<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/">
	<channel>
		<title><![CDATA[Geeks for your information - Emsisoft Blog Articles]]></title>
		<link>https://www.geeks.fyi/</link>
		<description><![CDATA[Geeks for your information - https://www.geeks.fyi]]></description>
		<pubDate>Mon, 13 Jul 2026 20:57:32 +0000</pubDate>
		<generator>MyBB</generator>
		<item>
			<title><![CDATA[January 2025 VB100 Test gives Emsisoft a A+ Grade]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=20643</link>
			<pubDate>Thu, 27 Feb 2025 03:57:02 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1295">jasonX</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=20643</guid>
			<description><![CDATA[<div style="text-align: center;" class="mycode_align"><span style="font-weight: bold;" class="mycode_b"><span style="font-size: x-large;" class="mycode_size"><span style="color: #0080ff;" class="mycode_color">January 2025 VB100 Test gives Emsisoft a A+ Grade</span></span></span></div>
 <br />
<div style="text-align: center;" class="mycode_align">
<img src="https://i.imgur.com/ZzeYcgp.png" loading="lazy"  alt="[Image: ZzeYcgp.png]" class="mycode_img" /><br />
<br />
<br />
<br />
Good news for Emsisoft users! The January 2025 <span style="font-weight: bold;" class="mycode_b">VB100 Test</span> is out and Emsisoft got a '<span style="font-weight: bold;" class="mycode_b">A+ Grade</span>'. Great news! Emsiosft's Zach Simas reports about the achievement below. </div>
<br />
<blockquote class="mycode_quote"><cite>Quote:</cite>Emsisoft Anti-Malware  recently has once again proven its cybersecurity excellence by achieving an A+ grade in the January 2025 <a href="https://www.virusbulletin.com/testing/vb100%20test" target="_blank" rel="noopener" class="mycode_url">VB100</a>. With an outstanding detection rate and zero false positives, Emsisoft continues to deliver unparalleled protection against evolving malware threats. Independent evaluations such as the VB100 test are crucial in validating the effectiveness of security products under real-world conditions.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">VB100 Certification: Why it matters</span><br />
<br />
The VB100 certification is a widely recognized benchmark in the cybersecurity landscape, demonstrating a product’s ability to detect prevalent malware threats while maintaining a minimal false positive rate. Conducted by <a href="https://www.virusbulletin.com/" target="_blank" rel="noopener" class="mycode_url">Virus Bulletin</a> an independent security testing organization, the certification process provides an objective assessment of antivirus solutions in detecting malware efficiently and without disrupting legitimate applications.<br />
<br />
To achieve VB100 certification, a product must meet two critical criteria:<br />
 <ul class="mycode_list"><li>Detect at least 75% of malware samples from the Certification set, which includes widespread threats seen in the wild.<br />
<br />
</li>
<li>Maintain a false positive rate below 0.05%, ensuring that legitimate software remains unaffected.<br />
</li>
</ul>
<br />
For businesses and individual users, earning the VB100 certification signals that a product offers dependable, real-world protection without unnecessary system interruptions. Virus Bulletin’s rigorous testing process adheres to the standards set by the <a href="https://www.amtso.org/" target="_blank" rel="noopener" class="mycode_url">Anti-Malware Testing Standards Organization (AMTSO)</a>  further solidifying the certification’s credibility.<br />
<br />
Achieving this certification consistently underscores Emsisoft’s commitment to delivering high-quality, enterprise-grade security that meets the evolving challenges of today’s threat landscape.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Breaking down the January 2025 test results</span><br />
<br />
The test evaluated Emsisoft Anti-Malware version 2024.12.0.12633, running on Microsoft Windows 11 Pro, 64-bit, using the updated VB100 1.6 testing methodology.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Key performance metrics</span><br />
 <ul class="mycode_list"><li>Total malware samples tested: 1,640<br />
</li>
<li>Detection rate: 99.94% (1,639 samples detected)<br />
</li>
<li>Total clean files tested: 100,000 legitimate program files<br />
</li>
<li>False positive rate: 0.00% (zero false alarms)<br />
</li>
</ul>
<br />
For a comprehensive breakdown of the results and an in-depth understanding of the testing methodology, you can view the full report <a href="https://www.virusbulletin.com/uploads/vb100/test-reports/vb100-test-report-2025-01-21-emsisoft-anti-malware.pdf" target="_blank" rel="noopener" class="mycode_url">HERE</a>.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Why these results stand out</span><br />
<br />
Achieving a detection rate of 99.94% with zero false positives is a testament to Emsisoft’s ability to provide thorough and accurate protection. The A+ rating reflects Emsisoft’s capability to identify and neutralize threats without mistakenly flagging legitimate files, which is a crucial factor for maintaining operational efficiency.</blockquote>
<br />
<br />
<br />
<br />
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/blog/46333/emsisoft-achieves-a-grade-in-january-2025-vb100-test/" target="_blank" rel="noopener" class="mycode_url">More information in the Full article HERE</a></span><br />
<br />
<br />
<span style="font-style: italic;" class="mycode_i"><span style="font-size: small;" class="mycode_size">Data and info derived/lifted from Emsisoft with permission</span></span>]]></description>
			<content:encoded><![CDATA[<div style="text-align: center;" class="mycode_align"><span style="font-weight: bold;" class="mycode_b"><span style="font-size: x-large;" class="mycode_size"><span style="color: #0080ff;" class="mycode_color">January 2025 VB100 Test gives Emsisoft a A+ Grade</span></span></span></div>
 <br />
<div style="text-align: center;" class="mycode_align">
<img src="https://i.imgur.com/ZzeYcgp.png" loading="lazy"  alt="[Image: ZzeYcgp.png]" class="mycode_img" /><br />
<br />
<br />
<br />
Good news for Emsisoft users! The January 2025 <span style="font-weight: bold;" class="mycode_b">VB100 Test</span> is out and Emsisoft got a '<span style="font-weight: bold;" class="mycode_b">A+ Grade</span>'. Great news! Emsiosft's Zach Simas reports about the achievement below. </div>
<br />
<blockquote class="mycode_quote"><cite>Quote:</cite>Emsisoft Anti-Malware  recently has once again proven its cybersecurity excellence by achieving an A+ grade in the January 2025 <a href="https://www.virusbulletin.com/testing/vb100%20test" target="_blank" rel="noopener" class="mycode_url">VB100</a>. With an outstanding detection rate and zero false positives, Emsisoft continues to deliver unparalleled protection against evolving malware threats. Independent evaluations such as the VB100 test are crucial in validating the effectiveness of security products under real-world conditions.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">VB100 Certification: Why it matters</span><br />
<br />
The VB100 certification is a widely recognized benchmark in the cybersecurity landscape, demonstrating a product’s ability to detect prevalent malware threats while maintaining a minimal false positive rate. Conducted by <a href="https://www.virusbulletin.com/" target="_blank" rel="noopener" class="mycode_url">Virus Bulletin</a> an independent security testing organization, the certification process provides an objective assessment of antivirus solutions in detecting malware efficiently and without disrupting legitimate applications.<br />
<br />
To achieve VB100 certification, a product must meet two critical criteria:<br />
 <ul class="mycode_list"><li>Detect at least 75% of malware samples from the Certification set, which includes widespread threats seen in the wild.<br />
<br />
</li>
<li>Maintain a false positive rate below 0.05%, ensuring that legitimate software remains unaffected.<br />
</li>
</ul>
<br />
For businesses and individual users, earning the VB100 certification signals that a product offers dependable, real-world protection without unnecessary system interruptions. Virus Bulletin’s rigorous testing process adheres to the standards set by the <a href="https://www.amtso.org/" target="_blank" rel="noopener" class="mycode_url">Anti-Malware Testing Standards Organization (AMTSO)</a>  further solidifying the certification’s credibility.<br />
<br />
Achieving this certification consistently underscores Emsisoft’s commitment to delivering high-quality, enterprise-grade security that meets the evolving challenges of today’s threat landscape.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Breaking down the January 2025 test results</span><br />
<br />
The test evaluated Emsisoft Anti-Malware version 2024.12.0.12633, running on Microsoft Windows 11 Pro, 64-bit, using the updated VB100 1.6 testing methodology.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Key performance metrics</span><br />
 <ul class="mycode_list"><li>Total malware samples tested: 1,640<br />
</li>
<li>Detection rate: 99.94% (1,639 samples detected)<br />
</li>
<li>Total clean files tested: 100,000 legitimate program files<br />
</li>
<li>False positive rate: 0.00% (zero false alarms)<br />
</li>
</ul>
<br />
For a comprehensive breakdown of the results and an in-depth understanding of the testing methodology, you can view the full report <a href="https://www.virusbulletin.com/uploads/vb100/test-reports/vb100-test-report-2025-01-21-emsisoft-anti-malware.pdf" target="_blank" rel="noopener" class="mycode_url">HERE</a>.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Why these results stand out</span><br />
<br />
Achieving a detection rate of 99.94% with zero false positives is a testament to Emsisoft’s ability to provide thorough and accurate protection. The A+ rating reflects Emsisoft’s capability to identify and neutralize threats without mistakenly flagging legitimate files, which is a crucial factor for maintaining operational efficiency.</blockquote>
<br />
<br />
<br />
<br />
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/blog/46333/emsisoft-achieves-a-grade-in-january-2025-vb100-test/" target="_blank" rel="noopener" class="mycode_url">More information in the Full article HERE</a></span><br />
<br />
<br />
<span style="font-style: italic;" class="mycode_i"><span style="font-size: small;" class="mycode_size">Data and info derived/lifted from Emsisoft with permission</span></span>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[New in 2021.10: Introducing MITRE ATT&CK malware behavior patterns]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=16231</link>
			<pubDate>Tue, 05 Oct 2021 06:15:29 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=16231</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/10/Blog_202110.png.webp" loading="lazy"  alt="[Image: Blog_202110.png.webp]" class="mycode_img" /></div>
<br />
<span style="font-weight: bold;" class="mycode_b">New support for MITRE ATT&amp;CK behavior patterns</span><br />
<br />
MITRE ATT&amp;CK is a public knowledge base of adversary tactics and techniques. It allows standardized classification of malware behavior patterns. <a href="https://attack.mitre.org/" target="_blank" rel="noopener" class="mycode_url">More information here.</a><br />
<br />
The new Incidents panel in MyEmsisoft now provides information on which behavior patterns are used by alerted threats. While not all MITRE ATT&amp;CK patterns apply to endpoints, many do. With this month’s release, we are adding an initial set of 7 supported malware tactics. Over the next few months, we plan to add support for more than 100 of them to cover the entire spectrum of endpoint security-related threats.<br />
<br />
When you open an Incident in your workspace you will see which MITRE ATT&amp;CK tactics were found in the alerted process.<br />
<br />
Please note that this feature is only available in Emsisoft Business Security and Emsisoft Enterprise Security plans. <a href="https://www.emsisoft.com/en/protection/comparison/" target="_blank" rel="noopener" class="mycode_url">Compare editions.</a><br />
<br />
<span style="font-weight: bold;" class="mycode_b">All 2021.10 improvements in a nutshell</span><br />
<br />
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/software/antimalware/" target="_blank" rel="noopener" class="mycode_url">Device protection</a> (desktop)</span><ul class="mycode_list"><li>As announced earlier, we are ending support for operating systems older than Windows 10 and also end support for non-64-bit systems. From here on, installations on non-supported systems will no longer receive software updates but malware detection updates only.<br />
</li>
<li>New UI customization feature to disable workspace management controls on devices.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/business/managementconsole/" target="_blank" rel="noopener" class="mycode_url">Management console</a> (web app)</span><ul class="mycode_list"><li>New UI customization feature to disable workspace management controls on devices (via protection policies).<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">How to obtain the new version</span><br />
<br />
As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default.<br />
<br />
<span style="font-style: italic;" class="mycode_i">Note to Enterprise users:</span> If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.<br />
<br />
Have a great and well-protected day!<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/39169/new-in-2021-10-introducing-mitre-attck-malware-behavior-patterns/?ref=news211004eall" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/10/Blog_202110.png.webp" loading="lazy"  alt="[Image: Blog_202110.png.webp]" class="mycode_img" /></div>
<br />
<span style="font-weight: bold;" class="mycode_b">New support for MITRE ATT&amp;CK behavior patterns</span><br />
<br />
MITRE ATT&amp;CK is a public knowledge base of adversary tactics and techniques. It allows standardized classification of malware behavior patterns. <a href="https://attack.mitre.org/" target="_blank" rel="noopener" class="mycode_url">More information here.</a><br />
<br />
The new Incidents panel in MyEmsisoft now provides information on which behavior patterns are used by alerted threats. While not all MITRE ATT&amp;CK patterns apply to endpoints, many do. With this month’s release, we are adding an initial set of 7 supported malware tactics. Over the next few months, we plan to add support for more than 100 of them to cover the entire spectrum of endpoint security-related threats.<br />
<br />
When you open an Incident in your workspace you will see which MITRE ATT&amp;CK tactics were found in the alerted process.<br />
<br />
Please note that this feature is only available in Emsisoft Business Security and Emsisoft Enterprise Security plans. <a href="https://www.emsisoft.com/en/protection/comparison/" target="_blank" rel="noopener" class="mycode_url">Compare editions.</a><br />
<br />
<span style="font-weight: bold;" class="mycode_b">All 2021.10 improvements in a nutshell</span><br />
<br />
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/software/antimalware/" target="_blank" rel="noopener" class="mycode_url">Device protection</a> (desktop)</span><ul class="mycode_list"><li>As announced earlier, we are ending support for operating systems older than Windows 10 and also end support for non-64-bit systems. From here on, installations on non-supported systems will no longer receive software updates but malware detection updates only.<br />
</li>
<li>New UI customization feature to disable workspace management controls on devices.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/business/managementconsole/" target="_blank" rel="noopener" class="mycode_url">Management console</a> (web app)</span><ul class="mycode_list"><li>New UI customization feature to disable workspace management controls on devices (via protection policies).<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">How to obtain the new version</span><br />
<br />
As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default.<br />
<br />
<span style="font-style: italic;" class="mycode_i">Note to Enterprise users:</span> If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.<br />
<br />
Have a great and well-protected day!<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/39169/new-in-2021-10-introducing-mitre-attck-malware-behavior-patterns/?ref=news211004eall" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[Emsisoft Anti-Malware awarded VB100 in July 2021 tests]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=16160</link>
			<pubDate>Wed, 22 Sep 2021 08:28:11 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=16160</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2020/04/Emsisoft-awarded-VB100-in-April-2020-tests.png" loading="lazy"  alt="[Image: Emsisoft-awarded-VB100-in-April-2020-tests.png]" class="mycode_img" /></div>
<br />
The VB100 is a long-running certification program designed to test the detection capabilities of endpoint security products.<br />
<br />
We took part in the July 2021 tests and we’re happy to report that Emsisoft Anti-Malware was once again awarded certification!<br />
<br />
<span style="font-weight: bold;" class="mycode_b">The tests</span><br />
<br />
The tests were performed on physical computers or virtual machines with specifications similar to those you would expect to find in an ordinary business environment. Each security product was installed on a clean instance of Windows and configured with default settings.<br />
<br />
The products were then exposed to hundreds of malicious samples collected by malware experts and research groups, as well as a set of 100,000 non-malicious, regularly updated samples taken from popular software downloads. No malicious or clean samples were executed during the tests.<br />
<br />
To be awarded VB100 certification, a security product must achieve the following:<ul class="mycode_list"><li>Detect at least 99.5 percent of malicious samples.<br />
</li>
<li>Generate no more than 0.01 false positives.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">The results</span><br />
<br />
Emsisoft Anti-Malware performed well in the strict test conditions, capably detecting 100 percent of the 1,364 malicious samples while producing zero false positives. As a result, Emsisoft Anti-Malware was yet again awarded the VB100!<br />
<br />
Click <a href="https://www.virusbulletin.com/uploads/vb100/test-reports/vb100-test-report-2021-08-27-emsisoft-anti-malware.pdf" target="_blank" rel="noopener" class="mycode_url">here to see the full report</a>, or click <a href="https://blog.emsisoft.com/en/category/emsisoft-news/reviews-awards/" target="_blank" rel="noopener" class="mycode_url">here</a> to check out some of the other awards we’ve won in the past.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">About Virus Bulletin</span><br />
<br />
Headquartered in the U.K., <a href="https://www.virusbulletin.com/?utm_source=Emsisoft" target="_blank" rel="noopener" class="mycode_url">Virus Bulletin</a> is an independent security information portal and certification body. The organization regularly performs tests designed to evaluate the protection capabilities of security products and help users make a more informed decision about their choice of antivirus software. A product that has earned the VB100 can be considered to have met a certain standard of quality in regards to malware detection.<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/39095/emsisoft-anti-malware-awarded-vb100-in-july-2021-tests/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2020/04/Emsisoft-awarded-VB100-in-April-2020-tests.png" loading="lazy"  alt="[Image: Emsisoft-awarded-VB100-in-April-2020-tests.png]" class="mycode_img" /></div>
<br />
The VB100 is a long-running certification program designed to test the detection capabilities of endpoint security products.<br />
<br />
We took part in the July 2021 tests and we’re happy to report that Emsisoft Anti-Malware was once again awarded certification!<br />
<br />
<span style="font-weight: bold;" class="mycode_b">The tests</span><br />
<br />
The tests were performed on physical computers or virtual machines with specifications similar to those you would expect to find in an ordinary business environment. Each security product was installed on a clean instance of Windows and configured with default settings.<br />
<br />
The products were then exposed to hundreds of malicious samples collected by malware experts and research groups, as well as a set of 100,000 non-malicious, regularly updated samples taken from popular software downloads. No malicious or clean samples were executed during the tests.<br />
<br />
To be awarded VB100 certification, a security product must achieve the following:<ul class="mycode_list"><li>Detect at least 99.5 percent of malicious samples.<br />
</li>
<li>Generate no more than 0.01 false positives.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">The results</span><br />
<br />
Emsisoft Anti-Malware performed well in the strict test conditions, capably detecting 100 percent of the 1,364 malicious samples while producing zero false positives. As a result, Emsisoft Anti-Malware was yet again awarded the VB100!<br />
<br />
Click <a href="https://www.virusbulletin.com/uploads/vb100/test-reports/vb100-test-report-2021-08-27-emsisoft-anti-malware.pdf" target="_blank" rel="noopener" class="mycode_url">here to see the full report</a>, or click <a href="https://blog.emsisoft.com/en/category/emsisoft-news/reviews-awards/" target="_blank" rel="noopener" class="mycode_url">here</a> to check out some of the other awards we’ve won in the past.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">About Virus Bulletin</span><br />
<br />
Headquartered in the U.K., <a href="https://www.virusbulletin.com/?utm_source=Emsisoft" target="_blank" rel="noopener" class="mycode_url">Virus Bulletin</a> is an independent security information portal and certification body. The organization regularly performs tests designed to evaluate the protection capabilities of security products and help users make a more informed decision about their choice of antivirus software. A product that has earned the VB100 can be considered to have met a certain standard of quality in regards to malware detection.<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/39095/emsisoft-anti-malware-awarded-vb100-in-july-2021-tests/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[Emsisoft Business Security awarded ‘Excellent’ badge in July 2021 tests by AVLab]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=16159</link>
			<pubDate>Wed, 22 Sep 2021 08:26:01 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=16159</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/09/emsisoft-avlab-award-july-2021.png.webp" loading="lazy"  alt="[Image: emsisoft-avlab-award-july-2021.png.webp]" class="mycode_img" /></div>
<br />
AVLab is an independent antivirus software testing organization based in Poland. The group frequently conducts tests designed to evaluate the detection capabilities of endpoint security solutions.<br />
<br />
The results of the latest round of tests have just been released and we’re pleased to announce that Emsisoft Business Security was awarded the ‘Excellent’ badge!<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Testing methodology</span><br />
<br />
To conduct the “Advanced-in-the-Wild Malware Test”, each security solution was installed on a system running Windows 10 Pro x64. The test environment contained a variety of applications found in a typical business environment, such as an office suite, document browser, email client and so on. The security solutions were updated before each test and allowed Internet access throughout the testing process.<br />
<br />
The antivirus products were then exposed to 1,311 malware samples captured from the AVLab honeypot network and verified to be malicious. Researchers analyzed the results to determine not only if the security products could stop the malware, but when in the infection chain they would intervene.<br />
<br />
Badges were awarded according to the detection capabilities of the product:<ul class="mycode_list"><li>Excellent: 100% detection<br />
</li>
<li>Superior: at least 95% detection<br />
</li>
<li>Valuable: at least 90% detection<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">Results</span><br />
<br />
Emsisoft Business Security successfully detected 100 percent of the 1,311 malicious samples and was consequently awarded the ‘Excellent’ badge!<ul class="mycode_list"><li>Stopped 36 percent of threats at the browser level.<br />
</li>
<li>Stopped 64 percent of threats at the analysis level.<br />
</li>
</ul>
Click <a href="https://avlab.pl/en/recent-results/" target="_blank" rel="noopener" class="mycode_url">here to see the full report</a>, or click <a href="https://blog.emsisoft.com/en/category/emsisoft-news/reviews-awards/" target="_blank" rel="noopener" class="mycode_url">here</a> to check out some of the other awards we’ve won in the past.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">About AVLab</span><br />
<br />
<a href="https://avlab.pl/?utm_source=emsisoft" target="_blank" rel="noopener" class="mycode_url">AVLab</a> is an independent Polish organization that specializes in testing antivirus products and reviewing security solutions. The group regularly releases reports that offer valuable insight into the effectiveness of various security products. Software that receives a good recommendation from AVLab can generally be trusted to provide a high level of protection.<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/39103/emsisoft-business-security-awarded-excellent-badge-in-july-2021-tests-by-avlab/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/09/emsisoft-avlab-award-july-2021.png.webp" loading="lazy"  alt="[Image: emsisoft-avlab-award-july-2021.png.webp]" class="mycode_img" /></div>
<br />
AVLab is an independent antivirus software testing organization based in Poland. The group frequently conducts tests designed to evaluate the detection capabilities of endpoint security solutions.<br />
<br />
The results of the latest round of tests have just been released and we’re pleased to announce that Emsisoft Business Security was awarded the ‘Excellent’ badge!<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Testing methodology</span><br />
<br />
To conduct the “Advanced-in-the-Wild Malware Test”, each security solution was installed on a system running Windows 10 Pro x64. The test environment contained a variety of applications found in a typical business environment, such as an office suite, document browser, email client and so on. The security solutions were updated before each test and allowed Internet access throughout the testing process.<br />
<br />
The antivirus products were then exposed to 1,311 malware samples captured from the AVLab honeypot network and verified to be malicious. Researchers analyzed the results to determine not only if the security products could stop the malware, but when in the infection chain they would intervene.<br />
<br />
Badges were awarded according to the detection capabilities of the product:<ul class="mycode_list"><li>Excellent: 100% detection<br />
</li>
<li>Superior: at least 95% detection<br />
</li>
<li>Valuable: at least 90% detection<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">Results</span><br />
<br />
Emsisoft Business Security successfully detected 100 percent of the 1,311 malicious samples and was consequently awarded the ‘Excellent’ badge!<ul class="mycode_list"><li>Stopped 36 percent of threats at the browser level.<br />
</li>
<li>Stopped 64 percent of threats at the analysis level.<br />
</li>
</ul>
Click <a href="https://avlab.pl/en/recent-results/" target="_blank" rel="noopener" class="mycode_url">here to see the full report</a>, or click <a href="https://blog.emsisoft.com/en/category/emsisoft-news/reviews-awards/" target="_blank" rel="noopener" class="mycode_url">here</a> to check out some of the other awards we’ve won in the past.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">About AVLab</span><br />
<br />
<a href="https://avlab.pl/?utm_source=emsisoft" target="_blank" rel="noopener" class="mycode_url">AVLab</a> is an independent Polish organization that specializes in testing antivirus products and reviewing security solutions. The group regularly releases reports that offer valuable insight into the effectiveness of various security products. Software that receives a good recommendation from AVLab can generally be trusted to provide a high level of protection.<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/39103/emsisoft-business-security-awarded-excellent-badge-in-july-2021-tests-by-avlab/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[How to limit your personal data exposure when a company is hit with ransomware]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=16158</link>
			<pubDate>Wed, 22 Sep 2021 08:23:31 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=16158</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/08/Blog.png.webp" loading="lazy"  alt="[Image: Blog.png.webp]" class="mycode_img" /></div>
<br />
Modern ransomware seldom targets individual users. Instead, threat actors focus their efforts on businesses, corporations and government entities – organizations with high-value data assets, and the resources and motivation to pay for their recovery.<br />
<br />
However, while the crosshairs might be firmly focused on commercial targets, there’s more than just business data getting caught in the crossfire. With data theft and data publication becoming the standard mode of operation among ransomware groups, many incidents now involve the exposure of customers’ personal data, including medical reports, financial information, social security numbers, academic results and much more.<br />
<br />
This raises some serious security and privacy concerns for you as a consumer. But what can you do about it?<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Customer data getting caught in the crossfire</span><br />
<br />
Double extortion has quickly become the norm in the ransomware world. No longer content with merely encrypting data on a target system and holding it for ransom, bad actors are also stealing data from their victims and using it as added leverage. Failure to pay the ransom results in the stolen data being published or sold on the dark web.<br />
<br />
While these data dumps are primarily made up of company-related assets – financial information, company emails, internal reports and the like – they also tend to contain large amounts of sensitive customer information.<br />
<br />
This introduces significant concerns not only for the company affected by ransomware, but also for you, the consumer. When the victim company refuses to pay the ransom, it’s your private data that is exposed to the world. And, with data collection practices becoming increasingly aggressive, the breadth and depth of personal information exposed in a ransomware incident can be startling.<br />
<br />
A ransomware incident at a car dealership, for instance, might result in the public exposure of your driver’s license, credit application, social security number, home address and contact information. Similarly, an attack on your healthcare provider could lead to your medical records, insurance information, prescription history and perhaps photographs and body scans being leaked online.<br />
<br />
Once compromised, this information can easily be used to commit a wide range of fraudulent activities or sold on the dark web as part of a batch of stolen data.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">What can you do about it?</span><br />
<br />
As a consumer, there’s not much you can do to prevent a business from getting hit by ransomware. But there are some things you can do to limit your personal exposure.<ul class="mycode_list"><li>Limit the amount of information you share: While you can’t refuse all data requests, you can reduce the amount of information you share and, consequently, limit your personal data exposure in the event of an incident. Don’t give any business or online service more information than is minimally required and always opt out of data sharing schemes where possible.<br />
</li>
<li>Ask businesses about their security practices: Businesses are quick to demand your personal information but are often not capable of adequately securing it. Make an informed decision about your privacy by reading license agreements before divulging your personal information and ask the company to clarify their security practices if anything is unclear.<br />
</li>
<li>Use ephemeral messaging: Some ransomware data leaks contain .pst files, which are Outlook data files that store local copies of messages, calendar events, and other items associated with a particular email address. With this in mind, consider using ephemeral messaging when you need to communicate important or sensitive information. Ephemeral messaging services allow you to send messages that self-destruct after a period of time, erasing the message from both the sender’s and the recipient’s account.<br />
</li>
<li>Don’t use personal information for passwords: Attackers may use your compromised data to attempt to gain access to your online accounts and services, so never create passwords based on personal information. See this blog post for more advice on how to create and manage secure passwords.<br />
</li>
<li>Check if you’ve been involved in a data breach: Some organizations are more diligent than others when it comes to notifying you of a data breach. You can use online services such as Have I Been Pwned to help you determine if your data has been compromised and take action accordingly (e.g. by changing your passwords, checking for fraudulent activity and contacting your service providers as necessary).<br />
</li>
</ul>
Check out this guide for five steps you can take today to drastically improve your online privacy.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Conclusion</span><br />
<br />
Ransomware incidents often involve the exposure of your personal data. As a consumer, you can’t stop the companies you do business with from falling victim to ransomware, but you can limit the amount of your personal data that is exposed during an attack.<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/39019/how-to-limit-your-personal-data-exposure-when-a-company-is-hit-with-ransomware/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/08/Blog.png.webp" loading="lazy"  alt="[Image: Blog.png.webp]" class="mycode_img" /></div>
<br />
Modern ransomware seldom targets individual users. Instead, threat actors focus their efforts on businesses, corporations and government entities – organizations with high-value data assets, and the resources and motivation to pay for their recovery.<br />
<br />
However, while the crosshairs might be firmly focused on commercial targets, there’s more than just business data getting caught in the crossfire. With data theft and data publication becoming the standard mode of operation among ransomware groups, many incidents now involve the exposure of customers’ personal data, including medical reports, financial information, social security numbers, academic results and much more.<br />
<br />
This raises some serious security and privacy concerns for you as a consumer. But what can you do about it?<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Customer data getting caught in the crossfire</span><br />
<br />
Double extortion has quickly become the norm in the ransomware world. No longer content with merely encrypting data on a target system and holding it for ransom, bad actors are also stealing data from their victims and using it as added leverage. Failure to pay the ransom results in the stolen data being published or sold on the dark web.<br />
<br />
While these data dumps are primarily made up of company-related assets – financial information, company emails, internal reports and the like – they also tend to contain large amounts of sensitive customer information.<br />
<br />
This introduces significant concerns not only for the company affected by ransomware, but also for you, the consumer. When the victim company refuses to pay the ransom, it’s your private data that is exposed to the world. And, with data collection practices becoming increasingly aggressive, the breadth and depth of personal information exposed in a ransomware incident can be startling.<br />
<br />
A ransomware incident at a car dealership, for instance, might result in the public exposure of your driver’s license, credit application, social security number, home address and contact information. Similarly, an attack on your healthcare provider could lead to your medical records, insurance information, prescription history and perhaps photographs and body scans being leaked online.<br />
<br />
Once compromised, this information can easily be used to commit a wide range of fraudulent activities or sold on the dark web as part of a batch of stolen data.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">What can you do about it?</span><br />
<br />
As a consumer, there’s not much you can do to prevent a business from getting hit by ransomware. But there are some things you can do to limit your personal exposure.<ul class="mycode_list"><li>Limit the amount of information you share: While you can’t refuse all data requests, you can reduce the amount of information you share and, consequently, limit your personal data exposure in the event of an incident. Don’t give any business or online service more information than is minimally required and always opt out of data sharing schemes where possible.<br />
</li>
<li>Ask businesses about their security practices: Businesses are quick to demand your personal information but are often not capable of adequately securing it. Make an informed decision about your privacy by reading license agreements before divulging your personal information and ask the company to clarify their security practices if anything is unclear.<br />
</li>
<li>Use ephemeral messaging: Some ransomware data leaks contain .pst files, which are Outlook data files that store local copies of messages, calendar events, and other items associated with a particular email address. With this in mind, consider using ephemeral messaging when you need to communicate important or sensitive information. Ephemeral messaging services allow you to send messages that self-destruct after a period of time, erasing the message from both the sender’s and the recipient’s account.<br />
</li>
<li>Don’t use personal information for passwords: Attackers may use your compromised data to attempt to gain access to your online accounts and services, so never create passwords based on personal information. See this blog post for more advice on how to create and manage secure passwords.<br />
</li>
<li>Check if you’ve been involved in a data breach: Some organizations are more diligent than others when it comes to notifying you of a data breach. You can use online services such as Have I Been Pwned to help you determine if your data has been compromised and take action accordingly (e.g. by changing your passwords, checking for fraudulent activity and contacting your service providers as necessary).<br />
</li>
</ul>
Check out this guide for five steps you can take today to drastically improve your online privacy.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Conclusion</span><br />
<br />
Ransomware incidents often involve the exposure of your personal data. As a consumer, you can’t stop the companies you do business with from falling victim to ransomware, but you can limit the amount of your personal data that is exposed during an attack.<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/39019/how-to-limit-your-personal-data-exposure-when-a-company-is-hit-with-ransomware/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[Ransomware Profile: BlackMatter]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=16157</link>
			<pubDate>Wed, 22 Sep 2021 08:21:40 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=16157</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/09/Blackmatter-profile-blog.png.webp" loading="lazy"  alt="[Image: Blackmatter-profile-blog.png.webp]" class="mycode_img" /></div>
<br />
BlackMatter is a strain of ransomware that encrypts files and threatens to leak stolen data if the ransom is not paid. The group targets large companies with annual revenues of more than &#36;100 million and is actively recruiting affiliates as it ramps up its operations. BlackMatter may be a rebrand or spinoff of the now-defunct cybercrime outfit DarkSide due to the unique encryption routines employed by both ransomware groups.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">What is BlackMatter? </span><br />
<br />
BlackMatter is a ransomware variant that encrypts files using Salsa20 and 1024-bit RSA encryption and demands a large sum of cryptocurrency for their decryption.  <br />
<br />
As with many other ransomware groups, BlackMatter uses the threat of data exposure to increase the chances of achieving a payout. Before executing the final ransomware payload, BlackMatter operators exfiltrate data from compromised systems and threaten to release it on the group’s leak site unless the victim pays the ransom.  <br />
<br />
BlackMatter operates as a ransomware-as-a-service (RaaS), a business model in which affiliates earn a portion of ransom payments in exchange for dropping the malware onto compromised systems. BlackMatter also works with initial access brokers, individuals who are willing to sell access to compromised networks.<br />
<br />
Initial access brokers are paid &#36;3,000 – &#36;100,000 for network access, depending on the target.  <br />
<br />
<span style="font-weight: bold;" class="mycode_b">Possible link between BlackMatter and DarkSide</span><br />
<br />
DarkSide is the ransomware gang responsible for the Colonial Pipeline attack in May 2021 that resulted in fuel shortages and price spikes across the U.S.<br />
<br />
Following unprecedented pressure from U.S. and Russian authorities, DarkSide was forced to shut down its operations a few weeks later.  <br />
<br />
There is some evidence to suggest that DarkSide, or at least some members of DarkSide, may have returned under the BlackMatter moniker. After investigating a leaked BlackMatter decryptor, Emsisoft analysts determined that BlackMatter uses the same encryption routines that DarkSide formerly used in their attacks, including a custom Salsa20 matrix that was unique to DarkSide.  <br />
<br />
<span style="font-weight: bold;" class="mycode_b">The history of BlackMatter</span><br />
<br />
BlackMatter was first observed in late July 2021, when the alias “BlackMatter” was registered on the Russian-language cybercrime forums XSS and Exploit. The user deposited 4 bitcoins (worth approximately &#36;150,000 USD at the time) into its Exploit escrow account, signaling their legitimacy and seriousness as a threat actor. Shortly after, the user posted an advertisement offering initial access brokers &#36;3,000 – &#36;100,000 for access to corporate networks that met the group’s criteria. <br />
<br />
In early September 2021, the U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordinating Council issued a <a href="https://www.hhs.gov/sites/default/files/demystifying-blackmatter.pdf" target="_blank" rel="noopener" class="mycode_url">threat brief on BlackMatter</a>.  <br />
<br />
Since BlackMatter was first discovered, there have been 44 submissions to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files. We estimate that only 25 percent of victims make a submission to ID Ransomware, which means there may have been a total of 176 BlackMatter incidents since the ransomware’s inception. During this time, the group has also published on its leak site the stolen data of 10 organizations. <br />
<br />
<span style="font-weight: bold;" class="mycode_b">BlackMatter ransom note</span><br />
<br />
After the encryption process is complete, BlackMatter drops a ransom note in user-accessible folders and changes the desktop wallpaper to a ransom notice.<br />
<br />
Some versions of the ransomware also print a physical copy of the ransom note by sending a print job from each infected endpoint to the default printer.  <br />
<br />
The ransom note states that the victim’s files have been encrypted and provides instructions on how to communicate with the attackers. The note also specifies the type of data that was stolen during the attack, along with a “guarantee” that the threat actors will uphold their end of the bargain by decrypting the victim’s files and deleting the exfiltrated data after receiving payment. <br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/39121/ransomware-profile-blackmatter/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/09/Blackmatter-profile-blog.png.webp" loading="lazy"  alt="[Image: Blackmatter-profile-blog.png.webp]" class="mycode_img" /></div>
<br />
BlackMatter is a strain of ransomware that encrypts files and threatens to leak stolen data if the ransom is not paid. The group targets large companies with annual revenues of more than &#36;100 million and is actively recruiting affiliates as it ramps up its operations. BlackMatter may be a rebrand or spinoff of the now-defunct cybercrime outfit DarkSide due to the unique encryption routines employed by both ransomware groups.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">What is BlackMatter? </span><br />
<br />
BlackMatter is a ransomware variant that encrypts files using Salsa20 and 1024-bit RSA encryption and demands a large sum of cryptocurrency for their decryption.  <br />
<br />
As with many other ransomware groups, BlackMatter uses the threat of data exposure to increase the chances of achieving a payout. Before executing the final ransomware payload, BlackMatter operators exfiltrate data from compromised systems and threaten to release it on the group’s leak site unless the victim pays the ransom.  <br />
<br />
BlackMatter operates as a ransomware-as-a-service (RaaS), a business model in which affiliates earn a portion of ransom payments in exchange for dropping the malware onto compromised systems. BlackMatter also works with initial access brokers, individuals who are willing to sell access to compromised networks.<br />
<br />
Initial access brokers are paid &#36;3,000 – &#36;100,000 for network access, depending on the target.  <br />
<br />
<span style="font-weight: bold;" class="mycode_b">Possible link between BlackMatter and DarkSide</span><br />
<br />
DarkSide is the ransomware gang responsible for the Colonial Pipeline attack in May 2021 that resulted in fuel shortages and price spikes across the U.S.<br />
<br />
Following unprecedented pressure from U.S. and Russian authorities, DarkSide was forced to shut down its operations a few weeks later.  <br />
<br />
There is some evidence to suggest that DarkSide, or at least some members of DarkSide, may have returned under the BlackMatter moniker. After investigating a leaked BlackMatter decryptor, Emsisoft analysts determined that BlackMatter uses the same encryption routines that DarkSide formerly used in their attacks, including a custom Salsa20 matrix that was unique to DarkSide.  <br />
<br />
<span style="font-weight: bold;" class="mycode_b">The history of BlackMatter</span><br />
<br />
BlackMatter was first observed in late July 2021, when the alias “BlackMatter” was registered on the Russian-language cybercrime forums XSS and Exploit. The user deposited 4 bitcoins (worth approximately &#36;150,000 USD at the time) into its Exploit escrow account, signaling their legitimacy and seriousness as a threat actor. Shortly after, the user posted an advertisement offering initial access brokers &#36;3,000 – &#36;100,000 for access to corporate networks that met the group’s criteria. <br />
<br />
In early September 2021, the U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordinating Council issued a <a href="https://www.hhs.gov/sites/default/files/demystifying-blackmatter.pdf" target="_blank" rel="noopener" class="mycode_url">threat brief on BlackMatter</a>.  <br />
<br />
Since BlackMatter was first discovered, there have been 44 submissions to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files. We estimate that only 25 percent of victims make a submission to ID Ransomware, which means there may have been a total of 176 BlackMatter incidents since the ransomware’s inception. During this time, the group has also published on its leak site the stolen data of 10 organizations. <br />
<br />
<span style="font-weight: bold;" class="mycode_b">BlackMatter ransom note</span><br />
<br />
After the encryption process is complete, BlackMatter drops a ransom note in user-accessible folders and changes the desktop wallpaper to a ransom notice.<br />
<br />
Some versions of the ransomware also print a physical copy of the ransom note by sending a print job from each infected endpoint to the default printer.  <br />
<br />
The ransom note states that the victim’s files have been encrypted and provides instructions on how to communicate with the attackers. The note also specifies the type of data that was stolen during the attack, along with a “guarantee” that the threat actors will uphold their end of the bargain by decrypting the victim’s files and deleting the exfiltrated data after receiving payment. <br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/39121/ransomware-profile-blackmatter/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[New in 2021.9: Windows 11 ready, changes in email notifications]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=16005</link>
			<pubDate>Thu, 02 Sep 2021 07:49:09 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=16005</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/08/Blog_20219.png.webp" loading="lazy"  alt="[Image: Blog_20219.png.webp]" class="mycode_img" /></div>
<br />
<span style="font-weight: bold;" class="mycode_b">Windows 11 is coming soon: We’re ready!</span><br />
<br />
The next major version of Microsoft Windows is just around the corner. Our Quality Assurance Team has tested our software on the latest preview version of Windows 11 and can confirm that all current Emsisoft protection products work as expected. We will continue to test upcoming beta versions of Windows 11 until the final release.<br />
<br />
Just a reminder: support for old Windows versions has finally ended. As announced earlier, we no longer support legacy versions of Windows 7, 8, 8.1, Servers 2008 R2 and 2012, and no longer provide our software for 32 bit operating systems. This move reflects Microsoft’s main support timeline.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Announcement regarding email notifications</span><br />
<br />
The ability to receive real-time notifications by email is an important feature for security administrators who look after larger numbers of devices.<br />
<br />
Before we launched the Emsisoft Management Console, notifications could only be set directly in the endpoint protection software on the desktop. Later on, we added even more powerful notification features in the Management Console, including support for webhooks/APIs.<br />
<br />
With this update, we would like to inform you that we’re going to phase out notifications that are set on the desktop. We believe this is the right move for multiple reasons:<br />
<ol type="1" class="mycode_list"><li>It’s getting increasingly confusing for administrators to have multiple locations for features that essentially do the same thing. Moving notifications exclusively to the Management Console simplifies and eases overall usability.<br />
</li>
<li>Setting notifications desktop-side requires you to enter your SMTP account details for sending emails. We prefer to NOT have access to this information of yours for security reasons. The Management Console uses the Emsisoft mailing system to deliver notification emails safely.<br />
</li>
</ol>
<span style="font-weight: bold;" class="mycode_b">How to migrate notifications</span><br />
<br />
If you currently use the email notifications feature in Emsisoft, either via the desktop application or via protection policies in the Management Console, please disable them now.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Go to your workspace settings page at the bottom of the Management Console menu on the left, scroll down to ‘Email notifications &amp; webhooks’ and configure them as per your requirements.</span><br />
<br />
Note that the old way of setting up notifications will be removed with the release of version 2021.10 next month.<br />
<br />
<span style="font-size: medium;" class="mycode_size"><span style="font-weight: bold;" class="mycode_b">All 2021.9 improvements in a nutshell</span></span><br />
<br />
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/software/antimalware/" target="_blank" rel="noopener" class="mycode_url">Device protection</a> (desktop)</span><ul class="mycode_list"><li>Changed the default scan priority of new scheduled scans and the existing default scheduled scan (when disabled) to ‘Reduced.’ This addresses a common customer request to preserve system resources for other tasks during scheduled scans.<br />
</li>
<li>Improved license expiration handling.<br />
</li>
<li>Improved stability.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/business/managementconsole/" target="_blank" rel="noopener" class="mycode_url">Management console</a> (web app)</span><ul class="mycode_list"><li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">How to obtain the new version</span><br />
<br />
As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default.<br />
<br />
<span style="font-style: italic;" class="mycode_i">Note to Enterprise users:</span> If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.<br />
<br />
Have a great and well-protected day!<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38997/new-in-2021-9-windows-11-ready-changes-in-email-notifications/?ref=news210901eall" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/08/Blog_20219.png.webp" loading="lazy"  alt="[Image: Blog_20219.png.webp]" class="mycode_img" /></div>
<br />
<span style="font-weight: bold;" class="mycode_b">Windows 11 is coming soon: We’re ready!</span><br />
<br />
The next major version of Microsoft Windows is just around the corner. Our Quality Assurance Team has tested our software on the latest preview version of Windows 11 and can confirm that all current Emsisoft protection products work as expected. We will continue to test upcoming beta versions of Windows 11 until the final release.<br />
<br />
Just a reminder: support for old Windows versions has finally ended. As announced earlier, we no longer support legacy versions of Windows 7, 8, 8.1, Servers 2008 R2 and 2012, and no longer provide our software for 32 bit operating systems. This move reflects Microsoft’s main support timeline.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Announcement regarding email notifications</span><br />
<br />
The ability to receive real-time notifications by email is an important feature for security administrators who look after larger numbers of devices.<br />
<br />
Before we launched the Emsisoft Management Console, notifications could only be set directly in the endpoint protection software on the desktop. Later on, we added even more powerful notification features in the Management Console, including support for webhooks/APIs.<br />
<br />
With this update, we would like to inform you that we’re going to phase out notifications that are set on the desktop. We believe this is the right move for multiple reasons:<br />
<ol type="1" class="mycode_list"><li>It’s getting increasingly confusing for administrators to have multiple locations for features that essentially do the same thing. Moving notifications exclusively to the Management Console simplifies and eases overall usability.<br />
</li>
<li>Setting notifications desktop-side requires you to enter your SMTP account details for sending emails. We prefer to NOT have access to this information of yours for security reasons. The Management Console uses the Emsisoft mailing system to deliver notification emails safely.<br />
</li>
</ol>
<span style="font-weight: bold;" class="mycode_b">How to migrate notifications</span><br />
<br />
If you currently use the email notifications feature in Emsisoft, either via the desktop application or via protection policies in the Management Console, please disable them now.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Go to your workspace settings page at the bottom of the Management Console menu on the left, scroll down to ‘Email notifications &amp; webhooks’ and configure them as per your requirements.</span><br />
<br />
Note that the old way of setting up notifications will be removed with the release of version 2021.10 next month.<br />
<br />
<span style="font-size: medium;" class="mycode_size"><span style="font-weight: bold;" class="mycode_b">All 2021.9 improvements in a nutshell</span></span><br />
<br />
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/software/antimalware/" target="_blank" rel="noopener" class="mycode_url">Device protection</a> (desktop)</span><ul class="mycode_list"><li>Changed the default scan priority of new scheduled scans and the existing default scheduled scan (when disabled) to ‘Reduced.’ This addresses a common customer request to preserve system resources for other tasks during scheduled scans.<br />
</li>
<li>Improved license expiration handling.<br />
</li>
<li>Improved stability.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/business/managementconsole/" target="_blank" rel="noopener" class="mycode_url">Management console</a> (web app)</span><ul class="mycode_list"><li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">How to obtain the new version</span><br />
<br />
As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default.<br />
<br />
<span style="font-style: italic;" class="mycode_i">Note to Enterprise users:</span> If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.<br />
<br />
Have a great and well-protected day!<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38997/new-in-2021-9-windows-11-ready-changes-in-email-notifications/?ref=news210901eall" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[The ransomware recovery process takes longer than you think]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=15763</link>
			<pubDate>Tue, 03 Aug 2021 06:33:27 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=15763</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/06/Blog.png.webp" loading="lazy"  alt="[Image: Blog.png.webp]" class="mycode_img" /></div>
<br />
Ransomware recovery time frames vary wildly. In the very best circumstances, where the infection is contained, disaster recovery plans have been religiously tested and the decryptor runs without a hiccup, some companies can get their systems up and running within a couple of days.<br />
<br />
But that’s rare. On average, organizations that have been impacted by ransomware face 21 days of downtime<a href="https://blog.emsisoft.com/en/38786/the-ransomware-recovery-process-takes-longer-than-you-think/?ref=news210802enall#coveware" target="_blank" rel="noopener" class="mycode_url">[sup]1[/sup]</a>. In some instances, the recovery process can drag on for months.<br />
<br />
Companies routinely underestimate the time involved with resolving a ransomware incident. While it’s easy to fall into the trap of thinking that recovery simply involves restoring the system from backups or, less desirably, paying the attacker for decryption, the truth is that there are a lot of variables that can prolong the recovery process.<br />
<br />
In this blog post, we discuss why it almost always takes longer than expected for businesses to recover from a ransomware attack.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">1. Lack of documentation</span><br />
<br />
Lack of documentation is often a major cause of time loss during recovery. Many organizations work with antiquated systems or services for which the documentation is outdated, inaccurate or simply non-existent.<br />
<br />
Without effective documentation, IT personnel are forced to improvise response procedures during what is sure to be a confusing and uncertain time, which will almost certainly result in errors and inefficiencies. Infections may be improperly contained, data may be compromised unnecessarily and compliance requirements may be overlooked. Depending on the maturity of the company’s IT team, this may be the first time personnel have been exposed to a large-scale cybersecurity incident.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">2. Inadequate testing</span><br />
<br />
Developing a clearly defined incident response plan is an essential part of any <a href="https://blog.emsisoft.com/en/36921/8-critical-steps-to-take-after-a-ransomware-attack-ransomware-response-guide-for-businesses/" target="_blank" rel="noopener" class="mycode_url">ransomware recovery plan</a>. But it’s not enough to simply have a documented plan. Recovery strategies also need to be tested regularly to ensure that staff understand current security procedures and know exactly what to do and who to report to in the event of an incident.<br />
<br />
For example, simulating a ransomware event via tabletop exercises can be a valuable way to gauge a company’s ransomware readiness and reveal holes in the recovery plan that can be strengthened accordingly. More than half (57 percent) of companies have not tested their disaster recovery plan within the past two months, according to a <a href="https://www.veritas.com/content/dam/Veritas/docs/ebook/V1117_GA_EB_2020-ransomware-resiliency-report_EN.pdf" target="_blank" rel="noopener" class="mycode_url">Veritas report</a>.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">3. Forensic investigation process</span><br />
<br />
Before systems can be restored, the impacted company must undertake a comprehensive investigation in order to understand the extent of the attack and how the system was compromised.<br />
<br />
Because the <a href="https://blog.emsisoft.com/en/36786/how-ransomware-attackers-evade-your-organizations-security-solutions/" target="_blank" rel="noopener" class="mycode_url">attack chain may have started weeks or even months ago</a>, conducting a thorough analysis can be extremely time-consuming and may require the assistance of external digital forensic specialists, which can further draw out the recovery process.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">4. Poor decryptor performance</span><br />
<br />
Recovery can also be hindered by poor decryptor performance. Companies should be mindful that attacker-provided decryptors often do not work as advertised and, consequently, the total recovery time may be substantially longer than expected. In some instances, the decryptor may contain bugs that irrecoverably corrupt data during the decryption process.<br />
<br />
Organizations that <a href="https://blog.emsisoft.com/en/33686/to-pay-or-not-to-pay-ransomware-a-cost-benefit-analysis-of-paying-the-ransom/" target="_blank" rel="noopener" class="mycode_url">decide to pay for a decryptor</a> should consider utilizing <a href="https://www.emsisoft.com/en/ransomware-recovery-services/" target="_blank" rel="noopener" class="mycode_url">Emsisoft’s ransomware recovery service</a>. We can reverse engineer attacker-supplied decryptors to ensure they are safe and/or create a custom decryptor that provides faster and safer data recovery.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">5. Communication</span><br />
<br />
While recovery is largely a technical undertaking, it also requires a lot of communication with internal staff as well as external service providers that may be brought on to assist with the incident:<ul class="mycode_list"><li><span style="font-weight: bold;" class="mycode_b">Legal</span>: Companies will likely need to consult their legal team for advice regarding reporting obligations, mitigating litigation and the legality of paying the ransom.<br />
</li>
<li><span style="font-weight: bold;" class="mycode_b">Insurance</span>: There will be an ongoing dialogue with the company’s insurance provider throughout the recovery period. Coverage, expected downtime, recovery costs, deductibles and more will be discussed at length.<br />
</li>
<li><span style="font-weight: bold;" class="mycode_b">Customers</span>: The impacted company may wish to disclose the incident to customers. Effective communication is essential for both transparency and minimizing reputational damage. A crisis communications specialist should be used if the company’s internal communications team is not experienced with serious cybersecurity events.<br />
</li>
<li><span style="font-weight: bold;" class="mycode_b">Attackers</span>: Depending on their circumstances, some companies may choose to communicate with attackers in order to obtain a decryptor and/or negotiate the ransomware amount. There are organizations that can conduct negotiations on behalf of the victim.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">6. Rebuilding and strengthening the system</span><br />
<br />
Technically speaking, recovery is complete once the impacted systems have been restored and the organization is back up and operational.<br />
<br />
However, “operational” isn’t the same as “secure”. To prevent similar events from occurring again in the future, companies will need to invest significant time in strengthening their security processes, resolving vulnerabilities and improving response procedures, based on the findings of the forensic analysis.<br />
<br />
Investing in a proven antivirus solution like <a href="https://www.emsisoft.com/en/business/businessecurity/" target="_blank" rel="noopener" class="mycode_url">Emsisoft Business Security</a> can help organizations reliably detect and stop ransomware threats before encryption can take place<br />
<br />
<a href="https://www.coveware.com/blog/ransomware-marketplace-report-q4-2020" target="_blank" rel="noopener" class="mycode_url">[sup]1 [/sup]Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands</a><br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38786/the-ransomware-recovery-process-takes-longer-than-you-think/?ref=news210802enall" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/06/Blog.png.webp" loading="lazy"  alt="[Image: Blog.png.webp]" class="mycode_img" /></div>
<br />
Ransomware recovery time frames vary wildly. In the very best circumstances, where the infection is contained, disaster recovery plans have been religiously tested and the decryptor runs without a hiccup, some companies can get their systems up and running within a couple of days.<br />
<br />
But that’s rare. On average, organizations that have been impacted by ransomware face 21 days of downtime<a href="https://blog.emsisoft.com/en/38786/the-ransomware-recovery-process-takes-longer-than-you-think/?ref=news210802enall#coveware" target="_blank" rel="noopener" class="mycode_url">[sup]1[/sup]</a>. In some instances, the recovery process can drag on for months.<br />
<br />
Companies routinely underestimate the time involved with resolving a ransomware incident. While it’s easy to fall into the trap of thinking that recovery simply involves restoring the system from backups or, less desirably, paying the attacker for decryption, the truth is that there are a lot of variables that can prolong the recovery process.<br />
<br />
In this blog post, we discuss why it almost always takes longer than expected for businesses to recover from a ransomware attack.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">1. Lack of documentation</span><br />
<br />
Lack of documentation is often a major cause of time loss during recovery. Many organizations work with antiquated systems or services for which the documentation is outdated, inaccurate or simply non-existent.<br />
<br />
Without effective documentation, IT personnel are forced to improvise response procedures during what is sure to be a confusing and uncertain time, which will almost certainly result in errors and inefficiencies. Infections may be improperly contained, data may be compromised unnecessarily and compliance requirements may be overlooked. Depending on the maturity of the company’s IT team, this may be the first time personnel have been exposed to a large-scale cybersecurity incident.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">2. Inadequate testing</span><br />
<br />
Developing a clearly defined incident response plan is an essential part of any <a href="https://blog.emsisoft.com/en/36921/8-critical-steps-to-take-after-a-ransomware-attack-ransomware-response-guide-for-businesses/" target="_blank" rel="noopener" class="mycode_url">ransomware recovery plan</a>. But it’s not enough to simply have a documented plan. Recovery strategies also need to be tested regularly to ensure that staff understand current security procedures and know exactly what to do and who to report to in the event of an incident.<br />
<br />
For example, simulating a ransomware event via tabletop exercises can be a valuable way to gauge a company’s ransomware readiness and reveal holes in the recovery plan that can be strengthened accordingly. More than half (57 percent) of companies have not tested their disaster recovery plan within the past two months, according to a <a href="https://www.veritas.com/content/dam/Veritas/docs/ebook/V1117_GA_EB_2020-ransomware-resiliency-report_EN.pdf" target="_blank" rel="noopener" class="mycode_url">Veritas report</a>.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">3. Forensic investigation process</span><br />
<br />
Before systems can be restored, the impacted company must undertake a comprehensive investigation in order to understand the extent of the attack and how the system was compromised.<br />
<br />
Because the <a href="https://blog.emsisoft.com/en/36786/how-ransomware-attackers-evade-your-organizations-security-solutions/" target="_blank" rel="noopener" class="mycode_url">attack chain may have started weeks or even months ago</a>, conducting a thorough analysis can be extremely time-consuming and may require the assistance of external digital forensic specialists, which can further draw out the recovery process.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">4. Poor decryptor performance</span><br />
<br />
Recovery can also be hindered by poor decryptor performance. Companies should be mindful that attacker-provided decryptors often do not work as advertised and, consequently, the total recovery time may be substantially longer than expected. In some instances, the decryptor may contain bugs that irrecoverably corrupt data during the decryption process.<br />
<br />
Organizations that <a href="https://blog.emsisoft.com/en/33686/to-pay-or-not-to-pay-ransomware-a-cost-benefit-analysis-of-paying-the-ransom/" target="_blank" rel="noopener" class="mycode_url">decide to pay for a decryptor</a> should consider utilizing <a href="https://www.emsisoft.com/en/ransomware-recovery-services/" target="_blank" rel="noopener" class="mycode_url">Emsisoft’s ransomware recovery service</a>. We can reverse engineer attacker-supplied decryptors to ensure they are safe and/or create a custom decryptor that provides faster and safer data recovery.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">5. Communication</span><br />
<br />
While recovery is largely a technical undertaking, it also requires a lot of communication with internal staff as well as external service providers that may be brought on to assist with the incident:<ul class="mycode_list"><li><span style="font-weight: bold;" class="mycode_b">Legal</span>: Companies will likely need to consult their legal team for advice regarding reporting obligations, mitigating litigation and the legality of paying the ransom.<br />
</li>
<li><span style="font-weight: bold;" class="mycode_b">Insurance</span>: There will be an ongoing dialogue with the company’s insurance provider throughout the recovery period. Coverage, expected downtime, recovery costs, deductibles and more will be discussed at length.<br />
</li>
<li><span style="font-weight: bold;" class="mycode_b">Customers</span>: The impacted company may wish to disclose the incident to customers. Effective communication is essential for both transparency and minimizing reputational damage. A crisis communications specialist should be used if the company’s internal communications team is not experienced with serious cybersecurity events.<br />
</li>
<li><span style="font-weight: bold;" class="mycode_b">Attackers</span>: Depending on their circumstances, some companies may choose to communicate with attackers in order to obtain a decryptor and/or negotiate the ransomware amount. There are organizations that can conduct negotiations on behalf of the victim.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">6. Rebuilding and strengthening the system</span><br />
<br />
Technically speaking, recovery is complete once the impacted systems have been restored and the organization is back up and operational.<br />
<br />
However, “operational” isn’t the same as “secure”. To prevent similar events from occurring again in the future, companies will need to invest significant time in strengthening their security processes, resolving vulnerabilities and improving response procedures, based on the findings of the forensic analysis.<br />
<br />
Investing in a proven antivirus solution like <a href="https://www.emsisoft.com/en/business/businessecurity/" target="_blank" rel="noopener" class="mycode_url">Emsisoft Business Security</a> can help organizations reliably detect and stop ransomware threats before encryption can take place<br />
<br />
<a href="https://www.coveware.com/blog/ransomware-marketplace-report-q4-2020" target="_blank" rel="noopener" class="mycode_url">[sup]1 [/sup]Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands</a><br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38786/the-ransomware-recovery-process-takes-longer-than-you-think/?ref=news210802enall" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[New in 2021.8: Improved threat remediation panel]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=15761</link>
			<pubDate>Tue, 03 Aug 2021 06:25:21 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=15761</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/07/Blog_20218.png.webp" loading="lazy"  alt="[Image: Blog_20218.png.webp]" class="mycode_img" /></div>
<br />
This month we can announce a number of detail improvements that are particularly relevant for environments with larger numbers of devices.<br />
<br />
When analyzing a threat in the new Incidents panel, you will now see if a file has infected multiple devices in your workspace.<br />
<br />
Additionally, the panel now provides more information about how a threat was handled. Allow/block actions performed either by a user or automatically by the protection software.<br />
<br />
<span style="font-size: medium;" class="mycode_size"><span style="font-weight: bold;" class="mycode_b">All 2021.8 improvements in a nutshell</span></span><br />
<br />
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/software/antimalware/" target="_blank" rel="noopener" class="mycode_url">Device protection</a> (desktop)</span><ul class="mycode_list"><li>Improved support for notifications on Windows Terminal Servers.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/business/managementconsole/" target="_blank" rel="noopener" class="mycode_url">Management console</a> (web app)</span><ul class="mycode_list"><li>New: Locate and search specific threats on multiple devices in a workspace.<br />
</li>
<li>New: Detailed remediation status information available on threat details page.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">How to obtain the new version</span><br />
<br />
As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default.<br />
<br />
<span style="font-style: italic;" class="mycode_i">Note to Enterprise users:</span> If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.<br />
<br />
Have a great and well-protected day!<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38946/new-in-2021-8-improved-threat-remediation-panel/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/07/Blog_20218.png.webp" loading="lazy"  alt="[Image: Blog_20218.png.webp]" class="mycode_img" /></div>
<br />
This month we can announce a number of detail improvements that are particularly relevant for environments with larger numbers of devices.<br />
<br />
When analyzing a threat in the new Incidents panel, you will now see if a file has infected multiple devices in your workspace.<br />
<br />
Additionally, the panel now provides more information about how a threat was handled. Allow/block actions performed either by a user or automatically by the protection software.<br />
<br />
<span style="font-size: medium;" class="mycode_size"><span style="font-weight: bold;" class="mycode_b">All 2021.8 improvements in a nutshell</span></span><br />
<br />
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/software/antimalware/" target="_blank" rel="noopener" class="mycode_url">Device protection</a> (desktop)</span><ul class="mycode_list"><li>Improved support for notifications on Windows Terminal Servers.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/business/managementconsole/" target="_blank" rel="noopener" class="mycode_url">Management console</a> (web app)</span><ul class="mycode_list"><li>New: Locate and search specific threats on multiple devices in a workspace.<br />
</li>
<li>New: Detailed remediation status information available on threat details page.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">How to obtain the new version</span><br />
<br />
As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default.<br />
<br />
<span style="font-style: italic;" class="mycode_i">Note to Enterprise users:</span> If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.<br />
<br />
Have a great and well-protected day!<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38946/new-in-2021-8-improved-threat-remediation-panel/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[Ransomware Profile: LockBit]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=15698</link>
			<pubDate>Sun, 25 Jul 2021 18:50:23 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=15698</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/07/LOCKBIT.png.webp" loading="lazy"  alt="[Image: LOCKBIT.png.webp]" class="mycode_img" /></div>
<br />
LockBit is a strain of ransomware that blocks users from accessing infected systems until the requested ransom payment has been made. It has been highly active since it emerged in September 2019 and has impacted thousands of organizations around the world. Many of LockBit’s attack functions are automated, making it one of the most efficient ransomware variants on the market.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">What is LockBit?</span><br />
<br />
LockBit is a ransomware variant that encrypts files using AES encryption and demands a large ransom (typically high five-figures) for their decryption. Whereas most modern strains of ransomware are manually operated, LockBit’s processes are largely automated, which allows the ransomware to propagate and infect other hosts with minimal human oversight after the initial point of compromise.<br />
<br />
LockBit operates under the ransomware-as-a-service (Raas) business model, whereby ransomware developers lease their ransomware to affiliates who receive a portion of ransom payments in exchange for dropping the malware onto victims’ networks.<br />
<br />
Double extortion, in which threat actors use stolen data to pressure victims into paying the ransom, has become standard procedure among most ransomware groups and LockBit is no exception. LockBit claims to offer the fastest data exfiltration on the market through StealBit, a data theft tool that can allegedly download 100 GB of data from compromised systems in under 20 minutes.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">The history of LockBit</span><br />
<br />
LockBit was first observed in September 2019. It was originally known as ABCD ransomware due to the .abcd file extension that older versions of the ransomware would append to encrypted files. In later versions, the file extension was changed to .LockBit.<br />
<br />
In May 2020, LockBit began working with Maze in what some referred to as a “ransomware cartel”. It is believed that the two groups shared tactics and resources, with LockBit using Maze’s leak site to publish stolen files. LockBit went on to launch its own leak site in September 2020.<br />
<br />
In August 2020, INTERPOL warned of a spike in LockBit attacks on medium-sized companies in the Americas as part of its <a href="https://www.interpol.int/content/download/15526/file/COVID-19%20Cybercrime%20Analysis%20Report-%20August%202020.pdf" target="_blank" rel="noopener" class="mycode_url">Cybercrime: Covid-19 Impact report</a> (Note: link starts PDF download).<br />
<br />
In June 2021, LockBit launched LockBit 2.0 along with an advertising campaign to recruit new affiliates.<br />
<br />
Since LockBit was first discovered, there have been 9,955 submissions to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files. We estimate that only 25 percent of victims make a submission to ID Ransomware, which means there may have been a total of 39,976 LockBit incidents since the ransomware’s inception.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">LockBit ransom note</span><br />
<br />
After the encryption process is complete, LockBit drops a ransom note called “Restore-My-Files.txt” in all infected directories and changes the desktop wallpaper on the target system. The note contains instructions on how to make payment and warns the victim to avoid using third-party decryption software and recovery services. The ransom note also contains a link to a payment portal where victims can “Chat with support” and access a one-time free decryption to verify that the attackers have a legitimate copy of the decryption key.<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38915/ransomware-profile-lockbit/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/07/LOCKBIT.png.webp" loading="lazy"  alt="[Image: LOCKBIT.png.webp]" class="mycode_img" /></div>
<br />
LockBit is a strain of ransomware that blocks users from accessing infected systems until the requested ransom payment has been made. It has been highly active since it emerged in September 2019 and has impacted thousands of organizations around the world. Many of LockBit’s attack functions are automated, making it one of the most efficient ransomware variants on the market.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">What is LockBit?</span><br />
<br />
LockBit is a ransomware variant that encrypts files using AES encryption and demands a large ransom (typically high five-figures) for their decryption. Whereas most modern strains of ransomware are manually operated, LockBit’s processes are largely automated, which allows the ransomware to propagate and infect other hosts with minimal human oversight after the initial point of compromise.<br />
<br />
LockBit operates under the ransomware-as-a-service (Raas) business model, whereby ransomware developers lease their ransomware to affiliates who receive a portion of ransom payments in exchange for dropping the malware onto victims’ networks.<br />
<br />
Double extortion, in which threat actors use stolen data to pressure victims into paying the ransom, has become standard procedure among most ransomware groups and LockBit is no exception. LockBit claims to offer the fastest data exfiltration on the market through StealBit, a data theft tool that can allegedly download 100 GB of data from compromised systems in under 20 minutes.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">The history of LockBit</span><br />
<br />
LockBit was first observed in September 2019. It was originally known as ABCD ransomware due to the .abcd file extension that older versions of the ransomware would append to encrypted files. In later versions, the file extension was changed to .LockBit.<br />
<br />
In May 2020, LockBit began working with Maze in what some referred to as a “ransomware cartel”. It is believed that the two groups shared tactics and resources, with LockBit using Maze’s leak site to publish stolen files. LockBit went on to launch its own leak site in September 2020.<br />
<br />
In August 2020, INTERPOL warned of a spike in LockBit attacks on medium-sized companies in the Americas as part of its <a href="https://www.interpol.int/content/download/15526/file/COVID-19%20Cybercrime%20Analysis%20Report-%20August%202020.pdf" target="_blank" rel="noopener" class="mycode_url">Cybercrime: Covid-19 Impact report</a> (Note: link starts PDF download).<br />
<br />
In June 2021, LockBit launched LockBit 2.0 along with an advertising campaign to recruit new affiliates.<br />
<br />
Since LockBit was first discovered, there have been 9,955 submissions to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files. We estimate that only 25 percent of victims make a submission to ID Ransomware, which means there may have been a total of 39,976 LockBit incidents since the ransomware’s inception.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">LockBit ransom note</span><br />
<br />
After the encryption process is complete, LockBit drops a ransom note called “Restore-My-Files.txt” in all infected directories and changes the desktop wallpaper on the target system. The note contains instructions on how to make payment and warns the victim to avoid using third-party decryption software and recovery services. The ransom note also contains a link to a payment portal where victims can “Chat with support” and access a one-time free decryption to verify that the attackers have a legitimate copy of the decryption key.<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38915/ransomware-profile-lockbit/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[Ransomware Profile: Mespinoza / PYSA]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=15593</link>
			<pubDate>Tue, 13 Jul 2021 08:44:40 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=15593</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/07/MESPINOZA-PYSA.png.webp" loading="lazy"  alt="[Image: MESPINOZA-PYSA.png.webp]" class="mycode_img" /></div>
<br />
Mespinoza, sometimes referred to as PYSA, is a ransomware variant that primarily targets large organizations with high-value data assets. It is one of the few strains that target both Windows and Linux systems. Due to severe flaws in the Mespinoza decryptor, there is a significant risk of data corruption occurring when using the attacker-provided decryptor.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">What is Mespinoza?</span><br />
<br />
Mespinoza is a strain of ransomware that encrypts files and demands a large ransom for their decryption. Mespinoza is sometimes referred to as PYSA due to the .pysa file extension that new versions of the ransomware append to encrypted files.<br />
<br />
Mespinoza is categorized as ransomware-as-a-service (RaaS), a business model used by ransomware developers in which the ransomware is leased to affiliates who can earn a portion of ransom payments in exchange for infecting systems.<br />
<br />
Like many other ransomware groups, Mespinoza uses data exfiltration as a conversion tactic to pressure victims into paying the ransom. If the victim refuses to pay the ransom, the stolen data may then be published on Mespinoza’s leak site or sold.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Paying attackers does not guarantee safe data recovery</span><br />
<br />
With any attacker-provided decryptor, there is a risk that data may be damaged during the decryption process. With Mespinoza, the risk is particularly pronounced due to the way the decryptor handles block ciphers (an encryption method that operates on blocks of data of a fixed size – in this case, 16 bytes). As a result, files may not open or may contain missing or incorrect data once they have been decrypted.<br />
<br />
It is also important to note that paying the ransom does not guarantee the non-release of exfiltrated data. We have seen confirmed instances of Mespinoza leaking stolen data even after the victim company has paid the ransom. For these reasons, organizations that have been impacted by Mespinoza should be extremely wary of co-operating with attackers.<br />
<br />
Emsisoft’s decryption tool can safely decrypt data encrypted by Mespinoza, provided the victim has obtained the decryption keys. The tool can also identify which data has been corrupted and can no longer be trusted. Mespinoza’s decryptor does not have the capability to identify damaged data.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">The history of Mespinoza</span><br />
<br />
Mespinoza was first observed in October 2019. It originally appended the .locked extension to encrypted files before shifting to using the .pysa extension in December 2019. The developers of Mespinoza have rewritten the malware several times since its release, including a .NET, C++ and Python version, each with its own quirks that can potentially damage data during decryption.<br />
<br />
Since Mespinoza was first discovered, there have been 531 submissions to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files. We estimate that only 25 percent of victims make a submission to ID Ransomware, which means there may have been a total of 2,124 Mespinoza incidents since the ransomware’s inception. During this time, the group has also published on its leak site the stolen data of at least 104 organizations.<br />
<br />
In March 2020, the French National Agency for the Security of Information Systems issued an <a href="https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-003.pdf" target="_blank" rel="noopener" class="mycode_url">alert</a> warning of a spike of Mespinoza attacks on the networks of local French government authorities.<br />
<br />
In March 2021, the FBI issued a similar <a href="https://www.ic3.gov/Media/News/2021/210316.pdf" target="_blank" rel="noopener" class="mycode_url">alert</a> following a surge of Mespinoza attacks in the education sector. The alert stated that the group had targeted higher education, K-12 schools and seminaries in 12 U.S. states and the United Kingdom.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Mespinoza ransom note</span><br />
<br />
After encrypting data on the compromised system, Mespinoza drops a note called Readme.README.txt in all infected directories. The note contains instructions on how to contact the attackers and threatens that the victim’s data will be leaked or sold in the event of non-payment. The ransomware also adds a reference to the system registry to display the ransom note every time the device is booted.<br />
<br />
Below is a sample Mespinoza ransom note:<br />
 <br />
<blockquote class="mycode_quote"><cite>Quote:</cite>Hi Company,<br />
Every byte on any types of your devices was encrypted.<br />
Don’t try to use backups because it were encrypted too.<br />
 <br />
To get all your data back contact us:<br />
[REDACTED]<br />
[REDACTED]<br />
 <br />
Also, be aware that we downloaded files from your servers and in case of non-payment we will be forced to upload them on our website, and if necessary, we will sell them on the darknet.<br />
Check out our website, we just posted there new updates for our partners: [REDACTED]<br />
 <br />
————–<br />
FAQ:<br />
1.<br />
Q: How can I make sure you don’t fooling me?<br />
A: You can send us 2 files (max 2mb).<br />
 <br />
2.<br />
Q: What to do to get all data back?<br />
A: Don’t restart the computer, don’t move files and write us.<br />
 <br />
3.<br />
Q: What to tell my boss?<br />
A: Protect Your System Amigo.</blockquote>
<br />
<span style="font-weight: bold;" class="mycode_b">Who does Mespinoza target?</span><br />
<br />
Mespinoza is big-game ransomware that primarily targets large organizations that are especially sensitive to data loss and/or system downtime. This includes organizations in the healthcare, government and education sectors, as well as private businesses across multiple verticals. Mespinoza is one of a handful of ransomware groups that attacks both Windows and Linux systems.<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38840/ransomware-profile-mespinoza-pysa/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/07/MESPINOZA-PYSA.png.webp" loading="lazy"  alt="[Image: MESPINOZA-PYSA.png.webp]" class="mycode_img" /></div>
<br />
Mespinoza, sometimes referred to as PYSA, is a ransomware variant that primarily targets large organizations with high-value data assets. It is one of the few strains that target both Windows and Linux systems. Due to severe flaws in the Mespinoza decryptor, there is a significant risk of data corruption occurring when using the attacker-provided decryptor.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">What is Mespinoza?</span><br />
<br />
Mespinoza is a strain of ransomware that encrypts files and demands a large ransom for their decryption. Mespinoza is sometimes referred to as PYSA due to the .pysa file extension that new versions of the ransomware append to encrypted files.<br />
<br />
Mespinoza is categorized as ransomware-as-a-service (RaaS), a business model used by ransomware developers in which the ransomware is leased to affiliates who can earn a portion of ransom payments in exchange for infecting systems.<br />
<br />
Like many other ransomware groups, Mespinoza uses data exfiltration as a conversion tactic to pressure victims into paying the ransom. If the victim refuses to pay the ransom, the stolen data may then be published on Mespinoza’s leak site or sold.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Paying attackers does not guarantee safe data recovery</span><br />
<br />
With any attacker-provided decryptor, there is a risk that data may be damaged during the decryption process. With Mespinoza, the risk is particularly pronounced due to the way the decryptor handles block ciphers (an encryption method that operates on blocks of data of a fixed size – in this case, 16 bytes). As a result, files may not open or may contain missing or incorrect data once they have been decrypted.<br />
<br />
It is also important to note that paying the ransom does not guarantee the non-release of exfiltrated data. We have seen confirmed instances of Mespinoza leaking stolen data even after the victim company has paid the ransom. For these reasons, organizations that have been impacted by Mespinoza should be extremely wary of co-operating with attackers.<br />
<br />
Emsisoft’s decryption tool can safely decrypt data encrypted by Mespinoza, provided the victim has obtained the decryption keys. The tool can also identify which data has been corrupted and can no longer be trusted. Mespinoza’s decryptor does not have the capability to identify damaged data.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">The history of Mespinoza</span><br />
<br />
Mespinoza was first observed in October 2019. It originally appended the .locked extension to encrypted files before shifting to using the .pysa extension in December 2019. The developers of Mespinoza have rewritten the malware several times since its release, including a .NET, C++ and Python version, each with its own quirks that can potentially damage data during decryption.<br />
<br />
Since Mespinoza was first discovered, there have been 531 submissions to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files. We estimate that only 25 percent of victims make a submission to ID Ransomware, which means there may have been a total of 2,124 Mespinoza incidents since the ransomware’s inception. During this time, the group has also published on its leak site the stolen data of at least 104 organizations.<br />
<br />
In March 2020, the French National Agency for the Security of Information Systems issued an <a href="https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-003.pdf" target="_blank" rel="noopener" class="mycode_url">alert</a> warning of a spike of Mespinoza attacks on the networks of local French government authorities.<br />
<br />
In March 2021, the FBI issued a similar <a href="https://www.ic3.gov/Media/News/2021/210316.pdf" target="_blank" rel="noopener" class="mycode_url">alert</a> following a surge of Mespinoza attacks in the education sector. The alert stated that the group had targeted higher education, K-12 schools and seminaries in 12 U.S. states and the United Kingdom.<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Mespinoza ransom note</span><br />
<br />
After encrypting data on the compromised system, Mespinoza drops a note called Readme.README.txt in all infected directories. The note contains instructions on how to contact the attackers and threatens that the victim’s data will be leaked or sold in the event of non-payment. The ransomware also adds a reference to the system registry to display the ransom note every time the device is booted.<br />
<br />
Below is a sample Mespinoza ransom note:<br />
 <br />
<blockquote class="mycode_quote"><cite>Quote:</cite>Hi Company,<br />
Every byte on any types of your devices was encrypted.<br />
Don’t try to use backups because it were encrypted too.<br />
 <br />
To get all your data back contact us:<br />
[REDACTED]<br />
[REDACTED]<br />
 <br />
Also, be aware that we downloaded files from your servers and in case of non-payment we will be forced to upload them on our website, and if necessary, we will sell them on the darknet.<br />
Check out our website, we just posted there new updates for our partners: [REDACTED]<br />
 <br />
————–<br />
FAQ:<br />
1.<br />
Q: How can I make sure you don’t fooling me?<br />
A: You can send us 2 files (max 2mb).<br />
 <br />
2.<br />
Q: What to do to get all data back?<br />
A: Don’t restart the computer, don’t move files and write us.<br />
 <br />
3.<br />
Q: What to tell my boss?<br />
A: Protect Your System Amigo.</blockquote>
<br />
<span style="font-weight: bold;" class="mycode_b">Who does Mespinoza target?</span><br />
<br />
Mespinoza is big-game ransomware that primarily targets large organizations that are especially sensitive to data loss and/or system downtime. This includes organizations in the healthcare, government and education sectors, as well as private businesses across multiple verticals. Mespinoza is one of a handful of ransomware groups that attacks both Windows and Linux systems.<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38840/ransomware-profile-mespinoza-pysa/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[Ransomware statistics for 2021: Q2 report]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=15536</link>
			<pubDate>Wed, 07 Jul 2021 06:58:23 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=15536</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2020/05/Report_-Ransomware-statistics-for-Q1-2020.png.webp" loading="lazy"  alt="[Image: Report_-Ransomware-statistics-for-Q1-2020.png.webp]" class="mycode_img" /></div>
<br />
The second quarter of 2021 marked the biggest ransomware attack on U.S. infrastructure to date. On May 7, The Colonial Pipeline Company, which operates the largest pipeline system for refined oil products in the United States, was infected with DarkSide ransomware. The attack resulted in a six-day shutdown that was only resolved when Colonial Pipeline paid the &#36;4.4 million ransom – a decision that CEO Joseph Blount described as “the right thing to do for our country.”<br />
<br />
The attack was, perhaps, a little too successful. The incident caused widespread disruption to the fuel supply chain, resulting in gas prices hitting a six-year high and drawing significant attention from the White House. Following pressure from U.S. authorities and the alleged seizure of their public-facing servers, DarkSide had little choice but to shut down operations.<br />
<br />
The incident caused ripples elsewhere in the ransomware market. To avoid attracting unwanted attention, some cybercrime forums began removing all references to ransomware, while ransomware groups like Avaddon and Sodinokibi announced that they would begin imposing restrictions on which targets their affiliates would be permitted to attack.<br />
<br />
DarkSide wasn’t the only group to retire in Q2. Avaddon followed suit in June, announcing its retirement and releasing free keys for all of its victims, enabling us to release a <a href="https://www.emsisoft.com/ransomware-decryption-tools/avaddon" target="_blank" rel="noopener" class="mycode_url">decryptor</a> which past victims can use to recover their encrypted data.<br />
<br />
In Q2, we saw a number of cases of threat actors <a href="https://blog.emsisoft.com/en/38554/psa-threat-actors-now-double-encrypting-data-with-multiple-ransomware-strains/" target="_blank" rel="noopener" class="mycode_url">encrypting data with multiple strains of ransomware</a> in a single attack. Double encryption makes recovery – an already challenging process – even more complex and puts further pressure on victims to comply with attackers’ demands. Whether these cases were isolated incidents or the start of a new trend remains to be seen.<br />
<br />
The following statistics are based on data from 137,537 submissions to Emsisoft and ID Ransomware between April 1 and June 30, 2021. Created by Emsisoft Security Researcher Michael Gillespie, <a href="https://id-ransomware.malwarehunterteam.com/?utm_source=Emsisoft" target="_blank" rel="noopener" class="mycode_url">ID Ransomware</a> is a website that allows users to identify which ransomware strain has encrypted their files by uploading the ransom note, a sample encrypted file and/or the attacker’s contact information. It also directs the user to a decryption tool, should one be available.<br />
<br />
<span style="font-style: italic;" class="mycode_i"><span style="font-weight: bold;" class="mycode_b">Note:</span> We estimate that only 25% of victims make a submission to Emsisoft or ID Ransomware, so the real number of incidents is probably significantly higher.</span><br />
<br />
<span style="font-weight: bold;" class="mycode_b">Most commonly reported ransomware strains of Q2 2021</span><br />
<br />
The following chart shows the 10 most commonly reported strains of Q2, which collectively made up 88.40% of all submissions this quarter. A ransomware family known as STOP/Djvu was by far the most common strain, accounting for 71.20% of all submissions.<br />
<ol type="1" class="mycode_list"><li>STOP (Djvu): 71.20%<br />
</li>
<li>Phobos: 3.50%<br />
</li>
<li>REvil / Sodinokibi: 2.40%<br />
</li>
<li>QLocker: 2.30%<br />
</li>
<li>Makop: 2.20%<br />
</li>
<li>Dharma (.cezar): 2.00%<br />
</li>
<li>Magniber: 1.60%<br />
</li>
<li>eCh0raix / QNAPCrypt: 1.40%<br />
</li>
<li>LockBit: 0.90%<br />
</li>
<li>GlobeImposter 2.0: 0.90%<br />
</li>
</ol>
<span style="font-weight: bold;" class="mycode_b">Most commonly reported ransomware strains of Q2 2021 (STOP excluded)</span><br />
<br />
The following chart shows the 10 most commonly reported strains of Q2 with STOP submissions excluded.<br />
<ol type="1" class="mycode_list"><li>Phobos: 12.10%<br />
</li>
<li>REvil / Sodinokibi: 8.20%<br />
</li>
<li>QLocker: 7.80%<br />
</li>
<li>Makop: 7.60%<br />
</li>
<li>Dharma (.cezar): 6.90%<br />
</li>
<li>Magniber: 5.50%<br />
</li>
<li>eCh0raix / QNAPCrypt: 4.70%<br />
</li>
<li>LockBit: 3.00%<br />
</li>
<li>GlobeImposter 2.0: 3.00%<br />
</li>
<li>Zeppelin: 2.40%<br />
</li>
</ol>
<span style="font-weight: bold;" class="mycode_b">Most ransomware submissions by country</span><br />
<br />
The following chart shows the 10 countries that accounted for the most ransomware submissions, with STOP submissions included. These 10 countries made up 58.10% of all global submissions this quarter.<br />
<ol type="1" class="mycode_list"><li>India: 21.30%<br />
</li>
<li>Indonesia: 10.00%<br />
</li>
<li>South Korea: 5.50%<br />
</li>
<li>Egypt: 4.10%<br />
</li>
<li>Brazil: 3.90%<br />
</li>
<li>Pakistan: 3.80%<br />
</li>
<li>United States: 3.40%<br />
</li>
<li>Germany: 2.50%<br />
</li>
<li>Philippines: 1.90%<br />
</li>
<li>Italy: 1.70%<br />
</li>
</ol>
<span style="font-weight: bold;" class="mycode_b">Discussion</span><br />
<br />
We saw a significant increase in ID Ransomware submission numbers this quarter, with submissions rising from 96,023 in Q1 to 137,537 in Q2 – an increase of 43.23%.<br />
<br />
STOP/Djvu remained the most commonly submitted ransomware family in Q2, accounting for 71.2% of all submissions, up from 51.4% in Q1. STOP is a prolific strain of ransomware that primarily impacts home users and is typically distributed via cracked software, key generators and activators.<br />
<br />
This quarter, well-known vulnerabilities in QNAP devices resulted in a sharp rise in QNAP-targeted ransomware. The most active was Qlocker, a new ransomware variant that targets owners of QNAP NAS devices and demands a relatively small ransom of &#36;500. Despite its short lifespan – Qlocker emerged in April and shut down its operation just a few weeks later after <a href="https://www.bleepingcomputer.com/news/security/qlocker-ransomware-shuts-down-after-extorting-hundreds-of-qnap-users/" target="_blank" rel="noopener" class="mycode_url">generating around &#36;350,000</a> – Qlocker was the fourth most commonly submitted strain this quarter and accounted for 2.30% of all submissions.<br />
<br />
The threat actors behind eCh0raix, a ransomware gang that was first detected in June 2019, also launched a campaign aimed at QNAP storage devices. Dubbed QNAPCrypt, the ransomware was responsible for 1.40% of all submissions this quarter.<br />
<br />
India, which has made the most submissions every quarter since we began these quarterly reports, accounted for 21.3% of all global submissions in Q2, up significantly from 12.5% in Q1. Spain and Turkey, which each accounted for 2.2% of all submissions in Q1, fell out of the top 10 list in Q2, replaced by Germany (2.5%) and the Philippines (1.9%).<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Further reading</span><ul class="mycode_list"><li><a href="https://blog.emsisoft.com/en/38619/ransomware-statistics-for-2021-q1-report/" target="_blank" rel="noopener" class="mycode_url">Ransomware statistics for 2021: Q1 report</a><br />
</li>
<li><a href="https://blog.emsisoft.com/en/37314/the-state-of-ransomware-in-the-us-report-and-statistics-2020/" target="_blank" rel="noopener" class="mycode_url">The State of Ransomware in the US: Report and Statistics 2020</a><br />
</li>
<li><a href="https://blog.emsisoft.com/en/38426/the-cost-of-ransomware-in-2021-a-country-by-country-analysis/" target="_blank" rel="noopener" class="mycode_url">The Cost of Ransomware in 2021: A Country-by-country Analysis</a><br />
</li>
</ul>
...</blockquote>
<a href="https://blog.emsisoft.com/en/38864/ransomware-statistics-for-2021-q2-report/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2020/05/Report_-Ransomware-statistics-for-Q1-2020.png.webp" loading="lazy"  alt="[Image: Report_-Ransomware-statistics-for-Q1-2020.png.webp]" class="mycode_img" /></div>
<br />
The second quarter of 2021 marked the biggest ransomware attack on U.S. infrastructure to date. On May 7, The Colonial Pipeline Company, which operates the largest pipeline system for refined oil products in the United States, was infected with DarkSide ransomware. The attack resulted in a six-day shutdown that was only resolved when Colonial Pipeline paid the &#36;4.4 million ransom – a decision that CEO Joseph Blount described as “the right thing to do for our country.”<br />
<br />
The attack was, perhaps, a little too successful. The incident caused widespread disruption to the fuel supply chain, resulting in gas prices hitting a six-year high and drawing significant attention from the White House. Following pressure from U.S. authorities and the alleged seizure of their public-facing servers, DarkSide had little choice but to shut down operations.<br />
<br />
The incident caused ripples elsewhere in the ransomware market. To avoid attracting unwanted attention, some cybercrime forums began removing all references to ransomware, while ransomware groups like Avaddon and Sodinokibi announced that they would begin imposing restrictions on which targets their affiliates would be permitted to attack.<br />
<br />
DarkSide wasn’t the only group to retire in Q2. Avaddon followed suit in June, announcing its retirement and releasing free keys for all of its victims, enabling us to release a <a href="https://www.emsisoft.com/ransomware-decryption-tools/avaddon" target="_blank" rel="noopener" class="mycode_url">decryptor</a> which past victims can use to recover their encrypted data.<br />
<br />
In Q2, we saw a number of cases of threat actors <a href="https://blog.emsisoft.com/en/38554/psa-threat-actors-now-double-encrypting-data-with-multiple-ransomware-strains/" target="_blank" rel="noopener" class="mycode_url">encrypting data with multiple strains of ransomware</a> in a single attack. Double encryption makes recovery – an already challenging process – even more complex and puts further pressure on victims to comply with attackers’ demands. Whether these cases were isolated incidents or the start of a new trend remains to be seen.<br />
<br />
The following statistics are based on data from 137,537 submissions to Emsisoft and ID Ransomware between April 1 and June 30, 2021. Created by Emsisoft Security Researcher Michael Gillespie, <a href="https://id-ransomware.malwarehunterteam.com/?utm_source=Emsisoft" target="_blank" rel="noopener" class="mycode_url">ID Ransomware</a> is a website that allows users to identify which ransomware strain has encrypted their files by uploading the ransom note, a sample encrypted file and/or the attacker’s contact information. It also directs the user to a decryption tool, should one be available.<br />
<br />
<span style="font-style: italic;" class="mycode_i"><span style="font-weight: bold;" class="mycode_b">Note:</span> We estimate that only 25% of victims make a submission to Emsisoft or ID Ransomware, so the real number of incidents is probably significantly higher.</span><br />
<br />
<span style="font-weight: bold;" class="mycode_b">Most commonly reported ransomware strains of Q2 2021</span><br />
<br />
The following chart shows the 10 most commonly reported strains of Q2, which collectively made up 88.40% of all submissions this quarter. A ransomware family known as STOP/Djvu was by far the most common strain, accounting for 71.20% of all submissions.<br />
<ol type="1" class="mycode_list"><li>STOP (Djvu): 71.20%<br />
</li>
<li>Phobos: 3.50%<br />
</li>
<li>REvil / Sodinokibi: 2.40%<br />
</li>
<li>QLocker: 2.30%<br />
</li>
<li>Makop: 2.20%<br />
</li>
<li>Dharma (.cezar): 2.00%<br />
</li>
<li>Magniber: 1.60%<br />
</li>
<li>eCh0raix / QNAPCrypt: 1.40%<br />
</li>
<li>LockBit: 0.90%<br />
</li>
<li>GlobeImposter 2.0: 0.90%<br />
</li>
</ol>
<span style="font-weight: bold;" class="mycode_b">Most commonly reported ransomware strains of Q2 2021 (STOP excluded)</span><br />
<br />
The following chart shows the 10 most commonly reported strains of Q2 with STOP submissions excluded.<br />
<ol type="1" class="mycode_list"><li>Phobos: 12.10%<br />
</li>
<li>REvil / Sodinokibi: 8.20%<br />
</li>
<li>QLocker: 7.80%<br />
</li>
<li>Makop: 7.60%<br />
</li>
<li>Dharma (.cezar): 6.90%<br />
</li>
<li>Magniber: 5.50%<br />
</li>
<li>eCh0raix / QNAPCrypt: 4.70%<br />
</li>
<li>LockBit: 3.00%<br />
</li>
<li>GlobeImposter 2.0: 3.00%<br />
</li>
<li>Zeppelin: 2.40%<br />
</li>
</ol>
<span style="font-weight: bold;" class="mycode_b">Most ransomware submissions by country</span><br />
<br />
The following chart shows the 10 countries that accounted for the most ransomware submissions, with STOP submissions included. These 10 countries made up 58.10% of all global submissions this quarter.<br />
<ol type="1" class="mycode_list"><li>India: 21.30%<br />
</li>
<li>Indonesia: 10.00%<br />
</li>
<li>South Korea: 5.50%<br />
</li>
<li>Egypt: 4.10%<br />
</li>
<li>Brazil: 3.90%<br />
</li>
<li>Pakistan: 3.80%<br />
</li>
<li>United States: 3.40%<br />
</li>
<li>Germany: 2.50%<br />
</li>
<li>Philippines: 1.90%<br />
</li>
<li>Italy: 1.70%<br />
</li>
</ol>
<span style="font-weight: bold;" class="mycode_b">Discussion</span><br />
<br />
We saw a significant increase in ID Ransomware submission numbers this quarter, with submissions rising from 96,023 in Q1 to 137,537 in Q2 – an increase of 43.23%.<br />
<br />
STOP/Djvu remained the most commonly submitted ransomware family in Q2, accounting for 71.2% of all submissions, up from 51.4% in Q1. STOP is a prolific strain of ransomware that primarily impacts home users and is typically distributed via cracked software, key generators and activators.<br />
<br />
This quarter, well-known vulnerabilities in QNAP devices resulted in a sharp rise in QNAP-targeted ransomware. The most active was Qlocker, a new ransomware variant that targets owners of QNAP NAS devices and demands a relatively small ransom of &#36;500. Despite its short lifespan – Qlocker emerged in April and shut down its operation just a few weeks later after <a href="https://www.bleepingcomputer.com/news/security/qlocker-ransomware-shuts-down-after-extorting-hundreds-of-qnap-users/" target="_blank" rel="noopener" class="mycode_url">generating around &#36;350,000</a> – Qlocker was the fourth most commonly submitted strain this quarter and accounted for 2.30% of all submissions.<br />
<br />
The threat actors behind eCh0raix, a ransomware gang that was first detected in June 2019, also launched a campaign aimed at QNAP storage devices. Dubbed QNAPCrypt, the ransomware was responsible for 1.40% of all submissions this quarter.<br />
<br />
India, which has made the most submissions every quarter since we began these quarterly reports, accounted for 21.3% of all global submissions in Q2, up significantly from 12.5% in Q1. Spain and Turkey, which each accounted for 2.2% of all submissions in Q1, fell out of the top 10 list in Q2, replaced by Germany (2.5%) and the Philippines (1.9%).<br />
<br />
<span style="font-weight: bold;" class="mycode_b">Further reading</span><ul class="mycode_list"><li><a href="https://blog.emsisoft.com/en/38619/ransomware-statistics-for-2021-q1-report/" target="_blank" rel="noopener" class="mycode_url">Ransomware statistics for 2021: Q1 report</a><br />
</li>
<li><a href="https://blog.emsisoft.com/en/37314/the-state-of-ransomware-in-the-us-report-and-statistics-2020/" target="_blank" rel="noopener" class="mycode_url">The State of Ransomware in the US: Report and Statistics 2020</a><br />
</li>
<li><a href="https://blog.emsisoft.com/en/38426/the-cost-of-ransomware-in-2021-a-country-by-country-analysis/" target="_blank" rel="noopener" class="mycode_url">The Cost of Ransomware in 2021: A Country-by-country Analysis</a><br />
</li>
</ul>
...</blockquote>
<a href="https://blog.emsisoft.com/en/38864/ransomware-statistics-for-2021-q2-report/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[New in 2021.7: Improved incidents management]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=15492</link>
			<pubDate>Fri, 02 Jul 2021 06:20:00 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=15492</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/06/Blog_20217.png.webp" loading="lazy"  alt="[Image: Blog_20217.png.webp]" class="mycode_img" /></div>
<br />
With the new malware Incidents panel, you can now investigate deeper into findings. If an alerted program turns out to be safe, simply click the ‘Allow’ or ‘Allow everywhere’ buttons to add it to the exclusions.<ul class="mycode_list"><li>ALLOW adds a protection exclusion for the affected device only.<br />
</li>
<li>ALLOW EVERYWHERE adds a protection exclusion to your entire workspace.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">All 2021.7 improvements in a nutshell</span><br />
<br />
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/software/antimalware/" target="_blank" rel="noopener" class="mycode_url">Device protection</a> (desktop)</span><ul class="mycode_list"><li>Improved startup speed for larger applications and those which start multiple processes (ie. Skype, Office, Slack, etc.).<br />
</li>
<li>Slightly improved user interface.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/business/managementconsole/" target="_blank" rel="noopener" class="mycode_url">Management console</a> (web app)</span><ul class="mycode_list"><li>New filtering functionality in Incidents management panel.<br />
</li>
<li>New options in Incidents details panel to exclude alerted programs from protection on individual devices or across an entire workspace.<br />
</li>
<li>Workflow optimizations when dealing with workspaces.<br />
</li>
<li>Improved user interface.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">How to obtain the new version</span><br />
<br />
As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default.<br />
<br />
<span style="font-style: italic;" class="mycode_i">Note to Enterprise users:</span> If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.<br />
<br />
Have a great and well-protected day!<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38791/new-in-2021-7-improved-incidents-management/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/06/Blog_20217.png.webp" loading="lazy"  alt="[Image: Blog_20217.png.webp]" class="mycode_img" /></div>
<br />
With the new malware Incidents panel, you can now investigate deeper into findings. If an alerted program turns out to be safe, simply click the ‘Allow’ or ‘Allow everywhere’ buttons to add it to the exclusions.<ul class="mycode_list"><li>ALLOW adds a protection exclusion for the affected device only.<br />
</li>
<li>ALLOW EVERYWHERE adds a protection exclusion to your entire workspace.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">All 2021.7 improvements in a nutshell</span><br />
<br />
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/software/antimalware/" target="_blank" rel="noopener" class="mycode_url">Device protection</a> (desktop)</span><ul class="mycode_list"><li>Improved startup speed for larger applications and those which start multiple processes (ie. Skype, Office, Slack, etc.).<br />
</li>
<li>Slightly improved user interface.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b"><a href="https://www.emsisoft.com/en/business/managementconsole/" target="_blank" rel="noopener" class="mycode_url">Management console</a> (web app)</span><ul class="mycode_list"><li>New filtering functionality in Incidents management panel.<br />
</li>
<li>New options in Incidents details panel to exclude alerted programs from protection on individual devices or across an entire workspace.<br />
</li>
<li>Workflow optimizations when dealing with workspaces.<br />
</li>
<li>Improved user interface.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
<span style="font-weight: bold;" class="mycode_b">How to obtain the new version</span><br />
<br />
As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default.<br />
<br />
<span style="font-style: italic;" class="mycode_i">Note to Enterprise users:</span> If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.<br />
<br />
Have a great and well-protected day!<br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38791/new-in-2021-7-improved-incidents-management/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[Emsisoft Anti-Malware 2021.7 beta]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=15442</link>
			<pubDate>Sun, 27 Jun 2021 09:00:49 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=15442</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><span style="font-weight: bold;" class="mycode_b">Emsisoft Anti-Malware 2021.7 beta:</span><br />
<br />
We’ve just released Emsisoft Anti-Malware 2021.7.0.11059 beta. You will have to enable beta updates to get this version.<ul class="mycode_list"><li>Improved startup speed for larger applications and those which start multiple processes (i.e. Skype, Office, Slack, etc.).<br />
</li>
<li>Slightly improved user interface.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
</blockquote>
<a href="https://blog.emsisoft.com/en/38807/emsisoft-anti-malware-2021-7-beta/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><span style="font-weight: bold;" class="mycode_b">Emsisoft Anti-Malware 2021.7 beta:</span><br />
<br />
We’ve just released Emsisoft Anti-Malware 2021.7.0.11059 beta. You will have to enable beta updates to get this version.<ul class="mycode_list"><li>Improved startup speed for larger applications and those which start multiple processes (i.e. Skype, Office, Slack, etc.).<br />
</li>
<li>Slightly improved user interface.<br />
</li>
<li>Several minor tweaks and fixes.<br />
</li>
</ul>
</blockquote>
<a href="https://blog.emsisoft.com/en/38807/emsisoft-anti-malware-2021-7-beta/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
		<item>
			<title><![CDATA[How Louisiana’s MSP regulations could shape the future of the channel]]></title>
			<link>https://www.geeks.fyi/showthread.php?tid=15233</link>
			<pubDate>Fri, 04 Jun 2021 07:22:09 +0000</pubDate>
			<dc:creator><![CDATA[<a href="https://www.geeks.fyi/member.php?action=profile&uid=1322">harlan4096</a>]]></dc:creator>
			<guid isPermaLink="false">https://www.geeks.fyi/showthread.php?tid=15233</guid>
			<description><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/05/avlab-award-march-2021.png" loading="lazy"  alt="[Image: avlab-award-march-2021.png]" class="mycode_img" /></div>
<br />
Louisiana is taking steps toward regulating the channel. Effective 1 February 2021, Senate Bill 273 introduces more regulations for MSPs that service the public sector. Many predict that the legislation – the first of its kind in the U.S. – is a sign of things to come, and that similar regulations could be rolled out in other states in the years ahead.  <br />
<br />
Read on to learn more about Senate Bill 273 and get a glimpse of what future MSP regulation could look like.   <br />
<br />
<span style="font-weight: bold;" class="mycode_b">What is Senate Bill 273?</span><br />
<br />
In June 2019, following a spate of costly ransomware incidents that ravaged the public sector, Louisiana approved new state law that introduces more regulations for MSPs that provide IT infrastructure to public bodies.  <br />
<br />
The bill primarily aims to shift the responsibility of incident disclosure from victims to service providers. It is hoped that the added transparency will enable consumers to make a more informed decision about their choice of MSP which, in turn, will encourage MSPs to elevate their security posture or risk losing business to their better-prepared competitors. <br />
<br />
The bill can be read in its entirety <a href="https://legiscan.com/LA/text/SB273/2020" target="_blank" rel="noopener" class="mycode_url">here</a>. <br />
<br />
<span style="font-weight: bold;" class="mycode_b">How will Senate Bill 273 impact you?</span><br />
<br />
If you’re a Louisiana-based MSP, you must abide by the new laws in order to conduct business with a public body. Under Senate Bill 273, MSPs that provide IT infrastructure to public entities are required to: <ul class="mycode_list"><li>Register with the Secretary of State <br />
</li>
<li>Report cyber incidents within 24 hours and ransomware payments within 10 days <br />
</li>
<li>Provide public access to information, including a record of cyber incidents <br />
</li>
<li>Be in good standing before they can partner with a public body.  <span style="font-size: large;" class="mycode_size"> </span><br />
</li>
</ul>
MSPs that are based elsewhere in the country should keep a close eye on the Louisiana regulations. As MSPs play an increasingly important role in the public sector, it seems likely that similar regulations will be rolled out in other states in the future, possibly at the federal level. It’s also possible that similar models could be applied to other high-risk industries that deal with sensitive data, including the medical, financial and education sectors. <br />
<br />
<span style="font-weight: bold;" class="mycode_b">How to prepare for the coming changes</span><br />
<br />
The prospect of added regulations will likely be met with skepticism from some MSPs. However, it’s important to note that the legislative intent of Senate Bill 273 is not to make it harder (or more expensive) for MSPs to do business with the state, nor is it to make it more difficult for new MSPs to enter the market. There are no licensing or certification requirements; in fact, the bill doesn’t actually do anything to directly address or resolve cybersecurity issues. Instead, the bill simply aims to improve accountability and transparency, which ultimately enables state entities to make better purchasing decisions.  <br />
<br />
While it’s still too early to judge the effectiveness of Senate Bill 273, it seems probable that other states will follow in Louisiana’s footsteps. The best way to prepare for future regulation is to bolster your cybersecurity posture. Service providers must be in good standing to do business with public entities, so it’s critical that MSPs utilize <a href="https://blog.emsisoft.com/en/36117/msp-cybersecurity-best-practices-for-mitigating-targeted-ransomware-attacks/" target="_blank" rel="noopener" class="mycode_url">best practices</a> now to avoid cyber incidents that could preclude them from doing business with the state further down the track.  <br />
<br />
For MSPs that are secure and transparent, regulation should be viewed not as an obstruction, but as an opportunity to demonstrate cyber resilience and perhaps gain a competitive advantage along the way.  <br />
<br />
<span style="font-weight: bold;" class="mycode_b">Conclusion</span><br />
<br />
Louisiana has taken steps towards regulating MSPs with the introduction of Senate Bill 273, which went into effect on 1 February 2021. The bill builds on existing breach notification laws and requires MPS to register with the Secretary of State and be in good standing before entering into business with a public entity.   <br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38605/how-louisianas-msp-regulations-could-shape-the-future-of-the-channel/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></description>
			<content:encoded><![CDATA[<blockquote class="mycode_quote"><cite>Quote:</cite><div style="text-align: center;" class="mycode_align"><img src="https://blog.emsisoft.com/wp-content/uploads/2021/05/avlab-award-march-2021.png" loading="lazy"  alt="[Image: avlab-award-march-2021.png]" class="mycode_img" /></div>
<br />
Louisiana is taking steps toward regulating the channel. Effective 1 February 2021, Senate Bill 273 introduces more regulations for MSPs that service the public sector. Many predict that the legislation – the first of its kind in the U.S. – is a sign of things to come, and that similar regulations could be rolled out in other states in the years ahead.  <br />
<br />
Read on to learn more about Senate Bill 273 and get a glimpse of what future MSP regulation could look like.   <br />
<br />
<span style="font-weight: bold;" class="mycode_b">What is Senate Bill 273?</span><br />
<br />
In June 2019, following a spate of costly ransomware incidents that ravaged the public sector, Louisiana approved new state law that introduces more regulations for MSPs that provide IT infrastructure to public bodies.  <br />
<br />
The bill primarily aims to shift the responsibility of incident disclosure from victims to service providers. It is hoped that the added transparency will enable consumers to make a more informed decision about their choice of MSP which, in turn, will encourage MSPs to elevate their security posture or risk losing business to their better-prepared competitors. <br />
<br />
The bill can be read in its entirety <a href="https://legiscan.com/LA/text/SB273/2020" target="_blank" rel="noopener" class="mycode_url">here</a>. <br />
<br />
<span style="font-weight: bold;" class="mycode_b">How will Senate Bill 273 impact you?</span><br />
<br />
If you’re a Louisiana-based MSP, you must abide by the new laws in order to conduct business with a public body. Under Senate Bill 273, MSPs that provide IT infrastructure to public entities are required to: <ul class="mycode_list"><li>Register with the Secretary of State <br />
</li>
<li>Report cyber incidents within 24 hours and ransomware payments within 10 days <br />
</li>
<li>Provide public access to information, including a record of cyber incidents <br />
</li>
<li>Be in good standing before they can partner with a public body.  <span style="font-size: large;" class="mycode_size"> </span><br />
</li>
</ul>
MSPs that are based elsewhere in the country should keep a close eye on the Louisiana regulations. As MSPs play an increasingly important role in the public sector, it seems likely that similar regulations will be rolled out in other states in the future, possibly at the federal level. It’s also possible that similar models could be applied to other high-risk industries that deal with sensitive data, including the medical, financial and education sectors. <br />
<br />
<span style="font-weight: bold;" class="mycode_b">How to prepare for the coming changes</span><br />
<br />
The prospect of added regulations will likely be met with skepticism from some MSPs. However, it’s important to note that the legislative intent of Senate Bill 273 is not to make it harder (or more expensive) for MSPs to do business with the state, nor is it to make it more difficult for new MSPs to enter the market. There are no licensing or certification requirements; in fact, the bill doesn’t actually do anything to directly address or resolve cybersecurity issues. Instead, the bill simply aims to improve accountability and transparency, which ultimately enables state entities to make better purchasing decisions.  <br />
<br />
While it’s still too early to judge the effectiveness of Senate Bill 273, it seems probable that other states will follow in Louisiana’s footsteps. The best way to prepare for future regulation is to bolster your cybersecurity posture. Service providers must be in good standing to do business with public entities, so it’s critical that MSPs utilize <a href="https://blog.emsisoft.com/en/36117/msp-cybersecurity-best-practices-for-mitigating-targeted-ransomware-attacks/" target="_blank" rel="noopener" class="mycode_url">best practices</a> now to avoid cyber incidents that could preclude them from doing business with the state further down the track.  <br />
<br />
For MSPs that are secure and transparent, regulation should be viewed not as an obstruction, but as an opportunity to demonstrate cyber resilience and perhaps gain a competitive advantage along the way.  <br />
<br />
<span style="font-weight: bold;" class="mycode_b">Conclusion</span><br />
<br />
Louisiana has taken steps towards regulating MSPs with the introduction of Senate Bill 273, which went into effect on 1 February 2021. The bill builds on existing breach notification laws and requires MPS to register with the Secretary of State and be in good standing before entering into business with a public entity.   <br />
...</blockquote>
<a href="https://blog.emsisoft.com/en/38605/how-louisianas-msp-regulations-could-shape-the-future-of-the-channel/" target="_blank" rel="noopener" class="mycode_url">Continue Reading</a>]]></content:encoded>
		</item>
	</channel>
</rss>