Popcorn Time Ransomware asks you to infect others in order to recover your encrypted files

(20 December 2016)

If only malware authors used their creativity for the good of this world…

Some extremely enterprising individuals have come up with another interesting ransomware the likes of which have not been seen until now. And it literally tests how humane are you.

We are taking about the Popcorn Time ransomware that was recently discovered by a group called ‘malwarehunterteam’.

What does the ransomware do?
Like its cousins, the Popcorn Time ransomware scans its host (your infected computer) for multiple extensions and encrypts them. As of the latest update on Bleeping Computer, the ransomware targets files saved in the My Documents, My Pictures, My Music, and the desktop folders on the infected machine.

But, what makes this ransomware different from others?
The Popcorn Time is different in the way it asks the ransom to let go of the victim’s files. It offers two choices:
1.    The standard method – pay the ransom to get the decryption key for your files.
2.    The sneakier method – infect two users with the same ransomware and you get your files back.

More explanation on method 2
According to the ransom note, if you don’t want to pay the ransom to the Popcorn Time malware, then you can send any two people a malicious link which will download the ransomware onto their computers. And if they pay the ransom, then you will receive a free key to decrypt your own files.
How nasty is that?

A strong word of caution!
• First, never pay ransom to cybercriminals. It won’t help; it doesn’t help. Read these 5 compelling reasons not to pay ransom to hackers.
• Secondly, spreading a malware to other users is a criminal act and only risks a prison sentence. Above all, doing so only erases the difference between you and those who make a living by extorting innocent people.

So, here are a few tips, following which is far easier than thinking about what to do once your files are encrypted by a ransomware
• Invest in a layered security software. By layered, we multiple barriers that stop attackers at every step.
• Backing up your files regularly may seem like a boring chore to do, but it is like that emergency flashlight that comes in handy during sudden power outages at your home.
• Do not click on links or download attachments that arrive with emails from unknown, unwanted or unexpected sources.
• Think before you click on social media posts that claim to show you weird, strange or unbelievable videos. Hackers use such baits to trick people into clicking on malicious links.

Alert your friends and peers about the Popcorn Time ransomware and help they stay safe by sharing this post. Stay safe!

 

					

Christmas Promotion T&C's

(2 December 2016)

Entries for the Christmas Giftcard promotion only valid up until 23rd of December 2016.
As a condition of entry, participants consent to recieving Quick Heal e-newsletters. 
Competition only valid for Australian residents, entries outside of Australia will not be considered.

 

					

Top 45 Killer Security Tips to Follow

(2 December 2016)

 

#1. While revealing any personal or financial information on the Internet, ensure that the website’s URL begins with ‘https’ and is accompanied by a padlock symbol. These two elements indicate that you are on a secure website and that your information is safe.
#2. While using free, unsecured WiFi networks or public cyber cafes, never shop or bank online, or login into online accounts.
#3. Always go for long, unique, and hard-to-guess passwords. Keep different passwords for different online accounts.
#4. Use Secure Browsing for your Facebook account.
#5. Don’t bother selecting options that say ‘Keep me logged in’ or ‘Remember me’ on websites, especially when you are on public computers.
#6. Prefer keeping a secondary email address for using it on websites that require you to share certain personal information. Also,  use your primary email address to stay in touch with people you know or are acquainted with.
#7. Avoid using your official email address for social media sites or any other websites other than that of your organization.
#8. For sites related to social media, music downloads, file sharing, etc., use an email address that you do not use for important communications such as those related to your bank, income tax, medical appointments, and the like.
#9. Tighten your privacy settings on Facebook so that only your friends are notified about your activity.
#10. While choosing a password, ensure that you are not using any kind of personal information such as your name, date of birth, address, pet’s name, street name and so on.
#11. While using the Internet in a public place like restaurants, shopping malls, airports, etc., ensure that no one’s snooping on you from behind your back.
#12. If you receive any emails that ask you for your personal or banking information, delete them straightaway. Exercise caution against links or attachments in unexpected or unsolicited emails. It is wise to verify any such communication with the sender first, before responding to them.
#13. If there is any online account of yours which you are not using for a long time, have it removed or deactivated.
#14. It is wise not to make your photos or videos public on the Internet. Keep them visible only to people you know personally.
#15. Never respond to pop-up advertisements that may come up on your screen, no matter how inviting or genuine they may look. The safest way to close such pop-ups is from the task manager; press Alt+Ctrl+Delete.
#16. Before downloading and installing any kind of free software, do a quick research on the software and the website hosting it. Reading user reviews about the same is also important.
#17. Do not visit websites that you are not fully aware of or those that can be accessed from emails or mobile messages.
#18. If you have downloaded a file online, ensure that you check its extension before clicking on it. Files with multiple extensions can be bad news for your computer.
#19. Make it a point to log out once you are done. This is more essential when you are using a system in a cyber café.
#20. Avoid responding to or clicking on social media posts that claim to show unusual content such as shocking videos or unseen events, etc. Always verify such news from genuine news websites.
#21. It is advisable to access your bank’s website by typing its URL in the address bar. Never access the same from an email or SMS.
#22. Secure your wireless network at home by changing its default password and using WPA2 encryption.
#23. Always keep your computer’s operating system and other programs up-to-date and patched. It is advisable to keep Automatic Updates to ON.
#24. If you can’t avoid using an unsecured WiFi connection for checking your emails or doing an online transaction, consider using a VPN (Virtual Private Network). This will ensure that your private details do not get snooped on by anyone.
#25. Never download software/applications that come as attachments in emails, even if the emails look like that have been sent from a trusted source.
#26. For online shopping, trust well-known and reputed websites that have been in the market for quite some time.
#27.If you are installing any browser plugin, ensure that it is trusted and is a current one.
#28. Protect your computer with a security software that offers multilayered protection from viruses, spyware, Trojans, malware, and online banking threats.
#29. Increase your knowledge about cyber threats and cyber security; share the same with friends, family and acquaintances.
#30. Always trust your instinct. If you think an online offer, or an email sounds too good to be true or suspicious, assume that it is.
#31. If you are buying from an online website for the first time, it is advisable to choose the Cash On Delivery option, instead of making an upfront payment.
#32. Ensure that you change your online banking passwords every 6 months, and never share them with anyone.
#33. Avoid the option of saving your credit/debit card information on websites.
#34. Any kind of financial details should not be shared on phone or email, even if the caller/sender seems genuine or appear to belong from a reputed organization.
#35. Avoid downloading software from unverified publishers. Your system will always prompt you the information whether the publisher is verified or not before the software gets installed.
#36. Always lock your computer and smartphone when not in use. Do not leave it unattended, especially in public places.
#37. Create passwords that have a mix of uppercase and lowercase letters, numbers, and special characters. Also ensure that your password is at least 8 characters long.
#38. Accept friend requests, on social media and other online platforms, only from people you know and are acquainted with.
#39. Protect your smartphone and other mobile devices with a screen lock such as PIN or PASSWORD. Turn the automatic screen lock function ON.
#40. Avoid rooting or jailbreaking your device; this makes your device more vulnerable to malware and attackers.
#41. Install apps only from trusted and official sources like App Store, Google Play Store, etc.
#42. Turn OFF Wi-Fi, Location Services, and Bluetooth when not in use.
#43. Avoid sending or saving overly sensitive information like passwords, user IDs, banking information, etc., on your mobile device.
#44. Avoid installing mobile apps that ask for unnecessary or more-than-required permissions.
#45. Protect your mobile device with a reliable mobile security app that can automatically prevent installation of malicious apps, block infected or malicious websites and offers features such as anti-malware, anti-theft, location tracking, secure data backup, call & SMS blocking, etc.
					

Ransoc – An unusual ransomware that threatens to expose your personal information

(28 November 2016)

Mostly a ransomware encrypts your files and demands money in exchange for a key that can decrypt the data. And the payment is demanded in Bitcoins. Ransoc is different in the way it works and the medium it uses for the payment.

How does Ransoc work?
Once your computer is infected by Ransoc, it gathers your personal information from your Skype and social media profiles and scans your system for Torrent files and other sensitive information. It then displays a ransom note. Interestingly, the ransom note is customized for a particular user and has their social media details including their profile picture. The ransom note threatens the victim with a fake legal proceeding and also that the ‘sensitive’ information found on their computer will be made public if the ransom is not paid.

Now, two important points to note here:

  1. Ransoc, unlike other ransomware, does not encrypt any files on the infected computer.
  2. Reportedly, the ransom note is displayed only in a case where the ‘sensitive’ information found by the ransomware includes child pornography or illegally downloaded Torrent media files.

So basically, the creators of this ransomware are targeting the victim’s fear of facing legal complications and losing their reputation instead of their data.

Further, Where all ransomware creators use Bitcoin to remain hidden from law enforcement, Ransoc asks its victims to pay via credit card; this kind of payment approach has been unheard of in ransomware attacks till now.

How Quick Heal helps:

Quick Heal’s Virus Protection proactively detects the ransomware as “Ransomware.TorLocker.PB5” and prevents it from performing any activity on your computer.

qhts

How to stay safe from ransomware attacks

  • Never click on links or download attachments that arrive in emails from unwanted, unknown or unexpected sources.
  • Apply all recommended security updates (patches) to your Operating System, and programs like Adobe, Java, web browsers, etc.
  • Take regular backups of your files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
  • Avoid using outdated browser plugins or plugins that you do not use anymore.
  • Invest in an antivirus software that comes with several layers of security such as Web Security that blocks infected websites, Email Security that blocks infected emails, Phishing Protection that blocks fake websites, etc.
  • Always keep your antivirus software up-to-date to stay safe against new threats.

ACKNOWLEDGEMENT

Subject Matter Expert – Prashil Moon (Threat Research and Response Team)

					

Alert! A Fake Flash Player Website is Spreading Locky Ransomware

(25 November 2016)

The Locky ransomware, like all other ransomware, encrypts user data and demands a hefty ransom in exchange for the key that decrypts the data.

A variant of this ransomware called ‘thor’ was recently found being distributed via a fake ‘Flash Player Update’ downloading website that goes by the name ‘fleshupdate.com’. The distribution of unwanted software and PUAs through such fake updates has been reported on several other occasions earlier as well. This distribution technique only goes to show how attackers are trying hard to maximize their target area. If you notice, the word ‘flash’ has been wrongly spelled in the domain name – ‘fleshupdate.com’.

What happens when a user visits this fake website?
When a user lands on this website, they are greeted by a fake web page stating ‘Your Flash Player may be out of date’. To a normal, unsuspecting user, this web page will look exactly like the real Adobe site.

 

How to stay safe against ransomware attacks

  • Before accessing any website, always verify its URL; look for spelling errors and junk characters.
  • Never click on links or download attachments that arrive in emails from unwanted, unknown or unexpected sources.
  • Apply all recommended security updates (patches) to your Operating System, and programs like Adobe, Java, web browsers, etc.
  • Take regular backups of your files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
  • Avoid using outdated browser plugins or plugins that you do not use anymore.
  • Invest in an antivirus software that comes with several layers of security such as Web Security that blocks infected websites, Email Security that blocks infected emails, Phishing Protection that blocks fake and phishing websites, etc.
  • Always keep your antivirus software up-to-date to stay safe against new threats.

 

 

ACKNOWLEDGEMENT

Subject Matter Expert –

Prashil Moon (Threat Research and Response Team)

					

5 Compelling Reasons Not to Pay Ransom to Hackers

(15 November 2016)

by Rajib Singha

Unless you’ve been living under a rock, you would know what a ransomware is and why are computer security folks constantly speaking about it. To put things into context, ransomware is a malicious software that locks your computer or encrypts the files stored in it. It then demands a ransom to let go off the system or the data. What’s worse, data once encrypted by a ransomware cannot be decrypted unless you pay the ransom. To sum up, ransomware is like an illness that cannot be cured or treated once it has infected you. Nasty stuff, really.

So, what if all your important data gets locked? Should you pay the ransom?
Not discounting the fact that it’s easier said than done, we would still go with a bold ‘No’. And we have our reasons for saying so; compelling ones.

5 Reasons Not to Pay Ransom to Hackers

1. You’re dealing with an immoral lot
Creators of ransomware already lead an unscrupulous life of extorting money from their victims. For all you know, the attacker might just vanish as soon as you pay up, without giving you any information on how to get your data back.

“Expecting a fair deal from criminals is our weakness, not theirs.”

2. Your payment fuels cybercrimes
This is a no-brainer. Paying ransomware scammers only fuels their misconduct. The ransom that you pay would not only empower them to target other individuals and businesses, but the entire situation acts as a strong motivation for other cybercriminals to join forces.

“Ransomware is no less than terrorism.”

3. Your payment fuels other crimes too
Extortion, whatever form it may be in (digital or otherwise), pulls in real money for criminals. It is less likely that the money will only be invested in creating more ransomware or other malware. In fact, this very loot can further flow down into perpetuating drug smuggling, trafficking, organized crimes, etc.

“Crime does not have a dead end; it runs deep.”

4. You will be hit again, with a bigger ransom
If you pay up once, it won’t take them long to figure out that you will pay up again. And it is most likely that they will come up with a bigger price. And why not? Your data is important to you and they know that too.

“Bow down to criminals and they will climb up on your shoulders.”

5. You’ll be tagged as “The person who paid…”
As much evil as cybercriminals are, they have a social life. Besides making plans with their peers for the weekends, they also exchange information about their victims; in this case – who paid the ransom and who didn’t. And once you are tagged as “the person who paid…” then others will also try to stalk you as their cash cow.

“Predators always go for the weak in a herd.”

All this may sound scary and grim. But, this is how things are and wishing otherwise will only work against us. Realizing and admitting the power of your enemy is the first step to brave them. The only way out of the ransomware menace is cutting off their blood supply – which means, preventing your data from getting into its hands. No data, no ransom; simple! Here are some essential steps you must follow if you want to stay away from ransomware:

1. Back up your files on a regular basis. Remember to disconnect the Internet while you are backing up on an external hard drive. Unplug the drive before you go online again. Several free and paid Cloud backup services are available on the market that can take data backup periodically.

2. Use a reliable antivirus software that can block infected emails, websites, and stop infections that can spread through USB drives. Keep the software up-to-date.

3. Apply all recommended security updates for your computer’s Operating System and all other programs such as Adobe, Java, Internet Browsers, etc.

4. Do not click on links or download attachments that arrive in emails from unwanted or unexpected sources. Even if such emails seem to be from a known source, it is better to call up the sender and verify them first.

Again, whether one should pay ransom to hackers does not have an easy answer. After all, it is data that we are talking about here. Some victims may not have a choice; they need their data back. As I said, this game is nasty. So, those who haven’t had the misfortune of coming across a ransomware should take all possible preventive measures and those who have must ensure they stay well guarded against future attacks.

“An ounce of prevention is worth a pound of cure.”

					

Security Alert! Stay Away from Pirated Software

(11 November 2016)

Pirated, cracked, unauthorized or unlicensed software may be dirt cheap or come for free, but they may cost you your digital security. With unknown publishers and no standard testing procedures in place, such software contain several security flaws which can be used by hackers to gain access to your computer. Reportedly, 1 in every 3 pirated software carries malware that can damage a computer or steal the user’s personal information including details of their bank accounts.

Websites that host pirated software often redirect their visitors to potentially dangerous websites and end up getting their computers infected with a wide variety of threats such as bots, adware, potentially unwanted applications (PUA) and even ransomware (malware that encrypts your data and demands a ransom in exchange).

More importantly, cracked or pirated software do not receive software updates that are necessary for patching security vulnerabilities and hence they stay at risk of getting exploited by attackers.

At Quick Heal Labs, we have observed various cases of software activators for Windows Operating System, Microsoft Office and even antivirus that come bundled with downloader that drop potentially unwanted applications (PUAs). Download the PDF file below to read our technical analysis on some pirated software including the infamous KMSpico Windows Activator.

PDF iconImportant security steps to take

  1. Only use licensed software that have verified publishers.
  2. Avoid downloading cracked/pirated versions of any software.
  3. Avoid downloading and installing activators for activating OS or other software.
  4. Carefully read and understand the privacy policy and risks involved while installing any software.
  5. Get Quick Heal’s anti-malware to protect your computer from potentially unwanted applications