cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Ransomware - Adobe Flash Update

Level 10

We have been watching the spread of ransomware and this malware's success with increasing concern.

Hospitals appear to be of particular interest this year.

And who hasn't had a friend or colleague call in a panic this year already.

As many of you know, most ransomware gets onto the system through a phishing attack, so Adobe's emergency update earlier this week was concerning on multiple levels.

1 - Does this mean we can expect ransomware drive-by-downloads

2 - What is the next bug in Flash that will be exploited.

If you haven't read about this update yet, you can hit any of arstechnica, macrumors and the of course the popular press.

This patch includes updates to prevent the Cerber form of ransomware and the fact that it is an emergency patch means it's been seen in the wild.

If you haven't already done so, please update flash it's windows and macOS.

And share your experiences, as we all know with ransomware - either you have a backup or you payup

28 Comments

I spend more time in Security meetings now than at any other time in the last twenty years of my IT career.

Level 11

Just another reason why you have to keep your systems up to date with the latest patches.

Level 14

20 years ago I would use a single 3.5" floppy to load anti-virus on a machine, and all of the current signatures.  Times have changed.

Level 15

This adobe package comes with many other programs for network installation, I see that download fabrincante site only comes crhome Mcfee and google, but it's weird because I do not see this security. Always you disable such software installation.

Level 14

A friend of mine, who happens to be my podiatrist, had this happen in his office.  One of his receptionists fell for a phishing attempt and her work computer got encrypted.  Fortunately, he uses off site/cloud record keeping.  All that had to done was re-image the workstation.  As for the offsite record keeping, I understand that for his small practice it was the best option for HIPAA compliance.

We are mice on a wheel when it comes to security. We hurry to run in place!

MVP
MVP

kind of like a treadmill ??

Level 10

It's a never-ending cycle when it comes to keeping systems up to date. If it's not weekly reports, then you are lucky enough to be on top of things.

Level 12

The local news paper in my town published a paper about one of the big hospital ransomeware stories. I got bombarded with text messages the next day about it. I work at the hospital here. Obviously people in the community are worried about stuff like this happening, I only wish our administration took it more seriously. They never take anything that could be a problem seriously until after it happens sadly.

Level 14

Law enforcement and financial institutions are next up on the Ransom "treadmill" so I've heard. As the coin of the realm is BITCOIN... it makes it more and more interesting.

I always wonder what would the world be like if these folks put their efforts into something good!!!!

It's a good rationale for forwarding all those e-mails of concern to your administration.  Maybe that flow will help them realize the public's interest in how your organization protects itself and its customers.

MVP
MVP

It pays to be vigilant.

MVP
MVP

We've had a few clients get hit with ransomware. They had processes in place to restore though so it wasn't as bad as it could have been.

Level 14

I just don't like Flash anyway.  I hate that some of the SolarWinds consoles require it.  It also depends on downloads from Adobe to operate correctly as not all files are included in the install.  It makes a true offline installation very difficult.  But back to ransomware...this will not be the last.  We all know that.  It is just good that some companies do put out Emergency updates before tings get too out of control.

I was speaking with a Cloud vendor about this topic yesterday.  He mentioned he'd been involved in recovering a business with multiple sites that had been hit with ransomware.  He promoted how the information in the Cloud wasn't compromised, and all that had to be done was reimage the computers and servers and point them back out to the cloud.

My thought on that:  What will you or the client do when your cloud is compromised?

The user won't know it until they see their business impacted, their name in the newspaper, and their accounts drained.

Cloud computing is an interesting trend, but if the FBI and the CIA and Google and Facebook and banks can't keep folks from accessing accessing/compromising their data, I suspect folks using the cloud as a security solution are operating in ignorance.

Level 10

rschroeder

and everyone else -  re: cloud data - so Symantec says new forms or ransomware are hopping our connected drives and encrypting the cloud data. 

I know how to back up a local hard driver or server (and restore if ransomware hits) but how do you restore on the cloud??

And anyone have a solution for mac users on time capsule?  The mac backup system doesn't have a search function and the time capsule is encrypted so you can't wander around with #find

Level 12

For cloud I would assume it is the vendors responsibility to maintain backups for the data stored on it. In the end I would look closely at what the contract says about it with the vendor.

Level 12

Being BTC is the payment method the wallets are public. So on a whim I checked one of the wallets from just a single variant of the crypt locker. Wallets are listed in the message that tells you where to send the BTC. The wallet had over 11 million USD deposited within a 5 month period. As terrible as it is, there are not many "good" efforts out there that would pay that well. Money will always drive efforts be it for good or bad.

Bitcoin isn't the problem, its just the method they choose for payment.

Level 12

The latest versions look for any mapped drives and also encrypt the drives that the infected pc is connected to. This has caused a lot of IT shops to discourage or even discontinue the use of always mapped drives. Save yourself a lot of headaches and use an icon the user must click when they want to access a shared resource. Its one thing to lose a single users PC because of cryptolocker, its another to lose an entire file share.

Therein lies one of my fears:  assuming the cloud is safe, the vendors are secure, the backups are being made--AND being tested/restored.

Assuming leaves one open to much that may not be good . . .

I think most customers assume that their data is secure from the back of their PC, through the wires or through the air, right to the cloud-providers' solutions.

I'd believe those customers are wrong more than they know--or fear.

Level 12

You are absolutely right on that one. Sadly people make assumptions that the cloud is impervious to this kind of stuff. Sometimes they just make that assumption of I'm not in control of it so it's not my problem, to the vendor itself making indirect implications that they are better then they are against these kinds of things.

Nothing is perfect, or 100% safe. The best you can do is be prepared for the worst. My motto in life is to hope for the best, and plan/expect the worst.

Level 14

I do agree about the cloud, lack of control and all.  However, for a small business that can't afford a full time security staff, the cloud can offer solid solutions.

MVP
MVP

For others the cloud is easy and convenient and since it is "secure" they feel they must be as well.  So that is the "easy button" for them.

Being diligent abut security is not easy and most people don't understand it.  But they get the warm fuzzy of the easy cloud solution and become complacent. this opening them up to disaster.

I really want "easy buttons" for things, and I want them to be secure and inexpensive and powerfully good.  But folks assumed Panama was a good place to hide wealth from legal taxation; there's one parallel to "The Cloud" that proved easy is not equal to secure.

MVP
MVP

That's the point rschroeder

Level 10

@stephen.black

love your idea about unmapping drives by default.  Doing a longer post on ransomware, can I attribute this tip to you?

Level 10

UPDATE:  TESLACRYPT

Apparently Eset convinced the tesla crypt ransomware team to release the private key. 

http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomwa...

Level 20

J003-Content-Just-say-no-to-Flash_SQ-150x150.jpg