Monday, February 15, 2016

A cyber hijacking full of kindness

Who could have said the bad guys were so kind to attend us personally? As it's often said in the movies: "nothing personal, it's just business and I'm a professional". Do you have to pay a rescue for your devices and you don't know how to? The cybercriminal who infected you will guide you. The kindness and the security aren't always related, as we see today with the ransomware and Facebook, while we go to a hospital in the Mecca of Cinema and we'll meet the tenth edition of a veteran project.

The last ransomware is called PadCrypt and it enters in your device thanks to a fake PDF opened by the user with the best intentions. When the user opens the file, and without time to go back, all the files of the computer will be encrypted and it also appears random text and HTML files in every folder with files. But there's more: the infected user will see a popup that reads "live chat",  being  the first time this happens in a malware, because the CrytoWall precedent had a "help" chat but in website mode. To complete the picture, PadCrypr adds an uninstall executable which... of course DOESN'T work.

If the kindness of this bad people is suitable with the cruelty of their computer kidnapping, neither is less worrying than the kindness of some common services like Facebook. Do you remember how was your account creation process? Do you remember if there was some "security question" in case you lose your password? The Spanish researcher Chema Alonso recommend you to try to hack yourself to avoid that this "safe question" could be a open door to someone who want to take on your account.

Where they aren't for kindness nor Facebook accounts, a children game compared to this problem, is in the Hollywood Presbyterian Medical Center, which was attacked a few weeks ago and its control remains today in hands of the cybercriminals. The hospital warned to the police forces and FBI, but by now the robbers felt so safe that they are holding their siege and require a rescue of nothing less than 9.000 bitcoins (a 3,2 millions euros in the actual exchange) to release their hostage.

While some people infect and others solve it, some people like the responsible of this blog try to report what happens in the world of (in)security. One of the veterans of the place is Help Net Security, which along the weekend has been made up pretty to launch the tenth version of its website. Launched on 1998, the new Help Net Securitty has the intention of offering better content, improving the mobile experience, offer a HTTPS version, eliminate the flash content and some other improvements. Welcome and good luck in this new era.

Lots of encouragement for the beginning of the week. And if this can be kind, despite of kindness and security don't go always together

Image: Flickr.


Post a Comment