Monthly Archives: February 2017

Lockdroid’s text-to-speech unlocking

Catalin Cimpanu, for Bleeping Computer, details Lockdroid’s novel use of TTS functions as part of the post-payment unlocking process: Android Ransomware Asks Victims to Speak Unlock Code. Based on a report from Symantec that I haven’t seen yet.

Lockdroid’s current campaigns appear to be focused on China, but that doesn’t mean its innovations won’t be seen elsewhere. Symantec’s Dinesh Venkatesan noted implementation bugs and that it might be possible for a victim to recover the unlock code from the phone.

David Harley

Tech Support Scams in Spain

My colleague Josep Albors came to a surprising conclusion in his Spanish language blog article Fake technical support is the most detected threat in Spain during January. I was so taken with the article that I generated a somewhat free translation with copious extra commentary for WeLiveSecurity: Support scams now reign in Spain.

David Harley

Kaspersky researcher on Russian ransomware ecosystem

Anton Ivanov for Kaspersky: A look into the Russian-speaking ransomware ecosystem.

He says:

One of the findings of our research is that 47 of the 60+ crypto ransomware families we’ve discovered in the last 12 months are related to Russian-speaking groups or individuals.

And:

While analyzing the attack statistics for 2016, we discovered that by the end of the year a regular user was attacked with encryption ransomware on average every 10 seconds, with an organization somewhere in the world hit around every 40 seconds.

Good article.

David Harley

LogicLocker PoC ICS ransomware

An ICS attack – or rather a PoC simulation – from Georgia Institute of Technology, making a big splash at RSA.

David Harley

Jolly Roger scuppers scammers

I’m not very good at engaging with tech support scammers directly on the phone. Back in the heyday of coldcalling scammers, I would try to string them along for a while just to see if they had any new wrinkles and gambits I ought to know about. But to be honest, I tended to get too angry, too quickly, and often blew it by telling them exactly what I thought of them. Or, in one or two cases, by dissolving into uncontrollable laughter at some of their more outrageous claims. But for me, it hasn’t really been about entertainment.

Certainly we’ve learned a lot over the years from people who’ve pretended to let a scammer onto their precious systems, but in reality have simply enticed him onto a disposable virtual machine and simply refreshed the image when they’d had their fun.  My only reservation is that if you let a scammer within a hundred miles of accessing your system remotely, you’d better be sure you know what you’re doing.

There are, of course, people who are at least in part driven by the desire for amusement and to waste a scammer’s time and energy. And while I think this is more a matter of diversion than of having a real impact on the problem, I certainly don’t object in principle to eating into a scammer’s profit margins.

David Bisson describes for Tripwire an interesting way to waste a scammer’s time : One Researcher’s Plan to Broadside Known Windows Tech Support Scammers. He says:

Jolly Roger Telephone Company … specializes in creating bots that blend artificial intelligence and pre-recorded phrases together all for the sake of “talking” with inbound telemarketer scammers. In most cases, the bots waste several minutes of the scammers’ time before the fraudsters catch on and disconnect.

Jolly Roger itself says:

…now there is a way to fight back.  The Jolly Roger Telephone Co. provides a friendly, agreeable, patient robot that talks to these rude telemarketers for you. It is happy to chat, and will typically keep an unwary salesperson engaged for several minutes.

I’m certainly not saying you should use its services, and I’m not even sure I’ll add it to the resources page here. But you might at least get some amusement by wandering around its site for a few minutes. Personally, I’d rather make a few scammers walk the plank.

David Harley

Backup and Ransomware

Ransomware isn’t the only reason to implement a good backup strategy – for home users as well as for businesses – but it’s a pretty good one, and these days you can’t afford a backup strategy that doesn’t take ransomware’s evil little ways into account.

In an article for Graham Cluley’s blog, David Bisson offers some pretty good advice, in a form that practically anyone can understand.

How to create a robust data backup plan (and make sure it works) – The backup basics that every end-user should know!

David Harley