RansomWare Forensic Investigation

Business Email Compromise (BEC), is invoked by end-users opening an effected email, by clicking on a link in that email or opening an attachment that is compromised. Studies find that social engineering by cyber-criminals lure these end users with phishing emails 14% are opened by curiosity, 13% from fear, 13% from urgency, followed by reward/recognition, social, entertainment, and opportunity.

Ransomware attack vectors distribution methods are...

? Email through compromised email, spoofing, BEC

? Mobile devices, are the least protected devices especially when it comes to the 1000's of email client apps available

? Infected websites/links through social media and  malware-infected advertising (adware/malvertising)

Most ransomware target files are...

Commonly created and utilized by users, not operating system files. The targeted files vary from variant to variant of ransomware, and in some cases in different versions of the same ransomware variant, but they typically include, but are not limited to:

? Microsoft Office files (.doc, .docx, .xls, .xlsx, .ppt, .pptx, .rtf)

? Open Office files (.odt, .ods, .odp)

? Adobe PDF files

? Popular image files (.JPG, .PNG, raw camera files, etc.)

? Text files (.txt, .RTF, etc.)

? Database file (.sql, .dba, .mdb, .odb,. db3, .sqlite3, etc.)

? Compressed file (.zip, .rar, .7z, etc.)

? Mail files (.pst)

? Key files (.pem, .crt, etc.).

The widespread success of ransomware is largely due to the fact that ransomware does not require administrative privileges like other malware. Instead, it relies and preys specifically on the permissions a victim user has on their assigned computer and within an organization, to encrypt the files that the specific user has access to, either locally on their own computer and/or across the organization’s network on corporate file share servers

Defending against RansomWare.

Has spawned millions of new security related jobs, software companies and forensic companies to investigate these crimes. The FBI has a IC3, Internet Crime Complaint Center (https://www.ic3.gov/) a division that handles cyber-crime... but studies find many of these crimes go unreported. As the FBI case loads are climbing, private forensic companies are coming online to provide case history for litigation or to provide the FBI with information to shutdown the criminals network. The real irony is that most people and small business will not spend a dime on security, but when hit with a ransomware virus this can start at $300 for the ransom, another $200+ to buy security software to protect a business, security personnel, forensic investigators, legal staff and many more... this can literally run into several thousand dollars per user.

These continued attacks represent one fact that every business vertical and other email organization needs to understand, what security teams are doing now, isn’t working.

What’s missing? End User Awareness.

eMailGPS dramatically reduces these attacks by keeping email end user constantly informed on email safety, and intercepting characteristics all malware have in common to prevent execution and propagation.

eMailGPS is designed to see threat “attributes” like activity network in packets, coming from certain geolocations in emails, outbound command and control communications over trusted ports, and not having characteristics of the emails and traffic that we do trust.

By leveraging all of this threat and trust analysis, eMailGPS prevents the number one breach point on any network… end user email. eMailGPS GeoThreat, for example, reveals unknown threats that exist today on your network and stops new ones for getting around. The entire eMailGPS GeoAware Platform provides automated best-practice email security workflow that any end user can follow, and provides unique integration to firewalls and monitoring platforms. Endpoint awareness is continuously updated from the eMailGPS threat and trust cloud, but these malware examples would not have even needed an updated to be proactively revealed in the email that delivered them, or stopped in their tracks if already on the network dormant somewhere.

Is Email Funding Global Terror?

People tell us all the time that they received what appeared to be a legitimate email, and eMailGPS nailed it as the sinister fake it was before the criminal on the other end completed their mission.

Then, almost 99% of the time they ask "how does eMailGPS do that?" As the featured author in this month's edition of "The Counter Terrorist Magazine", spells out the geo-political, geo-banking, and geo-location aspects of email crimes and the impact these crimes have on global terror organizations.

It sure is interesting the connection BitCoin has with Ransomware Attacks... Could they be related? It certainly begs the question that Cybercrime is driving BitCoin demand.

Bitcoin (also known as BTC), is a digital currency (also called crypto-currency) that is not backed by any country's central bank or government. Bitcoins can be traded for goods or services with vendors who accept Bitcoins as payment.

Bitcoin-to-Bitcoin transactions are made by digitally exchanging anonymous, heavily encrypted hash codes across a peer-to-peer (P2P) network. The P2P network monitors and verifies the transfer of Bitcoins between users. Each user's Bitcoins are stored in a program called a digital wallet, which also holds each address the user sends and receives Bitcoins from, as well as a private key known only to the user.

Bitcoins can fluctuate quickly.

In the United States, Bitcoins are controversial because they can be used to anonymously transfer illicit funds or hide unreported income from the Internal Revenue Service (IRS). Bitcoin policy now requires transactions that involve traditional, government-backed currencies to be attached to an identity.

Take the eMailGPS Security Challenge for 10-days FREE https://www.emailgps-global.com/partnerevals, then select "eMailGPS Sales" or attend a weekly Security Webinar https://www.emailgpsinc.com/free-webinar/.