decryptor tool
DeCrypt Protect decrypting tool
Democry decrypting tool (decrypted by the Rakhni Decryptor)
Derialock ransom decryptor tool
Dharma Decryptor
DMA Locker decrypting tool + DMA2 Locker decoding tool
DragonCyber ransomware decryption tool
DXXD ransomware decryption tool
Encryptile decrypting tool
ElvisPresley ransomware decryptio n tool (decrypted by the Jigsaw Decryptor)
Everbe Ransomware decrypting tool
Fabiansomware decrypting tool
FenixLocker – decrypting tool
FilesLocker decrypting tool
FindZip decrypting tool
FortuneCrypt decrypting tool (decrypted by the Rakhni Decryptor)
Fonix ransomware decryption tool
Fury decrypting tool (decrypted by the Rannoh Decryptor)
GalactiCryper ransom decryptor
GandCrab decrypting tool
GetCrypt decryption tool
GhostCrypt decrypting tool
Globe / Purge decrypting tool + alternative
Globe2 decryption tool
Globe3 decryption tool
GlobeImpostor decryption tool
Gomasom decrypting tool
GoGoogle decryption tool
Hacked decrypting tool
Hakbit decryptor
Harasom decrypting tool
HydraCrypt decrypting tool
HiddenTear decrypting tool
HildraCrypt decryptor
HKCrypt ransom decryptor
Iams00rry decryptor
InsaneCrypt ransomware decryptor
Iwanttits ransomware decryptor
Jaff decrypter tool
JavaLocker decryptor
Jigsaw/CryptoHit decrypting tool + alternative
JS WORM 2.0 decryptor
JS WORM 4.0 decryptor
Judge ransomware decryptor
KeRanger decrypting tool
KeyBTC decrypting tool
KimcilWare decrypting tool
KokoKrypt decryptor
Lamer decrypting tool (decrypted by the Rakhni Decryptor)
LambdaLocker decryption tool
LeChiffre decrypting tool + alternative
Legion decrypting tool
Linux.Encoder decrypting tool
Lobzik decrypting tool (decrypted by the Rakhni Decryptor)
Lock Screen ransomware decrypting tool
Locker decrypting tool
Loocipher decryptor
Lorenz ransomware decryptor
Lortok decrypting tool (decrypted by the Rakhni Decryptor)
MacRansom decrypting tool
Magniber decryptor
MaMoCrypt ransomware decryption tool
Mapo ransomware decryptor
Marlboro ransom decryption tool
MarsJoke decryption tool
Manamecrypt decrypting tool (a.k.a. CryptoHost)
Mircop decrypting tool + alternative
Mira ransom decryptor
MegaLocker ransomware decrypting tool
Merry Christmas / MRCR decryptor
Mole decryptor tool
MoneroPay Ransomware decrypting tool
muhstik ransomware decryptor
my-Little-Ransomware decrypting tool
Nanolocker decrypting tool
Nemty ransomware decryptor
Nemucod decrypting tool + alternative
NMoreira ransomware decryption tool
Noobcrypt decryption tool
ODCODC decrypting tool
OpenToYou decryption tools
Operation Global III Ransomware decrypting tool
Ouroboros ransomware decryptor
Ozozalocker ransomware decryptor
Paradise ransomware decryptor
PClock decrypting tool
Petya decrypting tool + alternative
PewCrypt ransom decryptor
Philadelphia decrypting tool
PizzaCrypts decrypting tool
Planetary ransomware decrypting tool
Pletor decrypting tool (decrypted by the Rakhni Decryptor)
Polyglot decrypting tool (decrypted by the Rannoh Decryptor)
Pompous decrypting tool
PowerWare / PoshCoder decrypting tool
Popcorn Ransom decrypting tool
Professeur ransomware decryptor (decrypted by the Jigsaw Decryptor)
PyLocky Ransomware decrypting tool
Radamant decrypting tool
RAGNAROK decrypting tool
Rakhni decrypting tool
Rannoh decrypting tool
Ransomwared decryptor
Rector decrypting tool
RedRum ransomware decryptor
Rotor decrypting tool (decrypted by the Rakhni Decryptor)
Scraper decrypting tool
SimpleLocker ransomware decryptor
Simplocker ransomware decryptor
Shade / Troldesh decrypting tool + alternative
SNSLocker decrypting tool
SpartCrypt decryptor
Stampado decrypting tool + alternative
STOP Djvu Ransomware decryptor
SynAck ransom decryptor
Syrk ransomware decryptor
SZFlocker decrypting tool
Teamxrat / Xpan decryption tool
TeleCrypt decrypting tool (additional details)
TeslaCrypt decrypting tool + alternative 1 + alternative 2
Thanatos decryption tool
ThunderX decryptor
Trustezeb.A decryptor
TurkStatic Decryptor
TorrentLocker decrypting tool
Umbrecrypt decrypting tool
VCRYPTOR Decryptor
Wildfire decrypting tool + alternative
WannaCry decryption tool + Guide
WannaRen decryption tool
XData Ransom decryption tool
XORBAT decrypting tool
XORIST decrypting tool + alternative
Yatron decrypting tool (decrypted by the Rakhni Decryptor)
ZeroFucks decryptor
Zeta decrypting tool (decrypted by the CryptoMix Decryptor)
Ziggy ransomware decryptor
Zorab ransomware decryptor
ZQ ransomware decryptor

Ransomware families vs ransomware decryption tools

As you may have noticed, some of these ransomware decryptors work for multiple ransomware families, while certain strains have more than one solution (although this is rarely the case).

From a practical perspective, some of the decryptors are easy to use, but some require some technical know-how. As much as we’d want this process to be easier, it doesn’t always happen.

No matter how much work and time researchers put into reverse engineering cryptoware, the truth is that we’ll never have a solution to all of these infections. It would take an army of cybersecurity specialists working around the clock to get something like this done.
... Continue Reading]]> Quote:

.777 ransomware decrypting tool
7even-HONE$T decrypting tool
.8lock8 ransomware decrypting tool + explanations
7ev3n decrypting tool
AES_NI Rakhni Decryptor tool
Agent.iih decrypting tool (decrypted by the Rakhni Decryptor)
Alcatraz Ransom decryptor tool
Alma ransomware decryption tool
Al-Namrood decrypting tool
Alpha decrypting tool
AlphaLocker decrypting tool
Amnesia Ransom decryptor tool
Amnesia Ransom 2 decryptor tool
Anabelle Ransom decryptor tool
Apocalypse decrypting tool
ApocalypseVM decrypting tool + alternative
Aura decrypting tool (decrypted by the Rakhni Decryptor)
AutoIT decrypting tool (decrypted by the Rannoh Decryptor)
AutoLT decrypting tool (decrypted by the Rannoh Decryptor)
Autolocky decrypting tool
Avaddon ransom decryption tool
Avest ransom decryption tool
Badblock decrypting tool + alternative 1
BarRax Ransom decryption tool
Bart decrypting tool
BigBobRoss decrypting tool
BitCryptor decrypting tool
Bitman ransomware versions 2 & 3 (decrypted by the Rakhni Decryptor)
BitStak decrypting tool
BTCWare Ransom decryptor
Cerber decryption tool
Chimera decrypting tool + alternative 1 + alternative 2
CheckMail7 ransomware decryption tool
ChernoLocker ransom decryption tool
CoinVault decrypting tool
Cry128 decrypting tool
Cry9 Ransom decrypting tool
Cryakl decrypting tool (decrypted by the Rannoh Decryptor)
Crybola decrypting tool (decrypted by the Rannoh Decryptor)
CrypBoss ransomware decrypting tool
CryCryptor ransomware decrypting tool
Crypren ransomware decrypting tool
Crypt38 ransomware decrypting tool
Crypt888 (see also Mircop) decrypting tool
CryptInfinite decrypting tool
CryptoDefense decrypting tool
CryptFile2 decrypting tool (decrypted by the CryptoMix Decryptor)
CryptoHost (a.k.a. Manamecrypt) decrypting tool
Cryptokluchen decrypting tool (decrypted by the Rakhni Decryptor)
CryptoMix Ransom decrypting tool + offline alternative
CryptON decryption tool
CryptoTorLocker decrypting tool
CryptXXX decrypting tool
CrySIS decrypting tool (decrypted by the Rakhni Decryptor – additional details)
CTB-Locker Web decrypting tool
CuteRansomware decrypting tool (decrypted by the my-Little-Ransomware Decryptor)
Cyborg ransomware decryption tool
Damage ransom decrypting tool
Darkside ransomware decryption tool
DemoTool decrypting tool
Dharma Ransom Rakhni decryptor tool
DeCrypt Protect decrypting tool
Democry decrypting tool (decrypted by the Rakhni Decryptor)
Derialock ransom decryptor tool
Dharma Decryptor
DMA Locker decrypting tool + DMA2 Locker decoding tool
DragonCyber ransomware decryption tool
DXXD ransomware decryption tool
Encryptile decrypting tool
ElvisPresley ransomware decryptio n tool (decrypted by the Jigsaw Decryptor)
Everbe Ransomware decrypting tool
Fabiansomware decrypting tool
FenixLocker – decrypting tool
FilesLocker decrypting tool
FindZip decrypting tool
FortuneCrypt decrypting tool (decrypted by the Rakhni Decryptor)
Fonix ransomware decryption tool
Fury decrypting tool (decrypted by the Rannoh Decryptor)
GalactiCryper ransom decryptor
GandCrab decrypting tool
GetCrypt decryption tool
GhostCrypt decrypting tool
Globe / Purge decrypting tool + alternative
Globe2 decryption tool
Globe3 decryption tool
GlobeImpostor decryption tool
Gomasom decrypting tool
GoGoogle decryption tool
Hacked decrypting tool
Hakbit decryptor
Harasom decrypting tool
HydraCrypt decrypting tool
HiddenTear decrypting tool
HildraCrypt decryptor
HKCrypt ransom decryptor
Iams00rry decryptor
InsaneCrypt ransomware decryptor
Iwanttits ransomware decryptor
Jaff decrypter tool
JavaLocker decryptor
Jigsaw/CryptoHit decrypting tool + alternative
JS WORM 2.0 decryptor
JS WORM 4.0 decryptor
Judge ransomware decryptor
KeRanger decrypting tool
KeyBTC decrypting tool
KimcilWare decrypting tool
KokoKrypt decryptor
Lamer decrypting tool (decrypted by the Rakhni Decryptor)
LambdaLocker decryption tool
LeChiffre decrypting tool + alternative
Legion decrypting tool
Linux.Encoder decrypting tool
Lobzik decrypting tool (decrypted by the Rakhni Decryptor)
Lock Screen ransomware decrypting tool
Locker decrypting tool
Loocipher decryptor
Lorenz ransomware decryptor
Lortok decrypting tool (decrypted by the Rakhni Decryptor)
MacRansom decrypting tool
Magniber decryptor
MaMoCrypt ransomware decryption tool
Mapo ransomware decryptor
Marlboro ransom decryption tool
MarsJoke decryption tool
Manamecrypt decrypting tool (a.k.a. CryptoHost)
Mircop decrypting tool + alternative
Mira ransom decryptor
MegaLocker ransomware decrypting tool
Merry Christmas / MRCR decryptor
Mole decryptor tool
MoneroPay Ransomware decrypting tool
muhstik ransomware decryptor
my-Little-Ransomware decrypting tool
Nanolocker decrypting tool
Nemty ransomware decryptor
Nemucod decrypting tool + alternative
NMoreira ransomware decryption tool
Noobcrypt decryption tool
ODCODC decrypting tool
OpenToYou decryption tools
Operation Global III Ransomware decrypting tool
Ouroboros ransomware decryptor
Ozozalocker ransomware decryptor
Paradise ransomware decryptor
PClock decrypting tool
Petya decrypting tool + alternative
PewCrypt ransom decryptor
Philadelphia decrypting tool
PizzaCrypts decrypting tool
Planetary ransomware decrypting tool
Pletor decrypting tool (decrypted by the Rakhni Decryptor)
Polyglot decrypting tool (decrypted by the Rannoh Decryptor)
Pompous decrypting tool
PowerWare / PoshCoder decrypting tool
Popcorn Ransom decrypting tool
Professeur ransomware decryptor (decrypted by the Jigsaw Decryptor)
PyLocky Ransomware decrypting tool
Radamant decrypting tool
RAGNAROK decrypting tool
Rakhni decrypting tool
Rannoh decrypting tool
Ransomwared decryptor
Rector decrypting tool
RedRum ransomware decryptor
Rotor decrypting tool (decrypted by the Rakhni Decryptor)
Scraper decrypting tool
SimpleLocker ransomware decryptor
Simplocker ransomware decryptor
Shade / Troldesh decrypting tool + alternative
SNSLocker decrypting tool
SpartCrypt decryptor
Stampado decrypting tool + alternative
STOP Djvu Ransomware decryptor
SynAck ransom decryptor
Syrk ransomware decryptor
SZFlocker decrypting tool
Teamxrat / Xpan decryption tool
TeleCrypt decrypting tool (additional details)
TeslaCrypt decrypting tool + alternative 1 + alternative 2
Thanatos decryption tool
ThunderX decryptor
Trustezeb.A decryptor
TurkStatic Decryptor
TorrentLocker decrypting tool
Umbrecrypt decrypting tool
VCRYPTOR Decryptor
Wildfire decrypting tool + alternative
WannaCry decryption tool + Guide
WannaRen decryption tool
XData Ransom decryption tool
XORBAT decrypting tool
XORIST decrypting tool + alternative
Yatron decrypting tool (decrypted by the Rakhni Decryptor)
ZeroFucks decryptor
Zeta decrypting tool (decrypted by the CryptoMix Decryptor)
Ziggy ransomware decryptor
Zorab ransomware decryptor
ZQ ransomware decryptor

Data Execution Prevention (DEP) is a Microsoft security technology (for Windows operating systems) that prevents malicious code from being executed from system memory locations. By using a set of hardware and software technologies DEP is performing additional checks in memory to help protect against exploits.

Malware may be executing malicious code from memory locations that ought to only be utilized by Windows or other accepted programs. If DEP detects an application on your computer that is improperly utilizing memory, it will terminate the program and notify you.

How Data Execution Prevention Works

DEP isn’t like a firewall or antivirus program and therefore doesn’t help prevent harmful programs from being installed on your computer. What Data Execution Prevention does is to carefully monitor your programs to see if they’re using the system memory safely, by marking specific memory locations as “non-executable”, and monitoring programs that are attempting to run malicious code from a protected location.

Let’s say that an application attempts to run malicious code from a protected page. in this case, the application will receive an exception having the status code STATUS_ACCESS_VIOLATION, this can be happening because your DEP application is configured to start at the system boot in line with the no-execute page protection policy setting within the boot configuration data and counting on the policy setting, a particular application can change the DEP setting for this process.

DEP is enforced by hardware and by software:

Hardware-enforced DEP

Marks all memory locations during a process as non-executable unless the placement explicitly contains executable code, therefore helping prevent specific attacks by intercepting them and raising an exception.

Relying on processor hardware to mark memory with an attribute indicating that code shouldn’t be executed from that memory, it functions by changing a bit within the page table entry to create a mark on the particular memory page.

The actual hardware implementation of Data Execution Prevention and marking of the virtual memory page varies by processor architecture, but processors that support hardware-enforced DEP are capable of raising an exception when code is executed from a page marked with the suitable attribute set.

Software-enforced DEP

Windows has added an extra set of data execution prevention security checks, also called software-enforced DEP, designed to mitigate exploits of exception handling mechanisms in Windows. Software-enforced DEP can run on any processor capable of running Windows XP SP2 and above.

Should You Disable Data Execution Prevention?It isn’t recommended to have DEP turned off, as this automatically monitors essential Windows programs and services.

You can increase your protection by having DEP monitor all programs, therefore you ought to keep in mind that disabling Data Execution Prevention or adding exclusions may allow malicious scripts to execute and cause severe damage to Windows which can leave your PC permanently unstable and/or unusable state.

If you switch off Data Execution Prevention for a particular program, it would become prone to attack. A successful attack could then spread to other programs on your computer, to your contacts, and will damage your files. If you believe that a program doesn’t run correctly when DEP is turned on, check for a DEP-compatible version or update from the software publisher before you modify any Data Execution Prevention settings.

How To Configure Data Execution PreventionDEP is enabled by default for essential Windows operating system programs and services.

You must be logged on as an administrator or a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure.
... Continue Reading]]> Quote:

A step-by-step guide to secure your Wi-Fi Router and connected devices.

The only measure most people use to protect their home wireless network nowadays is to set up a password and prevent neighbors and other people from taking control of your data. But we have to be more serious about home network security and do more than just setting a simple password.

Securing the home network has two main components. The first one is router security, whose foundation is investing in a high-quality next-generation device that comes with inbuilt security controls. This will allow you to set up a firewall, VPN, parental controls, and even DNS filtering from the router itself.

The second component to keep in mind is securing the devices that connect to the network via the router. This includes both wireless and cable links.

In this article, you will learn how you can better protect your network connection and decrease the chances of getting your valuable data compromised.

Use these steps below to enhance the security of your home wireless network.

How to Secure Your Wi-Fi Router

Step 1. Update the router firmware to the latest available

The software is an essential part of your wireless network security. The wireless router’s firmware, like any other software, contains flaws that can become major vulnerabilities and be ruthlessly exploited by hackers.

Unfortunately, many wireless routers don’t come with the option to auto-update their software, so you have to go through the hassle of doing this manually. And even for those Wi-Fi networks that can auto-update, it still requires you to switch on this setting.

But, we remind you about the importance of software patching and how neglecting to do this can leave open doors for cybercriminals to exploit various vulnerabilities. Read what security experts have to say about updating your software and why it is key to online security.

Step 2. Change your router administrator login

To set up your wireless router, you usually need to access an online platform or site, where you can make several changes to your network settings. You can usually access this by entering your router’s IP address into your web browser.

If you have a new router, you can find its IP address listed on the manufacturer’s website or in the product manual you were provided with upon purchase. However, if your device is rather old, you can still discover its IP by following this handy guide.

These basic steps will teach you how to easily connect to your home network as an admin. Usually, the address bar type looks like http://192.168.1.1 or http://192.168.0.1.

Most Wi-fi routers come with default credentials such as “admin” and “password” which are easy for malicious hackers to break into. Therefore, you need to access the router’s settings and change them to unique credentials that cannot be guessed so easily.

My recommendation is to create a username that isn’t personal to you in any way and pair it with a strong password that contains both uppercase and lowercase letters, as well as alphanumeric characters.

Step 3. Change the default Wi-Fi network name

If you want better wireless network security, the first thing you should do is to change the name of your Wi-Fi network, also known as the SSID (Service Set Identifier). While giving your Wi-Fi a somewhat provocative name such as “Can’t hack this” may backfire at times, other names such as “this is not a Wi-Fi” or “too fly for a Wi-Fi” are perfectly acceptable.

Changing your Wi-Fi’s default name makes it harder for malicious attackers to know what type of router you have. If a cybercriminal knows the manufacturer name of your router, they will know what vulnerabilities that model has and then try to exploit them. We strongly advise not to call your home network something like “John’s Wi-Fi”.

You don’t want them to know at first glance which wireless network is yours when there are probably three or four other neighboring Wi-Fis. Also, remember that disclosing too much personal information on a wireless network name may expose you to an identity theft operation. Here’s a step-by-step and simple guide that explains how you can easily change the name of your wireless network.

Step 4. Set a strong Wi-Fi Password and activate the highest encryption possible

You probably know that every wireless router comes pre-set with a default username and password, which is needed in the first place to install and connect your router. The worst part: it’s easy for hackers to guess it, especially if they know the manufacturer.

So, make sure you change them both immediately. A good wireless password should be at least 20 characters long and include numbers, letters, and various symbols. And, most importantly, don’t use the same password as the router admin one.

As for encryption, wireless networks come with multiple encryption languages, such as WEP, WPA, WPA2, and WPA3. To better understand this terminology, WPA2 stands for Wi-Fi Protected Access 2 and is both a security protocol and a current standard in the industry (WPA2 networks are almost everywhere) and encrypts traffic on Wi-Fi networks.

It also replaces the older and less secure WEP (Wired Equivalent Privacy) and is an upgrade to the original WPA (Wi-Fi Protected Access) technology. Since 2006, all Wi-Fi-certified products should use WPA2 security.

WPA2 AES is also a standard security system now, so all wireless networks are compatible with it. If you want to enable WPA2 encryption on your Wireless router, use these six steps. If you are using a TP-Link wireless router, here’s how to secure your wireless network.
... Continue Reading]]> Quote:

In the current communication environment where time is essential and everybody needs to be as efficient as possible, messaging has become an important component of our daily life. Common to both individuals and businesses, the habit of using all sorts of apps for sending and receiving messages can sometimes become a threat as not all apps implement end-to-end encryption.

In this article, I am going to talk about end-to-end encryption and how it works, why it became essential, its advantages and downsides, and, of course, its applicability.

What Is End-to-end Encryption?

End-to-end encryption, also known as E2EE is a method to secure data communication between 2 parties by applying encryption in such a way that only the targeted recipient can decrypt/read it.

As it moves to its destination, it is impossible for third parties such as internet or app service providers, cybercriminals, or even governments to read or interfere in any way with the message. Simply put, by encrypting communication for both ends (sender and recipient), end-to-end encryption stops anyone who is not involved in the discussion from reading personal conversations.

This way, third parties will not be able to access the cryptographic keys required to decrypt the conversation.

How Does End-to-end Encryption Work?

In essence, end-to-end encryption (E2EE) changes human-readable plaintext to incoherent text, also known as ciphertext. In other words, it takes a legible message and changes it so that it appears haphazard.

There are two types of encryption – asymmetric and symmetric:

Asymmetric encryption (public key encryption) uses two keys that are mathematically connected – one for encryption and the other for decryption. It’s frequently referred to as public key encryption because the individuals who use it make the encryption key public (and can be shared with others) while keeping the decryption key private. In this situation, the sender and the recipient use two different keys.

Here is how asymmetric encryption works:

Person A creates two keys: one public, one private and sends the public one to person B through different channels;
Person B encrypts the message with the public key they received and sends it to person A using any on hand channel;
Person A decrypts the data sent by person B with the secret private key they created.

Symmetric key encryption is a type of encryption where only one key is used to encrypt and decrypt the information. In this situation, both sender and recipient must exchange it so it can be used for reading the conversation. It is essential for both entities involved to keep the key confidential for the privacy of the information.

There are basically three steps when it comes to symmetrical encryption:

Person A uses an encryption key to encrypt a message they want to send to person B;
Because this message is a ciphertext no one except person B can read it;
Thanks to the selected decryption key, person B can change person A’s message back to an intelligible form.

Benefits of End-to-end EncryptionPrivate data is protected against hacking campaigns. When using end-to-end encryption, only the sender and the intended recipient have access to unencrypted data. For example, if the email service that stores your data happens to be compromised, cybercriminals will not be able to decrypt the data within as they lack the decryption keys.

Everyone has the right to keep their personal data private. E2EE protects free speech and safeguards oppressed individuals.

Complete control. The end-to-end encryption method gives the sender full control of the process. No matter where the information moves, the data owner can change controls, revoke access, or restrict sharing.

Great flexibility. The user can decide what data to encrypt, usually highly sensitive data.

No one can change the message. End-to-end encrypted messages can’t be undecrypted by anyone other than the intended receiver. If someone alters the encrypted data, the message becomes mixed up on decryption, and the recipient will know what happened.

Compliance. Nowadays, almost all the fields are limited by regulatory compliance meaning that they have to conform to a rule such as a specification, policy, standard or law so here is where end-to-end encryption comes into play. Thanks to the E2EE method, businesses everywhere can protect their data by making it impossible to read by an unauthorized individual.

Device protection is better than server protection. Unlike other encryption types that encrypt information on the server where cybercriminals or other outsiders can easily obtain access and decrypt it, with end-to-end decryption attackers have to hack the device to get the data. Most threat actors don’t carry out these types of attacks as they are difficult and take a lot of time.
... Continue Reading]]> Quote:

Person A creates two keys: one public, one private and sends the public one to person B through different channels;
Person B encrypts the message with the public key they received and sends it to person A using any on hand channel;
Person A decrypts the data sent by person B with the secret private key they created.

Person A uses an encryption key to encrypt a message they want to send to person B;
Because this message is a ciphertext no one except person B can read it;
Thanks to the selected decryption key, person B can change person A’s message back to an intelligible form.

[Image: Bianca-Apple-ID-Scams-1030x360.png]

Apple ID phishing scams represent genuine danger nowadays. The concept of “phishing” stands for an advanced cyberattack form that embodies social engineering tactics. It may sound familiar to you. Disguised links sharing embedded in emails is one of the tactics that may trick you into providing sensitive data to cybercriminals.

In this article, we are going to take a closer look at phishing attempts involving Apple IDs. Today there are 1.5 billion active Apple devices, which require Apple IDs to gain access to Apple services like Apple Music, App Store, iCloud, FaceTime, iMessage, and others. Why is the threat so real? Think about the fact that you don’t even require an Apple device to access Apple-related software or services, such as iTunes, or log in to Apple’s official website so the number of people becoming victims is exponential.

Why Are Scammers Trying to Steal Your Apple ID?

The reason is obvious – your Apple ID is your ticket to using anything Apple-related and stores a great deal of personal information.

You use your Apple ID to log in to your Apple devices – think Mac, iPhone, iPad, iPod, Apple TV, and in the future you might even be using it for your Apple self-driving car, the iCar developed through project Titan, according to rumors. However, there is no specific data confirmed when the self-driving car project will be finalized.
It includes your payment and shipping information for purchasing applications from the App Store and devices by logging in to Apple.com.
With the Apple ID, you can access your security settings, subscriptions, and in-app purchases associated with it.
Your Apple ID is used to access iCloud, where you can store your photos and any types of files and the theft of these can lead to blackmailing and even sextortion.

There are many forms of Apple ID phishing attempts out there. In this article, we’re going to give you some examples so you get a sense of what they can look like and be better prepared against them.

Types of Apple ID Phishing Scams with Examples

1. Apple ID Receipt Order Email

You can make purchases in App Store, iTunes Store, iBooks Store, or Apple Music.

In the subject line of this kind of e-mail, you will find included some phrases like “Receipt ID”, “Receipt Order”, or “Payment Statement”. The purpose of this scam is to trick you into thinking a payment has been made using your credit card. As a result, you may hurry into canceling the order, worried that your money has been taken. If the attached file is opened or if you click the link, most probably you will end up on a page where you will be asked to confirm your personal details, such as password, credit card details, address, etc.

However, there are other Apple ID fake receipts that may seem much more convincing, like this one: Error! Filename not specified.

As a general rule, what makes it obvious that you can receive a fake invoice is the fact that an authentic receipt e-mail from Apple will know to precisely tell where your current billing address is. You will never find in Apple’s invoices some shady links to click on in order to make some changes to a subscription or to cancel it.

Also, pay attention to the fact that firstly, Apple purchases will never require information via e-mail and will not ask for Social Security Number, the credit card CVV, or payment info.

So, stay alert, and look for the warning signs! Moving forward, we’re going to give you a few more examples of Apple ID phishing scams so you know what type of content you should watch out for.

2. Apple ID Phone Call Scams

Apple ID scams have also gone beyond fishy emails and crossed over to the illegal business of scam phone calls. Scammers have also tried to use spoofed phone numbers, which are displayed on your phone as a real Apple number, with Apple’s logo, official website, customer support number, and actual address.

This way, the masquerade looks alarmingly real.

Sometimes it’s hard to tell if the one who calls you is really an Apple representative. The scam can seem so veridical. You wouldn’t think hackers try to perform an Apple ID phishing scam. The solution is to just simply hang up. Then call the real Apple to check if they genuinely called you before. Also, it is known that Apple representatives will never ask for Apple ID passwords, iCloud credentials, and other data in a phone call.

3. Apple ID Fake Text Message

Here is the second example of an Apple ID scam you may receive on your phone, this time in the form of a text message. It would read something like “Your Apple account is now locked” and will lure you into accessing a link that supposedly unlocks your account.

Here is another similar example, which aims to trick you into thinking your iCloud ID has been deactivated and that you now need to complete the activation process.

Another example of a fake text message would be to announce through an SMS that your iCloud account shows signs of malicious activity. They will text you and provide a phone number where you have to call to solve your issue. If you call, you’ll be welcomed by that typical automatic message that says to wait a certain amount of time till an agent will talk to you. Then, when you get in touch with the supposed agent finally, they will ask for credentials, payment info, or access to remotely assist you. This way hackers phish scam your Apple ID.
... Continue Reading]]> Quote:

You use your Apple ID to log in to your Apple devices – think Mac, iPhone, iPad, iPod, Apple TV, and in the future you might even be using it for your Apple self-driving car, the iCar developed through project Titan, according to rumors. However, there is no specific data confirmed when the self-driving car project will be finalized.
It includes your payment and shipping information for purchasing applications from the App Store and devices by logging in to Apple.com.
With the Apple ID, you can access your security settings, subscriptions, and in-app purchases associated with it.
Your Apple ID is used to access iCloud, where you can store your photos and any types of files and the theft of these can lead to blackmailing and even sextortion.

[Image: Bianca-Email-Security-1030x360.png]

Here Are the Most Secure Email Providers That Will Help You Increase Your Level of Online Anonymity.

In this article, I’m going to offer you the best encrypted email services, alternatives to popular email services such as Gmail or Yahoo, which can also be secured to a certain degree, but, at the same time, mainstream providers are notorious for mishandling their users’ data or scanning inboxes for keywords to display personalized ads.

You may be concerned that everything you do online is being watched by the government, powerful corporations, or malicious hackers.

In the past, we’ve shared with you what encrypted messaging apps you should use for secure communication and also walked you through the most popular free encryption software tools.

We can all agree on the fact that a huge part of our internet activity revolves around email. And I’m sure you want that everything you share via email to stay private and only be accessed by the people you choose, and the perfect way to do this is through encrypted emails.

Although there are multiple ways to secure your email using encryption software, they are often difficult to implement by unskilled users. Maybe at a later time, I’m going to also dig into this subject if you are interested, but for now, I’m going to look at some encrypted email service options that are easy to use.
So, below I’ve put together a list of user-friendly web-based encrypted email services that will help you increase your level of online anonymity.

You’ll notice that (almost) all of the options come from European countries. Here, the GDPR imposes strict rules on data privacy, and among many other regulations, it’s making privacy by design a legal requirement.

Disclaimer: While none of those encrypted email services providers will share your data with other companies/advertisers, some may present it to government entities under legal demands.

1. ProtonMail

ProtonMail is an encrypted email service based in Switzerland and created by scientists, engineers, and developers from CERN, with the intention of increasing your online security and privacy. They pride themselves on datacenters “located under 1000 meters of granite rock in a heavily guarded bunker which can survive a nuclear attack”.

Features:

Free option with 500MB storage and 150 emails per day
Paid options starting from $ 4.00 / Month for personal use
Business plans for $6.25 / Month / User
Two-step verification
Use your own domain
Mobile apps available (iOS and Android)
Report phishing option
Self-destructing messages – you can set an expiration time on your emails so they get automatically deleted from the recipient’s inbox after a certain time
Based on open-source code
They use AES, RSA, and OpenPGP encryption

2. Tutanota

When it comes to the best encrypted email services, Tutanota cannot be overlooked. Tutanota is an encrypted email provider from Germany. They position themselves as a secure email services alternative to Gmail. According to their website, they are also planning to include a calendar, notes, and cloud storage in their offering – and of course, all of these features will be encrypted too.

Features:

Free for 1 user with 1GB of storage
Other paid options starting from €12 for personal use
Business plans available
Free for non-profit organizations
Use your own domain
Two-factor authentication
Based on open-source code
Their data centers run on 100% renewable energy

Additional details: If you want to send an email to someone who’s using different encrypted email services (for instance, Gmail), you will be asked to enter a password that you will have to share with the recipient.

The recipient will then use it to unlock your message and be able to read it by accessing a link. The URL will remain active until you send them another confidential email.

This is what an email sent from a Tutanota account to someone who is using a different email service looks like.

3. Hushmail

Hushmail is a secure email service based in Canada that encrypts your email communication. Simplicity is at the core of their business in order to keep their customers secure and better understand potential threats. Hushmail uses the “passphrase” naming for the log-in field which is typically referred to as “password”, in this way encouraging people to use more complex passwords – phrases, rather than words.

Features:

14-Day free trial (no credit card required), then $49.98 per year with 10GB of email storage
Business plans available
iOS app
Two-factor authentication
Use your own domain
An account will be locked if too many attempts are made to access it
Ability to set up Hushmail within an email program (Mac Mail, Microsoft Outlook, Android phone, Thunderbird)
Inbox antivirus and spam filtering
TLS/SSL, OpenPGP encryption

Free option with 500MB storage and 150 emails per day
Paid options starting from $ 4.00 / Month for personal use
Business plans for $6.25 / Month / User
Two-step verification
Use your own domain
Mobile apps available (iOS and Android)
Report phishing option
Self-destructing messages – you can set an expiration time on your emails so they get automatically deleted from the recipient’s inbox after a certain time
Based on open-source code
They use AES, RSA, and OpenPGP encryption

Free for 1 user with 1GB of storage
Other paid options starting from €12 for personal use
Business plans available
Free for non-profit organizations
Use your own domain
Two-factor authentication
Based on open-source code
Their data centers run on 100% renewable energy

14-Day free trial (no credit card required), then $49.98 per year with 10GB of email storage
Business plans available
iOS app
Two-factor authentication
Use your own domain
An account will be locked if too many attempts are made to access it
Ability to set up Hushmail within an email program (Mac Mail, Microsoft Outlook, Android phone, Thunderbird)
Inbox antivirus and spam filtering
TLS/SSL, OpenPGP encryption

Additional details: Similar to Tutanota, if your recipient is not using Hushmail, you have to check the Encrypted checkbox, and the email will be read on a secure web page.
... Continue Reading]]> <![CDATA[Here Are the Free Ransomware Decryption Tools You Need to Use [2021 Updated]]]> https://www.geeks.fyi/showthread.php?tid=15535 Wed, 07 Jul 2021 06:54:45 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=15535 Quote:

Got infected with ransomware? Check out these free tools that will help you decode your data without paying the ransom

Ransomware is one of the most vicious cyber-threats out there right now. A ruthless form of malicious code, it encrypts files and holds them hostage in exchange for a payment. This is why you need to stay updated on what ransomware decryption tools are out there for you to use.

In this article, we will go over a few essential mitigation steps, as well as list over 190 ransomware decryption tools that you can use if you fall victim to an attack. Let’s get into it.

If your network gets infected with ransomware, follow the steps below to recover essential data:

Step 1: Do not pay the ransom because there is no guarantee that the ransomware creators will give you access to your data.
Step 2: Find any available backups you have, and consider keeping your data backups in secure, off-site locations.
Step 3: If there are no backups, you have to try decrypting the data locked by ransomware using the best ransomware decryption tools available.

In this anti-ransomware guide, we included these free ransomware decryption tools you can use to avoid all types of malware.

Navigate through these links to learn more.

How to identify the ransomware you’ve been infected with
Ransomware decryption tools
Explanation of ransomware families and tools for decryption
How to avoid ransomware in the future
Quick checklist for ransomware protection

How to identify the ransomware you’ve been infected with

Oftentimes, the ransom note provides details about the type of ransomware your files have been encrypted with, but it can happen that you don’t have this information at hand. Readers have asked us to show which encryption extensions belong to which ransomware families. Many of these extensions signaled new types of encrypting malware, for which there are no ransom decryptors available.

If you need help with identifying what type of ransomware is affecting your system so that you know what ransomware decryption tools to use, one of the two options below can help you out:

Crypto Sheriff from No More RansomID Ransomware from MalwareHunter Team

Ransomware decryption tools – an ongoing listDisclaimer:

You should know that the list below is not complete and it will probably never be. Use it, but do a documented research as well. Safely decrypting your data can be a nerve-wracking process, so try to be as thorough as possible.

We’ll do our best to keep this list up to date and add more tools to it. Contributions and suggestions are more than welcome, as we promise to promptly follow up on them and include them on the list.

Some of the ransomware decryption tools mentioned below are easy to use, while others require a bit more tech knowledge to decipher. If you don’t have technical skills, you can always ask for help on one of these malware removal forums, which feature tons of information and helpful communities.
... Continue Reading]]> Quote:

Cybersecurity Basics: What Is SIEM and How You Can Use It for Your Business. SIEM Benefits and Best Practices.

Wondering what is SIEM, what are its benefits and limitations, and what are the best practices you can apply for your business? Read on to find out the answers to your questions!

What is SIEM? Definition

As CSO notes, “security information and event management (SIEM) software give enterprise security professionals both insight into and a track record of the activities within their IT environment.”

SIEM evolved from the log management discipline and “combined security event management (SEM) – which analyzes log and event data in real-time to provide threat monitoring, event correlation, and incident response – with security information management (SIM) which collects, analyzes, and reports on log data.”

How does SIEM work?

A SIEM software’s mission is to collect and aggregate the log data that is generated throughout an organization’s technology infrastructure. This includes host systems and applications, network and security devices – firewalls, antivirus filters.

After this part, the SIEM software identifies and categorizes incidents and events, and then it analyzes them. Its objectives are to:

Quote:provide reports on security-related incidents and events, such as successful and failed logins, malware activity, and other possibly malicious activities, and send alerts if analysis shows that an activity runs against predetermined rulesets and thus indicates a potential security issue.

What is SIEM? Benefits

How can a SIEM software help you? Well, it offers:

a. Data Aggregation and Retention

As already mentioned, a security information and event management software will aggregate data from your company’s technology infrastructure and, moreover, it will store it in the long-term to enable analysis and tracking.

b. Threat Intelligence Feeds

A Security Information and Event Management software can combine internal data with threat intelligence feeds that include information about attack patterns, threat actors, and vulnerabilities.

c. Correlation, Analytics, and Alerting

SIEM applications can help you link events and data into meaningful explanations of real security incidents, use statistical models and machine learning to find more complex relationships between data and anomalies, and send out alerts about immediate issues.

d. Incident Response

A SIEM software will allow security teams to quickly synchronize and respond to threats by providing case management, collaboration, and knowledge sharing.

e. Compliance

As you might imagine, SIEM applications are particularly useful for compliance purposes too – they automate the gathering of compliance data and produce reports that measure up to various standards (HIPA, HITECH, GDPR, etc.).
... Continue Reading]]> Quote:

Quote:provide reports on security-related incidents and events, such as successful and failed logins, malware activity, and other possibly malicious activities, and send alerts if analysis shows that an activity runs against predetermined rulesets and thus indicates a potential security issue.

Our Algorithms and Analysts have Investigated and Found New Infected Domains from the Same Campaign.

The past year has been a significant one for cryptocurrencies and blockchain. In the face of such extremity and economic meltdowns, cryptocurrencies have proven to be remarkably resilient. Fortunately, the rapid increase in accessibility of global high-speed Internet and digitization has created a ripe environment for digital currency.

On the other side, it started a new source of income for the scammers. Fraudsters target Social Media and Messaging platforms users with a scam centered on a fake cryptocurrency exchange and using the lure of free Bitcoin or Ethereum cryptocurrency to steal money and personal data.

We have previously warned our readers about cryptocurrency scams and advised them on how to safely invest in cryptocurrency from a security standpoint.

New Cryptocurrency Scam Campaign Detected

After successfully discovering a complex phishing cryptocurrency scam campaign last month, this time around Heimdal™ Security tracked down a cryptocurrency scam campaign that started 4 months ago. Since then, our algorithms and analysts have studied and found new infected domains from the same campaign.

The domains are hosted on the following IP addresses:

111.174.155 – UA
214.124.44 – RU
121.14.70 – UA

Our team was able to track them in Seychelles, Iceland, Ukraine, and Russia.

How It Works

This type of cryptocurrency scam lures victims on Discord’s cryptocurrency servers by sending a private message that looks like an ad for a genuine up-and-coming trading platform giving away cryptocurrency. In reality, it deploys social engineering tactics to drive sign-ups.

Once you click on the phishing link they provide, you will be redirected to a website and asked to enter personal information, such as passwords, credit card numbers, or bank account details. In worse situations, malware will start to download as soon as the link is clicked.

Although these types of websites look genuine, and appear fully operational, in reality, scammers are buying already implemented templates from professional web designers. You can add the promo codes, transfer fake balances to other users, reset your password, etc.

The tricky part comes when you want to withdraw your money to your personal wallet. It would say that you need to deposit a certain amount of BTC/ETH to verify your account. The amount asked will be very little compared to the fake prize.

How to Stay Safe

Is your business running cryptocurrency transactions? Here’s some advice on how to improve overall security:

Check data breach websites to see if your data has been leaked. You can do so at https://haveibeenpwned.com/
Always keep your software updated;
Don’t download files from unknown sources;
Keep your seed phrase safe;
Activate two-factor authentication (2FA).

While it’s always a good idea to beef up your online security, now more than ever you should take the time to review your cybersecurity habits. I know it’s convenient to trade or buy crypto on the fly, but sloppy practices usually result in compromised personal data.

To his end, I would advise you to conduct every transaction from a secured endpoint. Endpoint security solutions can help prevent data leaks associated with crypto-specific malware. HeimdalTM Security Threat Prevention Endpoint can sanitize your workstations, clear out malicious packets that may be hidden in DNS traffic, detect processes associated with crypto-mining operations, and much more.
... Continue Reading]]> Quote:

111.174.155 – UA
214.124.44 – RU
121.14.70 – UA

Check data breach websites to see if your data has been leaked. You can do so at https://haveibeenpwned.com/
Always keep your software updated;
Don’t download files from unknown sources;
Keep your seed phrase safe;
Activate two-factor authentication (2FA).

Last Week, Russia’s Telecommunications Watchdog, Roskomnadzor, Banned the Use of the Two VPN Services, Classifying Them as Threats.

The regulatory agency released an official statement saying that the VPN ban in Russia is in accordance with the Decree of the Government of the Russian Federation No. 127 dated February 12, as the country works to respond to services bypassing the restriction of access to illegal content.

Quote:In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and Opera VPN will be introduced from June 17, 2021.

Source

As a result, VPN services in Russia have been suspended by Opera.

According to a statement by Opera’s Senior Public Relations Manager Yulia Sindzelorts, the company is committed to providing an “excellent experience” in browsing to users in Russia. Sindzelorts further added that VPN services have been suspended “in the form it was provided earlier”.

Quote:Opera endeavors to provide its Russian users with the excellent experience in using browsers. We decided to suspend support for VPN services in our browsers on the Russian territory in the form it was provided earlier. Opera is already protecting confidentiality of users now, offering protection against tracking, DNS above https and blocking of malicious websites. Opera is ready for an open dialog on user security in the Internet.

Source

After receiving the compliance demands from Roskomnadzor, VyprVPN stated that it “will not cooperate with the Russian government in their efforts to censor VPN services.”

Roskomnadzor stated that these restrictions will not affect the operations of Russian companies that are using VPN services in continuous processes.

The 130 companies that rely on VyprVPN and Opera VPN for their VPN needs will not be subject to the restrictions if they manage to make an appropriate request to be included on a restriction “whitelist”, which are currently being invited following an alert by none other than Roskomnadzor itself.

Back in 2020, ProtonMail and ProtonVPN were also banned by the telecommunications watchdog, citing security reasons as they claimed that cybercriminals used them to send bomb threats.

It’s worth mentioning that although the bill to ban VPN providers had been signed by President Vladimir Putin as early as 2017, no solid steps were taken in the direction until 2019.
... Continue Reading]]> Quote:

Quote:In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and Opera VPN will be introduced from June 17, 2021.

Source

Quote:Opera endeavors to provide its Russian users with the excellent experience in using browsers. We decided to suspend support for VPN services in our browsers on the Russian territory in the form it was provided earlier. Opera is already protecting confidentiality of users now, offering protection against tracking, DNS above https and blocking of malicious websites. Opera is ready for an open dialog on user security in the Internet.

Source

Tor Browser 10.0.18 Was Released in Order to Fix Numerous Bugs, Including a Vulnerability That Allows Sites to Track Users by Fingerprinting Applications Installed on Their Devices.

The Tor Project released the Tor Browser 10.0.18 in an attempt to fix multiple bugs. In this update, they are fixing a Tor Browser vulnerability that allows sites to track users by fingerprinting the applications installed on their devices.

Tor is a free and open-source software meant to enable anonymous communication. It works by directing the internet traffic through a free, worldwide, volunteer overlay network, consisting of more than seven thousand relays, and therefore manages to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis.

The Tracking Flaw Able to Avoid Privacy Tools

In May, the company FingerprintJS disclosed a ‘scheme flooding’ vulnerability allowing for the users to be tracked across different browsers based on using the applications that were installed on their devices.

Quote:
Cross-browser anonymity is something that even a privacy conscious internet user may take for granted. Tor Browser is known to offer the ultimate in privacy protection, though due to its slow connection speed and performance issues on some websites, users may rely on less anonymous browsers for their everyday surfing.

They may use Safari, Firefox or Chrome for some sites, and Tor for sites where they want to stay anonymous. A website exploiting the scheme flooding vulnerability could create a stable and unique identifier that can link those browsing identities together.

Source

To perform the cross-browser tracking using scheme flooding, a website builds a profile of applications installed on a device by attempting to open their known URL handlers and checking if the browser launches a prompt.

In order to track users, a profile is created by attempting to open various application URL handlers, such as zoommtg://, and checking if the browser launches the requested prompt.

Source

If the application’s prompt is displayed, it is safe to assume that the application is installed on the device, and by checking for numerous URL handlers, this specific vulnerability can create an ID based on the unique configuration of the apps that are installed on the user’s device.

This ID can afterward be tracked across different browsers, like Google Chrome, Edge, Tor Browser, Firefox, and Safari, but the vulnerability is especially concerning for Tor users who are using the browser to protect their identity and IP address from being logged with the sites they are accessing.

As this specific vulnerability is managing to track the users across browsers, it can allow websites, and even law enforcement, to track a user’s real IP address when they switch to a non-anonymizing browser, such as Google Chrome.

Tor Released a Fix for This Vulnerability

By releasing the Tor Browser 10.0.18 update, the Tor Project is introducing a fix for this vulnerability by setting the ‘network.protocol-handler.external’ setting to false, as this default setting is able to prevent the browser from passing the handling of a particular URL to an external application and in this way no longer trigger the application prompts.

It’s quite easy to upgrade your Tor Browser to the 10.0.18 version as you just need to open the menu, go to Help, and select About Tor Browser, which will automatically check for and install any new updates.
... Continue Reading]]> Quote:

Quote:
Cross-browser anonymity is something that even a privacy conscious internet user may take for granted. Tor Browser is known to offer the ultimate in privacy protection, though due to its slow connection speed and performance issues on some websites, users may rely on less anonymous browsers for their everyday surfing.

They may use Safari, Firefox or Chrome for some sites, and Tor for sites where they want to stay anonymous. A website exploiting the scheme flooding vulnerability could create a stable and unique identifier that can link those browsing identities together.

Source

More than 50% of Companies Have Declared They Would Make a Payment in the Event of a Successful Ransomware Attack.

A new survey of 300 senior professionals conducted by the Neustar International Security Council (NISC) shows that 60% of enterprises would consider paying a ransomware demand if attacked.

The study comes after the Director of the FBI, the US Attorney General, the White House, and cybersecurity specialists have warned organizations against paying cyber-related ransoms because it indicates to cybercriminals that their extortion strategies work, leading to even more ransomware attacks.

How Much Would Companies Pay to Ransomware Hackers?The research also revealed that one in five organizations would consider paying 20 percent or more of their company’s annual income in order to have their systems restored.

The respondents were also asked for their opinions on the efficacy of currently available security technologies in defending against ransomware.

A quarter of them said they fear that their security procedures might not provide complete protection against ransomware threats, describing them as ‘somewhat’ or ‘very’ insufficient.

Recent Ransomware AttacksThis study follows multiple ransomware incidents that occurred in recent months, many of which have resulted in considerable ransomware payments to cybercriminals.

In May, Colonial Pipeline, the largest fuel pipeline operator in the U.S. was impacted by a DarkSide ransomware attack that forced the company to take some systems offline, temporarily shut down pipeline operations and several IT systems.

At the beginning of this week, JBS Foods, the world’s largest meatpacking organization, was also forced to shut down production at several sites all over the world following a REvil ransomware cyberattack. The attack affected multiple JBS production facilities globally over the weekend, including those from the United States, Australia, and Canada. The company paid $11 million to the ransomware gang.

Earlier this month, Japanese multinational conglomerate, Fujifilm declared it had refused to pay a ransom demand to the hackers that attacked its network in Japan, instead relying on backups to restore operations.

Rodney Joffe, NISC chairman and fellow at Neustar stated:

Quote:Companies must unite in not paying ransoms. Attackers will continue to increase their demands for ever larger ransom amounts, especially if they see that companies are willing to pay. This spiral upwards must be stopped.

To help organizations fight against ransomware attacks in a more efficient way we have created the Ransomware Encryption Protection module that was engineered to be universally compatible with any antivirus.

Ransomware Encryption Protection by Heimdal is a revolutionary 100% signature-free component, ensuring market-leading detection and remediation of any type of ransomware, whether fileless or file-based.
... Continue Reading]]> <![CDATA[Ransomware Attacks to Be Treated with Similar Priority as Terrorism, DOJ Announces]]> https://www.geeks.fyi/showthread.php?tid=15261 Tue, 08 Jun 2021 10:21:39 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=15261 Quote:

According to the Wall Street Journal, the Recent Wave of Ransomware Attacks Was Similar to What the U.S. Faced After 9/11.

In the wake of the Colonial Pipeline hack and mounting damage caused by threat actors, the U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism.

Last month, Colonial Pipeline, the largest fuel pipeline operator in the U.S., was forced to shut down after being hit by ransomware in a clear demonstration of the vulnerability of energy infrastructure to this type of cyberattacks.

The Federal Bureau of Investigation confirmed that the DarkSide ransomware gang is behind the massive breach, as new information surfaced about the group.

According to Reuters, memos had been sent out to all US Attorney’s Offices explaining that ransomware attacks would be investigated in a manner similar to incidents of terrorism.

Technology journalist Kim Zetter took to Twitter a snippet of a memo sent by Deputy Attorney General Lisa Monaco. The memo says that urgent reports should be filed every time a US Attorney’s Office learns about a ransomware attack.

https://twitter.com/KimZetter/status/140...rrorism%2F

According to U.S. officials, the DOJ’s decision to push ransomware into this special process shows exactly how the issue is being prioritized.

Quote:To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking.

Source

This decision means that investigators in U.S. attorney’s offices handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington.

Additionally, the guidance asks the offices to look at and include other investigations focused on the larger cybercrime ecosystem.

John Carlin, principal associate deputy attorney general at the Justice Department, announced that

Quote:We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes.

... Continue Reading]]> Quote:

Quote:To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking.

Source

Quote:We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes.

... Continue Reading]]>