
I know what you're thinking..
Did I read five billion warnings about .doc files, or six?..
Greedy miscreants have created a new strain of ransomware, dubbed Locky. Locky typically spreads by tricking marks into opening a Microsoft Word attachment sent to them by email. Victims are encouraged to enable macros in the document which, in turn, downloads a malicious executable that encrypts files on compromised Windows …
I got a promotion because the head admin was logged into a domain controller for our root domain with his 'Enterprise Admin' account and decided that it was a good time to watch some borderline-illegal porn (Seeing as how the domain controller was one of the few machines not behind the content filters yet had very-high speed connection to the itnernet). We ended up cleaning 75k+ machines because of that...
Why is bitcoin still allowed to exist at all?
All I've seen for the last 2 years is how this BC "bank" lost millions of dollars worth of BC on a hard drive somewhere or this cryptoware is using BC to avoid tracing the money back to them...
Bitcoin sounds like something actually designed by criminals just for this sort of thing (and to slurp electronic money from suckers wallets).
BC should just be declared an illegal currency and any "bank" should have to return BC money to investors and shut down or face counterfeiting laws.
I'm pretty sharp on how this whole InterWeb thing works and I don't really understand why this is an untraceable currency. It's still IP to IP traffic and there should be logs on servers that would give away the account files being accessed at the time a transfer packet comes in, so why can't these bastards be tracked back by following the money.
Maybe since the FBI got hit last month they will take this all the way to the bank and actually find the degenerates behind some of it.
BAN BC now... this is out of hand.
You may titter, but they've stopped scrappys from taking cash for scrap metal to try to halt the stolen copper market in it's tracks, as debit cards leave a paper trail.
Seriously. See 'Cash Trading' here: http://www.recyclemetals.org/about_metal_recycling
Steven R
.... and yet if you know the "right" scrappy...... Considering this affects all scrap - including cars which have Govt. issued Id documents, it seems pretty clear this is less about stolen metal and more about micro managing the money flow in and out of small businesses in a way that will never happen with the big tax avoiders.
Its a known fact the HMRC hates - with a passion - any business that deals mainly in cash.
You don't send bitcoins to an IP Address. You send it to a Wallet. That Wallet in-turn doesn't have an IP address associated with it. Unless you're running Wireshark at the perps end it's untracable. As soon as the perps receive the money its divided into subsidary coins or alternative currencies and put back into BTC.
BTC has nothing to do with this. You need to look at the real issue which is Least Privilege.
.....and users shouldn't be opening unsolicited attachments.
The problem isn't the macros, it's poor user training as much as it is the greed of the malware writers. Stupid is as stupid does.
Steven R
Dept Of Bleeding Obvious.
(sorry, but someone had to point that out, and I'm grumpy tonight)
Our are disabled my default, we still get hit as staff enable them when prompted without thinking.
PICNIC.
If I'm told one more time that I don't do enough staff awareness I'll scream, there's only so much you can do for some people, after that you really need to start going down the disciplinary route.
I will remind the kids ONCE MORE, that if they get odd documents sent to them, they should NEVER open them unless they have consulted me, and I will add that MACROS ARE BAD, and anyone enabling them without my consent shall be ousted from all computers in the house, and will have to hand in their smart phones for at least a week (now that REALLY hurts them).
They have been very good so far, but a reminder is in order.
"Once seeded on a host, the ransomware can spread widely over associated local networks, according to security expert Paul Ducklin."
That's the reason I define every network my devices connect to as "Not trusted" exept in a "need to" basis, and I heavily firewall, protect and -very occassionally- security audit every part of my home network.
This has saved my arse in several occasions, where typically invitee's devices bring with them some hidden present from the outside world.
On the other hand, this is a true PITA!. I'm beginnig to fear that I'm becoming a grumpy gaffer and that soon I won't be able to put up with the load. Perish the thought! :-(
In my humble opinion, if the (quite ignorant) general public isn't gifted or educated enough to understand these issues and they can't protect themselves from electronic eavesdropping, a government duty is PROTECT these subjects and their rights. If the government is just another contestant trying to rip off their subjects, "bad things will happen!"
Been a run on docm emails across my clients so I have currently banned them - specifically the filters are deleting them. I'm not aware of any user that would need a macro enabled document to be emailed to them and given the risks, anyone that has to send one can rename it.
Gotta be brutal to save my clients.
"I'm not aware of any user that would need a macro enabled document to be emailed to them and given the risks, anyone that has to send one can rename it."
Never say never. I've had to do that in the past.
Worst was trying to email an installable to a client - his end didn't like the executable. Tried renaming, then compressed and renamed, all to no avail.
Finally settled on a burnt CD sent via old school snail mail. FFS we have email and can't use it.
I used to have to send .mdb files via e-mail.
Step 1 Rename file to .dbm
Step 2 Zip file with password
Step 3 Send zipped file as attachment
Step 4 Send password in a separate e-mail.
The e-mail server would look at the zip file, see the content was not a forbidden file type but couldn't extract to check because of the password and allow it through. If we forgot the password it would extract and examine the file and strip it out.
The receiver reversed the process...
Clunky but effective.
The same trick worked with .exe and .vbs files.
"Been a run on docm emails across my clients so I have currently banned them - [...]"
Just did an experiment. Created a Word 2010 document and saved as test.docx.
Renamed the file in its directory as test1.rtf. Clicked on it - and Word happily sorted out that it was actually a .docx content.
Presumably a .docm posing as .rtf would also slip through and get executed. That would explain the .rtf that was attached to a spam email this morning.