While Bitcoin began as a very niche, very esoteric cryptocurrency, it has since grown into something much more mainstream in the past decade. With the price of Bitcoin topping 61 thousand dollars in mid-March and hovering around the 55 thousand dollar mark as April approaches, it’s well worth taking the time to ask yourself if you might have a Bitcoin wallet stored somewhere. That’s more than 20 thousand dollars higher than it was when we wrote our previous Bitcoin-related article in January. Considering the fact that the ever-popular cryptocurrency has been around for over a decade now, it’s very possible — and actually quite a common occurrence — to see someone who invested or experimented with the cryptocurrency when it first began to catch on around 2010 and completely forgot about it until now. Naturally, the hunt for a lost Bitcoin wallet is easier said than done.

What Is a Bitcoin Wallet?

Before getting into the places your Bitcoin wallet might be hiding, it’s worth defining what exactly a Bitcoin wallet actually is. (Believe it or not, a better understanding of what Bitcoin wallets are might actually help you to uncover your own missing wallet.)

On the most basic level, a Bitcoin wallet is not a tangible thing. It’s not the same as the object you keep in your back pocket or your bag — it’s a program, a digital thing instead of a physical one. However, the purpose remains more or less the same: to protect your currency. Instead of cash and cards, though, the Bitcoin wallet protects the secure, private key (or keys) that are then used to access your Bitcoin addresses and make transactions.

Bitcoin wallets, most frequently, are stored on a desktop computer, on a mobile app, in the cloud, or on a piece of hardware. They don’t actually store Bitcoins themselves, but rather the keys that link you to the address of your cryptocurrency. Without that key, which is actually a secret number and not a tiny piece of metal, you won’t be able to access your Bitcoins.

Where Is Your Bitcoin Wallet Hiding?

It might seem counterintuitive to have to jump through so many hoops in order to access your Bitcoin keys, but the rigamarole is well worth it — especially when you take into consideration the sheer amount of hackers and cybercriminals who would love to get their hands on some long-untouched Bitcoin. When you can’t locate your Bitcoin wallet, it’s natural to feel sort of panicked. However, there’s no need to worry: If your Bitcoin wallet is out there, then it’s almost definitely capable of being located. You just have to know where to look.

Old Tape Drives

If you’ve ever utilized tape drive storage in the past, then it’s worth pulling those old tape drives out and checking them for your missing or forgotten Bitcoin wallet. Being a form of cold storage, meaning that tape drives store information without the use of the internet, tape drives are a sensible and very possible location for Bitcoin wallets.

Former Hard Drives

As time goes on, it’s only natural that we will upgrade our computers again and again. With technological advances coinciding with the incessant crawl of obsolescence, getting a new computer or a new hard drive is just a part of life. With this upgrade comes the possibility that old and important files and programs might be left behind on the former hard drives. Considering Bitcoin originated all the way back in 2009, there are a lot of potential hard drive upgrades that could have happened between then and now. As such, looking back through old hard drives might uncover your missing Bitcoin wallet. Not to mention, sometimes drives simply break down and need to be replaced — If you’ve held onto those broken drives, you might as well check them for any Bitcoin keys.

Bitcoin Exchanges

While there’s no one set way to buy and trade Bitcoin, Bitcoin exchanges continue to be one of the most popular ways to do so. By buying a set number of Bitcoin and trading it for the equivalency in other currencies, many see a way to increase their total investment through a version of forex trading. However, if you’ve lost your password to your Bitcoin exchange, then it would not be possible for you to do any buying and selling at all. If you suspect this may be the case, then it’s worth your while to recover your password as soon as you can.

Portable USB Drives

Also known as flash drives or external hard drives, portable USB drives make for a convenient and easy way to save your important documents and files on one device and transfer them to another. However, with recent updates to modern laptops, some have found these flash drives to be outdated and useless now — especially on computers that don’t even have a compatible slot for them, like the current Macbook design. However, it’s very possible that your Bitcoin wallet could be stored on an old portable USB drive that you no longer use. Through the use of an adapter if necessary, consider plugging the drive into your computer and searching through the drive for your Bitcoin wallet.

Writable CD/DVD-ROMs

Similar to portable USB drives, CD and DVD-ROM discs were quite useful for a while — That is, until laptops began phasing out disc drives in favor of other (more modern) technology. Unfortunately, this means that many documents, files, photos, and videos stored on these discs are no longer as easily accessible as they once were. If your laptop or desktop no longer has a disc drive, consider investing in an external disc drive to search through for your Bitcoin wallet.

Misunderstood Bitcoin Wallets

Occasionally, a missing Bitcoin wallet isn’t even missing at all — It’s just misunderstood. This is no fault of your own, of course. Cryptocurrency is still a very new, very innovative thing and it’s okay to feel a little lost by it. As it turns out, feeling lost can also result in actually losing things (in this instance, Bitcoin wallets). No matter if your Bitcoin wallet is in the form of a BIP39 mnemonic phrase, a BIP38 paper wallet, or some other unfamiliar form, consider reaching out to a Bitcoin expert for further help understanding.

What if I Can’t Find My Bitcoin Wallet?

At the end of the day, some of these places are just too tricky (and too pricey) for you to be able to search through them yourself. From tape drives to USB drives and everything in between, consider sending your old devices to the experts at Datarecovery.com. We take pride in our ability to locate whatever you might have lost, whether it be something as urgent as a Bitcoin wallet or something as casual as an old digital photo album. Contact us today to get started.

The post The 6 Most Common Places Your Lost Bitcoin Wallet Is Hiding (and How to Recover It) appeared first on Datarecovery.com.

What Is an NFT?

In March of this year, digital artist Mike Winkelmann (more commonly known as Beeple) sold a JPG for 69.3 million dollars. Not only is this one of the highest price tags for a piece of art ever sold, but the enormous 21,069 pixel x 21,069 pixel collage — titled EVERYDAYS: THE FIRST 5000 DAYS — is also the most expensive NFT in the very brief history of the digital asset. But… what exactly is an NFT?

The short answer is that NFT stands for non-fungible token. This doesn’t make it any clearer why someone would pay almost 70 million dollars for what is essentially a digital file when a person could seemingly just save the image to their computer for free, though. You see, the key to understanding NFTs lies in those first two letters: NF. Non-fungible. This means that the token (the T of NFT) cannot be replaced. It’s one of a kind. Compare this to currency in general terms (either dollars or cryptocurrency like Bitcoin). Currency is fungible. There is effectively no difference in regard to value between one dollar and another dollar, or between one Bitcoin and another Bitcoin. They are interchangeable in their use.

This still leaves the question of ownership, though. How can a person truly own an image when anyone could come along and simply save the image to their computer and say they own it? It’s a valid question, and the answer still might not satisfy you: Think of the Mona Lisa. Anyone can print out a picture of Leonardo da Vinci’s most famous work, but it doesn’t change the fact that the one and only original remains on the wall at the Louvre Museum in Paris, France. The same goes for NFTs. Every printed or forged copy of the Mona Lisa will have distinctions in comparison to the original, but an NFT has a digital makeup that identities it as one of a kind. It’s all about trying to bring verifiable ownership to crypto, in other words — but it’s more akin to a Certificate of Authenticity, really.

Why Are NFTs So Popular?

While NFTs have had the most success in the art world, they can really be any digital thing, from social media posts to albums to sketches to documents and anything in between. For this reason, notable figures from all corners of the pop culture pantheon have come out of the woodworks to dip their toes in NFTs. Actors like William Shatner, musicians like Weezer, plenty of social media influencers, and countless others — like the creator of ancient internet meme Nyan Cat — have done their part to wheel and deal NFTs. All of these big names have essentially worked in tandem with one another to make this novel crypto asset blow up.

Not to mention, NFTs have been making millions in the past month or so — and not just Beeple’s EVERYDAYS: THE FIRST 5000 DAYS. All sorts of other artists have made anywhere from one to ten million dollars on their own respective NFTs. Their success with NFTs combined with the almost meme-ification of the crypto asset by verified celebrities and other social media users has created an unprecedented amount of buzz.

Are NFTs Worth It?

To answer the question of whether or not NFTs are worth it, let’s get into how they actually work on a technical level. See, the majority of NFTs are a part of the Ethereum blockchain. While Ethereum itself is a cryptocurrency, it’s the cryptocurrency’s blockchain that holds the large chunk of the world’s NFTs. For this reason, other blockchains are free to implement their own version of NFTs if they pleased — Which potentially raises a red flag for the future of NFTs themselves, should another blockchain choose to do their own take on them.

Beyond this, while NFTs promote ownership, the artist often still retains the copyright and reproduction rights — meaning that your one-of-a-kind non-fungible token might not be so non-fungible as you initially thought it was. If an artist’s NFT doesn’t sell for the high price they expected it to sell for, then there’s nothing stopping them from taking another crack at it and creating another token. For this reason, NFTs are less like proof of ownership and more like proof of commemoration.

While these two factors definitely make NFTs sound riskier for buyers, they’re big positives for sellers. Not only do they give artists the opportunity to sell their work for much more than they ever would have had the chance to otherwise, NFTs optionally come equipped with a feature that pays the artist a percentage every time the token is sold or traded.

The Future of NFTs

Wherever you fall in the great NFT debate, the future of NFTs remains pretty murky. Five, ten, 100 years from now, who’s to say how much these non-fungible tokens will be worth? Not to mention, there’s always the possibility that the NFT owner’s crypto wallet could be lost or stolen, that the image quality could decline, that the artist could create ten more copies that devalue your token, and countless other risks that make these crypto assets far more risky than, say, Bitcoin.

If anything, the popularity of NFTs doesn’t suggest that they will become the future of cryptocurrency, but that many other kinds of crypto assets are sure to emerge in the coming years to compete with their success. Given Bitcoin’s immense and ever-increasing price tag, it’s clear that cryptocurrency isn’t going anywhere. Whether or not NFTs will blow up in a good way or in a bad way remains to be seen, but this much is clear: they surely won’t be the last of their kind.

The post NFTs Explained: What Are They, and How Might They Shape the Future of Cryptocurrency? appeared first on Datarecovery.com.

Bitcoin used to be the preferred payment method of cybercriminals. Last year, we reported that the hackers behind the WannaCry ransomware infected PCs worldwide, and demanded payment in the form of Bitcoin from their victims. Hackers asked for Bitcoin because the cryptocurrency’s transactions are harder to trace to individuals compared to traditional bank transfers.

Some European businesses started to purchase Bitcoin in 2017 in order to prepare themselves for future ransomware demands. Cyber criminals, meanwhile, saw the value of Bitcoin skyrocket, which made the cryptocurrency a target for high-profile cyber theft.

Despite Bitcoin’s continuing popularity and expensive value, several news reports are stating that ransomware criminals are now asking for a different payment method.

While Bitcoin remains a highly popular cryptocurrency among people who deal in the dark web, its high-profile status is giving criminals some problems. ZDnet puts the blame on the asset’s hyper volatility that sometimes jeopardizes criminal operations. A crash doesn’t only affect investors who have diversified their portfolio with cryptocurrencies, but also criminals who need to keep adjusting their ransom based on the current prices of Bitcoin.

Before 2017 ended, Bitcoin reached an all-time high of $20,000. However, it slid sharply at the start of 2018, and settled at 50% of its December 2017 prices. In June, Nadex reported that cryptocurrency markets are being rocked by volatility almost every day. Bitcoin moved 13% lower, and even experienced a $1,000 drop in one trading day. Like any other asset, Bitcoin’s prices are affected by fundamental factors that affect the economy as a whole. Hacked online exchanges, the strengthening of regulated currencies, and current investor sentiment towards cryptocurrency markets are just some examples of what can affect the price of Bitcoin.

In the same article by ZDNet, it was mentioned that criminals are moving towards more stable forms of cryptocurrency like Monero, Zcash, and Ethereum. With the aforementioned 3 cryptocurrencies, criminals won’t have to keep adjusting their ransom every time Bitcoin’s prices crash.

Bad news for altcoins

The shift to other cryptocurrencies is gaining traction within the dark web. If more cybercriminals move towards other forms of digital funds, it will create problems for investors who have decided to stay away from Bitcoin because of its volatility. Hackers who switch to other cryptocurrencies will disrupt the trust of investors, and make altcoins more volatile. Apart from that, the mass switch by ransomware criminals to other cryptocurrencies will also make it harder for authorities to catch criminals, because they will be investigating multiple cryptocurrencies instead of just Bitcoin. Some new cryptocurrencies are designed to provide almost absolute anonymity to the integrity of the transactions and users, making investigations into cyber-crime money laundering next to impossible.

“We’ll see a progressive shift in 2018 towards criminal use of cryptocurrencies other than Bitcoin, making it generally more challenging for law enforcement to counter,” warned the Executive Director of Europol Rob Wainwright in a Tweet.

Despite the switch to other cryptocurrencies, many criminals will also continue to use Bitcoin due to its popularity. With more people and companies using it for everyday transactions, there is a higher chance of receiving the ransom.

“We must remember that when forcing ransom payment, Bitcoin is still the cryptocurrency of choice given its wide availability and use” said Thycotic’s Chief Security Scientist Joseph Carson. “It is when cyber-criminals are moving money around to pay other cyber-criminals or to purchase new toys they will use an alternative cryptocurrency to keep a low profile.”

Did you have your data stolen by ransomware criminals? Here on Datarecovery.com we provide fast and affordable solutions to your stolen files. Call us at 800-237-4200 so we can help retrieve what’s yours.

The post Why Ransomware Criminals are Moving Away from Bitcoin appeared first on Datarecovery.com.

Enter Sia, a decentralized cloud storage platform that hopes to leverage the power of the blockchain to rival mainstream services like Amazon Web Services, Dropbox, and Google Drive. It’s one of the most exciting uses of the technology, and it has the potential to change the way that we store and access data.

In simple terms, here’s how Sia (and Siacoin) works.

A renter purchases Siacoin, then exchanges them to buy a certain amount of storage space on the blockchain.

The renter uploads files, which the service divides into 30 segments using Reed-Solomon erasure coding. The files are stored with a high level of redundancy, and can be reconstructed with any 10 segments. In other words, if 20 of the host computers go down, the files are still accessible.

Sia encrypts each file segment with the Twofish cipher (an important point of differentiation, since many major cloud services don’t encrypt files by default). The renter and the hosts enter into a smart contract, enforced by the Sia network; renters purchase storage with Siacoin, while hosts deposit Siacoin as collateral for renting out unused space on their storage media (typically hard drives). That ensures that hosts don’t set up contracts and immediately drop offline — they’d lose currency by attempting to game the network.

The host only receives payment after submitting storage proofs, which Sia stores permanently on the blockchain. The contracts typically last for 90 days. When hosts drop off the network, Sia performs file repairs, ensuring that 30 hosts are storing the file segments at most times.

Interestingly, payment transactions don’t occur on the blockchain; they occur through specialized payment channels, which help to keep Sia’s storage tech efficient.  

The advantage of Sia: True decentralization.

Currently, Sia is geared towards developers, enterprise-level businesses, and other users that require a need to maintain a large amount of reliable storage at a low cost. It’s not geared towards personal computer users — yet. In our opinion, Sia will need to drastically improve its core client (SiaUI) in order to appeal to typical consumers.

However, it’s difficult to overstate the technology’s potential. Sia could change data storage forever by providing true decentralization, eliminating the points of failure that can cause serious issues for mission-critical applications. One example: In 2017, Amazon Web Services encountered temporary issues with its eastern U.S. servers, leading to outages for thousands of customers. A well-implemented technology like Sia could avoid these types of errors by moving data off of proprietary servers and into the blockchain.

That’s not to say that Sia, in its current form, is a competitor to Amazon, but the technology could certainly get there. The blockchain has a myriad of exciting applications, but in our field, Sia is one of the best demonstrations of the tech’s potential.

The post How Siacoin Could Change Data Storage appeared first on Datarecovery.com.

“It’s like some sort of gold rush,” Limor Kessem, executive security adviser for IBM Security, told NBC News. “Cybercriminals are using ransomware to bring extortion to the masses and more criminals are now doing it because they’re interested in getting a piece of the action.”

The news is particularly worrisome for the healthcare industry, which is a frequent victim of ransomware. It’s not clear if hackers intentionally target hospitals and medical centers, but because doctors need access to crucial files, medical organizations feel more pressure to pay ransoms to restore data.

Arkansas Oral and Facial Surgery Center is the latest victim from the medical industry.

The healthcare organization discovered the attack on July 26, 2017, but only recently sent an explanation to its patients. In the notice, the medical practice explains that ransomware rendered three weeks worth of imaging files, x-rays, and other documents inaccessible.

The U.S. Department of Health and Human Services lists the incident as a case currently under investigation and reports that 128,000 individuals may have been affected. The Arkansas Oral and Facial Surgery Center did not disclose information about a ransom payment, but did say that they reported the case to the FBI.

A number of factors make the healthcare industry a frequent victim of ransomware attacks.

Perhaps the biggest factor is that hospitals and other medical centers need immediate access to files. This makes them more likely to pay a hefty ransom, as happened with the Hollywood Presbyterian Medical Center.

A Locky ransomware attack froze up services at Hollywood Presbyterian in February 2016. The medical group quickly paid $17,000 to its attackers in order to receive a decryption key and regain access to their files.

In May 2017, WannaCry ransomware affected hundreds of thousands of computers in 150 countries. The most prominent victim was Britain’s National Health Service (NHS), whose services were severely disrupted by the incident.

The NHS incident laid bare another factor that makes medical centers more susceptible to ransomware attacks.

Many healthcare organizations use medical devices that run on older, unsupported operating systems. Because the systems no longer receive patches, hackers can find and exploit their vulnerabilities.

During the WannaCry attack, Forbes reported that some medical facilities in the U.S. had radiology equipment compromised by the ransomware. Of course, healthcare facilities are reticent to say what operating systems they use, but clearly, many are relying on older systems.

This is horrifying to computer security experts, but it’s a simple matter of economics for hospitals. A ransomware attack is costly, but so is replacing a building full of medical equipment and retraining employees every time an operating system becomes obsolete.

Operating systems are now adding defenses against ransomware, but that doesn’t protect everyone.

Microsoft has been beefing up their anti-ransomware capabilities and claims there have been no successful attacks against their “most hardened” operating system, Windows 10 S. That’s great news for those who have up-to-date software, but leaves behind those organizations running unsupported systems.

For those organizations, backing up files offline and educating employees on phishing schemes are crucial to avoiding ransomware. Experts say that security awareness training for employees can dramatically decrease the rates of clicking on scam emails.

Training employees and using more secure operating systems will make it harder for successful ransomware attacks. Unfortunately, with the malware market burgeoning, hackers will continue searching for vulnerabilities in software and in internet users.

The post Ransomware Market Expands as Healthcare Industry Continues Feeling the Effects appeared first on Datarecovery.com.

• Utility companies, banks, airports and supermarkets in Ukraine
• Logistics company Maersk in the Netherlands
• Food conglomerate Mondelez in Spain
• Marketing firm WPP in the U.K.
• Pharmaceutical giant Merck in the U.S.

Tweets from around the world showed locked screens on ATMs, supermarket registers, and office computers with the same ransom note demanding $300 in Bitcoin.

All computers in our office are down. Global #Ransomware attack. I’ve heard few other companies affected too. Backup and stay safe, guys. pic.twitter.com/YNctmvdW2I

— Mihir (@mihirmodi) June 27, 2017

If a Petya ransomware variant has infected your computer, turn it off, disconnect any media from it, and call Datarecovery.com at 1-800-237-4200. Our security experts will assess your situation and begin planning how to recover your files.

What is Petya Ransomware (And How Does It Work)?

Experts first detected Petya ransomware in 2016. The malware differed from other types of ransomware in that it overwrote and encrypted a computer’s Master Boot Record preventing it from booting.

The recent attacks, which started on June 27, 2017, appear to be from a variant of Petya (which some experts are calling NotPetya). This new strain of ransomware is far more dangerous because it spreads laterally through networks using the Eternal Blue exploit.

To protect yourself from this Petya variant, experts recommend using this security update from Microsoft, blocking inbound connections on TCP Port 445, and regularly maintaining back-ups of important files.

Notable Features of Petya Ransomware Include:

• Ransom note demands $300 bitcoin payment.
• Email provider has shut down developer’s account making it impossible to notify attackers of paid ransom.
• Victims include major companies and organizations in Ukraine, Russia, Netherlands, U.K., France, and United States.
• Variant uses NSA’s Eternal Blue exploit to spread laterally through networks.

The Petya variant targets the following file extensions:

.3ds, .7z., accdb, .ai, .asp, .aspx, .avhd, .back, .bak, .c, .cfg, .conf, .cpp, .cs, .ctl, .dbf, .disk, .djvu, .doc, .docx, .dwg, .eml, .fdb, .gz, .h, .hdd, .kdbx, .mail, .mdb, .msg, .nrg, .ora, .ost, .ova, .ovf, .pdf, .php, .pmf, .ppt, .pptx, .pst, .pvi, .py, .pyc, .rar, .rtf, .sln, .sql, .tar .vbox, .vbs, .vcb, .vdi, .vfd, .vmc, .vmdk, .vmsd, .vmx, .vsdx, .vsv, .work, .xls, .xlsx, .xvd, .zip

The above is not necessarily a comprehensive list but contains the known targeted extensions. In addition to encrypting the above files, Petya encrypts the Master File Tree and overwrites the Master Boot Record preventing computers from booting up altogether.

How Does Petya Ransomware Infect My System?

Researchers still have not pinpointed the initial vector of infection. One theory holds that an Office document attached to a spam email began the infection. Once the ransomware infects one computer on a network, the infection can spread laterally to out-of-date Windows machines.

Can I Disable or Remove Petya Ransomware Encryption?

There is no known decrypter for Petya ransomware or its variants. To make matters worse for victims, the email address of the attackers has been shut down. German email provider Posteo followed protocol and made the attacker’s account completely inaccessible once they learned of the incident.

With no working email address, there is no way to let the attackers know that a victim has paid the ransom. That leaves victims with no choice but to try to recover their files through other means. Datarecovery.com can assist you in locating back-up copies or in restoring partially encrypted files.

Contacting ransomware recovery experts as soon as possible gives victims the best chance at restoring their encrypted files. The specialists at Datarecovery.com have experience at removing malware and recovering seemingly lost documents. Call 1-800-237-4200 to start the process of restoring your files.

The post Petya Ransomware Infection And Decryption Services appeared first on Datarecovery.com.

If a Hidden Tear variant has infected your computer, turn it off, disconnect all media, and call Datarecovery.com at 1-800-237-4200. Our security experts can advise you on your options and begin the recovery process.

What is Hidden Tear Ransomware and How Does It Work?

Turkish programmer Utku Sen created Hidden Tear ransomware as an educational tool. He wrote a disclaimer on the site where others could download the source code, stating that the program was strictly educational. However, it wasn’t long before modified versions of the ransomware started infecting computers.

Trend Micro has already spotted several improved variants of Hidden Tear that allow victims to more easily pay ransoms. This trend follows the familiar pattern of ready-made malware giving attackers more time to focus on adding user-friendly features to increase payouts.

Notable features of Hidden Tear ransomware include:

• Open-source code allowed hackers to start with functional malware and improve it in a variety of ways.
• Often has a more user-friendly interface (e.g. it can leave some files unencrypted or have a FAQ menu about payments).
• Source code is behind many new variants such as KaoTear, POGOTEAR, and Fsociety.

The diversity of variants shows how big of a head start hackers have when they begin with viable malware. Instead of having to write sophisticated source code, they simply modify existing ransomware and add unique graphics or features. In the case of KaoTear, the attackers opened up an entirely new market by translating the ransom note into Korean and targeting a South Korean messaging app.

How Does Hidden Tear Ransomware Infect My System?

Because there are a variety of attackers distributing Hidden Tear variants, there’s no one particular vector of infection. However, due to its small file size of just 12 KB, attackers can easily hide the malware in an attachment to a phishing email. The POGOTEAR and KaoTear variants are disguised as a Pokemon app and a messaging app, which victims mistake for legitimate software.

Different variants of Hidden Tear target different files for encryption. A variant called May avoids encrypting files in several key directories to leave a computer more functional, presumably to make it easier to pay the ransom through an infected computer. A variant called MoWare targets the Desktop, Personal, MyMusic, and MyPictures folders. Because attackers can easily alter the source code, they can target any number of folders or files.

Can I Disable or Decrypt Hidden Tear Ransomware?

There is a freely available decrypter that works for many Hidden Tear variants. Due to the great variation within the ransomware family, this tool may or may not work for an infected computer. The security specialists at Datarecovery.com can assist you in determining what plan of action will most quickly restore your files.

If a Hidden Tear variant or other ransomware has infected your computer, call 1-800-237-4200 to speak with a malware expert. We can discuss your options and create a recovery plan to restore your files as soon as possible.

The post Hidden Tear Ransomware Infection and Decryption Services appeared first on Datarecovery.com.

If you have a WannaCrypt infection, immediately shut down the infected device. Call Datarecovery.com at 1-800-237-4200 to discuss your case with a ransomware expert.

What is WannaCrypt Ransomware (And How Does It Work)?

WannaCrypt is a type of crypto-ransomware, a type of malware that encrypts a victim’s files so that they are inaccessible. The attackers then demand a ransom in return for a decryption key.

WannaCrypt message. c/o Engadget.

What sets WannaCrypt apart from other ransomware is its unique ability to spread across networks. Likely by using an exploit developed by the U.S. National Security Agency (NSA), WannaCrypt can spread through a network to other machines that have an unpatched Windows operating system.

This was particularly devastating for networks using unsupported operating systems like Windows XP, because there were no patches available. Many companies use older operating systems in order to keep software that is incompatible with newer systems.

Microsoft has now created patches for Windows XP, Windows 8, and Windows Server 2003 in direct response to the WannaCrypt epidemic, despite the fact that the company hasn’t officially supported XP or 2003 for years.

This response helps to underline the severity of the problem; the WannaCrypt attack is easily one of the largest ransomware attacks in history.

Notable features of WannaCrypt Ransomware Include:

• WannaCrypt spreads to unpatched computers in the same network as infected computer.
• It demands a $300 to $600 initial ransom, paid in bitcoin. This amount may increase over time.
• The program has spread to at least 150 countries.
• Prominent victims include NHS, Telefonica, Renault, and FedEx.
• WannaCrypt was temporarily stopped, but new variants are already active.
• Attackers have likely collected over $56,000 in ransom money.
• About 200,000 computers have been infected by WannaCrypt and its variants, but the number is growing rapidly.
• The original version of WannaCrypt uses 2048-bit AES encryption.

Currently, we believe that WannaCrypt uses two NSA exploits, codenamed  ETERNALBLUE and DOUBLEPULSAR. These exploits target the Windows Server Message Block (SMB) version 1 file sharing protocol. Recent Windows updates prevent these protocol from being exploited, but many computer systems haven’t received recent updates; as such, the ransomware moves very quickly in some networks.

The spread of WannaCrypt was temporarily halted when a security expert with the Twitter handle Malware Tech registered a domain name he noticed in the ransomware’s code. He intended to use the domain to analyze the infections, but it inadvertently worked as a kill switch and stopped the spread of the malware. Essentially, the program prompts a command & control server at the domain name in question; when it stopped receiving a response, it stopped spreading.

This prevented many infections, but researchers have already spotted new variants of the malware without the so-called “kill switch.” The original version of the worm was not proxy-aware, and therefore, the kill switch wouldn’t work for networks on proxies.

Authorities are searching for the creators of the ransomware; in past cases, when institutions such as the FBI are able to apprehend the writers of malicious ransomware programs, the keys are quickly released. This allows users to restore their data without paying the ransom.

However, there is no guarantee that authorities are close to arrests—or that they’re anywhere close.   

How Does WannaCrypt Ransomware Infect My System?

Experts believe that WannaCrypt initially infected computers through a phishing email or a network vulnerability. An NHS employee claimed that a spam email infected the first computer at a Lancashire, England location.

Once WannaCrypt infects a single machine on a network, it can spread to others that do not have the critical patch. It can spread through LAN, so we recommend disconnecting Ethernet before powering on any computer that might be infected.

Users should also apply the newest security patches, as this provides protection from other computers infected with the ransomware. However, the ransomware can still infect a patched computer through the traditional means of malicious email attachments.

Can I Disable or Remove WannaCrypt Ransomware Encyption?

Currently, there is no WannaCrypt decrypter available without paying the ransom. As with all ransomware, the best defense is to prevent infection in the first place. The most critical step for this fast-moving malware is to update your Windows operating system.

Datarecovery.com is investigating workarounds, but because WannaCrypt uses an operational algorithm, some files may be recoverable with traditional methods. The software makes an encrypted copy of each file, then deletes the original; in some cases, we’re able to recover the original file, although with this method, there’s virtually no possibility of a full recovery.

For large files on a network, our specialists may also be able to limit or reduce ransoms. In any case, fast treatment is absolutely essential, especially when WannaCrypt ransomware infects an entire network.

To begin recovering files from a WannaCrypt infection or to learn more, call 1-800-237-4200 and ask to speak to a ransomware specialist.

The post WannaCrypt Ransomware Infection and Decryption Services appeared first on Datarecovery.com.

The particular strain of ransomware is unknown, but SLPL staff reported that the attackers demanded a ransom of 38 bitcoins ($34,020 at time of writing) to restore data and software functionality. The attack disabled both circulation and computer booking software, which meant that the public could neither check out materials nor use computers. Libraries were eerily quiet and the SLPL website declared, “Check out and computer services at all Library locations have been suspended.”

When staff arrived to work on Thursday, Jan. 19, their computer desktops were blank except for the recycle bin. One staff member found a ransom note in her computer’s download folder that requested 38 bitcoins to restore all functionality. The same note conveyed that for less money, individual computers could be restored. Internet Explorer was the only software that the attack left usable. Presumably, this was to ensure that library management had a way to pay the exorbitant ransom demand.

Ransomware is a malicious type of computer software that encrypts a computer’s files so that they are unusable until the victim pays a ransom for a decryption key. Depending on the extent of the attack, drives that are mapped to the target can also be compromised. The attack on SLPL encrypted all data on their hard drives and rendered their circulation and computer-booking systems unusable.

The library decided not to pay the ransom when they learned of the attack. Jen Hatton, a spokeswoman for the library, told the St. Louis Post-Dispatch that the library’s IT department would be able to fix the damage. Businesses and other organizations often pay out of desperation. Fortunately, public libraries have the luxury of shutting down services without the fear of losing out to competitors.

Libraries in the SLPL system were sparsely populated Thursday as most services were rendered inoperable due to the attack. Because staff computers still had access to Internet Explorer, librarians were able to address reference questions on their computers. Patrons still had access to Wi-Fi as well.

St. Louis Public Library, by Chris Yunker via Flickr

By Friday morning, SLPL reported that they had regained control of their server, but still had not restored functionality to material circulation and computer booking services. An SLPL employee reported that IT had to work through the problem “computer by computer” for each of the 700 affected machines.

SLPL is one of the highest-profile targets of a ransomware attack. Experts believe that the library was targeted rather than the victim of random phishing emails because of the extent of the damage. SLPL may be one of the largest, but they are not the first high-profile target to be successfully hacked.

The San Francisco Municipal Transportation Agency fell victim to a ransomware scheme that forced them to freeze their ticket kiosks and give free rides. They chose not to pay the ransom and voluntarily shut down public kiosks to minimize potential damage. The SFMTA maintains that no customer or staff data was compromised, though 900 office computers were impacted.

Other large institutions have chosen to pay ransoms to minimize the impact of attacks. Hollywood Presbyterian Medical Center, The University of Calgary, Carleton University, and The Melrose Police Department all suffered attacks and chose to pay the ransom to restore their data and operability. Experts warn that paying attackers can embolden them to make more attacks.

The major attacks of the last year have proven that ransomware is a very real threat to organizations big and small. Backing up data, not clicking on suspicious links and attachments, and updating software are good ways to avoid falling victim. For the time being, ransomware attacks appear to be the price of doing business on an open internet.

The post St. Louis Public Library Grinds to a Halt Due to Ransomware Attack appeared first on Datarecovery.com.

If Cerber has infected your computer, turn it off, disconnect all media from it, and call Datarecovery.com at 1-800-237-4200. Our malware experts can assess your situation and begin a plan to restore your files.

What is Cerber Ransomware (And How Does It Work)?

Cerber is a type of malware called crypto-ransomware. Attackers find a way to gain entrance to a victim’s computer, and then Cerber encrypts the files on that computer. Encryption is normally used for keeping the information in files secret, but when crypto-ransomware encrypts files, the goal is to withhold the information from the rightful owner until a ransom is paid.

After Cerber has encrypted all of the files it can and renamed them to unrecognizable names often with extension “.cerber”, it puts a note for the victim on the computer desktop. It also creates several ransom note files. These include a text file, HTML file, and a VBS (Visual Basic Script), usually named like “# DECRYPT MY FILES #”. The messages direct the victim on how to pay the ransom, which generally starts at 1.24 bitcoins ($917 at the time of writing).

Notable Features of Cerber Ransomware Include:

• The ransom doubles from 1.24 to 2.48 bitcoins after seven days of nonpayment.
• Attackers can buy Cerber from underground Russian forums, which makes ransomware attacks possible from anyone with enough money to pay.
• In July of 2016 alone, victims paid $195,000 to Cerber assailants in order to decrypt encrypted files.
• Cerber has targeted more than 150,000 computer users, including both individuals and businesses, in July of 2016 with no signs of slowing.
• Cerber favors targeting businesses over individuals because of the malware’s ability to encrypt databases and mapped or unmapped network shares. This can cripple businesses.
• When Cerber initiates, it first checks a victim’s computer to see if they are from a variety of former-Soviet republics. If the computer is from any of these countries, the ransomware terminates and does not infect the computer.

Security experts have cracked the earliest version of Cerber, but the developers have already responded by updating the malware to an as-yet unbreakable version. Retrieving backup copies of data is more feasible than decrypting files for the later versions of Cerber.

View the full ransom note screenshot here

How Does Cerber Ransomware Infect My System?

Cerber infects a computer when the user clicks on a malvertisement, or malicious advertisement. Malvertisements are the preferred way for criminals to attack computers. Criminals can place legitimate advertisements on a website until the site trusts them, and then they place an ad that is capable of hijacking a computer when someone clicks on it.

The compromised advertisements are made to look as innocuous and legitimate as possible. However, once someone clicks on one of them, the visitor can be tricked into downloading the payload. After Cerber encrypts all of the files it can, it leaves a note with instructions on how to pay the ransom.

Paying the ransom and decrypting the data is a convoluted and uncertain process. It involves temporary web pages that go offline after a short period, installation of the Tor Browser, .onion sites (also temporary) on the Tor anonymous network, crypto-coin wallet management and exchange transactions, and of course executing the decryption process with the unique decryptor. Worst of all, there is no guarantee that the attackers will provide a working decryptor software once the ransom is paid. Even when cyber-criminals attempt to send a working decryptor, there can be technical difficulties that leave the victim out of money and without their files. One common example we’ve seen is two different intances of the ransomware software having run independently and caused overlapped encryption.

Can I Disable or Remove Cerber Ransomware Encryption?

As with all malware, prevention is the best defense. However, if Cerber has already infected your machine, recovering files from alternate sources is preferable to decrypting the files. An early version of Cerber has been cracked, but the developers continue to update the malware and later versions have proved tougher to break.

If you believe that Cerber has infected your computer, remember that consulting professionals quickly is in your best interest. Datarecovery.com can help you determine if you have backup copies of your files and determine the best way to recover them.

Call 1-800-237-4200 to start the process of restoring your unreadable files. Our malware experts will analyze your situation and begin the process of recovering your information.

The post Cerber Ransomware Infection And Decryption Services appeared first on Datarecovery.com.