David Snell

FINALLY – A firewall for the connected home network

cujoCujo is a Smart Home firewall that protects everything on your network including all those IoT (Internet of Things) devices. Think of it as an immunity system for your home network.

The Cujo is surprisingly unassuming, a small plastic stump like device with light-up eyes that stands in adorable contrast to its mad dog name (the book from Stephen King) and home security mission statement.

The product is designed to bring enterprise-level security to the home network, helping protect against attacks to the increasingly vulnerable world of networked devices, from laptops to smart light bulbs.

Cujo is, for all intents and purposes, a smart firewall. It’s made for an average user to easily understand. You see every single thing on your network through your app. If you got to bad places or bad things come to you, we will block bad behavior and we will send you a friendly notification that someone tried to access your camera.

The company demoed the product at the Disrupt 2016 conference by hacking a baby camera. On a page displaying all of the devices connected to the network, a warning popped up: We blocked an unauthorized attempt to access device ‘IP camera’ from [IP number]. From there, access to the feed can be cut off — or not, if there is no actual threat.

Cujo serves as a peer to a home router, monitoring all network connected devices for malicious activity and sending notifications when something happens, like suspicious file transfers or communications with faraway IP addresses. It’s a bit like the Nest app, only for networked security, rather than fire alarms.

Today’s exploits are less about individual devices than they are about opening up the entire network through a small and seemingly harmless smart gadget. You may think, so what, my lightbulb is going to get hacked. The real challenge is what happens next. Once the bad guys are in the network, they can get to the other devices. They can get to your camera, they can get to your PC and extract files, they can even film you. The FBI director is on record as taping over his webcam when he goes home. That tells you that we’re very exposed.

Part of the company’s current mission is highlighting those exploits for consumers who are likely versed in the threat of PC malware but may be unaware of the growing threat posed by the vulnerability of the Internet of Things.

The biggest advantage has been that it’s the average user who no longer feels private at home, may even put the duct tape over his webcam and just wants something that works — doesn’t want to spend days and months changing and configuring things.

Cujo is available now through Amazon. It’ll be rolling out to “all major retailers” by year’s end. The company anticipates breaking even with the device, eventually monetizing the product with the ongoing security subscription.

I like CUJO’s innovation and focus on home network security. It appears they’ve met their goal of making a friendly and simple to use firewall and the smart phone app is very easy to use.

CUJO is not going to be for everyone, particularly those folks uncomfortable with any cloud service looking at any part of their internet traffic. But for home users who want to protect all the devices on their network, whether they run anti-virus/malware apps or not, CUJO would be worth a try.

CUJO currently sells for $76.85 at Amazon & Walmart, $99.00 at Staples , with BestBuy and Target offering the device soon. It includes a 180 day trial license. After that, you’ll need to subscribe for $8.99 / month, $26 for three months, $49 for six months or $80 for a year of service. If you’re a true CUJO believer, you can opt for a lifetime subscription for $800

Additional information can be found here:


FCC Rules Landmark Protection for Internet Users

fccHere’s a WIN for the little guys! Federal regulators have approved new broadband privacy rules that require internet service providers like Comcast and Verizon to ask for customers’ permission before using or sharing much of their data, potentially making it more difficult for them to grow their advertising businesses.

Under the new measure, for example, a broadband provider has to ask a customer’s permission before it can tell an advertiser exactly where that customer is by tracking her phone and what interests she has gleaned from the websites she’s visited on it and the apps she’s used.

For some information that’s not considered as private, like names and addresses, there’s a more lenient approach. Customers should assume that broadband providers can use that information, but they can still “opt-out” of letting them do so.

The final Federal Communications Commission’s measure was scaled back from an earlier proposal, but was still criticized by the advertising, telecommunications and cable industries.

Cable and phone companies want to increase revenue from ad businesses of their own — AT&T has said increasing advertising tailored to customers’ preferences is one of its goals with its $85.4 billion purchase of HBO, CNN and TBS owner Time Warner; Verizon has bought AOL and agreed to buy Yahoo in order to build up its digital-ad business.

But the new rules could make doing that more difficult. Companies and industry groups say it’s confusing and unfair that the regulations are stricter than the Federal Trade Commission standards that digital-advertising behemoths such as Google and Facebook operate under. The FCC does not regulate such web companies.

FCC officials approved the rules on a narrow 3-2 vote Thursday, its latest contentious measure to pass on party lines.

“It is the consumer’s information. How it is to be used should be the consumers’ choice, not the choice of some corporate algorithm,” said Tom Wheeler, the Democratic chairman of the FCC who has pushed for the privacy measure and other efforts that have angered phone and cable companies. AT&T and other players have fought the “net neutrality” rules, which went into effect last year, that say ISPs can’t favor their internet traffic. Another measure that could make the cable-box market more competitive is still waiting for an FCC vote.

Industry groups representing the cable, phone and advertising industries criticized the outcome of Thursday’s vote, while several consumer-advocacy and civil liberties groups hailed it.

Today’s vote is a historic win for privacy and free expression and for the vitality of the internet, said a spokesperson from the American Civil Liberties Union (ACLU). Just as telephone companies are not allowed to listen in to our calls or sell information about who we talk to, our internet providers shouldn’t be allowed to monitor our internet usage for profit.

The FCC order is not airtight so we can expect the industry to try and exploit every crack in these protections – time will tell. In the future, I fully expect that their “opt out” process will be buried deep within their 6,000 page “terms of service” document hoping we don’t take the time to find the instructions and make the request.


IoT (Internet of Things) Devices Take Down The Internet

It was all over the news this weekend. A sustained DDoS attack that caused outages for a large number of web sites Friday was launched with the help of hacked “Internet of Things” (IoT) devices. In a relatively short period of time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.

Early Friday morning someone aimed their DDoS attack on Dyn, a New Hampshire based Internet infrastructure company that provides critical DNS technology services to major websites. The attack immediately created problems for internet users of Twitter, Amazon, Tumblr, Reddit, Spotify, Netflix and a host of other websites.

This outage was similar to the recent DDoS attack on IT security reporter Brian Krebs’ site, caused by the Mirai botnet which consists of hacked IoT devices — mainly compromised of digital video recorders and IP cameras made by a Chinese hi-tech company called XiongMai Technologies.

The components that XiongMai makes are sold downstream to vendors and manufacturers who then use it in their own products. All credentials are hardcoded in the firmware and cannot be changed. This is a very dangerous practice and we need laws against this ASAP.

Who Is Learning How to Take Down the Internet?
Last month, IT security Guru Bruce Schneier created some controversy when he wrote that someone — probably a country — was learning how to take down the internet:

“Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guess.

These attacks are not new: hackers do this to sites they don’t like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it’s a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.”

It’s either a large country, or these two other scenarios:

1) Someone tried to extort DYN and when they did not cough up the money, they decided to show them what they could unleash.

2) Anonymous and/or some other hacktivists decided to flex their virtual muscle and show netizens they are still a force to be reckoned with. Either way is disconcerting.

What can you do about this?
Well, not much EXCEPT keep your unnecessary IoT devices off the internet – don’t simply follow the manufacturers instructions and routinely connect everything to your WiFI connection. In the future, laws should be passed forcing manufacturers to build standard security functionality into these things making it somewhat safer for us consumers to use them.

Google Launches Fact Checking Feature

Just in time for the US presidential election, Google is rolling out a “fact check” tag to its News service.

Google News aggregates stories from various sources identifying them via labels like “highly cited,” “featured,” “opinion,” “in depth,” and now, “fact check.” The fact check feature will appear as a tag among Google News search results.

Fact checking, once a job that was relegated to interns and entry-level reporters, “has come into its own,” Google News head Richard Gingras wrote in blog post.

“Rigorous fact checks are now conducted by more than 100 active sites,” he said, citing the Duke University Reporter’s Lab. “They collectively product many thousands of fact-checks a year, examining claims around urban legends, politics, health, and the media itself.”

Google’s algorithms will determine which articles may contain fact checks using the schema.org ClaimReview system; it also looks for sites that follow commonly accepted criteria for fact checks. Publishers interested in applying to have their service included can find more details online.

News junkies in the US and UK will see new tagged reports in the expanded story box on the Web and in the Google News & Weather iOS and Android apps.

“We’re excited to see the growth of the Fact Check community and to shine a light on its efforts to divine fact from fiction, wisdom from spin,” Gingras said.

Google began labeling types of articles seven years ago, making it easier for readers to access a range of content. Earlier this year, it added a “Local Source” tag to highlight local coverage of major topics.

The news comes as Facebook is grappling with a rash of fake news in its trending section. Amidst concern that its trending news team was surfacing only liberal news, Facebook ditched human curators for computer algorithms. But its algorithms are apparently rather gullible. Facebook later joined an organization dedicated to tackling misinformation online, alongside Twitter and more than two dozen other tech and media titans.

The question we should all be asking now – who’s going to fact-check Google?

A Friendlier “Craigslist”?

450 million people already visit “buy and sell” Groups on Facebook each month, and now the company is launching a whole tab in its app dedicated to peer-to-peer shopping.

Facebook Marketplace lets you browse a relevancy-sorted list of things to buy from people who live nearby and quickly list your own stuff for sale. Integration with Facebook Messenger lets you haggle or arrange a meet-up, and you know more about who you’re dealing with than on anonymous sites like Craigslist thanks to Facebook’s profiles.

Marketplace has launched in the US, UK, Australia, and New Zealand on mobile, but could roll out globally and on the web if it’s popular. There’s an unfortunate lack of a two-way rating system which helps discourage scamming and bad behavior. There’s also no native checkout option for transactions beyond ad-hoc payment through Messenger, which is annoying but promotes in-person exchanges instead of fraud-laden shipping.

While there’s no advertising pages allowed on Marketplace right now, Facebook could one day generate ad revenue if it lets businesses or people buy News Feed ads or sponsored placement for what they’re selling.

Facebook is betting big on Marketplace, considering its taking over a main spot in the navigation tab bar, replacing the Messenger shortcut in Facebook for iOS. That prime location could make Marketplace the digital version of impulse buys at the checkout counter.

Social Selling Facebook continues its unending quest to dominate the internet, creating its own versions of every popular activity on the web to absorb their engagement and profit potential. The more of the commerce experience it owns, the more it can earn indirectly through ads. It’s also working on a Shopping tab for buying from traditional retailers.

Facebook has been trying to win local commerce for almost a decade. In 2007 it first tried out a “Marketplace” for classified listings about things for sale, housing, jobs, and more. But Marketplace never gained enough traction and in 2009 Facebook transferred control to Oodle, the commerce platform powering it. It was shut down in 2014.

Then last year, Facebook took another swing, building a special “For Sale” post option to Groups, which almost a quarter of its 1.71 billion users now visit each month. In October 2015 Facebook began testing a “Local Market” feature that would evolve into the Marketplace.

Facebook Marketplace has three main features: Browse To Buy – Marketplace opens to a filtered feed of items you can buy from your community. Thanks to tags people add to their listings and Facebook’s text analysis AI combined with what Pages you like and stuff you browse on Marketplace, the listings you see are ranked based on relevancy. Pre-made Messages like “Is this item still available?” and “What condition is this item in?” make negotiation simpler.

Sell Your Stuff – Rather than having to set up a new profile, you can easily snap a photo of your item, add a description, set an asking price, and publish your listing.

Search Your Surroundings – Along with browsing specific categories like Household or Electronics, you can also search for something specific and filter what you see by location, category, and price or through a map. If you find something you want, you’ll see the seller’s approximate location, not their exact address unless they tell you. Marketplace will show you the most relevant items for you, even if you don’t know what you want.

No one else has been able to wrestle peer-to-peer selling away from Craigslist, but Facebook might have the best chance based on how Marketplace works.

3 Good Reasons You Might Want To Use Marketplace

: On Craigslist you don’t know anything about the buyer or seller you’re meeting beyond what they say in their listing and your direct communication. But Facebook profiles tell you tons. It’s tough for scammers with fake accounts to build up big numbers of friends, so if someone has plenty along with a filled-out profile, you can be pretty sure of who they are. That info or lack thereof could clue you in to whether you want to meet them in-person, which can be risky. Plus there’s more accountability and people behave better if they think you could give their name to the police, track them down at work, or shame them on social media.

A sorely lacking feature in Marketplace is a way for buyers and sellers to rate each other and note things like that the item was in worse condition than listed, the seller tried to jack up the price last-minute, or that the buyer showed up late or flaked out.

Convenience: People usually only go to Craigslist when they want something specific. Yet we already spend about 50 minutes per day on Facebook, Messenger, and Instagram. Marketplace will be one tap away inside Facebook, rather than getting buried under the “More” tab like many features.

By building the Marketplace into where we already spend our time, it’s like setting up a farmer’s market in the center of town. Users might skim through Marketplace simply because they’re bored. Thanks to the popularity of Messenger, buyers and sellers can easily chat without phone numbers.

It’s Free: Facebook also doesn’t charge a fee, so you can transact however you want and never pay extra.

500 MILLION Yahoo Accounts hacked!

yahoomaillogo-300x166It’s all over the press. Here is a quote from Reuters: “Yahoo Inc said on Thursday information associated with at least 500 million user accounts was stolen from its network in 2014 by what it believed was a “state-sponsored actor.”
The data stolen may have included names, email addresses, telephone numbers, dates of birth and hashed passwords (the vast majority with the relatively strong bcrypt algorithm) but may not have included unprotected passwords, payment card data or bank account information, the company said.
Right, that is how it usually goes. This whole disclosure smells like a professional crisis-handling exercise. Later, after more breach-investigation, they disclose that more credentials were stolen and that more data (credit cards) was exfiltrated than was known at the time of the discovery. It is disappointing that Yahoo doesn’t share more details about the hack, when it first discovered that it had been attacked.
It’s easy to blame Russia (likely) or China (unlikely) If I had to break the bad news that my company had been hacked, I would feel much happier saying that the attackers were “state-sponsored” rather than a bunch of 15-year-old kids working in their parents’ basement.
“The investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network,” the company said. “Yahoo said it was working with law enforcement on the matter. It was not clear how this disclosure might affect Yahoo’s plan to sell its email service and other core internet properties to Verizon Communications Inc.
Yahoo launched an investigation into a possible breach in early August after a Russian hacker named “Peace” offered to sell a data dump of over 200 million Yahoo accounts on the darknet for just $1,800 including usernames, easy-to-crack password hashes, dates of birth and backup email addresses.
Based on the chart below this is the largest data breach ever – so far!!!

This is going to be a phishing paradise with significant fallout
Phishing attacks likely will be the number one possible fallout, with Yahoo user accounts being used for social engineering attacks. However, since many people use the same username and passwords across multiple sites, the other thing that will rear its ugly head is called “credential-stuffing”, a brute-force attack where attackers inject stolen usernames and passwords into a website until they find a match using the stolen Yahoo username and passwords.

Yahoo put a security announcement on their website and has started to send users notices that they need to change their password.

The bad guys are going to have field day with this, so BE CAREFUL!
We can expect to be confronted with a raft of Yahoo-related scams in our inbox. As a matter of fact, as I was preparing this article I received a phishing email along with an infected attachment in RTF or Rich Text Format. See below:yahoo-phishing

Can you identify all the “markings” of a fake email from the screen capture above? Let’s hope so – it’s time for all of us to be EXTRA VIGILANT when opening emails.

FBI to Ransomware Victims: Please Come Forward

Have you been the target or victim of ransomware-wielding attackers? If so, your government needs you to come forward.

So says the FBI in a new public service announcement aimed at both individuals and businesses. The FBI says the effort is designed to get “victims to report ransomware incidents to federal law enforcement to help us gain a more comprehensive view of the current threat and its impact on U.S. victims.”

The bureau says that while anecdotal reports of crypto-locking attacks abound, it needs more precise information about attackers – ranging from the ransomware variant to the attacker’s bitcoin address – to help it pursue, disrupt and potentially arrest suspects. “While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement,” the FBI’s alert says.

Why Report?
The bureau has previously asked victims of everything from tech support scams to CEO fraud to come forward in efforts that parallel outreach by European law enforcement and security experts.

Security experts say that even if law enforcement agencies cannot act on every criminal report they receive, having victims come forward serves several essential purposes:

•Intelligence: Reporting crime gives law enforcement agencies a more accurate picture of attackers’ techniques so that they can attempt to track and ultimately disrupt them.

•Funding: Crime reports also help law enforcement agencies gauge the scale of the problem so they can devote sufficient resources as well as secure needed funding from legislators or other policymakers.

•Arrests: Amassing intelligence on cybercrime gangs helps investigators better correlate gangs’ activities, thus potentially helping them unmask and pursue the individuals involved as their attacks generate more clues. The FBI has previously noted that “much of the infrastructure being used by cybercriminals is hosted overseas,” and that it often works with international law enforcement agencies.

FBI Seeks 9 Data Points

The FBI is asking anyone who’s been the victim of a ransomware infection to file a report with the local FBI field office or via the website of the Internet Crime Complaint Center, or IC3. That’s a joint partnership between the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance, which was set up to receive and investigate internet-related crime complaints.

Here’s the exact information being sought by the bureau:

•Date of infection;

•Ransomware variant, as identified on the ransom page or by the encrypted file extension;

•Victim company information – industry type, business size;

•How the infection occurred – link in email, browsing the internet, etc.;

•Requested ransom amount

•Attacker’s bitcoin wallet address – often listed on the ransom page;

•Ransom amount paid, if any;

•Overall losses associated with a ransomware infection, including the ransom amount;

•Victim impact statement.
Please Don’t Pay
In its public service request, the FBI again urges anyone who’s suffered a ransomware infection to never pay ransoms because it helps criminals refine their attacks and snare even more victims.
“Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom,” the FBI says. “Paying a ransom emboldens the hacker to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain.”

The FBI also notes that business realities may, of course, influence some organizations to pay the ransom. “While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees and customers.”

Legal experts say there appears to be no way for U.S. law enforcement agencies to prosecute anyone who pays a ransom, even if the money ends up in the hands of an individual or organization on the U.S. Treasury Department’s sanctions list, provided victims employ an intermediary. I’ve been told that some organizations are setting up such plans as well as stockpiling bitcoins in the event that they do fall victim to a related attack.

Anti-Ransomware Portal Offers Help
Some victims, however, can get the equivalent of a “get out of jail for free” card, thanks to ongoing efforts by security researchers to crack attackers’ weak crypto or otherwise exploit code-level flaws in attack code.

One related effort, the public/private No More Ransomware portal, says that since launching in July, it’s enabled 822 CoinVault and 941 Shade ransomware victims to decrypt their data for free.

While that’s good news, as the FBI noted earlier this year in an intelligence memo, don’t count on decryptors always being available, because they rely on attackers making coding errors. “Since the most sophisticated ransomware variants are practically impossible to defeat without obtaining the actor’s own private decryption keys, the FBI has focused on performing significant outreach to educate the public on ransomware and the importance of keeping backups and maintaining a level of operational security when using a computer,” the FBI’s memo states.


New Type Of Tech Support Fraud!

Thanks to KnowBe4 – an online internet safety and security training company for this new scam alert. There’s an unusual phishing email making the rounds which revealed a new scam you could soon find in your inbox.

Many online service providers like Microsoft, Google, Facebook, Twitter, and PayPal have adopted a policy to warn users via email when there is a possible security-related event like “unusual sign-in activity”.

Copies of these emails have been used for credential phishing for a few years, but the NEW problem is that these security notifications are now being used by bad guys as an attack vector for a tech support scam.

These new “phishing email” points victims to a 1-800 number where either a scammer picks up, or the victim gets sent to voice mail hell for a while and their number is queued for a fraudulent follow-up call like the one below.

PS: KnowBe4 uses HubSpot to host their website and for marketing automation so that is where this download link points to. It is safe to click, entertaining and instructive:


So, I suggest you send the following alert/information to your employees, friends and family. You’re welcome to freely copy/paste the information below for sharing.

“There is a new scam you need to watch out for. In the last few years, online service providers like Google, Yahoo and Facebook have started to send emails to their users when there was a possible security risk, like a log-on to your account from an unknown computer.

Bad guys have copied these emails in the past, and tried to trick you into logging into a fake website they set up and steal your username and password. Now, however, they send these fake security emails with a 1-800 number that they claim you need to call immediately.

If you do, two things may happen:

1) You get to talk right away with a real internet criminal, usually with a foreign accent, that tries to scam you. They claim there is a problem with your computer, “fix” it, and ask for your credit card.

2) You get sent to voice mail and kept there until you hang up, but your phone number was put in a queue and the bad guys will call you back and try the same scam.

Remember, if you get any emails that either promise something too good to be true, OR look like you need to do something to prevent a negative consequence, Think Before You Click and or this case before you pick up the phone.

If you decide to call any vendor, go to their website and call the number listed there. Never use a phone number from any email you may have received. Here is a real example of such a call. Don’t fall for it!


Microsoft Offers Free Coffee for Web Browsing

The world’s most unpopular internet browser now comes with opt-in Super Stalking. Microsoft wants people to use its Edge browser so badly it will even pay people to use it.

EdgeWindows 10 and Edge users can earn credits that can be spent in the Microsoft online store on things like three months of advertisement-free Outlook and Amazon cards. But – Microsoft won’t let you just run Edge and cash in: they will monitor the user’s mouse and keyboard movements for “active use” of the browser. If you’re busy enough, Redmond will hand over credits, soon to be renamed points under a program detailed here.

It will take about 1,000 Bing searches and about 19 days to earn about $5 which you can put towards a Starbucks coffee. Microsoft will offer additional credits to users who click things like training videos, MSN videos on how to make s’mores, and other Microsoft promotional content.

The new effort involves the renaming of Bing Rewards to Microsoft Rewards, and expanding it to cover Edge. Under the change, users who sign up before the pending switch from Bing Rewards to Microsoft Rewards will be promoted to level two, a title that can only be maintained by searching enough every day to earn that Starbucks coffee. Level two users get access to “exclusive offers” and get 10 per cent off certain Microsoft offerings.

As Internet browsers go, Google’s Chrome is the uncontested champion of the web browsing wars, with some 51.04% of the market, according to NetMarketShare. The analyst site places Microsoft’s Internet Explorer in second place with 21.76% , Safari with 11.12%, Firefox with 6% and Edge lagging behind them all at a dismal 3.91%. ‘Other’ web browsers account for 6.18% of the total.

For additional information: Get rewarded faster by browsing with Microsoft Edge. Earn points for every hour of active browsing with Microsoft Edge – up to 30 hours a month.


Hacking is Now a Well Run Business!

Here’s some more scary info. Looks like one can start their own online ransomeware business now with ZERO investment and very little effort: Ransomeware-As-A-Service

Cerber Ransomware Earns Over $2 Million with a little as 0.3% of victims paying up! A new report from Check Point software’s researchers showed that Cerber’s Ransomware-as-a-Service (RaaS) affiliate program is a resounding success with more than 160 participants at current count, and that the combined direct sales plus affiliates was almost 200K in July, despite a victim payment rate of just 0.3%. That puts it on track to earn $2.3 million dollars this year, said Maya Horowitz, group manager of threat intelligence Check Point.

Aspiring criminal affiliates create their own campaigns using the Cerber platform and keep 60 percent of the profits. They also have access to user-friendly management tools, Cerber’s Bitcoin laundering architecture, and obviously the malicious code itself. Eight brand new Cerber ransomware campaigns are launched every day!

This means that there will be more and more such services, more and more attacks, even more than today. Just this week Symantec reported on a new RaaS that competes with Cerber. The new ransomware — dubbed Shark — is currently available for no charge in underground forums. Novice hackers that use the tool to extort money from victims pay only a 20% cut to the Shark developers.

Check Point researchers identified the IP addresses that infected machines used for data traffic with their C&C servers. They were also able to easily identify that the bad guys are probably based in or near Russia.

Currently, there are no infections in Russian-speaking countries and in the configuration of the ransomware, the authors, as default, chose not to operate on machines or PCs that have Russian as their default language. Obviously another indication of the hackers physical location.

This is a tried-and-true strategy of not getting picked up by the FSB, today’s equivalent of the KGB. As long as you don’t hack inside Russia’s borders, the Russian security forces leave you alone.

Follow The Money
What is interesting is that Check Point was able to extract the exact Bitcoin wallets assigned to every victim so that they could track the percentage of people who actually paid the ransom. The next step was to “follow the money” to one ultimate final central wallet through a network of other wallets that are part of Cerber’s Bitcoin architecture.

They followed these hundreds of thousands of different wallets. This is the first time that security researchers can say for sure what percentage of victims pay the ransom.

The people that actually pay ransoms was surprisingly low, compared to earlier estimates by other researchers, but it still pays off handsomely. A small team of four of five specialized cyber criminals can make between $300,000 to $400,000 each per year, which is at least 10 times more than they could earn in any legitimate enterprise where they live.

Bottom Line
So with the extraordinary amounts of money that can be made using these Ransomeware-As-A Service programs, we can all expect them to continue to grow and thrive in today’s internet security environment.

A simple method to “help” circumvent this particular attack vector would be to log into your hardware based firewall/router (you do have a hardware firewall right?) and block all incoming WAN traffic from Russian based IP addresses. You should probably block IP addresses that originate from China at the same time.


ActSmartDentalThe Most Dental IT Experience
on the South Shore!

David’s Blog Archives
Our Clients Say:
Everybody @ ActSmart is WONDERFUL! We are very relieved to have you on our team & know that we are in great hands. ~Leslie, Glivinski & Associates
Proud To Be:
Attention Dental Practices:

We Offer:
Follow Us: