WannaCrypt may have been a dud for most

While the WannaCrypt/WannaCry ransomware caused some havoc, primarily in Europe and mostly of them in eastern Europe, with the infection hitting in the 6 figures, it turned out to be a big dud.

First, many did not pay the ransom. I am guessing many of those in eastern Europe cannot afford $300+.

Second, while it heavily affected those with Windows 7 computers, I suspect many of those are unprotected or not patched as they could be pirated copies of Windows 7. Eastern Europe and Asia [also hit hard] are notorious for high piracy rates. Many with pirated copies do not want to possible compromise their system with an update that could botch their copies.

Third, even though somewhere around an estimated 10 percent of computers are still using Windows XP, an operating system that has had no support for about 3 years, those who programmed botched things up because when WannaCrypt got onto those computers they wouldn’t spread to other computers and many of them would crash.

Kaspersky claims almost 98% of machines infected were Windows 7 based. Servers were just over 1% and most of those were Server 2008 R2.  Windows 10 accounted for 0.03% [I guess some turned off Windows Updates]. Servers account for 1.4% with most of them on Windows Server 2008 R2 – the server version of Windows 7.

Smart TV can be hit with randomware

This is getting ridiculous.

A guy posted online on Christmas day that a relative’s smart TV appears to be infected with a version of the Cyber.Police ransomware, also known as FLocker, Frantic Locker, or Dogspectus.

The infected TV is one of the last generations of LG smart TVs that ran Google TV, a smart TV platform developed by Google together with Intel, Sony, and Logitech. Google TV launched in 2010, but Google discontinued the project in June 2014.

The guy tried to reset the TV to factory settings, but the reset procedure available online didn’t work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV and charge supposedly $340.

The relatives said they downloaded an app to watch a movie. Halfway through the movie, TV froze and booted to this screen below. Unknown where the app came from.

Symantec and Trend Micro [in separate reports] concluded that removing ransomware from smart TV’s won’t be easy for most to remove.

Google has started working on Android TV, an Android-based smart TV platform, similar to Google TV, meaning that Android malware remains a valid threat for a large chunk of the smart TV market.
Here’s a link created by the guy on how to reset a LG smart TV
[jump to about 4:50 to find out how to reset, if you are bored]. The guy yacks a bit too much. Could of done this in just a couple of minutes at the most.

There was a comment elsewhere that it could be a hoax, but the screen in the video looks legitimate.




CryptoLocker ransomware becoming relevant

There is a new strain of malware called CryptoLocker that is making its rounds. Unlike your typical malware which causes havoc with systems, this one is part of the ransomware family.

Ransomware is just like what it sounds – it takes your computer hostage and the malware makers want money from you.

While some ransomware has been easy to correct – just reboot your computer – this strain is nasty.

Typically the file which does the work comes in the form of an Email [although you could get hit by going to a web site you shouldn’t be on]. So that the email passes anti-virus scanners, it is typically stored inside a ZIP compressed archive file.

Reports have it that they are coming from fake shipment or invoice notices from courier companies like FedEx or UPS.

Note: Some clues here – if you aren’t expecting anything or received anything, why would you get an Email from them? As well, if you look at the Email [but not the contents], why so little information about you?

The ransomware writers are still using the old double extension issue that still exist today in Windows. By default if you don’t do anything when you view a file, you will only see the file name [example: “My_Invoice”] instead of the full name “My_Invoice.pdf”. So the malware writers are sending the file “My_Invoice.pdf” but in reality it is “My_Invoice.pdf.exe” [programs would also fall under the above]. So you think it’s an Adobe PDF file when in fact it is a program.

Note: Another clue. If you are using Windows Vista or later, you would get a warning that what you just opened is trying to modify your computer. Adobe PDFs don’t modify your computer.

Once the program starts up, you may not initially see anything difference until after hours, if your computer stays on all day and night. Then the program comes alive and encrypts every kind of data files. This includes Adobe PDF files, Microsoft Word files, Microsoft Excel files, Microsoft PowerPoint files, Microsoft Outlook PST files, JPG images, BMP images, etc. In fact, there are a few dozen file types it encrypts.

Once encrypted, it should also place a text file or two in each folder saying what it did as well as when you boot up the computer.

You may see the following image [or similar to it]. If you do, then your system is infected with the ransomware.

Rebooting the computer doesn’t help. In fact, if any files that were open when it was encrypting were in use [and couldn’t be encrypted], they will be encrypted after rebooting the computer.

You will notice that when it encrypts the file, the file name itself hasn’t changed. But if you try to open a file, Windows will respond that the file is corrupt or something similar.

There is no way to unencrypt the files [and there are just too many to do anyways].

The ransomware writers will ask for anywhere between $100 and $1000 to be paid. You also need to pay by the date and time mentioned or the “key” to decrypt will be destroyed forever. They generally give you 72 hours from the time the files were encrypted.

If you pay the ransom, it doesn’t mean they will actually give you the key to decrypt. It is a gamble.

An up to date anti-virus software will at least detect the malware. Anti-malware software can clean the software, but even if the software cleans the malware, it can’t decrypt the files. In fact, if you remove the malware, you probably can’t decrypt the ransomware.

The only sure things to do is to back-up regularly [if you have critical files], be careful when you get attachments from those [even friends] that are unexpected or seem a bit odd for the sender, and keep up to date on operating systems updates.

I personally know of one case where someone got hit with ransomware.

If you do get hit with this malware, other than paying, you may want to have the disk wiped and Windows and your applications installed from scratch. Even if you paid, you do not want to take chances that remnants are on your system.