Wednesday, March 29, 2017

C-t: Malware: bite-size learning No.4


If you have followed the Cyber-teaching (C-t) bite-size learning module hopefully you will have noticed several references on things that you can do to help yourself as single-person and small businesses  and other SME categories. Further proof that these types of business need to think on their feet and act quickly is making sure you have backed up your data (files, etc.). The obviousness of this will be  apparent quite shortly.

Initially, we need to look at attackers and tools of threat. Those who digitally attack your business look for the weakness in your security. They are looking at this:



The methods adopted for the attacker tools of threat can be in plain sight (email attachment, etc.,) or by stealth (unseen downloads when visiting webpages) are malware that can be inconvenient/ annoying/ threats to person's reputation; to ransomware (demanding monies with menaces to PC/laptop).

If your PC/laptop becomes infected then you will find there are some very helpful and talented companies out there that can provide free solutions to dealing with malware. The company I selected is Emsisoft ( https://decrypter.emsisoft.com/ ). When you visit their webpage have a look at all the malware decryption tools the company has created for malware file victims (MFV). In particular, note the number of downloads for malware tools, which give a clear indication which malware is more prevalent in the marketplace.

    Decrypter for LeChiffre
    Decrypter for KeyBTC
    Decrypter for Globe2
    Decrypter for NMoreira or XRatTeam or XPan
    Decrypter for OpenToYou or OpenToDecrypt
    GlobeImposter Decrypter
    Decrypter for MRCR
    Decrypter for Globe3
    Decrypter for Marlboro
    Decrypter for OpenToYou
    Decrypter for GlobeImposter.
    Decrypter for Stampado
    Decrypter for Fabiansomware
    Decrypter for Philadelphia
    Decrypter for FenixLocker
    Decrypter for Al-Namrood
    Decrypter for Globe ransomware
    Decrypter for OzozaLocker
    Decrypter for Nemucod
    Decrypter for DMALocker2
    Decrypter for HydraCrypt
    Decrypter for DMALocker
    Decrypter for CrypBoss
    Decrypter for Gomasom
    Decrypter for Harasom
    Decryptor for Xorist
    Decryptor for 777
    Decryptor for BadBlock
    Decryptor for Apocalypse
    Decrypter for ApocalypseVM
    Decrypter for Radamant
    Decrypter for CryptInfinite
    Decrypter for PClock
    Decrypter for CryptoDefense

Those who are familiar with using the PCs/laptop and the desktop facilities may not be so familiar with the technical operation and tend to be put off from investigating, instead hoping that the antivirus / malware detection cleaner will resolve the problem. In part they do, but they do not decrypt malware file victims (MFV). This is why I chose Emsisoft decryption tools because the function of decrypting is very easy to follow, such that as a user:

1) As you are familiar creating a folder on a desktop: you can create a folder on a USB stick;
2) You know how to download a program;
3) You know how to copy and paste;
4) You know how to move a file from location to another.

You may recall previously it was mentioned about "back-up your data"? And here is one reason for that. For the Emsisoft decryption tool to work it needs a) an original file b) the malware file victim (MFV) in order to conduct its decryption process.


Quite simply:

5) Create a folder on a USB stick (e.g. Malware Test);
6) Download a copy of the relevant decryption tool (determined by the file-extension of the infected file (MFV) and cross-referenced to the tool at Emsisoft website;
7) Copy and paste the original file into the folder;
8) Move the infected file (MFV) into the folder;
9) Highlight both the files (original and MFV);
10) Drag and drop both files on the decryption tool icon and the program runs itself.

Always read and follow the decryption tools instructions.

Remember to run your antivirus/malware detection cleaner programs on your PC/laptop and don't forget to do the same for the USB stick.

Lastly, there are no guarantees that decryption or release tools will work or it might be tools may not have been created for malware, so keep hunting and be patient.

Where fake programs are present holding a user to ransom that require input of release keys the professionals have noted a number of frequently common keys to unlock that have been used:

Master Boot Record Blocking Keys Unlock Codes:

- Pwn8
- 721A
- g81A
- wb8A
- oc8A
- Gd8A
- Wf8A
- lc5L
- Og8A
- 7j8A
- 7r9A
- gx9A
- xmnL
- XqnL
- prnL
- hsnL
- 8unL
- PvnL
- HwnL
- 0znL
- XapL
- pbpL



Frequent common keys unlock codes:

0W000-000B0-00T00-E0020
0W000-000B0-00T00-E0021
AA39754E-715219CE
Y78REW-T54FD1-U2VCF4A
Y86REW-T75FD5-U9VBF4A
Y68REW-T76FD1-U3VCF5A
Y76REW-T65FD5-U7VBF5A
xOxZxLxWxIxTxFxQxCxNxYxKxVxHxSxE
3425-814615-3990
1089-903874-1875
08467206738602987934024759008355
08869246386344953972969146034087
8F42D6E3-FD18
9992665263
9443-077673-5028
9YW1-KI7D-V7GG2
56723489134092874867245789235982
U2FD-S2LA-H4KA-UEPB
15801587234612645205224631045976
LIC-99D0-1239-KJAS-354S-SQD4-CJKF-KF67-GJ78-FGHK-ZDU6
LIC2-00A6-234C-B6A9-38F8-F6E2-0838-F084-E235-6051-18B3
64C665BE-4DE7-423B-A6B6-BC0172B25DF2
D13F-3B7D-B3C5-BD84
1203978628012489708290478989147
8945315-6548431
DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B
8475082234984902023718742058948
MTk4-NzE1-NTYx-NTUw
2233-298080-3424
SL55J-T54YHJ61-YHG88
64C665BE-4DE7-423B-A6B6-BC0172B25DF2
?O?Z?L?W?I?T?F?Q?C?N?Y?K?V?H?S?E

As a reminder using these keys wont clean your PC/laptop, you will still need to run antivirus/malware detection cleaner programs.

These C-t: bite-size learning modules are free of charge. They are based upon research and surveillance in the marketplace to help others. There is no connection with the companies or their products.

Cyber-teaching: bite-size learning No.3

 
 
In posting these Cyber-teaching: bite-size learning modules for single-person and small businesses and other SME categories the intention is to make explicit that which is implicit from running these types of business and that is limited finances. To bridge the financial gap of disadvantage which larger organisation do not appear to be exposed, the information highlighted in these modules aims to show how free-of-charge tools and literature or tools with a minimal costs or purchased literature can be achieved to help install cyber-preventions or cyber-security - and on a very modest budget. For a single PC/laptop this can be as little as nothing to £150.00 if a user is willing to be security-aware and conscientious in practising security.

When suggesting 'practising security' it is meant adopting practical procedures users can do. For instance, does your PC/laptop need to be "always on"? That is constantly connected to the internet? Could you not switch off 'WiFi' until you need it or put the wireless settings into 'Pilot Mode' or remove the telecom plug from the PC/laptop until you are ready to go on line again?

How do you conduct malware (virus/ransomware/etc.) testing? Only on email attachments? What about USB sticks connected to the PC/laptop? Have you ever thought of getting a second-hand PC/laptop with free malware/phishing software on it and only use that for internet connectivity which contains no business information or important data. If the user then practises using the second-hand PC/laptop only dealing with internet access, emails/attachments and USB connections then if free malware etc programs don't work and your machine is held hostage then what the heck. Just wipe the drive clean and start again: 10 Alternative PC Operating Systems You Can Install ( https://www.howtogeek.com/190217/10-alternative-pc-operating-systems-you-can-install/ ).


One useful publication costing just £0.99 (yes, 99-pence) is available from amazon and published by PeerLyst - Second Community eBook: Essentials of Cybersecurity ( https://www.peerlyst.com/posts/second-community-ebook-essentials-of-cybersecurity-limor-elbaz?trk=post_page_ebook_ad  ).

If you believe your skillsets are sufficient to understand networks, as well, then here is a publication which is FREE and can be downloaded by way of the internet called Cybersecurity for Dummies ( http://www.redcentricplc.com/media/2632/cybersecurity-for-dummies.pdf  )

Moreover, the British Government hosts a webpage called "Cyber security guidance for business" ( https://www.gov.uk/government/collections/cyber-security-guidance-for-business ) which is full of free and helpful advice and where to get help.


Cyber-teaching: bite-size learning No.2

We are told there are many millions of PCs/Laptops bleeding information, leaking details (about devices, their operations and data) on to the world wide web (WWW). That being so, it must generate voluminous traffic (in addition to the payload it brings to the receiving party). This suggests to me that, today, in my view, it might justify the WWW being also titled the "information-spillage superhighway".

We are also told we're not doing enough to control the flow (egress) of information from out devices. That could be because for some it is not easy changing mind-sets at the flick of a switch. Some basic information is needed to help us understand what to look out for on our PCs/Laptops.

I mentioned about bite-size learning (No.1) when cyber-teaching to assist cyber-discovery for those who are non technical, technology-savvy, or over-whelmed with technical presentation. The Graphical Network Monitor shown yesterday is a useful graphical user interface (GUI) to present static presentation of programs and connections that programs can make externally to the PC/Laptops, etc. and externally to the organisation (WWW).


There are many built-in software tools within operating systems but for the less knowledgeable they may not be aware. Sometimes when cyber-teaching it can be helpful to show how an external program (e.g. ESET SYSINSPECTOR) can extract the tool information from the PC/Laptop to illustrate, for instance, "active programs" at the system level that are communicating with the outside world whilst the user PC/Laptop is powered up and logged on.

So the user has already seen previously "the GUI" and now can see how harvested information via SYSINSPECTOR can be obtained about active programs on the PC/Laptop.  Looks too technical? May be not. Everything in life is a state of mind; the more complex you think something is, the more you convince yourself it is difficult. Changing that state of mind requires perhaps using imaginative ideas to present the so-called complex and difficult into an ordinary, everyday common practice which people are familiar. In this case, the photo image could be described and read as if it were a food cooking recipe.

The  SYSINSPECTOR program is your recipe book showing various recipes. At the top the filtering (which is a risk indicator) can be set the same way one  would set the temperature on the oven. Metaphorically speaking, the riskier the program, the higher the cooking temperature (food burns).

The highlighted program (in green) is a recipe you didn't realise was in the book. The recipe is not good for you because it has an ingredient in it that you have an allergic reaction (nut); it is a high risk to you and needs to be quarantined or removed. Importantly, you need to know whereabouts in the recipe the ingredient, which can cause allergic reaction, is located; this is found the program processes (top right-hand pane).  Finally, you need to know if the ingredient is active to make the recipe work? Can it be substituted with something safer? If not, should you switch it off and remove the program (showing the status in the bottom right-hand pane)?

I am not suggesting you should follow the above, just illustrating that cyber-teaching does require using varying techniques to get the message across.

So the next step forward? Can you help others know which are safe programs and which are not? Can you show others how to switch off an offending program and then remove it?

In closing, there are a number points about my observations in this discussion I would like to raise with you:

1)  In writing these bite-size discussions I am not telling you what to do or selling anything; nor am I selling any teaching (this is free here). I do not work for or on behalf of any of the organisations mentioned.
2) Single-person businesses and self-employed and SMEs do not have a fortune to spend and cannot bank-roll vast monitoring services.
3) The above workplaces need cost-effective methods.
4) The two programs identified in this bite-size discussion: the GUI costs approx. £Sterling (£4.00), but there are other free versions, and the other(SYSINSPECTOR) is free of charge. Again there are other tools out there that can do a similar job, too. Remember these are what we call starting-point tools to introduce a subject matter and assist comprehension.
5) There are a wide range of programs out there that monitor in 'static' and 'live' modes (and that is important, too) but this discussion is about awareness, first, and then  strengthening your knowledge thereafter.
6) The tools discussed can be installed and run from a USB stick.
7) Before changing anything on your PC/Laptop get hold of a second-hand PC/Laptop and play around until you feel comfortable with making changes to your own PC/Laptop.
8) Remember to always back-up your data etc. first.

Cyber-teaching: bite-size learning No.1

Cyber-teaching requires presenting practical demonstrations to help those who are not technical, technology-savvy, or over-whelmed by monitoring service promotions showing PC screens with multiple open panes with streaming data.

Bite-size learning can be helpful. For instance, using a Graphical Network Monitor demonstrate where a program is connecting to where in the world and the destination point? Is the operation of the program required to connect there and, if not, how to stop that process.

In the scheme of things, not massive cyber-discovery but one I have found clients/customers find useful to know.


Wednesday, March 01, 2017

Digital Finance Stakeholders

Digital forensic students looking to research digital finance may find this useful as a starting point.

Through the financial support of the Bill & Melinda Gates Foundation, MicroSave isconducting a four-year research project in the following eight focus countries as part ofthe Agent Network Accelerator (ANA) Project:
http://www.helix-institute.com/sites/default/files/Publications/161101%20ANA%20Kenya%20II%20Country%20Report%202014%20FINAL-REV.pdf

http://www.the-star.co.ke/news/2017/02/27/video-thugs-filmed-robbing-m-pesa-agent-in-nairobi-suburb_c1515062

Good luck!!

MI5, MI6 and GCHQ

Wow!!! What a brilliant digital image for recruitment; and if they're that thoughtful enough and good at presenting their case, why aren't you believing in yourself to enquire about national security careers in our country? Come on! Go beyond the fear of others knowing your value.


You think differently.
You create and innovate.
You safeguard our nation.
Technology, Software and Engineering roles
Salary depending on role and experience
A range of locations including London and Cheltenham
At MI5, MI6 and GCHQ, we safeguard the nation. In our worlds, innovation is boundless and technology is limitless. While we have our own unique specialisms, we work closely together to ensure the UK is always protected from a range of threats – both here, and overseas.
We're looking for creative problem-solvers who naturally think differently. Ours is a culture where creativity and innovation is as valued as expertise and insight. So whether you have years of experience, or are just starting out, we offer tailored training to help you safeguard our nation.
We have a range of opportunities across MI5, MI6 and GCHQ, in a range of locations, including:
  • Business Analyst (MI6)
  • Project Manager (MI6)
  • Software Specialist and Support Role (MI6)
  • Software Graduate and Support Role (MI6)
  • Global IT Infrastructure Engineer (MI6)
  • Covert Technical Operations Specialist (CTOS) (MI5)
  • Cyber Technical Analysts (MI5)
  • Various technical opportunities (GCHQ)
To work in a world where the seemingly impossible is made possible, please visit: www.careersinbritishintelligence.co.uk