If you purchased an iPhone 6 recently, you probably received this email:
Some of you may have even clicked the “Verify Now” link and entered your Apple ID account information. I hope not, though, because this email is not from Apple. It’s a phishing email meant to trick recipients into giving sensitive information to the attacker who sent it.
This email illustrates two things: …Continue reading
The latest development in the ransomware world is CryptoWall 2.0, a new version of this malware family that uses the Tor network for command and control.
F-Secure was the first to spot this new version on October 1, but since then the attacks have ramped up and new variants of the malware are emerging daily. Our WildFire analysis platform has picked up 84 CryptoWall 2.0 variants since September 30, delivered primarily through e-mail attachments but also through malicious PDFs and web exploit kits.
CryptoWall 2.0 is similar to other ransomware attacks that have plagued users and businesses for nearly a decade. Once it is running on a system, CryptoWall 2.0 seeks out document files and encrypts them using the RSA encryption algorithm. The attacker holds the key necessary to decrypt the files unless the victim agrees to pay a $500 ransom.
Unlike previous versions of CryptoWall, 2.0 communicates with its command and control (C2) server through the Tor anonymization network. This allows attackers to hide their communications and avoid having their C2 servers shut down, but also makes it easy for organizations to block the threat. CryptoWall isn’t the only threat that communicates over Tor and if your network doesn’t have an explicit reason to allow anonymization networks, you should consider blocking the application altogether with your firewall.
If your system has already been infected with CryptoWall 2.0, you’ll see a pop-up just like this one shortly after the malware has encrypted your documents.
Palo Alto Networks Advanced Endpoint Protection is a complete paradigm shift from identification to pure prevention. Our solution requires no definitions updates, protects unpatched systems, requires no hardware, is compatible with all physical or virtual Windows platforms including terminals, VDIs, VMs, and embedded systems, protects all processes including third party, and most importantly, doesn’t need prior knowledge of an attack in order to prevent it.
The Advanced Endpoint Protection solution uses a central Endpoint Security Manager to manage policy rules and distributes the security policy to endpoints in your organization. The Endpoint Security Manager communicates with the protection software, called Traps, that is installed on each endpoint in your organization.
To aid you in deploying Advanced Endpoint Protection in your network we have released the Advanced Endpoint Protection 3.1 documentation.