ransomware

Ransomware is a subset of malware in which the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access is returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in a virtual currency, such as Bitcoin, so that the cybercriminal’s identity is not known.

Ransomware malware can be spread through malicious email attachments, infected software apps, infected external storage devices and compromised websites. Attacks have also used remote desktop protocol and other approaches that do not rely on any form of user interaction.

How ransomware attacks work

Ransomware kits on the deep web have allowed cybercriminals to purchase and use a software tool to create ransomware with specific capabilities. They can then generate this malware for their own distribution and with ransoms paid to their bitcoin accounts. As with much of the rest of the IT world, it is now possible for those with little or no technical background to order up inexpensive ransomware as a service (RaaS) and launch attacks with minimal effort. In one RaaS scenario, the provider collects the ransom payments and takes a percentage before distributing the proceeds to the service user.

Types of ransomware

Attackers may use one of several different approaches to extort digital currency from their victims. For example:

  • Ransomware known as scareware will try and pose as security software or tech support. Victims may receive pop-up notifications saying malware has been discovered on their system (which, an un-owned security software would not have access to this information). Not responding to this will not do anything except lead to more pop-ups.
  • Screen lockers, or lockers, are a type of ransomware designed to completely lock a user out of their computer. Upon starting up the computer a victim may then see what looks to be an official government seal, leading the victim into believing they are the subject of an official inquiry. After being informed that unlicensed software or illegal web content has been found on their computer, the victim is given instructions for how to pay an electronic fine. However, official government organizations would not do this; they instead would go through proper legal channels and procedures.
  • In encrypting ransomware, or data kidnapping attacks, the attacker will gain access to and encrypt the victim’s data and ask for a payment to unlock the files. Once this happens, there is no guarantee that the victim will get access to their data back- even if they negotiate for it.
  • Similar to encrypting ransomware, the attacker may also encrypt files on infected devices and will make money by selling a product that promises to help the victim unlock files and prevent future malware attacks.
  • In doxware, an attacker may also threaten to publish your data online if the victim does not pay a ransom.
  • Mobile ransomware is ransomware which affects mobile devices. An attacker can use mobile ransomware to steal data from a phone or lock it and require a ransom to return the data or unlock the device.
  • The victim may also receive a pop-up message or email ransom note warning that if the demanded sum is not paid by a specific date, the private key required to unlock the device or decrypt files will be destroyed.

While early instances of these attacks sometimes merely “locked” access to the web browser or the Windows desktop — and did so in ways that often could be fairly easily reverse-engineered and reopened — hackers have since created versions of ransomware that use strong, public-key encryption to deny access to files on the computer.

Ransomware

Screenlocker vs. encryption ransomware

Screenlockers and encryption ransomware are the two main types of ransomware. Knowing the difference between them will help in knowing what to do next in the case of infection.

As described above, screenlockers will completely lock a user out of their computer until a payment is made. Screenlockers deny a user access to the inflicted system and files; however, the data is not encrypted. In Windows systems, a screenlocker will also block access to system components such as Windows Task Manager and Registry Editor. The screen is locked until the payment is made. Typically the victim is given instructions for how to pay. Screenlockers will also try to trick the user into paying by posing as an official government organization.

Encryption ransomware is one of the most effective forms of ransomware today. As mentioned above, an attacker will gain access to, and encrypt the victim’s data, asking for payment to unlock the files. Attackers will use complex encryption algorithms to encrypt all data saved on the device, making it difficult for users to detect or even replicate. A note will commonly be left on the inflicted system with information on how to retrieve the encrypted data after payment. Compared to screenlockers, encryption ransomware puts the victims data in more immediate danger, and there is no guarantee of the data returning to the victim after negotiation.

Ransomware attack prevention

To protect against ransomware attacks and other types of cyberextortion, experts urge users to back up computing devices regularly and update software, including antivirus software, regularly. End users should beware of clicking on links in emails from strangers or opening email attachments. Victims should do all they can to avoid paying ransoms.

While ransomware attacks may be nearly impossible to stop, there are important data protection measures individuals and organizations can take to ensure that damage is minimal and recovery is as quick as possible. Strategies include compartmentalizing authentication systems and domains, keeping up-to-date storage snapshots outside the primary storage pool and enforcing hard limits on who can access data and when access is permitted.

How to remove ransomware

There is no guarantee that a victim can stop a ransomware attack and regain their data; however, there are methods that may work in some cases. For example, a victim can stop and reboot their system in safe mode, install an anti-malware program, scan the computer and restore the computer to a previous, non-infected state.

Victims could also restore their system from a backup stored on a separate disk. If in the cloud, then victims could reformat their disk and restore from a previous backup.

Mobile ransomware

Mobile ransomware is malware that holds a victim’s data hostage, afflicting mobile devices- commonly smartphones. Mobile ransomware operates on the same premise as other types of ransomware, where a user is blocked access to the data on their device by an attacker until they make a payment to the attacker. Once the malware is downloaded on the inflicted device, a message will show up demanding payment before unlocking the device. If the ransom is paid, a code is sent to unlock the device or decrypt its data.

Typically, mobile ransomware will hide itself as a legitimate app in a third-party app store. Hackers will commonly pick popular apps to imitate, waiting for an unsuspecting user to download it, and with it, the malware. Smartphone users may also get infected with mobile ransomware by visiting websites or by selecting a link that appears in an email or text message.

Tips to avoid becoming a victim to mobile ransomware include:

  • Do not download apps using third-party app stores (stick to the Apple App Store and Google Play Store).
  • Keep mobile devices and mobile apps up to date.
  • Do not grant administrator privileges to applications unless absolutely trusted.
  • Do not click on links that appear in spam emails or in text messages from unknown sources.

Mobile device users should also have their data backed up in a different location in the case their device is inflicted. In the worst case scenario, this would at least ensure the data on the device won’t be lost permanently.

Famous ransomware: CryptoLocker and WannaCry

Perhaps the first example of a widely spread attack that used public-key encryption was Cryptolocker, a Trojan horse that was active on the internet from September 2013 through May of the following year. The malware demanded payment in either Bitcoin or a prepaid voucher, and experts generally believed that the RSA cryptography used, when properly implemented, was essentially impenetrable. In May 2014, however, a security firm gained access to a command-and-control server used by the attack and recovered the encryption keys used in the attacks. An online tool that allowed free key recovery was used to effectively defang the attack.

In May 2017, an attack called WannaCry was able to infect and encrypt more than a quarter million systems globally. The malware uses asymmetric encryption so that the victim cannot reasonably be expected to recover the (private and undistributed) key needed to decrypt the ransomed files.

Payments were demanded in Bitcoin, meaning that the recipient of ransom payments could not be identified, but also meaning that the transactions were visible and thus the overall ransom payments could be tallied. During the thick of the week in which WannaCry was most virulent, only about $100,000 in bitcoin was transferred (to no avail: There are no accounts of data having been decrypted after payment).

The impact of WannaCry was pronounced in some cases. For example, the National Health Service in the U.K. was heavily affected and was forced to effectively take services offline during the attack. Published reports suggested that the damages caused to the thousands of impacted companies might exceed $1 billion.

According to the Symantec 2017 Internet Security Threat Report, the amount of ransom demanded roughly tripled from the previous two years in 2016, with the average demand totaling $1,077. Overall, it’s difficult to say how often these demands are met. A study by IBM found that 70% of executives they surveyed said they had paid a ransomware demand, but a study by Osterman Research found that a mere 3% of U.S.-based companies had paid (though percentages in other countries were considerably higher). For the most part, payment seems to work, though it is by no means without risk. A Kaspersky Security Bulletin from 2016 claimed that 20% of businesses that chose to pay the ransom demanded of them didn’t receive their files back.

Internet of things (IoT) ransomware may not be far behind. Two researchers, Andrew Tierney and Ken Munro, demonstrated malware that attacked, locked and demanded a one-bitcoin ransom on a generally available smart thermostat at the 2016 Def Con conference.

WannaCry ransomware attack
How WannaCry ransomware works
Posted in Uncategorized | Leave a comment

message broker

Image result for message broker

 

A message broker is an intermediary program that translates messages from the formal messaging protocol of the publisher to the formal messaging protocol of the receiver. Message broker programs are sometimes known as middleware.

In a publish/subscribe architecture for machine-to-machine (M2M) communication in the Internet of Things (IoT), this means that the message broker decouples communication between devices that publish information and other devices that subscribe to the information.

Related image

Decoupling allows the publishing device, which might be a sensor, not to have to know anything about subscribers; it only has to send messages to the broker and then the broker manages and distributes the messages. Messages can be buffered in a queue if the receiver cannot keep up with processing incoming messages.

Because subscribers and publishers never communicate directly with each other, there is less risk of a publisher being directly attacked by a subscriber. The message broker, on the other hand, can become a target for attacks if not configured properly.

Popular message brokers include:

Apache ActiveMQ – written in Java and uses the Java Message Service API to create, send and receive messages.

Apache Kafka – written in Scala and Java and written in Scala and Java and originally designed by LinkedIn. Designed for high volume streams and fast transmission.

AWS IoT message broker – publish-subscribe broker service that enables the sending and receiving of messages to and from AWS IoT.

RabbitMQ – open-source enterprise messaging system modeled on the Advanced Message Queuing Protocol (AMQP) standard. Plug-ins support Message Queuing Telemetry Transport (MQTT) and Streaming Text Oriented Messaging Protocol (STOMP).

Kestrel – runs on the JVM and based on the memcached protocol. Known for being simple and fast.

Posted in Uncategorized | Leave a comment

NetApp: Unable to resize volume – error: Volume has the fixed filesystem size option set

Image result for netapp volume

Sometimes you are unable to resize a NetApp volume. Usually this is because the volume used to be a snapmirror destination, and it was broken off – but it also could have been some cursed sysadmin that preceded you. At any rate, when you attempt to resize the volume, you’re given this error:

Image result for netapp volume
“Volume has the fixed filesystem size option set.”
Well, NetApp doesn’t have a checkbox for that in the GUI. But, you should be using the command line anyway 🙂
Here is the command to fix it:
Cluster Mode:
cluster::> volume modify -filesys-size-fixed false -volume <volumename>
7-Mode:
vol options <volumename> fs_size_fixed off
Posted in Uncategorized | Leave a comment

Waktu Sesuai Memancing Mengikut Kalendar Islam

Image result for memancing

2/13/14/15/16hb hijrah:

Bulan Penuh/Mengambang
1.Selat dan sungai
a)arus deras dan tinggi.
b)pasang lebih lama dari surut.
c)batu ladung 30 keatas.
d)tidak sesuai untuk memancing.
2.Laut pantai timur
a)arus mati yang panjang sebelah malam
b)surut yang sedang tapi pendek sebelah siang
c)air biasanya keruh sedikit.
d)sesuai memancing kerana ikan kurang sensitif.
————————————————————
19/20/21/22/23hb hijrah:
Bulan separuh
1.Selat dan sungai
a)pasang kurang berarus dan surut yang sederhana
b)tempoh pasang & surut yang sama.
c)sangat sesuai memancing terutamanya
22 dan 23hb hijrah.
2.Laut pantai timur
a)pasang surut arusnya sama iaitu sederhana
b)jangkamasa pasangsurut sama.
c)kadangkala air terlalu jernih dan berkaca
d)ikan sensitif pada penglihatan.
————————————————————

26/27/28/29/30/hb hijrah:
Bulan gelap
1.Selat dan sungai
a)arus mulai besar dengan arus semakin laju
b)surut yang panjang diwaktu siang manakala pasang yang pendek.
c)air keruh terutamanya waktu surut
d)tidak sesuai memancing.
2.Laut pantai timur
a)arus pasang sederhana yang panjang sebelah siang
b)arus mati tapi pendek sebelah malam
c)air biasanya keruh sedikit.
d)sesuai memancing kerana ikan kurang sensitif.
————————————————————

Image result for memancing

5/6/7/8/9hb hijrah:

 

Bulan Separuh
1.Selat dan sungai
a)surut kurang berarus dan pasang yang sederhana b)tempoh pasang & surut yang sama.
c)sangat sesuai memancing terutamanya 8 dan 9hb.
2.Laut pantai timur
a)pasang surut arusnya sama iaitu sederhana
b)jangkamasa pasangsurut sama.
c)air tidak terlalu jernih dan sesuai untuk memancing.
d)ikan sensitif pada penglihatan.

Istilah “air” yg perlu diketahui oleh kaki pancing

Air Menyorong Kecil bermaksud keadaan air besar yang mula perlahan dan akan mati selepas 3 hari. Ketika ini air keruh mula jernih dan arus perlahan. Kebanyakan kawasan sesuai untuk memancing. Kebiasaannya waktu ini sesuai untuk memburu spesis Kurau, Senangin dan Jenahak di kawasan dermaga dan kawasan dalam yang lain. Biasanya ketika ini juga nelayan akan melabuhkan jaring Tagan di sekitar anak sungai selama air pasang. Jika di kawasan terbuka di luar, Jaring Tekap digunakan bagi menjerat spesis dasar berkarang.

Air mati tidak berarus bermaksud, keadaan air begitu jernih dan sekiranya umpan di jatuhkan, arus tidak mampu menghanyutkan batu walaupun bersaiz kecil. Adakalanya umpan tanpa batu tidak akan hanyut. Keadaan air seperti ini menyebabkan ikan kurang aktif. Hanya waktu air mula pasang atau air mula surut yang mempunyai arus sesuai untuk memancing. Ketika ini ikan buntal dan Sesirat adalah yang paling banyak mengganggu. Sekiranya hujan, suhu air bertambah sejuk dan ini memburukkan keadaan. Kebanyakan spot sesuai berada di laluan tengah selat seperti laluan kapal dan kawasan tertentu yang lain. Ketika ini, air jernih di kawasan anak sungai amat sesuai untuk teknik Casting. Umpan perumpun atau udang hidup sesuai untuk menjerat Tetanda dan Siakap yang bergerak di dalam anak sungai.

Air menyorong besar bermaksud, keadaan air mati yang mula berarus. Biasanya berlaku 3 hari sebelum air besar. Ketika ini ikan yang berada di kawasan zon pasang surut air mati mula aktif dan bergerak mengikut arus. Ketinggian air pasang boleh dilihat meningkat sedikit demi sedikit. Kebiasaannya pada hari ketiga, nelayan akan keluar menjaring untuk memburu spesis Ikan Senangin yang mula bergerak bersama air pasang.

Air besar bermaksud, keadaan air pasang tinggi dan arus deras. Biasanya air bergerak bersama lumpur menyebabkan air keruh seperti teh susu. Biasanya berlaku selama 7 hari sebelum air mengecil semula. Ketika ini air pasang akan menenggelamkan reba-reba kayu dan batu tebing di sekitar tebing selat. Ketika air mula tinggi spesis ikan Tanda dan Gelama adalah spesis yang biasa menghuninya. Kebanyakkannya berlindung ketika arus di kawasan tengah terlalu laju. Kebanyakan spesis Ikan Semilang juga amat aktif ketika ini. Kawasan muara dan anak sungai ketika air mula masuk, adalah yang paling sesuai. Kebanyakan ikan Pari kecil di bawah 2 kg biasanya banyak terdapat di kawasan pantai yang cetek. Di waktu ini juga, nelayan akan keluar menjaring Ikan Bawal di kawasan laluan kapal yang dalam.

Walaupun keadaan air yang cantik kadangkala tidak juga membuahkan hasil Ini bergantung kepada keadaan cuaca semasa dan suhu persekitaran

Info dari group INTERNET
Posted in Uncategorized | Leave a comment

linux continuous ping with timestamp

Generator

I’d like to add timestamp on pinging session cause easy to track record for any event or issue especially  if facing higher latency on my internet-connection or WAN at Office/Home.

add the timestamp For example :

Localhost

ping localhost | while read pong; do echo “$(date): $pong”; done

Destination

ping 10.100.100.110 | while read pong; do echo “$(date): $pong”; done

Posted in Uncategorized | Leave a comment

Kuba Ija Guling

10 Jun 2018 , puasa yg ke 25 ramadhan ini, atas permintan aku , bibik saya belajar membuat kueh kuba guling ala Hulk Avenger. Berasnya enak sekali kerana mengunakan beras pulut asli dari siam , beli di Hatyai semasa balik memancing di Khaolak Thai .Cuma nyiur kelapa parut tak menjadi pasal ambik kelapa tua dan diparutnya sampi ke dasar tempurung. Hahaha…next time cari kelapa parut anak dara lak .. kueh ini menjadi kesukaan anak2 aku senja lahir lagi ..entah kenapa tah ? Maybe neneknya penjual kueh tersebut sejak zaman beliau kecil2 lagi … aku pun jatuh cinta dengan kueh ini …

Posted in Uncategorized | Leave a comment

InterScan Web Security Virtual Appliance (IWSVA) 6.5 default password

After downloading latest software and patch for TrendMicro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 ( latest version ) on 25 Nov 2015 at URL –> http://downloadcenter.trendmicro.com/

This website actually for those have proper Trend License only.The worst case part is Trend micro itself not telling everybody about default password .BTW,

Here is default username : admin 

password is “adminIWSS85″ Continue reading

Posted in Uncategorized | Leave a comment

AIX Topic – How to delete multiple default gateways

Delete multiple default gateways

 First, obtain how many gateways there are:

# odmget -q "attribute=route" CuAt

CuAt:
        name = "inet0"
        attribute = "route"
        value = "net,-hopcount,0,,0,192.168.0.2"
        type = "R"
        generic = "DU"
        rep = "s"
        nls_index = 0

CuAt:
        name = "inet0"
        attribute = "route"
        value = "net,-hopcount,0,,0,192.168.0.1"
        type = "R"
        generic = "DU"
        rep = "s"
        nls_index = 0

If there are more than one, you need to remove the excess route:

# chdev -l inet0 -a delroute="net,-hopcount,0,,0,192.168.0.2"
Method error (/usr/lib/methods/chginet):
        0514-068 Cause not known.
0821-279 writing to routing socket: The process does not exist.
route: not in table or multiple matches
0821-207 chginet: Cannot add route record to CuAt.

Then verify again:

# odmget -q "attribute=route" CuAt

CuAt:
        name = "inet0"
        attribute = "route"
        value = "net,-hopcount,0,,0,192.168.0.1"
        type = "R"
        generic = "DU"
        rep = "s"
        nls_index = 0
Posted in Uncategorized | Leave a comment

Lunch before puasa ramadhan 2013

Selepas relocate ibm pseries into sun uat rack, my tech team khairil,mahadhir & aku makan tghari di ” the chicken rice shop ” bangsar south sphere … ambik menu healthy , sgt2 healthy .. tapi ramailah pulak duk menunggu .

Asyik duk tekan bell pon x datang .. lama2 🙂

image

Posted in Uncategorized | Leave a comment

My first blog – on 8 July 2013

8-07-2013 This is my first blog using wordpress’s post so I’m excited sangat2 & will update this WordPress  though  Samsung Galaxy Notes 2 Mobile  as advised by  maulvi .

Image

Posted in Uncategorized | Leave a comment