Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Blackout. Show all posts

Critical Ransomware Threat: Disguised as Windows Update, Beware!

 


Ransomware is a form of malware that allows hackers to encrypt non-transferable files on a computer so that they cannot be released. Cyberattackers encrypt the files that they want to access and then demand a ransom payment for the decryption key so that organizations end up in a situation where paying the ransom is the easiest and cheapest way to regain access to the files that they want to access. 

Ransomware variants have also been developed that add additional functionality to increase the incentive for victims to pay the ransom - such as data theft - to provide them with even more incentive. 

Ransomware cases have grown rapidly and have become one of the most visible types of malware. In the recent past, hospitals have faced an array of problems that have compromised their ability to provide crucial services, public infrastructure in cities has been crippled, and a wide variety of organizations have suffered significant losses. 

Among the latest money extortion scams reported, Fortinet has identified a fake Windows update page masquerading as a money extortion scam. In its advisory, Microsoft urges users of the most popular desktop operating systems to exercise caution. 

A massive cryptographic attack that the security company's FortiGuard Labs division says is of high severity has been detected on a compromised computer where files have been encrypted. Ransom is the amount demanded by the attacker in exchange for file return. 

Ransomware variants known as Big Head and Blackout were both launched in May 2023, according to researchers. There are about three current variants of this virus that encrypt files on victims' computers to extract money from them. 

Computers can be infected with thousands of viruses, software programs, and a wide range of other security threats. There are some threats out there that can potentially allow access to private information by third parties, or slow down the performance of your computer. 

If your computer displays the symptoms of a virus or malware infection, follow these steps to check whether the computer may have been infected. In this case, it is done once the computer has been returned from service, or after the system has been recovered. 

A computer is changed back to its original configuration when it is being serviced or when it is being recovered automatically after a system recovery has taken place. It means that it is set up in the same manner as when it was bought, which means that it has not changed. As a result, all software and driver updates installed on the computer from when it started to the present have been lost. 

There is no security update installed on the computer since it is in such a like-new condition, which leaves it more susceptible to viruses due to the removal of security updates. 

An Attack on Windows Updates Has Been Detected 


"There is no indication that Big Head has spread throughout the network," FortiGuard Labs stated in a statement. Because it is only a few weeks old, it is difficult to predict how quickly it could spread since it has only been around for just a few weeks. 

The analyst has so far been able to observe two variants of the virus that are currently active. As soon as the fake Windows Update screen appears on the screen, it will display the phrase "Configuring critical Windows Updates." After around 30 seconds, it will disappear from the screen, leaving users' files encrypt with names that are randomly manipulated. 

In several "README" files that have been viewed by the public, email addresses, Telegram account information, and even Bitcoin addresses have all been found. File decryption is a request made with the promise of collecting money from victims to gain their trust. 

This second version of ransomware uses a different method to affect users. This method requires the attacker to change the desktop wallpaper to display a ransom note that demands one Bitcoin at present ($30,000). 

There are reports that the Big Head malware appears to be targeting US consumers currently, although similar attacks have been observed in other countries, such as Spain, France, and Turkey, by the same group. 

A recently released report from FortiGuard concludes that one of the most effective ways to prevent ransomware attacks is to learn some simple cybersecurity knowledge and proper cybersecurity hygiene. 

With ransomware attacks becoming more frequent and more sophisticated every day, it is important to take into account the frequency, location, and security of your data backups. 

How can Ransomware be Removed? 


Ransom messages are not something most people want to receive on a computer since they reveal that the machine has been infected with ransomware and that it has successfully put up a ransom. An active ransomware infection can now be responded to in some way to minimize the damage. Paying or not paying a ransom is a very important decision that must be made by an organization. 

A Guide to Mitigating an Active Infection of Ransomware 


Ransomware is a computer virus that is capable of encrypting data, displaying a ransom note on its screen after it is encrypted and the virus has been discovered. As it stands, the encrypted files are probably irrecoverable at this point, but some steps can be taken right away to help prevent this from happening. 

There should be an immediate quarantine of the machine. Some varieties of ransomware will spread to nearby drives and other computers. By removing access to other potential targets, malware can be contained by limiting infection spread. 

Keeping the computer on is crucial, encrypting files can cause a computer to become unstable, as well as powering off a computer may lead to loss of volatile memory on the computer. To maximize the chances of recovering from a crash, it is recommended that the computer remain on.

In some ransomware variants, it is possible to decrypt encrypted files without paying a ransom. In the case that a solution becomes available or if a successful decryption attempt is not successful, it is imperative to have a copy of encrypted files on removable media. 

A backup copy of a file stored on a computer can sometimes be found in the backup section of the computer. The copies can usually be recovered by a digital forensics expert if they have not been deleted by the malware during its execution.

Reddit Blackout: Subreddits Protest New Pricing Policy

 

In a show of protest against Reddit's new pricing policy, thousands of subreddits are planning to go private for 48 hours starting on Monday. This move aims to bring attention to concerns about the platform's recent changes and their potential impact on the Reddit community.

The protest comes in response to Reddit's decision to introduce a new premium membership tier called "Reddit Premium Platinum," which offers additional features and benefits to users for a monthly fee. This move has sparked controversy and criticism from many Reddit users who fear that it will create a two-tier system and undermine the platform's core principles of free and open discussion.

The blackout is organized by moderators of various subreddits who are concerned about the direction Reddit is taking. By making their communities private, they hope to raise awareness among users and encourage discussions about the potential consequences of the new pricing policy.

The protest is not limited to specific types of subreddits; a wide range of communities across various topics are expected to participate. This includes popular subreddits such as r/AskReddit, r/pics, and r/movies, among others. The blackout is expected to significantly impact the overall activity and engagement on the platform for the duration of the protest.

Critics argue that the new pricing policy could lead to a more commercialized Reddit, potentially favoring large corporations and diminishing the influence of individual users. They express concerns that the platform's sense of community and democratic nature could be eroded as a result.

In response to the planned blackout, Reddit released a statement acknowledging the concerns and stating that they are committed to engaging with users to address their feedback. They emphasized the importance of user input in shaping the platform's future and pledged to continue refining their offerings based on community feedback.

The blackout serves as a reminder of the power of online communities and their ability to mobilize for a common cause. Reddit has a history of user-driven protests that have influenced policy changes in the past. The collective action by subreddit moderators highlights the significance of their role in shaping the platform and the importance of user voices in discussions about its future direction.

As the blackout unfolds, it is yet to be seen how Reddit users and the platform's management will navigate this period of heightened tensions. It will likely serve as a critical moment for both sides to engage in open dialogue and find common ground to address the concerns raised by the community.

Iran Natanz Nuclear Facility Struck by a Blackout Labelled as an Act of “Nuclear Terrorism”

 

On Sunday 11th of April, just hours after newly developed centrifuges, which could enrich uranium faster were launched in Iran, the underground nuclear facility of Natanz lost its control. Iran labeled the blackout as an act of "nuclear terrorism." It raised regional tensions on Sunday as the world powers proceed to negotiations over Tehran's tattered nuclear deal. 

Amid arbitration over the troubling nuclear agreement with the world powers, this is the most recent event. As Iranian officials examined the failure, several news organizations in Israel speculated that this was a cyber-attack. Although the reports did not include an evaluation source, the Israeli media have close ties with the military and intelligence agencies of the country. 

If Israel triggered the blackout, the strains between the two countries which were already involved in the shadow conflict over the wider Middle East would now be increased. The USA, Israel's primary security partner, has also been complicating attempts to re-enter the nuclear agreement to restrict Tehran so that a nuclear weapon couldn't be pursued if the US so wishes. U.S. Defence Secretary Lloyd Austin arrived in Israel on Sunday when reports about the blackout came up for talks with Netanyahu and Israeli Defence Minister Benny Gantz.

Civil program spokesperson for nuclear programs Behrouz Kamalvandi told Iranian state TV that power in Natanz has been cut across all the installations which include above-ground workshops and underground halls. “We still do not know the reason for this electricity outage and have to look into it further,” he said. “Fortunately, there was no casualty or damage and there is no particular contamination or problem.” 

Malek Shariati Niasar, a Teheran-based politician who has been serving as spokesman on the Iranian energy committee, posted on Twitter that the incident seemed ‘very suspicious.’ He even said that lawmakers are looking for further information. The International Atomic Energy Agency in Vienna, which monitors the Iranian program, said that it was "aware of the media reports" but still did not elaborate on it. 

Tehran has scrapped all restrictions off its uranium stock after President Donald Trump withdrew from the Iran nuclear agreement in 2018. It now enriches up to 20% purity, a technological move away from 90% firearms. Iran maintains a peaceful nuclear policy. 

Natanz was primarily constructed underground to resist enemy airstrikes. In 2002, when satellite images depicted Iran constructing its underground centrifugal plant on a location some 200 km to the south of Tehran, it became a flashpoint for Western fears of Iran's nuclear program. At its sophisticated centrifuge assembly plant in July, Natanz encountered a mysterious explosion that the officials later identified as sabotage. Now Iran is reconstructing deep inside a nearby mountain to recreate the facility. 

Kan, a Public broadcaster , said Israel would probably have been behind the attack, referencing Israel's supposed responsibility for the attacks in Stuxnet a decade ago. Though no source or description of how this was evaluated was included in any of the reports.

Venezuelan blackout due to cyber-attack, says president


Over the last two months, Venezuela has been going through a political and economic crisis with two claimants to the President’s chair and the US imposing sanctions to pressure the incumbent regime. Matters reached a head last week when opposition leader Juan Guaidó, who has declared himself acting President and has the support of the West, returned home after a self-imposed exile to cheering crowds in Caracas. He is trying to force out left-wing dictator Nicolas Maduro, President since 2013, who has declared himself the winner of a controversial election.

Guaidó, 35, was born in the beach town of Vargas, which was severely hit by flash floods in 1999. The family moved to Caracas, where Guaidó studied engineering. It was in 2006 that Guaidó emerged in politics, as one of the principal leaders campaigning for freedom of the press amid a crackdown by then President Hogo Chávez. Guaidó formed his party, Voluntad Popular, which is today leading the fight against Maduro. This year, Guaidó’s party declared him President of the National Assembly, the country’s Parliament.

Ever since the global crude oil downturn, Venezuela has slipped into an economic crisis. Its crime rate has doubled and inflation multiplied. The West-imposed sanctions have now led to a prolonged electricity blackout.

Seventeen people have died in Venezuela's massive power outage, "murdered" by the government of President Nicolas Maduro, opposition leader Juan Guaido alleged Sunday.

The blackout heightened tensions between the opposition and government loyalists, who accuse each other of being responsible for the collapse of the power grid.

Venezuelan president says complete blackout caused by 'an international cyber-attack' with support from within.
Venezuela's President Nicolas Maduro says the country's complete electrical failure has been caused by "an international cyber-attack" but that his administration has "defeated their coup".

Guaido, Venezuela's self-declared interim president, said Sunday that 16 states continued to be completely without power, while six had partial power. He said the private sector had lost at least $400 million from power outages.

Electricity was cut to 70% of the South American nation late last week, and officials warned that hospitals were at risk.’

"Venezuela has truly collapsed already," Guaido told CNN Sunday in an interview in a sweltering hotel room in the Venezuelan capital -- another byproduct of the blackouts.