How to activate the ransomware protection integrated into Windows 10

Certainly, there are several methods of protection against these threats. Some of them require a paid subscription. However, there are also free options. For example, Windows 10 includes protection against Ransomware. Specifically the Controlled Folder Access feature. This is a system to lock files to an external application or code. Which ensures that no one can access and control folders without our authorization. Let’s see how to activate it.

The first thing you have to do is to go to the Windows Settings. Once there, select Update and Security.

Next, click on Windows Security.

Next, just click on Virus & Threat Protection.

This action will display the Windows 10 security module. Once there, you can see the security status of the system. Indeed, you can scan the system for threats, among other things. Please scroll down to Ransomware protection. Then click on Manage Ransomware protection.

Then, just turn on the switch to activate the protection.

From now on, you only have to configure the application. Since it is easier to restrict access to personal files. Well, we have seen how to enable Ransomware protection in Windows 10. Note that you have to make regular backups of all data and files. This way, if we are victims of an attack it will not be necessary to pay ransom for the data. Security experts strongly advise against paying any kind of ransom. This will prevent us from being the target of future attacks. See you soon!

The post How to enable ransomware protection in Windows 10 appeared first on Linux Windows and android Tutorials.

It acts by blocking the device remotely, to encrypt the files taking away the control of all the information and data stored. The virus launches a pop-up window asking for the payment of a ransom. This payment is usually made in virtual currency. On the other hand, this software can be installed through misleading links included in an email, instant message or website. Windows.

How ransomware RobbinHood works

As mentioned above, this threat acts through a Gigabyte company driver (gdrv.sys). This has a security flaw, so the exploit included with ransomware allows the attacker to disable the antivirus. It is not even necessary to have a Gigabyte device installed. Finally, attackers use the vulnerability of the genuine driver, to install a second driver created by them without a digital signature. The purpose of this second driver is to disable the antivirus. Consequently, ransomware can be installed without any problem.

With the antivirus turned off, ransomware installs itself on the pc, takes full control and encrypts all data present on the hard disk. It then displays a message like the one below, asking to pay for the data or we won’t be able to recover it.

The exploit that takes advantage of the security flaw is hidden in a file called Steel.exe. When executed, a file is extracted with ransomware (ROBNR.EXE). In addition to the two drivers, the vulnerable one (signed by Gigabyte) and the one developed by the hackers. As mentioned above, it is not necessary to have any Gigabyte components on the computer. The ransomware itself will install the Gigabyte driver on our PC and carry out the attack. The ransomware asks to pay a Bitcoin money within the next 4 days. If not, the cost will increase to $10,000 per day over the next 6 days. Eventually, the keys will be removed from the server and the data will be lost forever.

According to computer experts, this is the first time that ransomware uses a reliable third-party driver to attack the Windows kernel. In addition to loading a second malicious unsigned driver. And finally, disabling the antivirus directly from the operating system kernel.

Gigabyte knew about the bug, but she didn’t fix it.

In a supreme display of irresponsibility, the Gigabyte company has known about this mistake since December 2018. However, the manufacturer decided to abandon driver support instead of fixing it. Consequently, users were exposed to this security problem until the attack happened. Security experts claim that there is no way to defend against this ransomware. That is, even with a good antivirus and all the security patches installed, the attack is inevitable.

As always, the best way to protect yourself against hackers is to use common sense. That is, avoid downloading and using illegal programs. Also, be wary of an unknown e-mail. It is also healthy to check the websites you visit. On the other hand, it is advisable to keep your data backed up in the cloud or on external hard drives. In this way, you can avoid falling into threats. Finally, we have seen how this driver shuts down the antivirus and installs ransomware in WindowsThis is all for now before I go I invite you to see our post about repairing the search bar in Windows 10.

The post This driver shuts down the antivirus and installs ransomware in Windows appeared first on Linux Windows and android Tutorials.

This is the new Snatch mode.

It does not cease to surprise the evolution of computer attackers to violate the systems. It is well known that during the safe mode, some antivirus programs do not work. In this way, many problems are solved, but there is also a security gap. Snatch programmers have discovered that by using a key in the Windows registry they are able to program the restart in this mode.

It was Sophos Lab’s team that discovered how this new modality works. They declare that it is an effective technique and that it could be copied by other ransomware. For that reason, they made the information public so that preventive measures can be taken in the future. Now, this ransomware has been attacking since 2018. What is new is this safe mode reboot mode. Additionally, it does not attack home users and is not massively propagated by spam campaigns. On the contrary, they carefully choose their targets among large companies and government organizations. However, Snatch is refining its techniques by not only extorting money but also stealing data with the intention of then filtering it online.

We have finally seen how the new variant of Snatch ransomware threatens Windows 10. For that reason, I advise you to redouble your security measures when surfing the Internet. It is always advisable to be aware of the sites you visit and the files you open. All right, that’s it for now. Before saying goodbye I invite you to review our post on Codeblocks in Windows

The post A new variant of Snatch ransomware threatens Windows 10. appeared first on Linux Windows and android Tutorials.

According to security researchers, this ransomware is now using “process doppelgänging” technique. This is essentially a code injection system. This system abuses the NTFS mechanism of Windows to create and hide malicious processes inside the system. Thus, the ransomware also hides from the antivirus software and effectively takes over the system.

SynAttack ransomware comes back

SynAttack ransomware strain was the nightmare during August & September 2017 that infected systems all over the world. Back then, this malware was a simpler threat comparing to the present day threats.

That’s because the malware was still in its development process. Recently, a report of Kaspersky tells us that the brand new malware is well-developed. It now uses top-class encryption routine, evading detection with process doppelgänging and above all, the core of it is tightly protected for protection against any reverse engineering.

The spreading method is still not so clear. Back in the day when SynAttack emerged and caused a ruckus, the malware strain used badly-secured or insecure (open) RDP connections. There’s been no major patch-up for the RDP scheme as there’s no major malware that used this path. It’s safe to assume that the crooks are using the same method for infiltrating into systems with the latest SynAttack variant.

Here are the messages you’ll get once SynAttack gets you. The best way to stay protected is to protect your remote desktop connection with the powerful password and use better encryption systems. Moreover, make sure that remote desktop service is turned off properly so that it’s unavailable in your system temporarily.

Presently, robots are also in the threat of ransomware. Learn about the robot ransomware – the future threat.

The post SynAttack Ransomware Now Using Process Doppelgänging appeared first on Linux Windows and android Tutorials.

The team at Malwarebytes identified a weakness in the encryption scheme that LockCrypt used. Using the weakness, the team could successfully exploit the ransomware to recover the encrypted files. Now, they can help other LockCrypt victims to get back their files.

LockCrypt attack events

The first time this ransomware was identified was last June. It’s also thought that the group responsible for LockCrypt also distributed Satan ransomware. The most significant attack of LockCrypt was taking over the network of Mecklenburg Country in North Carolina.

However, the ransomware wasn’t so active. It’s because the group didn’t distribute the malware via any phishing campaign or spams. LockCrypt groups installed the ransomware manually into the hacked systems after successfully breaking into organization’s networks via RDP.

At first, it created files with “.lock” extension. Then, it switched to “.2018” and “.1btc” respectively.

LockCrypt is sloppy

According to the researchers at Malwarebytes team, this ransomware was poorly coded. Moreover, the encryption method wasn’t powerful at all. They also criticized the sense of understanding of encryption of the hacker group. The ransomware used a custom version of encryption method instead of using the proven, powerful ones in the market. This led to an easier solution with this one.

Researchers were also able to discover an unencrypted LockCrypt sample. By analyzing the sample, they were able to find out a lot more about the sloppy ransomware.

If you’re a victim of LockCrypt, you contact Malwarebytes team. For Mac users, it’s time to be careful as a new backdoor is being spread through phishing campaign and an infected MS Word document. Learn how to stay safe from the new Mac backdoor.

The post LockCrypt Ransomware is cracked! appeared first on Linux Windows and android Tutorials.

Zenis

When MalwareHunterTeam discovered the ransomware, it was using an unidentified method of file encryption. However, the latest edition of the malware is using the AES encryption method for encrypting files. Once encrypted, there’s no way to decrypt the files, but Michael Gillespie, a security researcher, is analyzing the malware for any weakness.

It’s still unknown how this ransomware is getting across devices, but the scenarios indicate that it’s using Remote Desktop services to infect other systems.

The working method of Zenis

The current variation of the ransomware performs 2 steps to see if it should encrypt the current system.

• A process (iis_agent32.exe) is running
• A registry key (HKEY_CURRENT_USER\SOFTWARE\ZenisService “Active”) is present in the system.

If the steps return NO, then it won’t encrypt the system. If the answer is YES, it will start its preparation to encrypt the system. Here’s the ransom note from Zenis.

The key point is, the creator of this ransomware holds the private RSA key required to decrypt the base64 encoded files. That’s why the note. However, the ransomware is under analysis, so don’t pay the ransom until it’s completely analyzed.

How to stay protected

First of all, it’s unknown how this ransomware is getting distributed into networks, so you have to follow caution while operating your system. Moreover, good usage habits are more important than anything to prevent any such attack. Here’s a short list of what to do and what not.

• Backup – It’s the most important thing to do in your life. Backup your important files to an external storage that’s not connected to the computer. This allows your data a safe position, in case the original source is corrupted or encrypted.
• Anti-malware – Malware is the culprit of such attacks. To ensure the protection of your system, you have to install a proper anti-malware software. We have the list of best antivirus software of 2018.
• File attachments – When someone sends you an attached file with the email, make sure not to open it until you know the sender is an authorized one. If anything looks suspicious, scan the file using VirusTotal first.
• Software update – All the software vendors release updates of their software regularly with enhanced security and performance. Update all your software, especially Windows, Java, and Adobe products.
• Password – Protect your system with a hard password. Note that your password should contain alphanumeric & special characters with a long string length.

The post Zenis Ransomware – Deletes Your Backup and Encrypts Files appeared first on Linux Windows and android Tutorials.

As we all know, robots are specially built machines that work and function all by themselves or controlled by a human. In the future, we’re about to get robots capable of performing complex human tasks. Developers are working day and night to make that future into reality. What if those robots are hacked and asked for a ransom?

The REAL threat

Currently, almost all the robots in the field are working in factories. Those machines automatically work and produce a larger amount of products every single day. We all are the user of those products. In labs, there are also robots that are being developed to be more human.

Security researchers at IOActive discovered that they were able to infect robots with ransomware. As we all know how ransomware works, it encrypts the file(s) and asks for money to recover the data. There also could be a permanent hack that would allow a remote hacker to gain control of the machine and do something serious.

The researchers successfully injected their custom-built ransomware into NAO robot made by Softbank. They also added that the same attack will also work on the Pepper robot. Using the ransomware, the researchers enabled the robots to insult its audience and ask for Bitcoin to return back to normal. The researchers were also able to completely take control of the robots, allowing them to perform system changes or complete shutdown.

The threat sounds a bit creepy and for the small robots, such attack doesn’t pose any big threat. However, this proof-of-concept in real life can be serious. This discovery also focuses on the lower focus of robot security in the industry. Moreover, a hacked robot can act like a spy for the hacker.

According to Cesar Cerrudo, CTO at IOActive Labs said that such attack would infect any business and ask for money if the robot has to go back to work. For industries, every second count. Without the proper functioning, the robot will start causing a financial problem to the owner.

What to do

We don’t see robots every single day. However, they’re getting involved in lots of industries for the efficiency and more versatility. Robots are becoming mainstream. If the security isn’t ensured, this could be a problem.

Cerrudo said that one infected robot is easy to replace, but not dozens. Replacing and installing is also a matter of time for larger quantities, making the additional financial loss to the company.

The demonstration of proof-of-concept was conducted on security purpose and presented at the 2018 Kaspersky Security Analyst Summit. IOActive also mentioned that if robot security isn’t ensured, the future could be at stake.

IOActive informed Softbank about the flaw, but it’s not guaranteed if Softbank is going to fix it. In fact, it’s doubting whether Softbank can fix it with the current design of their robots, IOActive said.

We obviously don’t want to see “I, Robot” in reality, right? It’s in the hand of the developers to integrate proper security measures into their products’ system to prevent such situation. All we can do now is to stay protected with our own computers. Learn how to secure your Windows 10 system.

The post Robots under Ransom – Threat of Future appeared first on Linux Windows and android Tutorials.