Thursday, December 24, 2015

How Ransomeware virus spreading in Jamaican Government Servers as JCF ugres Data Backups

“Observe emails that appear to come from known associates with minor variations to their names and email addresses. Also be aware of attachments with file extensions that do not match the respective document types eg. Executable files (.exe, .js, .bat, etc) masquerading as office documents (.docx, .xlsx, .odt, .pptx, etc).”.

GNCIRT (Guyana National Computer Incident Response Team) warning its population of Ransomware attacks

Jamaica is under attack again by hackers. Only this time they've upped the stakes to ransomeware.

Two (2) companies have reportedly been hit by a ransomeware virus as reported in the article “Kingston Companies Hit by Computer Viruses”, Published Thursday December 24, 2015, The Jamaica Gleaner.
 


The Jamaica Constabulary Force (JCF) to its members is apparently the one handling the matter, base on a memo received by the Gleaner/Power 106 News Centre. The vector for the ransomeware virus appears to be an attachment in an email with following message in the body: “Hey here's the bill for that work we did for your firm the other day”.

A ransomeware virus basically will delete, encrypt or hide your data and then force you to pay over money to have it restored.  It’s very similar and may be related to a spate of Ransomeware attacks being experience in Guyana and detected by GNCIRT (Guyana National Computer Incident Response Team) since Saturday, December 19, 2015 as reported in the article “Guyana warns of ransomware attacks”, published Saturday, December 19, 2015, The Jamaica Observer

Usually, such ransomeware attacks often request payment via Bitcoins as they are a secure form of untraceable online currency as described in my blog article entitled “Microsoft accepts Bitcoins for Purchases - Napster of Cryptocurrency set to explode in Jamaica in 2015 Year of the Sheep”. 

But what's not being revealed is who the two companies are or who's sent the original email. Also, no word on the amount requested in the ransom and if it’s in bitcoins or not!

Ransomeware virus spreading through Jamaican Government Servers - How Backup of Data needs to be done quickly

Based on the tight level of security on this incident, the ransomeware virus appears to be spreading.

It’s spread is similar to the JIS (Jamaica Information Service) hack back on Monday June 22nd, 2015 as reported in my blog article entitled “Anatomy of ISIS hack of the JIS Website - How the @JISNews Website was hacked and Why Hactivists couldn't access sensitive GOJ Databases”.

These two (2) companies, base on my Facebook sources in secret chatrooms online, are Government contractors working on a project that involves the design of GovNET.

This is the Intranet designed to interconnect several government ministries, departments and agencies as explained in my blog article entitled “National Work Agency building islandwide Public Emergency Network - Early indications of GOVNet WAN and ITA-run Automated Traffic Ticketing System”.

Based on the descriptions thus far, this ransomware virus may also have a worm-like capability, capable of spreading itself via email.

The Ransomware Virus may be an attachment that the victim has to open, possibly a *.pdf file or Executable files (.exe, .js, .bat, etc) that look like office documents (.docx, .xlsx, .odt, .pptx, etc). It may even an image file that contains an executable script or weblink that points to an infected website. This website would then load the script remotely, infecting the computers that access the email.

Either way, the JCF (Jamaica Constabulary Force) aka the Jamaica Police seems to be urging all Government Agencies to back up their Data. This as the ransomware is causing some Government agencies to lose i.e. delete, encrypt or hide your data from a far back as November 2014, the last time that many of these government ministries, departments and agencies did a full backup.

Folks, this can only get worse this Christmas of 2015 so back up your Data! Ransomware viruses are hard to remove once they get a hold of your Data! I’ll publish more later once information becomes available!



No comments:

Post a Comment

Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.