Cyber-Security in 120 Secs: A Cyber Weapon Disguised as Ransomware

APTFilter CERT-LatestNews Malware Security News ThreatsCybercrime Uncategorized

This week NotPetya ran a campaign that was intially thought to be ransomware shutting down computers worldwide;  A researcher revealed that Microsoft’s new Surface laptop can be interupted by ransomware;  Anthem agrees to $115M in settlement fees for the 2015 data breach.


Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

Analysts are reporting that the Petya/NotPetya ransomware is a cyberweapon.

Why is this significant?

  • Until now, malware authors created ransomware with a simple objective: encrypt files – get money. But analysts are seeing clues in the Petya/NotPetya code that makes them believe that this new “ransomware-like” threat has more in common with Stuxnet or BlackEnergy than a run of the mill ransomware.
  • Analysts say that Petya/NotPetya looks like ransomware, and behaves like ransomware, but lacks a vital piece of functionality that is common to ransomware: you can’t unlock the encrypted files.
  • This last piece means that even if victims pay the ransom, they won’t get their data back.
  • Petya/NotPetya has affected a variety of industries

//**enSilo protects against Petya/NotPetya out of the box.  NotPetya kill switch analyzed**//

 Read the full story in Bleeping Computer

Windows 10 S was built with security in mind and Microsoft has claimed that, “no known ransomware” will run on their new Surface Laptop.

Why is this significant?

  • Microsoft’s claim was busted by a security researcher from Hacker House that unraveled the security integrated in the new laptop in just over 3 hours.
  • Microsoft created limitations for Windows 10 S users, in attempt to eliminate the risky behaviors of a user such as: providing store only applications; no command prompt; no access to scripting tools; no access to PowerShell.
  • A crucial element that was not removed is “enable macros” which is the initial point of how one of the first ransomware, Locky, is injected.

Read the full story in ZD Net

Anthem Inc., has agreed to pay $115M in settlement fees based on the 2015 Anthem healthcare breach.

Why is this significant?

  • Anthem, Inc. is still feeling the sting from a 2015 data breach that affected 78.8M victims- referred to at the time as the biggest data breach in history.
  • Of the $115M, at least $17M will cover the cost of Experian’s 2-year credit monitoring service for the victims of the breach, as well as protect past losses related to the breach. “The settlement requires Anthem to guarantee a certain level of funding for information security, and to maintain changes to its data security systems.”
  • In a recent report ~ $12B in fraud loss came from data breach victims. Will this cost eventually be an indicator in data breach settlement costs?

Read the full story in Healthcare IT News