“Observe
emails that appear to come from known associates with minor variations to their
names and email addresses. Also be aware of attachments with file extensions
that do not match the respective document types eg. Executable files (.exe,
.js, .bat, etc) masquerading as office documents (.docx, .xlsx, .odt, .pptx,
etc).”.
GNCIRT (Guyana National
Computer Incident Response Team) warning its population of Ransomware attacks
Jamaica
is under attack again by hackers. Only this time they've upped the stakes to
ransomeware.
Two
(2) companies have reportedly been hit by a ransomeware virus as reported in
the article “Kingston
Companies Hit by Computer Viruses”, Published Thursday December 24, 2015, The Jamaica Gleaner.
The
Jamaica Constabulary Force (JCF) to its members is apparently the one handling
the matter, base on a memo received by the Gleaner/Power 106 News Centre. The
vector for the ransomeware virus appears to be an attachment in an email with
following message in the body: “Hey here's the bill for that work we did for
your firm the other day”.
A
ransomeware virus basically will delete, encrypt or hide your data and then
force you to pay over money to have it restored. It’s very similar and may be related to a
spate of Ransomeware attacks being experience in Guyana and detected by GNCIRT (Guyana
National Computer Incident Response Team) since Saturday, December 19, 2015 as
reported in the article “Guyana
warns of ransomware attacks”, published Saturday, December 19, 2015, The Jamaica Observer.
Usually,
such ransomeware attacks often request payment via Bitcoins as they are a
secure form of untraceable online currency as described in my blog article
entitled “Microsoft
accepts Bitcoins for Purchases - Napster of Cryptocurrency set to explode in
Jamaica in 2015 Year of the Sheep”.
But
what's not being revealed is who the two companies are or who's sent the
original email. Also, no word on the amount requested in the ransom and if it’s
in bitcoins or not!
Ransomeware virus
spreading through Jamaican Government Servers - How Backup of Data needs to be
done quickly
Based
on the tight level of security on this incident, the ransomeware virus appears
to be spreading.
It’s
spread is similar to the JIS (Jamaica Information Service) hack back on Monday
June 22nd, 2015 as reported in my blog article
entitled “Anatomy
of ISIS hack of the JIS Website - How the @JISNews Website was hacked and Why
Hactivists couldn't access sensitive GOJ Databases”.
These
two (2) companies, base on my Facebook sources in secret chatrooms online, are
Government contractors working on a project that involves the design of GovNET.
This
is the Intranet designed to interconnect several government ministries,
departments and agencies as explained in my blog article
entitled “National
Work Agency building islandwide Public Emergency Network - Early indications of
GOVNet WAN and ITA-run Automated Traffic Ticketing System”.
Based
on the descriptions thus far, this ransomware virus may also have a worm-like
capability, capable of spreading itself via email.
The
Ransomware Virus may be an attachment that the victim has to open, possibly a
*.pdf file or Executable files (.exe, .js, .bat, etc) that look like office
documents (.docx, .xlsx, .odt, .pptx, etc). It may even an image file that
contains an executable script or weblink that points to an infected website.
This website would then load the script remotely, infecting the computers that
access the email.
Either
way, the JCF (Jamaica Constabulary Force) aka the Jamaica Police seems to be
urging all Government Agencies to back up their Data. This as the ransomware is
causing some Government agencies to lose i.e. delete, encrypt or hide your data
from a far back as November 2014, the last time that many of these government
ministries, departments and agencies did a full backup.
Folks,
this can only get worse this Christmas of 2015 so back up your Data! Ransomware
viruses are hard to remove once they get a hold of your Data! I’ll publish more
later once information becomes available!
No comments:
Post a Comment
Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.