Posts

A strategy to win the ransomware war


Our leaders on Capitol Hill, the national media (“60 Minutes” on Sunday), and the world are finally starting to recognize that ransomware is a massive national security risk.

Why it took years to get to this point? No idea.

I guess when you take away our meat and fuel (everyone in gas-crazy Florida knows about Colonial), Americans start paying attention; not just paying attention, but creating a Justice Department Ransomware Task Force.

On our podcast last week, my exact words were: “Follow what President (Ronald) Reagan did with terrorists, and do not negotiate or pay ransoms to them — ever.”

If you read my columns over the past 10 years, one in four is about cybercrime and usually, ransomware is in the mix.

What’s new with these threats, besides making an appearance on 60 Minutes and being discussed by the White House?

What’s new is that people keep paying the ransom; more hacking groups are getting in the mix because it is extremely lucrative.

We have seen the payouts and we have to stop paying them, CNA Insurance paid out $40 million and Colonial $5 million. Even if you bribe to pay to your host government, those are some steep margins for setting up some email blasts loaded with malware.

Hackers are getting more creative/devious with these attacks; not only do the latest strains encrypt your data, but they also steal it.

Essentially, there’s double extortion going on: First you pay to get the encryption keys back to unlock your data. If you have rock-solid data backups and wipe and reload your systems so you don’t have to pay to get the keys. But if you have private and sensitive info, you might be tempted to pay to stop the release of the data where it might end up for sale on the dark web.

Granted, there is no guarantee that the criminals will give you encryption codes nor any assurances that they will not release your stolen info regardless, especially if you have valuable data, like Social Security numbers, state secrets, credit card numbers, etc.

By the numbers, a report from Cybersecurity Ventures says ransomware damages would cost the world $5 Billion USD in 2017, up from $325 million in 2016 and rocketing to $20 billion in 2021. That’s approx. 57…

Source…

New behavioral biometrics FIDO certification, developer tool, customer win revealed

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


digital identity KYC security

Zighra’s behavioral biometrics for decentralized continuous authentication have been certified by the FIDO Alliance, with the company claiming it is the first on-device behavioral biometrics solution confirmed to the FIDO standard.

The combination of AI, biometrics and behavioral analytics provides continuous protection against phishing and fraud in both conventional and zero-trust systems, the company says. The technology is available as a workforce app for secure logical access, and can help organizations comply with GDPR and the California Consumer Privacy Act.

“Now, with FIDO certification, Zighra adds tremendous value to meet the growing contactless-access needs of current and post-COVID work and lifestyles,” says Deepak Dutt, CEO of Zighra. “Our unique, patented solution provides powerful security controls to continuously protect enterprises and users, across devices, all with a seamless experience.”

The USPTO recently granted Zighra a patent for passwordless authentication with its behavioral biometrics.

Incognia launches free Developer Edition

Incognia has made its location-based behavioral biometrics available for free to mobile app developers to help them build its fraud prevention capabilities into fintech and mobile commerce apps.

The Developer Edition of Incognia’s technology provides rapid SDK integration of frictionless fraud prevention, according to the announcement, which works silently in the background to detect compromised devices. The new edition includes thousands of free API requests per month, and mobile apps with larger user bases can move to Incognia’s paid enterprise solution.

“Mobile adoption and contactless payments are fueling the growth of mobile apps that process payments and need fraud detection. Along with growth in mobile app usage is growing demand for frictionless mobile experiences that are also secure. We’re excited to launch our developer offering to allow mobile app developers access to frictionless identity verification and authentication features for mobile users,” comments André Ferraz, founder and CEO of Incognia. “With the free Incognia Developer Edition, companies of any size will be able to…

Source…

How to schedule Win 10 Security Scans?

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


1 – Where do I go to change the scan schedule on my Win 10 PC?

I have opened Windows Security & explored but can’t find where to change the scan schedule.

 

2 – Windows Security > Settings > Security Providers > Web Protection = “No providers”

Please suggest how to fix this… plugin, add-on, 3rd party app, or what?

 

3 – If I don’t log in to a Microsoft or One Drive  account is my computer protected by Windows Security ?

The Windows Security Icon shows yellow triangle in bottom right Task Bar aks System Trey

It wants me to log into Microsoft (or One Drive) account for “Virus Threat” and for “Account Protection”

Must I do that for the Windows Security app to work?
(The yellow warning flag is alarming and irritating)

 

Thanks for any help.

Edited by hamluis, Today, 11:08 AM.

Moved from W10 Discussion to AV/AM – Hamluis.

Source…

Malware blocking Win 10 Security Center, Defender, Windows Update

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


 

Below is Addition Logs. I have to split into two posts since they are very long

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-03-2021

Ran by nabilishes (28-03-2021 13:23:14)

Running from D:nabilishesDownloads

Windows 10 Pro Version 20H2 19042.867 (X64) (2021-03-15 14:52:11)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1329291547-1842855452-3907845093-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-1329291547-1842855452-3907845093-503 – Limited – Disabled)

Guest (S-1-5-21-1329291547-1842855452-3907845093-501 – Limited – Disabled)

nabilishes (S-1-5-21-1329291547-1842855452-3907845093-1001 – Administrator – Enabled) => C:Usersnabilishes

WDAGUtilityAccount (S-1-5-21-1329291547-1842855452-3907845093-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Malwarebytes (Disabled – Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

AS: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acronis True Image (HKLM-x32…{2D18E04C-2EFC-48C6-A17F-F53FC9D8564C}) (Version: 20.0.5554 – Acronis) Hidden

Acronis True Image (HKLM-x32…{2D18E04C-2EFC-48C6-A17F-F53FC9D8564C}Visible) (Version: 20.0.5554 – Acronis)

Adobe Acrobat XI Pro (HKLM-x32…{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 – Adobe Systems)

Adobe Bridge CC (64 Bit) (HKLM-x32…{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.2 – Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32…Adobe Creative Cloud) (Version: 4.2.0.218 – Adobe Systems Incorporated)

Adobe Extension Manager CC (HKLM-x32…{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 – Adobe Systems Incorporated)

Adobe Flash Player 31 PPAPI…

Source…