Found a very good article from Bank Info Security, about the latest Malware attempting to break into your bank accounts.
The ZLoader malware uses webinjects to steal credentials, passwords and cookies stores in web browsers, and other sensitive information from customers of banks and financial institutions, according to Proofpoint. The malware then lets hackers connect to the infected system through a virtual network computing client, so they can make fraudulent transactions from the users device.
This kind of nasty backdoors into your banking interfaces is something you should be aware of. As the article outlines this latest campaign uses a Phishing aspect to lure victims. Just don’t click on these things, and for the love of God, do not download Word Documents or PDF documents.
The more insidious part of this is that they are using the COVID-19 Pandemic Relief to leverage more angles to get you to load the malware. If you receive requests for help, do not take them at face value.
In Canada these can be easily hidden in emails claiming to help with:
CERB and how to get it
Small Business Loans for COVID-19 affected small businesses
Black Lives Matter fund raisers, and calls to action
Specifically clean your keyboard (and mouse). Why? Dear God, would you use a knife and fork every day for a year? No? Well your keyboard is just like that, but you handle it MORE! At work? Do people “borrow” your workstation? Holy COW, clean that keyboard weekly!
Best to carry wipes with you if you are going to use communal keyboards and computers. I realize in these days, that might be expensive, hopefully that kind of hoarding will stop soon.
This time, it is our friends in the People’s Republic of China, who seem very interested in Canadian Personal Finance. Luckily I am running Wordfence as the security on my site, but I am also not naive to think that my site is impregnable. Many sites have been hacked in the past while, so I will continue to stay vigilant.
Some could argue that it might be another external actor, simply mascarading as our Chinese friends, either way, keep your sites safe.
I was told that if you use Cloudflare or similar services you can more easily withstand Denial of Service (DOS) attacks as well.
Remember some other important things to remember especially if you are running wordpress:
A very good question these day. I continue to have all my information stolen at various data breeches, including Desjardins, Equifax and recently Capital One. To keep myself safe I follow a simple set of rules to at least impede the had folk out there:
The other way your data ends up out there is by companies selling your data to other companies (for profit and fun). Every time you give out your email address or fill in your “customer profile” you are giving someone a chance to profit from that information. Everyone is selling you, how can you slow this down?
Our friend Preet Banerjee put out a set of useful tweets to figure out who is selling you data:
Gmail ignores anything after a ‘+’ sign in an email address. If your email address is email@example.com, sending email to firstname.lastname@example.org still goes to email@example.com
So if you are required to give an email address, and company XYZ asks for it, give them firstname.lastname@example.org.
If you ever get spam addressed to email@example.com, you know it was XYZ company that gave up / sold your info.
This works because you still get email addressed to firstname.lastname@example.org to your email@example.com.
You can create an unlimited number of email addresses using this technique. So you can replace “+xyz” with “+anycompanynameyouwant” in that email address you provide them.
Actual Personal Data Tweet
I believe I owe Preet a scotch for this one. Remember he is available as an excellent public speaker too!
As the name implies, ransomware works like a kidnapper, unfortunately it is your data being held captive. It is the worst kind of Malware out there.
Once your computer(s) is infected, the attack can do a few things. Your files are encrypted or converted into a different language for which only the hacker has the decryption key. Often, you won’ t even know you’ve been infected until you try to open a file, which is quite distressing.
Another, more damaging version is what happened with the recent attacks, the ransomware locks the user out of their entire system, and holds their data and system captive.
During the attack, computer screens showed a message demanding $600 in bitcoin in exchange for the decryption key that would unlock the user’s data.
Victims had three days to pay before the fee was doubled. The hospitals ended up paying about $20,000. The hackers set up a help line to answer questions about paying the ransom (how kind of them).
This attack relies on something called the Wanna Decryptor, also known as WannaCry or WCRY.
These kinds of attacks are really hard to catch, because hackers are always improving, updating and changing them. The Wanna Decryptor being used is evolving.
How Could This Happen?
Plenty of ways. Hackers can get ransomware (malware) on your system if you download an infected piece of software or a PDF. The nasty folk can also use a phishing email to direct you to an infected website.
In the hospital case, hackers sent a zip file attachment in an email. When victims clicked on it, their computers were infected, but the attack didn’t stop there. The ransomware spread through the hospitals’ and businesses’ computer networks.
“Once you get a foothold in the system, other users will start to run those pieces of software,” explained Clifford Neuman , who directs the University of Southern California’s Center for Computer Systems Security.
How to Stop This?
First, back up your hard drive. You should be keeping frequent backups anyway, in case your computer dies or your disk implodes. If your computer gets hacked, you’ ll be able to retrieve your data without paying any ransom.
If you run a business, back up every computer in your office and have a plan for what to do if your system goes down for a while. Be smart about setting up your network (or hire someone who is smart to design it for you), so that most users don’ t have complete access to the system. It would also be a good idea to have an off-site place where you can store backups, in case of fires and such.
These ideas make it harder for a ransomware attack to infect all of your data. Make sure your users understand about the common kinds of attacks. Education could save your bacon in this case.
Ransomware is a type of malicious software that blocks access to data or threatens to publish it until a ransom is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse.
How does ransomware get on my computer?
Ransomware can appear on your computer via phishing or spam emails containing attachments. These attachments or links in the content are where the ransomware lives. When the attachment is clicked, your computer is at risk of becoming infected with a ransomware. Another way ransomware can infect your computer is through compromised websites. You can unknowingly visit an infected website (malicious or legitimate) and it will download malware to your computer without your knowledge. This is why having good anti-virus tools is so important, but even they cannot stop all of the malware out there.
What happens when ransomware is downloaded to my computer?
If the download succeeds, the ransomware will then have the ability to encrypt files on your computer effectively locking your system. As an added insult, a message may appear on your computer instructing you how to “regain access” to your computer. A ransomware attack message may look like:
“Your computer has been infected with a virus. Click here to resolve the issue.”
“Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a 1 Bitcoin fine.”
“All files on your computer have been encrypted. Unless you pay this ransom within 72 hours to regain access to your data, your files will be removed.”
Please note that paying the “ransom” to get your data back does not guarantee that the files will be decrypted. Even if the data appears to be decrypted after payment is made, it does not mean that malware infection has been removed. There is no honour among thieves, assume your system and all systems on your network are now infected.
How do I remove ransomware off my computer?
There are software tools available (e.g. Norton Power Eraser and Norton Bootable Recovery Tool, Malwarebytes) that can remove many threats. Some of the more sophisticated threats may be much harder to resolve.
If your files are encrypted, there may be a tool available to unencrypt them depending on the version of the ransomware infection. Always check public boards like Reddit to see if there is a solution published for your specific malware.
Always ensure you have clean backups (off line) of your data, so that if you are infected with Ransomware, you can recover without too much hassle.