Monthly Archives: February 2016

CTB Locker ransomware

CTB Locker

[Added to resources page 29th February 2016]

Article by Darren Pauli for The Register: Reinvented ransomware shifts from pwning PC to wrecking websites – ‘CTB Locker’ targets WordPress, offers live chat to help victims pay up.

And an article by David Bisson for Graham Cluley’s blog: Ransomware’s new target? WebsitesExtortionists demand Bitcoin ransom be paid to restore WordPress websites – DDoS (distributed denial of service) extortion and ransomware

David Harley

Ransomware Attacks on Hospitals

Help Net Security’s article Crypto ransomware hits German hospitals, based on this article from DW, also includes links to its story about the attack on the Hollywood Presbyterian Medical Center, and another story about a New Zealand hospital  hit with Locky. [Added later: Commentary by John Leyden for The Register here. And I’ve just caught up with an article from My News LA about an apparent attack on the Los Angeles Department of Health.]

As far as I can make out there is no firm indication of links between all these attacks, or that hospitals are being specifically targeted by specific malware, but the clustering is worrying.  If nothing else, it is clear that hospitals, like any other organization, survive such attacks better if they have suitably-protected backups and other well-administered security precautions in place.

David Harley

Scammers using Dell support data?

If support scammers are using Dell customer data, as seems to be the case, Dell could certainly be more proactive in warning its customers, despite its own concerns about being seen as vulnerable to external or internal data leakage. But at least they’re now trying to gather info on the issue.

See my article here: Support Scammers Targeting Dell Customers with links to related articles by Brian Krebs, Dan Goodin et al.


… not everyone who is [a Dell customer] has the technical grasp that Krebs’s correspondents seem to have. So perhaps it’s time Dell at least made more effort to notify people using its products (and especially its support services) that scammers may have such data, and that possession of such data shouldn’t be taken as some sort of validation of the bona fides of a cold-caller.

 Added to resources page, of course.

David Harley

Ransomware: Understanding Bitcoin

It probably hasn’t escaped your notice that ransomware gangs are fond of Bitcoin, and you may also be aware that some victims who decide to pay up are finding the Bitcoin technology somewhat daunting, to the extent that PadCrypt may be intended to offer advice on paying with Bitcoin by way of a live chat facility (offline at the time of writing). At any rate, Bleeping Computer’s Lawrence Abrams comments:

“A feature like this could potentially increase the amount of payments as the victim can receive “support” and be guided on the confusing process of making a payment.

I’m not familiar enough with Bitcoin at the moment to help much as far as that’s concerned, but I have noticed a number of articles recently that relate to it:

  • Bitcoin and Cryptocurrency Technologies assumes that ‘…you have a basic understanding of computer science — how computers work, data structures and algorithms, and some programming experience. If you’re an undergraduate or graduate student of computer science, a software developer, an entrepreneur, or a technology hobbyist, this textbook is for you.’ However, it is written using a fairly conversational tone, so it’s certainly worth a look if you’re reasonably IT-literate.
  • This primer from Princeton is about 296 pages shorter and more consumer friendly. And here’s Bitcoin’s own FAQ.
  • Richard Chirgwin points out that Bitcoiners are just like everybody else: They use rubbish passwords, which may not reassure you.
  • Imperva has published an interesting paper on ‘The secret of Cryptowall’s success‘ based Bitcoin wallet analysis.

William Hugh Murray comments in a recent SANS newsletter:

Cyber currency is too slow ever to play a major role as a medium of exchange.  It is too volatile to serve as a store of value.  However, anonymity will serve to encourage extortion.

That section of the Newsbites newsletter has a number of interesting links to commentary on the Locky ransomware, by the way.

David Harley

PadCrypt Ransomware

Ransomware with several interesting features described for Graham Cluley’s blog by David Bisson: New ransomware comes with Live Chat feature, somewhat useless uninstaller. The article draws on information published by Lawrence Abrams for Bleeping Computer: PadCrypt: The first ransomware with Live Support Chat and an Uninstaller.

The point about the uninstaller is that it removes all the files associated with the infection, but doesn’t reverse the encryption.

Links added to the Ransomware Resources page.

David Harley



Ransomware Advice for Business

Here are a couple of resources for businesses wondering how to set about protecting themselves from ransomware.

Writing for Bitdefender, Graham Cluley offers The Simple Way to Stop your Business from Being Extorted by Ransomware, instead of simply waiting till you get hit and have to cave in to the extortionist’s demands. His top tips will go a long way towards protecting companies, but many of them also apply to individuals. They will, of course, also help protect against other kinds of malware (and frankly, people and companies should routinely be taking precautions like these).

Kaspersky offers a Practical Guide: Could your business survive a cryptor? I can’t comment on how good it is, since it’s accessed via a form that requires contact information I’m not prepared to give in this instance.

David Harley

Interview with Bleeping Computer

I’ve mentioned before that Bleeping Computer is a resource worth checking when faced with a ransomware problem. Emsisoft recently published an interview with Lawrence of Bleeping Computer – Behind the scenes of a free PC troubleshooting helpsite: Interview with BleepingComputer – that you might find of interest, as it specifically includes references to ransomware.

Link added to resource page.

David Harley