Tag Archives: Kaspersky

PowerWare Ransomware

AlienVault: PowerWare “Fileless Infection” Deepens Ransomware Conundrum for Healthcare Providers

Michael Mimoso for Threat Post (Kaspersky): Fileless Powerware Ransomware Found On Healthcare Network

Carbon Black flexes its PR muscles and manages not to mention that ‘AV is Dead’ in its analysis: Threat Alert: “PowerWare,” New Ransomware Written in PowerShell, Targets Organizations via Microsoft Word. It does share Indicators of Compromise, but as a graphic rather than as text. However, the Word doc used to spread the malware is detected (according to VirusTotal) by 34 products at the time of writing: 69ee6349739643538dd7eb60e92368f209e12a366f00a7b80000ba02307c9bdf. The ransomware script is also widely detected: https://www.virustotal.com/en/file/02beca974ecc4f871d8d42462ef305ae595fb6906ad764e6e5b6effe5ff05f29/analysis/.

David Harley

Ransomware Advice for Business

Here are a couple of resources for businesses wondering how to set about protecting themselves from ransomware.

Writing for Bitdefender, Graham Cluley offers The Simple Way to Stop your Business from Being Extorted by Ransomware, instead of simply waiting till you get hit and have to cave in to the extortionist’s demands. His top tips will go a long way towards protecting companies, but many of them also apply to individuals. They will, of course, also help protect against other kinds of malware (and frankly, people and companies should routinely be taking precautions like these).

Kaspersky offers a Practical Guide: Could your business survive a cryptor? I can’t comment on how good it is, since it’s accessed via a form that requires contact information I’m not prepared to give in this instance.

David Harley

Status Epsilon-icus*

Ok. That wasn’t the last update.

And very possibly the last update here (the target blog suggests why…): Epsilon Overkill and the Security Ecology

Update 3: Rebecca Herson evaluates some of the advice given by Epsilon customers for coping with the phlurry of phish anticipated post-Epsilon: http://blog.commtouch.com/cafe/email-security-news/advice-after-the-epsilon-breach/

Links and a little extra irony from me: http://chainmailcheck.wordpress.com/2011/04/07/epsilon-epidemic/

Update 2: a discomfiting suggestion that there was a longstanding problem that Epsilon were actually aware of: http://www.itnews.com.au/News/253712,epsilon-breach-used-four-month-old-attack.aspx (hat tip to Kurt Wismer, again)

Update: a few more articles you might find worth reading.

It’s reasonable to assume that the Epsilon fiasco will lead to an epidemic: at any rate, luminaries such as Brian Krebs and Randy Abrams are making that assumption, and publishing some excellent proactive advice accordingly. So rather than go over the same ground, I’ll just cite some of the more useful blog posts around that.

Two highly relevant posts by Brian Krebs:

And two relevant posts by Randy:

A list of companies known to have been affected from ThreatPost: http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511

And a characteristically to-the-point rant by Kurt Wismer on why it wouldn’t be an issue in a sane world: http://anti-virus-rants.blogspot.com/2011/04/why-epsilon-breach-shouldnt-be-issue.html

*Yes, a rather forced pun, I know. http://en.wikipedia.org/wiki/Status_epilepticus 

David Harley CITP FBCS CISSP
AVIEN Dogsbody
ESET Senior Research Fellow