Tag Archives: Ransomware

Kaseya VSA security incident

Kaseya has reported that their VSA product has been the victim of a cyberattack.   Some VSA customers have reported ransomware related to this issue.  The Cybersecurity and Infrastructure Security Agency (CISA) also released instructions regarding this incident for customers of Kaseya VSA.

Update: Kayesa has a universal decryptor key and security patches available for this ransomware attack.

Shrug ransomware attack

ZDNet is reporting that Shrug ransomware is spreading through fake gaming and other software apps starting in July 2018.  The installer program runs as C:\Users\USERNAME\AppData\Local\Temp\shrug.exe and creates “Shrug” entries in the Windows registry.

Instructions on how to disable and remove this ransomware can be found at https://www.zdnet.com/article/shrug-ransomware-victim-heres-how-to-retrieve-your-locked-files-for-free/.

Windows 10 Fall Creators Update – new and deprecated features

Some of the new features that are installed with the Windows 10 Fall Creators Update (version 1709 or build 16299) include:

  • Mixed Reality Viewer app
  • Ability to highlight or add notes to e-books in Microsoft Edge browser
  • Ability to dictate an email or message instead of typing it by pressing Windows key + H key
  • Add emojis by pressing Windows key + period key (.)
  • Windows Controlled Folder access can protect folders from viruses and ransomware.  Select Windows Key -> Settings -> Update and Security -> Windows Defender- > Open Windows Defender Security Center -> Virus & threat protection -> Virus & threat protection settings -> Controlled folder access (set to On) -> Protected folders.
  • Android phone support (Windows key -> Settings -> Phone

A list of added features can be found at https://support.microsoft.com/en-us/help/4043948/windows-10-whats-new-in-fall-creators-update-1709.

Some features that were removed or deprecated include:

Deprecated Windows 10 Fall Creators Update features are found at https://support.microsoft.com/en-us/help/4034825/features-that-are-removed-or-deprecated-in-windows-10-fall-creators-up

Bad Rabbit ransomware attack

A new ransomware named Bad Rabbit is spreading mostly in Europe and Russia and is spreading to other countries, according to ZDNet.com. It infects websites and prompts users to install a fake Flash update.  The ransomware will attempt to spread across networks once it is installed on one computer.

Windows Defender can remove this threat with update and higher, so make certain that Windows Updates are current.

US-CERT (U.S. Computer Emergency Readiness Team) has logged the issue.

Petya Ransomware Attack

A new ransomware attack, tentatively named Petya, is occurring worldwide on Microsoft Windows computers.  It is also known under the aliases NotPetya, GoldenEye, Petrwrap, and Mischa.

This new ransomware can be stopped before damage occurs if a file exists on the computer and its file properties are read-only: C:\Windows\perfc (no file extension).  Instructions on how to create this file can be found at https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/.

TomsGuide.com reports that Windows computers with version 7 or higher should be protected from this attack if the March and April 2017 Windows Updates have been installed.  If this is not done, it is recommended that Windows Updates be installed as soon as possible.

US-CERT (U.S. Computer Emergency Readiness Team), part of the Department of Homeland Security, has listed this ransomware under Alert (TA17-181A).

WannaCry Ransomware prompts Microsoft to release Windows XP and Server 2003 update

The “WannaCry” or “WannaCrypt” ransomware that has spread around the world in the past few days has prompted Microsoft to release a security update for long-unsupported Windows XP, Windows Server 2003, and Windows 8.

The following supported operating systems should not be vulnerable to this ransomware if Windows Updates were completed, since those updates included the Security Bulletin MS17-010 (4013389) in March 2017:

  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8.1
  • Windows Server 2012
  • Windows 10
  • Windows Server 2012 R2
  • Windows Server 2016

Microsoft released a list of recommendations at https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/.

US-CERT Security Operations Center, part of the U.S. Department of Homeland Security, has also issued an alert on WannaCry ransomware at https://www.us-cert.gov/ncas/alerts/TA17-132A.