Fantom Ransomware: Looks Like Windows. Disrupts Like Hell.

Digital Internet securityAs if ransomware and Windows updates weren’t already challenging enough, a new threat pretends to be the latter but delivers the former.

If your organization has been in the process of deploying (or considering to deploy) Windows 10, then you already know about the issues regarding Microsoft’s shift to cumulative updates and the problems with third-party applications they’ve already caused at some companies.

Microsoft updates

Even if you’re not moving to Windows 10, you may still be affected by changes Microsoft is making to how it delivers updates to Windows 7 and Windows 8.1. And if you haven’t already, you should read the sagacious guidance offered in blog posts on these and related subjects by LANDESK Director of Product Management Stephen Brown and Senior Product Manager Chris Goettl.

In addition, you’ve doubtless heard and read about—or maybe even been affected by—ransomware.

Most ransomware infiltrates computer systems, locates and encrypts critical files, then demands payment of a ransom for access to the keys needed to restore access to those files. A recent variant, known as “Hitler ransomware,” threatens to encrypt critical files, but in reality, deletes them. (Read more about this variant in blog posts by me and Stephen.)

Fantom ransomware

And now, there’s Fantom. Once it gets into a system, it looks and acts like a legitimate critical Windows update. As reported by Lawrence Abrams of BleepingComputer.com and others, it even displays a realistic-looking screen that says the updates are being configured.

fantom

What’s really going on, though, is that the software is busily encrypting all the files it can find. It then displays a poorly written ransom note.

fantom2

Once that note appears, victimized users have no choice but to pay the ransom and hope that they receive the decryption keys promised by that ransom note. And that those keys actually restore access to all of their files, and that the malware infection doesn’t result in further mayhem.

This is only one recent variation on the ransomware theme. Others can be at least as disruptive to your users and your business, if not more so. A ransomware variant known as “Petya,” for example, ignores your files and goes directly after the master boot records and file tables that govern access to entire hard drives.

Ransomware webinar on September 14

All of this is why we’re having a ransomware update webinar on September 14, featuring Stephen Brown and Principal Product Manager Eran Livne. (Eran’s also written some sagacious and helpful guidance for combatting ransomware, as have other members of the LANDESK team. You can browse, read, and share these in our ransomware archive.)

It’s also why we continue to evolve our solutions for fighting ransomware. In the webinar, Stephen and Eran will describe some specific upcoming enhancements to LANDESK Security Suite that can help you to defeat even the newest ransomware variants, and keep your organization’s computers and users productive and operational.

Get and stay ahead of the bad guys developing and distributing ransomware. Protect your organization, its users, and its critical information. Start now by registering for the webinar today!

Also, be sure to get your free copy of our most popular white paper below.

Blog-CTA-Whitepaper-527x150

Saving Time, Money and Your Network With LANDESK

IT teams are constantly on the hunt for ways to save their organizations time and money. LANDESK’s portfolio of products is doing just that and MORE for its customers. The key is consolidation.

LANDESK has listened and learned from what IT professionals have been asking for and, as a result, has developed a feature-rich line that is meeting and exceeding the needs of consumers.

Everything you need in one place

“We had several different platforms to accomplish a bunch of different tasks,” said Chris Frediani, senior support specialist at NEPC, LLC. “What we wanted to accomplish by implanting LANDESK was to consolidate all those different tools into just one suite of tools.”

That’s exactly what you get with LANDESK. All the tools you need to manage your entire network — nicely packaged into one customizable platform.

“We are more efficient as a team when we just have one platform with all of the tools that we use every day, readily available in one system,” he said.

It’s a new level of efficiency that isn’t just saving customers minutes or hours, they’re shaving days off formerly time-consuming tasks.

“Before, we had this kind of archaic method of making sure that all of our endpoints were patched and within compliance standards. It would take two days to get the patching process started,” said Frediani. “Now, what used to a be a two-day thing is a 15-minute thing once a month.”

Going beyond IT management

In addition to saving time, LANDESK’s clients say they’re now able to go outside the normal bounds of IT management.

“One of the main things we wanted to accomplish with LANDESK Service Desk was to become more efficient, to get our processes nailed down, and to start rolling it out to other areas (besides IT) within our organization,” said Mike Abranink, desktop support analyst for the City of Leduc, a busy suburb of Edmonton, Alberta.

Abranink pocketed time he would have normally wasted traveling from desktop to desktop and was able to impress his bosses at the same time.

“It has made my life as a desktop analyst easier. I don’t have to go out to my users as often, it makes the distribution of software easier, and it makes tracking for our executive and CIOs easier,” he said. “One of the main benefits is through the built-in reports in LDMS. I’ve been able to pull reports that demonstrate to our executive and to our managers that by remotely controlling a desktop, we actually save time and money.”

Security-focused

Our focus isn’t just on saving you time and money; security is our number one priority. LANDESK’s security solutions are constantly on the prowl for possible vulnerabilities that threaten to wreak havoc on your system.

“The problem that we were facing when we first considered LANDESK was that we didn’t know what we didn’t know,” said Nick Gehr, enterprise support manager for Aviall. “Once we got it up and running in our environment, the light that shined on in every corner — that we just had originally no sense of awareness around — we were able to take action upon those.”

The unknown can be detrimental to a network. LANDESK’s solutions are helping IT managers seek and destroy hidden threats and keep your system protected.

“We discovered a ton of devices in our environment that weren’t being managed at all — that we didn’t even know were there until we spun up LANDESK Management Suite and it pointed them out to us,” said Frediani. “What you can do with just a couple of application platforms like LDMS and LDSD is pretty incredible.”

Businesses, corporations, and even cities are using LANDESK products to streamline their workflow and tailor IT management to the ever-changing needs of users and administrators.

“Some of the problems we were facing that made us consider LANDESK were that we started with a very small, out-of-the-box solution for a ticketing system that wasn’t meeting our needs. It wasn’t customizable; it didn’t let us have a process flow in it,” said Abranink. “LANDESK Service Desk addressed all the needs we had as we grew and it has scalability and functionality in it that’s hard to find in other places.”

Blog-CTA-Whitepaper-527x150

Watch Full Movie Online And Download The Boss Baby(2017)

Watch Full Movie The Boss Baby(2017), Free Download Full Movie The Boss Baby (2017) Online , The Boss Baby(2017) English Subtitles , Free Streaming Movie The Boss Baby (2017).

Watch movie online The Boss Baby(2017) Free Online Streaming and Download HD Quality

Quality: HD
Title : The Boss Baby
Release : 2017-03-23.
Language : English.
Runtime : 97 min.
Genre : Animation, Comedy, Family.
Stars : Alec Baldwin, Miles Christopher Bakshi, Steve Buscemi, Jimmy Kimmel, Lisa Kudrow, Tobey Maguire.

A story about how a new baby’s arrival impacts a family, told from the point of view of a delightfully unreliable narrator, a wildly imaginative 7 year old named Tim.

Incoming search term :

The Boss Baby
The Boss Baby English Subtitles
Watch The Boss Baby
Watch The Boss Baby English Subtitles
Watch Movie The Boss Baby
Watch Movie The Boss Baby English Subtitles
Watch Movie Online The Boss Baby
Watch Movie Online The Boss Baby English Subtitles
Watch Full Movie The Boss Baby
Watch Full Movie The Boss Baby English Subtitles
Watch Full Movie Online The Boss Baby
Watch Full Movie Online The Boss Baby English Subtitles
Streaming The Boss Baby
Streaming The Boss Baby English Subtitles
Streaming Movie The Boss Baby
Streaming Movie The Boss Baby English Subtitles
Streaming Online The Boss Baby
Streaming Online The Boss Baby English Subtitles
Streaming Full Movie The Boss Baby
Streaming Full Movie The Boss Baby English Subtitles
Streaming Full Movie Online The Boss Baby
Streaming Full Movie Online The Boss Baby English Subtitles
Download The Boss Baby
Download The Boss Baby English Subtitles
Download Movie The Boss Baby
Download Movie The Boss Baby English Subtitles
Download Movie Online The Boss Baby
Download Movie Online The Boss Baby English Subtitles
Download Full Movie The Boss Baby
Download Full Movie The Boss Baby English Subtitles
Download Full Movie Online The Boss Baby
Download Full Movie Online The Boss Baby English Subtitles

Pokémon Go Ransomware: Don’t Catch This One

GettyImages-185127135It appears that this summer’s creature-catching craze has caught something of its own: ransomware.

Any type of digital, cultural phenomenon like Pokémon Go is likely to be exploited by malware writers, so it’s no surprise that Pokémon Go is now a transmitter of the malicious code.

Fun vs. fear

Just last week we learned of Hitler ransomware, which, as I noted, leverages fear by using an offensive image as a way to drive irrational behavior.

Pokémon Go appears to tap into the opposite emotion—fun—by riding the wave of this cultural juggernaut. Just as someone might panic to pay a ransom due to fear, someone might download a file without thought due to the overwhelming desire for fun.

Supply and demand

There are a few interesting economic considerations with this ransomware.

First off, as noted in the analysis by Bleeping Computer, this ransomware targets Windows computers, and apparently Arabic speakers, too, based on the image in the infected splash screen.

According to a recent CNET article, Pokémon Go isn’t even available in the Middle East yet, so any hype that is building in the media (and there is a lot) only accelerates that interest for countries that do not yet have the game.

Secondly, Pokémon Go is a mobile game, so the developers of this ransomware would need to con someone who doesn’t have a basic understanding of the game to download the application to their Windows computer on the assumption that they could get the game that way.

Considering that Pokémon Go started in the United States and has been rolling out primarily to Western countries first, it is easy to see how truth could be lost in translation, only to be exploited by unsuspecting victims.

Forbidden fun

Another interesting note is the fatwa against Pokémon games that was issued years ago by Saudi Arabia clerics and recently renewed due to issues around certain images and concepts including that of evolving the creatures.

Nothing drums up more interest than that which has been banned. Again, this is perhaps another emotion-based tactic used to lure unsuspecting victims into being exploited.

Ransomware’s future plans

Other interesting notes about this ransomware are the inclusions of a backdoor account called Hack3r which is created and hidden from users. There is no apparent use for the account except for perhaps as a seed for future devious use.

Also, there is the creation of a network share with no apparent use except as a potential delivery vehicle.

In addition to the network share, there is also an attempt to write to any removable media with and autorun entry that would attempt to launch the ransomware when loaded by other computers.

Finally, the executable is written to a drive other than C: with an autorun when the user logs into Windows. None of these techniques are new, but it appears that the authors were looking to develop something pervasive and easy to spread.

It appears that the ransomware is in development based on an incomplete encryption approach that uses a fixed key of 123vivalalgerie.

Also, the incomplete propagation techniques mentioned earlier indicate that this ransomware was caught early. Kudos to Michael Gillespie (@demonslay335) who caught this sample in the wild before it has evolved into something nastier.

Key takeaways

If there is one thing to learn with this latest ransomware discovery, it’s that malware writers leverage trending events and interests to drive the spread of their scams.

Ransomware hits at our digital hearts (our data) and therefore emotions are key to spreading and monetizing their work.

As always, beware of things that are too good to be true and take good precautions such as those listed in our article Everything You Need to Know to Prevent Ransomware.

Now back to capturing the local gym!

Blog-CTA-Whitepaper-527x150

Top 10 Most Shared Blog Posts From July 2016

GettyImages-480890367July was a hot month for LANDESK content, with nearly 1700 shares on our ransomware-related blog posts.

Our resident experts in the field—Product Manager Eran Livne; Director of Product Management Stephen Brown; and Chief Security Officer Phil Richards—each pulled from their vast amounts of knowledge and experience in the IT security space to contribute valuable insights on the topic.

Their prevention tactics, practical advice, and security solutions will help protect your business from cyber attacks.

In case you missed any of this great content, we’ve rounded up the top ten most popular blog posts from July. Starting with number ten:

10. Ransomware Bytes! How to Recover Quickly in 5 Steps

— By Stephen Brown

This post is most useful for those who have found themselves caught with ransomware. The important thing to do is not to panic and read on to find out what to do next.

9. 5 Ways Ransomware Might Make You Its Next Target

— By Eran Livne

From malicious email attachments to compromised websites, ransomware employs several insidious tactics to get into your system. Learn what they are so you won’t be the next target.

8. Satana, a New Strain of Ransomware That Mimics Petya Has Been Discovered

— By Eran Livne

Like any virus, ransomware is continuously mutating and presenting itself in different ways. Satana is one of the many newer strains to watch out for.

7. Q&A With Phil Richards, CSO: Vulnerability and How it Leads to Cybersecurity Attacks

Our Chief Security Officer, Phil Richards, gave us the rundown on system vulnerabilities and how they can lead to malicious attacks.

6. How to Stop Ransomware Once It’s Already on Your System

— By Eran Livne

As with post number ten, we want to help people recover from ransomware just as much as we want to help them prevent it. This post looks at what ransomware used to be in comparison to what it is now, and how you can stop its spread.

5. Ransomware: Should You Pay the Ransom?

— By Phil Richards

It’s a question everyone who gets infected by ransomware has to answer: Should you pay the ransom? Read on to find out the pros and cons.

4. Ransomware: The Threat and How to Protect Your Enterprise Part 1

— By Eran Livne

Your enterprise has a ton of valuable assets. Years and even decades worth of hard-earned data could all be wiped away with a cyber attack. Here’s how to protect all of that data in a few easy steps.

3. We Put Ransomware on Our Machine and Here’s What Happened

— By Eran Livne

Want to see what ransomware looks like? Check out the videos of us putting ransomware on our computer. (But don’t try this at home.)

2. Security Insider Stephen Brown Explains the Threat of Ransomware

How big of a problem is ransomware, anyway? From costing over $1 billion this year to managing multiple new mutations of the malware, Stephen Brown explains the threat in detail.

1. Infographic: The 8 Scariest Stats About Ransomware

Our number one most shared post is probably the scariest, not just because it gives visual representation of the statistics, but also because the statistics themselves are… well, scary. Read them at your own risk.

Blog-CTA-Whitepaper-527x150

Hitler Ransomware: How Low (and How Lame) Can They Go?

Red shield on a digital backgroundThe short answer to this question is pretty low and very lame.

Hitler ransomware, targeting Windows computers, was recently discovered and presents two newer angles to ransomware: an offensive presentation and the ability to destroy files without using encryption (ransom scams).

Offensive, fear-based presentation

Part of ransomware’s power is the ability it has to instigate fear in the user. Namely, the fear of losing personally valuable files. Anything that can exacerbate that fear–such as an offensive image–will trigger an even stronger primal response to protect at all costs (literally). This is the reaction that malicious developers are seeking.

As noted in an article on Hitler ransomware by Bleeping Computer, one of the elements that gives this variant of ransomware its name is the lock screen with a picture of Adolf Hitler.

He is giving his militaristic salute followed by a message that files have been encrypted and then demanding payment in the form of a Vodafone card.

Using universally-offensive imagery of a historical figure creates an immediate negative reaction in the user. This fear-based reaction, compounded by the ransom demand, is more likely to trigger irrational responses that lead to higher payments.

Crash and delete instead of encryption

The second element of this ransomware is an action other than encryption of files.

Hitler ransomware developers were either too lazy or too inept to develop encryption capabilities, so they simply decided to crash infected computers and, upon reboot, delete files.

The command used with this ransomware (del *.* /s /q) unfortunately doesn’t put files into the Recycle Bin, but a positive note is that there are many utilities available for recovering deleted files.

Key takeaways

Here few things to learn from this offensive ransomware:

  1. Implement some best practices, such as those in our article Everything You Need to Know to Prevent Ransomware, to prevent ransomware from affecting you.
  2. Use good Internet hygiene when it comes to opening attachments in email or browsing websites.
  3. If you or your business gets hit by ransomware, take a deep breath and don’t emotionally respond. Remember that fear is a tool that is used by ransomware authors.
  4. Not all files are permanently lost. In the case of Hitler ransomware, a file recovery tool may be able to help. Some ransomware has been cracked and there are utilities for decrypting files. Do some research or get an expert to help see if your data is recoverable.

Be safe out there and be sure to get your free copy of our white paper on how to protect against ransomware below.

Blog-CTA-Whitepaper-527x150