Free Ransomware Decryption and Malware Removal ToolKit

A security researcher has compiled a ransomware removal and rescue kit to help victims deal with ransomware threats and unlock encrypted files without paying off a single penny to the cyber crooks.

Ransomware is a growing threat to the evolution of cyber criminals techniques in an attempt to part you from your money. Typically, the malicious software either lock victim’s computer system or encrypt the documents and files on it or in some cases both, to extort money from victims.

Most often ransomware victims end up paying off crooks either due to the threat of losing their important files or in panic as the threat pretends to be from some government agency.

Though IT professionals and security companies have been dealing and fighting back with the ransomware threats, security professional Jada Cyrus has compiled a "Ransomware Rescue Kit"  or "Ransomware Removal Kit" and made it available for free online.

Ransomware removal kit - Download for Free

The Ransomware Malware Removal kit supports decryption tools for different strains of ransomware variants along with instructions on how to perform the necessary tasks.

"You should never pay the ransom," Cyrus says. "This will only reinforce this type of attack. According to most security intelligence reports, criminal enterprises are already making large profits from ransomware."

The ransomware response kit comes with the removal tools to combat the following variants of malware strains:

• CryptoLocker: CryptoLocker removal tools and Threat Mitigation
• CryptoLockerDecrypt: FireEye Tool to decrypt files encrypted by the CryptoLocker ransomware
• TrendMicro_Ransomware_RemovalTool: General ransomware removal tool from TrendMicro
• FBIRansomWare: FBIRansomWare Removal Tools
• CoinVault: CoinVault ransomware removal tools
• TeslaCrypt: Tool for removing this variant of CryptoLocker ransomware

Cyrus encourages system administrators and IT professionals not to pay the ransom to the cyber criminals. Instead, they should first remove the infected machine from the corporate network to prevent the spreading of malware.

Once this is done, the users should then attempt to identify the type of ransomware their machine is infected with. They should take images of the encrypted box before removal for later analysis.

Once the type of ransomware is identifiable, you have the above option to try and decrypt files and remove the ransomware threat from the infected system with the help of the kit's removal tools.

Ransomware threat has emerged in past few years and many victims, including local police departments, do pay ransom to the crooks to get their important and personal files back.

To keep yourself safe from this emerging threat, we have a good article on How to protect your computer from ransomware malware?

Flawed Android Factory Reset Failed to Clear Private Data from Smartphones

If you’re planning to sell your old Android smartphone then you need to think again because there is a weakness in the Android Factory Reset option that could be exploited to recover your login credentials, text messages, emails and pictures even if you have wiped its memory clean.

Computer researchers at the University of Cambridge conducted a study on Android devices from 5 different vendors and found that more than 500 Million Android devices don't completely erase data after the factory reset.

"Factory Reset" function, built into Google's Android mobile operating system, is considered to be the most important feature to wipe all the confidential data out from the smartphone devices before going to sold, or recycled.

However, the computer researchers found that the data could be recovered from the Android device even if users turned on full-disk encryption.

The second-hand market is huge and based on the study; the researchers estimated that over 500 Million smartphones may not properly erase disk partitions where credentials and another sensitive data is stored.

Moreover, about 630 Million devices may not completely wipe the internal SD cards where multimedia files such as pictures and video are kept.

The study highlighted five critical Reset failures:

1. The lack of Android support for the proper deletion of the disk partition in devices running versions 2.3.x of the mobile operating system.
2. The incomplete upgrades pushed to flawed devices by smartphone vendors.
3. The lack of driver support for proper deletion shipped by vendors in newer devices such as versions 4.1, 4.2 and 4.3.
4. The lack of Android support for the proper deletion of the internal and external SD card in all versions of mobile operating systems.
5. The fragility of full-disk encryption to mitigate those problems up to Android version 4.4 KitKat.

The new findings are published in a research paper (PDF) titled "Security Analysis of Android Factory Resets," which is enough to give a wake-up call to large enterprises as well as individual users.

The researchers study the implementation of Factory Reset on 21 different Android smartphones that ran versions 2.3.x to 4.3 of the mobile operating system and were sold by five different vendors, including Google, HTC, LG, Motorola and Samsung.

After running factory reset in every smartphone, the researchers were able to retain at least some crumbs of old data, including text messages, Google account credentials, conversations on third-party apps such as Facebook and WhatsApp, text messages from SMS and emails, as well as images and videos from the camera.

Moreover, the researchers were also able to extract the master token from 80 percent of the smartphones. Master token lets you access your most of the Google data, including Gmail and Google calendar.

During their experiment, the researchers Factory Reset their phone and recovered the master token. They then created the relevant files and rebooted the phone.

"After the reboot, the phone successfully re-synchronised contacts, emails, and so on," researchers reported. "We recovered Google tokens in all devices with flawed Factory Reset, and the master token 80% of the time. Tokens for other apps such as Facebook can be recovered similarly. We stress that we have never attempted to use those tokens to access anyone's account."

Among all the phones, Google Nexus 4 performed the best, however, the phone too had some issues. The smartphone makers are held responsible for the issue due to bad design and terribly slow upgrades of their handsets.

However, the final body to be blamed is still Google, which makes the Android mobile OS software that runs on all the tested handsets.

So, it is hard to say that your data is fully gone once you run a factory reset. Also, manually deleting every message, photo and app doesn’t destroy those files from your phone because phones use flash memory that is notoriously difficult to erase.

So, what to do when I have to sell my old phone. Am I left with just one option? Do not hand off my old phone. Instead just Smash it!

Google has yet to respond to this issue though the company suggests its users to try a combination of things:

• Remotely wiping the smartphone by hitting "factory reset" as if the phone were stolen
• Updating the phone to a new version of Android OS that allows for encryption with a passcode

However, even this solution is not 100 percent reliable, according to the researchers.

Fortunately, Google offers an option to protect your Google-related services such as Gmail, Maps and Drive documents. Thus, you can open your Gmail account, head to the Google dashboard and revoke the device's access to your Google account.

Google Brillo OS — New Android-based OS for Internet of Things

Internet of Things is the future, and every big tech companies are trying to become an integral part of this upcoming trend. Keeping this in mind, Google is developing an operating system for connecting all devices via the Internet.

Google is expected to launch a new Android-based operating system that would be lightweight enough to run on low-power devices connected to the "Internet of Things" (IoT), reported The Information.

Google's Brillo OS for Internet Of Things

The OS is dubbed "Brillo," and the news outlet claims the company is likely to release the new operating system under the Android brand next weekend at Google I/O, the company's annual conference for software developers.

The connected OS, which may require as little as 32 or 64 MB of RAM to run, could be used on everything from major smart home appliances such as refrigerators, TVs to smaller tech such as garden monitors, light bulbs, door locks and sensors.

According to The Information, the search engine giant wants to design their own IoT communications schemes instead relying on the hardware vendors for IoT operating systems. Google will also offer Brillo for free to OEMs.

Among IoT operating system and other things, Google is also expected to unveil some new features at Google I/O in San Francisco at the end of this month. The major things among them include:

• A New Photo-Sharing Service.
• Next Google Android OS, dubbed 'Android M.'
• A New voice commands to access Android devices.

Internet-Connected devices on Rise

An analysed carried out by Gartner suggests that the number of Internet-connected devices will rise to 26 Billion in number by the year 2020 from 900 Million in 2009, making most of the "dumb" objects into smart devices that could communicate with each other.

Huawei launched LiteOS

Not alone Google, many tech companies have been making big bets on the Internet of Things. Just two days ago, Chinese telecommunication giant Huawei launched LiteOS, an operating system with just 10 KB in size designed for running connected appliances and machines.

Microsoft Releasing Windows 10 IoT

Moreover, reports suggest that Microsoft is releasing a version of Windows 10 called Windows 10 IoT Core that is meant to run on ultrasound machines, ATMs, and wearables.

Also earlier this month, Samsung announced the Artik line of hardware that is designed for IoT devices with open software and Samsung hardware.

astoria — Advanced Tor Client Designed to Avoid NSA Attacks

In response to the threat of intelligence agencies like NSA and GCHQ, Security researchers from American and Israeli academics have developed a new advanced Tor client called Astoria specially designed to make eavesdropping harder.

Tor (The Onion Router) is the most popular anonymity network that is intended to allow a user to browse the Internet anonymously via a volunteer network of more than 6000 relays/nodes.

The encrypted traffic of a user is being routed through multiple relays in the network. The user-relay connection is known as a circuit.

LIKE US ON FACEBOOK:

Tor does not share your identifying information like your IP address and physical location with websites or service providers on the receiving end because they don't know who is visiting.

Timing Attacks yet a major issue:

However, Tor isn't as safe from the prying eyes of network level attackers as we once thought. Big spying agencies like the United States intelligence agency NSA and the British Government Communications Headquarters GCHQ has have developed a way to de-anonymize user data using "timing attacks."

In timing attacks, all an attacker need to do is take control of both the exit and the entry relays, then with the help of statistical analysis they can discover the identity of a Tor user in a matter of minutes.

Research shows that about 58 percent of Tor circuits are vulnerable to network-level attacks. However, to deal with the threats, the researchers have built new Tor client, Astoria.

New Tor Client — Astoria

Tor Astoria allows users to reduce the chance of using a malicious TOR circuit from 58 percent to 5.8 percent. The tool has been designed to beat even the most recently proposed asymmetric correlation attacks on Tor.

According to the researchers, timing attack will always be a threat to the Tor environment, and it would be impossible to completely eliminate this threat, but it could be minimized by using Astoria Tor client.

Tor Astoria uses an algorithm which is designed to more accurately predict attacks and then accordingly chooses the best and secure route to make a connection that mitigate timing attack opportunities.

"In addition to providing high-levels of security against [timing] attacks, Astoria also has performance that is within a reasonable distance from the current available Tor client," the researchers wrote.
"Unlike other AS-aware [autonomous system aware] Tor clients, Astoria also considers how circuits should be built in the worst case," when no safe relays are available. "Further, Astoria is a good network citizen and works to ensure that all the circuits created by it are load-balanced across the volunteer-driven Tor network."

In an attempt to make Tor even more usable for an average user, Astoria provides multiple security features and the Tor client is both most effective and most usable at its highest level of safety, Daily Dot reports.

Therefore, "Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority," the researchers say.

You can read the full research paper titled "Measuring and mitigating AS-level adversaries against Tor" from here [PDF].

So far, we have not come across a download link for the Astoria Tor client. We will post a URL as soon as it is available to us.

hacker stolen 4million data base from adult friend finder

Email addresses, sexual orientations, and other sensitive details from about 3.9 Million Adult Friend Finder online hookupservice are currently available for sale for 70 Bitcoins (around $16,800/€15,300) on an underground website.

Yes, the sex life of almost 4 million subscribers of the casual sex hookup site is now available for anyone to download from the Internet.

Adult Friend Finder website, with a tagline "Hookup, Find Sex or Meet Someone Hot Now," has been breached before April 13 in which nearly 4 Million users have had their personal details compromised.

LIKE US ON FACEBOOK:

The details include subscribers' user names, email addresses, dates of birth, gender, sexual orientation, postal codes, and IP addresses, which is a treasure trove for online spammers and phishers.

Database of nearly 4 Million users available online for 70 Bitcoins:

The database has been available on an online forum hidden in Tor anonymity network, which is accessible only through Tor browser.

The hacker nicknamed ROR[RG], who claimed to have leaked the database of millions of Adult Friend Finder users, is offering the full content, unredacted, for 70 Bitcoins.

"I have had so many people ask me to buy the [database] today," ROR[RG] wrote on Saturday in an underground forum.

ROR[RG], who claims to be from Thailand, is also offering his hacking skills for rent. So, anyone interested to break into any company or website can buy his service for 750 Bitcoins, worth around $180,000/ €165,000.

It seems like links to the Adult Friend Finder database have been shared widely on social networks (see above image), so it's not difficult for anyone to get their hands on them.

The depressing part is that how easy is it now for cyber criminals to blackmail Adult Friend Finder users who have their personal information listed in the database.

Response from Adult Friend Finder:

In response to the recent breach, Adult Friend Finder posted a warning on their home page on Friday.

In the update, the sex hookup website's owner FriendFinder Networks, wrote that the company has taken steps to protect its users by disabling the username search and masking usernames of the individuals believed to be affected.

Subscribers can still open their accounts by login with their credentials. Also, the company says, "there is no evidence that any financial information or passwords were compromised."

The details of affected subscribers have been added to 'Have I Been Pwned', a free online service that collects e-mail addresses from data breaches. Thus, anyone can use this service to find out whether he or she is compromised or not.

TrueCrypt Security Audit Concludes No NSA Backdoor

The Security audit of TrueCrypt disk-encryption software has been completed, with no evidence of any critical design vulnerabilities or deliberate backdoors in its code.

TrueCrypt -- one of the world's most-used open source file encryption software used by Millions of privacy and security enthusiasts -- is being audited from past two years by a team of security researchers to assess if it could be easily exploited and cracked. Hopefully, it has cleared the second phase of the audit.

TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition.

NO NSA BACKDOORS

Security Auditors and Cryptography Experts at NCC took an initiative to perform a public information security audit of TrueCrypt in response to the concerns that National Security Agency (NSA) may have tampered with it, according to a leaked classified document by Edward Snowden.

"TrueCrypt appears to be a relatively well-designed piece of crypto software," cryptographic expert Matthew Green wrote in a blog post on Thursday. "The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances."

TrueCrypt cleared the first phase of the audit that reviewed the blueprints of the software and given a relatively clean bill of health almost a year ago. At the first phase, auditors discovered 11 issues of medium and low severity in the software.

Now, the auditors from NCC Group’s Cryptography and security audit Services have finalized and published the 21-page Open Cryptographic report related to the second phase of audit that examined TrueCrypt's implementation of random number generators and critical key algorithms, and various encryption cipher suites.

FOUR VULNERABILITIES DISCOVERED

The report uncovered four vulnerabilities in the latest original version of the software, but none of them could lead to a bypass of confidentiality or let hackers use deformed inputs to subvert TrueCrypt. The vulnerabilities are given below:

• Keyfile mixing is not cryptographically sound -- Low severity
• Unauthenticated ciphertext in volume headers -- Undetermined
• CryptAcquireContext may silently fail in unusual scenarios -- High severity
• AES implementation susceptible to cache timing attacks -- High severity

The most critical of the four vulnerabilities involved the use of Windows API to generate random numbers used by master cryptographic key.

A separate vulnerability with undetermined severity checks for the volume header decryption was susceptible to tampering. Also, a low severity flaw for a method used to mix the entropy of keyfiles was not cryptographically sound.

Another high severity flaw identified refers to "several included AES implementations that may be vulnerable to cache-timing attacks."

4th Member of 'Xbox Underground' Group Pleads Guilty to $100 Million Theft

The Fourth and final member of an international hacking group called "Xbox Underground" (XU) has pled guilty to steal more than $100 Million in intellectual property and data from Microsoft, Epic Games, and Valve Corporation.

In addition, the group also stole an Apache helicopter simulator developed by Zombie Studios (''Zombie") for the U.S. Army and gained access to the U.S. Army's computer network.

Austin Alcala, a 19-year-old of McCordsville, Indiana, along with two other Americans and a Canadian, has found guilty to charges of computer hacking conspiracies and criminal copyright infringement involving theft of information related to then-unreleased Xbox One gaming console and Xbox Live games.

All the other members of the hacking group have been pleaded guilty before. Two members, Sanadodeh Nesheiwat, 28, and David Pokora, 22, pleaded guilty last September, while a third member, Nathan Leroux, 20, pleaded guilty to the same conspiracy charge in January.

Now, the Federal Bureau of Investigation (FBI) has announced that all four members of the hacking group have pleaded guilty to their crimes.

The XU hacking group worked between January 2011 and March 2014. The various hacking techniques used by the group include SQL injection attacks to gain unauthorized access to targeted computers and keyloggers to steal confidential data, like credentials and credit cards.

According to the U.S. Department of Justice, the group was also able to steal pre-release versions of the popular video games including the "FIFA" online soccer series, "Call of Duty: Modern Warfare 3" and "Gears of War 3."

"The conspirators accessed and stole [unreleased games], software source code, copyrighted and pre-release works, trade secrets and other confidential and proprietary information," the U.S. Department of Justice wrote.
"Members of the conspiracy also stole financial and other sensitive information relating to the companies—but not their customers—and [various] employees of such companies."

In the court Wednesday, the youngest of all group members, Alcala admitted that he was personally involved in hacking into and stealing log-in credentials and intellectual property from companies such as Microsoft and Zombie Studios.

The value of the confidential data stolen by the XU Group and the cost to the victims’ companies to recover it after the intrusions is estimated to range between $100 Million and $200 Million.

However, prosecutors were able to recover some $620,000 in cash and other proceeds that hackers had earned related to their thefts.