What is Hamster Kombat?

Hamster Kombat is yet another tap game that works internally in Telegram Messenger. The main target of the game is to earn virtual currency that may further be converted into cryptocurrency. Developers of the project claim listing the corresponding token in July 2024, converting earned virtual tokens into crypto. That is not the first game of its genre: Notcoin tap-game definitely has been an inspiration to Hamster Kombat.

Based on The Open Network (TON), a blockchain network of Telegram Messenger, it has a similar principle of action. Users tap on the screen, complete different tasks, and increase the “profit per hour” stat. Actually, the latter is determinant for the amount of new tokens that the user will receive upon listing. But where does all this generosity come from?

Hamster Kombat Raises Concerns Over Russian Origins

Last week turned out to be disastrous to a seemingly innocent Hamster Kombat game. Quite a few newsletters, mainly ones from Ukraine, published detailed analyses of the game, tracing its roots to Russia. And it is hard to argue with their observations: the official website of the game, hamsterkombat[.]io (scan report), is registered in Moscow, the capital of Russia. The site itself, at the same time, lacks any details about the developers, with all the corresponding data being wiped from the domain reports.

The problem here is the law the Russian government passed back in 2015. It implemented a mandatory demand to store all the user data and provide law enforcement access to it on demand. Effectively, Russian security services can get access to the data of Hamster Kombat users, any day, any minute.

One more problem here is that the game itself lacks privacy policy. Users register using their phone numbers – that, together with the username, is the minimal amount of data the program may access. At worst, Hamster Kombat may collect the entirety of user data – from the list of contacts and the device’s gallery to the location with regular updates.

What is the problem?

You may ask a rather logical question – what is the reason for all that fuss? Almost all big tech companies in the US and Europe collect user data to a certain extent and occasionally collaborate with law enforcement. Memes about Mark Zuckerberg having user data for breakfast would not appear out of nowhere, right? Well, there is an explanation.

The alarm about Hamster Kombat’s origins was mainly raised by Ukrainian media, as a warning for all Ukrainians against participating in the game. Immediately after the game was launched, a huge wave of advertising started in Ukrainian Telegram communities. Considering the Russian origins and absence of any declared limitations on user data collection, the concerns are rather realistic. The war between two countries is ongoing, and big data about Ukrainian citizens may be as valuable as reconnaissance data from profile agencies.

This bears resemblance to the theory about Pokemon GO being an undercover spyware that may uncover military bases and top secret objects. Users supposed that the game algorithm could have put rare Pokemons in the places where people don’t typically go. Military-related objects, at the same time, are exactly the places where you won’t typically expect crowds to appear. While a lot of people called it a conspiracy theory, it makes much more sense than most of the other ones.

The data from Hamster Kombat is unlikely to reveal military bases. However, considering all I’ve said about the Russian origins and laws that allow special services to access the data, it may still have great value.

Is it safe to play Hamster Kombat?

The promotion of the new tap game started spreading in Europe and English-speaking countries only recently. It will most likely become more intensive with time, as such projects always rely on scaling the audience. Thus, the security questions touch these countries as well.

From the data security perspective, I would not recommend playing Hamster Kombal. That is, of course, unless you’re OK with sharing potentially unlimited amounts of personal data with the country internationally accused of sponsoring terrorism. But politics aside, the aforementioned law allows for almost unsupervised access to user data. It may still be valuable for spamming or sale on the Darknet

But without data safety concerns, the project looks more or less legitimate. It does not require any sensitive info – SSNs, ITINs, payment info, so you are not risking anything that may harm you personally. Newly minted tokens may sometimes soar in price pretty significantly, thus it can turn into a rather profitable investment. If you would not mind spending quite a lot of time tapping your smartphone’s screen, of course.

The post Hamster Kombat Game Rises Concern Over Russian Origins appeared first on Gridinsoft Blog.

But wait, there’s more bad news (sorry). IBM’s latest report shows the average data breach now costs companies $4.88 million. And here’s the kicker – most of these breaches start with stolen passwords. You know, those same passwords you’ve been “meaning to update” since forever.

Look, I get it. Another security article telling you to be careful online. But stick with me – I’ve watched too many smart people lose everything to ridiculously preventable attacks. We’re talking about real protection here, not just the usual “be careful” advice. Plus, we’ll cover those nasty malware variants that are getting smarter every day.

What Is Data Protection? (Spoiler: It’s Not Just Strong Passwords)

Let’s clear something up right away – data protection isn’t just about having a password that would make a cryptographer proud. It’s actually a whole bunch of technical, procedural, and behavioral stuff working together. Think of it like home security – you don’t just lock the front door and ignore the windows, right?

So what are we really talking about here?

• Encryption – The technical stuff (AES-256, RSA-2048 if you’re curious) that scrambles your data into unreadable gibberish. Like a secret decoder ring, but way cooler.
• Access controls – Fingerprints, face scans, those annoying text codes. Yeah, they’re a pain, but they work. Think of it as a bouncer for your data.
• Smart habits – This is the human stuff. Not clicking weird links. Actually reading those security warnings. You know, common sense (which isn’t that common).
• Legal protections – GDPR, CCPA, and other boring acronyms that basically mean companies can’t just sell your data to the highest bidder anymore. Progress!

Here’s a fun fact that’s not actually fun: Verizon’s 2024 report found that 74% of breaches involve good old human error. Not sophisticated hacking. Not elite cybercriminals. Just regular people clicking the wrong thing or using terrible passwords. Ouch.

That’s exactly why you can’t just install antivirus and call it a day. You need to actually understand how ransomware works (it’s scarier than you think) and get serious about remote work security – especially if you’re one of those “coffee shop office” people.

The Bad Guys Have Gotten Really, Really Good at This

Before we dive into protection (the fun part), we need to talk about what you’re up against. And honestly? It’s gotten pretty wild out there:

Advanced Persistent Threats (APTs) – The Ninjas of Hacking

Picture this: hackers who break into networks and just… hang out. For months. Sometimes years. That’s APTs for you – they’re like digital squatters, except way more dangerous. CISA keeps warning us that these groups are getting bolder, and here’s how they do it:

• They use legitimate tools already on your computer (sneaky, right?)
• They exploit vulnerabilities nobody even knows exist yet (called zero-days)
• They hack one company to get to thousands of others (remember SolarWinds? Yeah, that was fun…)

Social Engineering Got a Major Upgrade (Thanks, AI)

Remember when phishing emails had terrible grammar and claimed you won the Nigerian lottery? Those days are gone, my friend. Microsoft’s 2024 report shows that scammers have seriously upped their game:

• Deepfakes – Your “boss” calling you for an urgent wire transfer? Might not be your boss anymore
• AI-written phishing – These emails now sound exactly like your coworker wrote them (creepy, I know)
• Callback scams – They trick YOU into calling THEM. And people fall for it every single day

10 Ways to Actually Protect Your Data (That Really Work)

1. Multi-Factor Authentication – Your New Best Friend

I know, I know – MFA is annoying. Having to grab your phone every time you log in? Ugh. But here’s the thing: this one simple annoyance blocks 99.9% of automated attacks. That’s not a typo. It literally stops almost everything.

But not all MFA is created equal. Let me break it down:

• Hardware Security Keys (FIDO2/WebAuthn): Physical devices like YubiKey provide phishing-resistant authentication. Unlike SMS or app-based codes, they cannot be intercepted or socially engineered.
• Biometric Authentication: Combine something you know (password) with something you are (fingerprint, facial recognition) and something you have (device).
• Risk-Based Authentication: Implement adaptive MFA that adjusts requirements based on login context (location, device, behavior patterns).

Here’s How to Actually Set This Up (It’s Easier Than You Think):

1. Start with your bank accounts – seriously, do this TODAY
2. Add at least two backup methods (but please, not SMS – hackers can steal your phone number)
3. Turn on those annoying login alerts – they’ve saved me twice already
4. Check your “connected apps” monthly and kick out anything you don’t recognize

2. Get Serious About Antivirus (Yes, You Still Need It)

“But I have Windows Defender!” I hear you say. Cool. That’s like bringing a knife to a gunfight. Modern threats need modern protection, and the MITRE ATT&CK framework (basically the encyclopedia of hacking techniques) shows why:

Essential Components:

• Next-Generation Antivirus (NGAV): Uses machine learning and behavioral analysis to detect unknown threats
• Endpoint Detection and Response (EDR): Provides visibility into endpoint activities and enables threat hunting
• Application Control: Prevents unauthorized software execution, blocking hacktools and pirated software that often contains malware
• Device Encryption: Protects data if devices are lost or stolen

Comparative Analysis of Security Solutions:

When selecting endpoint protection, consider multiple options based on independent testing from AV-TEST and AV-Comparatives. Leading solutions include enterprise-grade offerings from Microsoft Defender, CrowdStrike, and SentinelOne, while consumer options range from built-in OS protection to specialized anti-malware tools. GridinSoft Anti-Malware offers lightweight protection particularly effective against emerging threats, though users should evaluate based on their specific needs and threat model.

3. That Firewall Thing – Yeah, You Need to Actually Use It

Remember firewalls? Those things we all turned off in 2010 because they blocked our games? Well, turns out they’re actually important. Who knew? Here’s the deal:

Windows Firewall Configuration:

# Enable Windows Firewall for all profiles
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

# Block all inbound connections except those explicitly allowed
Set-NetFirewallProfile -Profile Public -DefaultInboundAction Block

# Create rule to block specific ports commonly exploited
New-NetFirewallRule -DisplayName "Block SMB" -Direction Inbound -LocalPort 445 -Protocol TCP -Action Block

# Log dropped packets for analysis
Set-NetFirewallProfile -Profile Domain,Public,Private -LogBlocked True -LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log

Advanced Firewall Strategies:

• Application-Layer Filtering: Configure rules based on applications, not just ports
• Geo-blocking: Restrict traffic from high-risk countries if not needed for business
• Intrusion Prevention Systems (IPS): Deploy inline detection to block malicious traffic in real-time, especially from obfuscated threats
• Network Segmentation: Isolate critical systems from general network traffic

4. Public WiFi Is Basically a Hacker Convention (Use a VPN)

True story: I once watched a security researcher hack everyone in a Starbucks in about 5 minutes. Just for fun. He bought them all coffee afterward, but still… scary stuff. Check out our public Wi-Fi survival guide if you want the full horror story.

The solution? VPN. It’s like an invisibility cloak for your internet traffic. Without it, you’re vulnerable to man-in-the-middle attacks (yes, that’s as bad as it sounds) and proxyjacking (even worse).

How to Pick a VPN That Doesn’t Suck:

• Strong encryption – Look for “AES-256” (military-grade sounds cooler, but that’s what it means)
• No logs – They shouldn’t keep records of what you do. Ever. Make sure it’s audited
• Kill switch – If VPN fails, internet stops. No exceptions
• DNS leak protection – Stops your ISP from being nosy (they’re always watching)

Technical Implementation:

# Install WireGuard on Linux
sudo apt-get install wireguard

# Generate keys
wg genkey | tee privatekey | wg pubkey > publickey

# Configure interface
sudo nano /etc/wireguard/wg0.conf

5. Your Email Is Basically a Hacker Magnet

Fun fact: 91% of cyberattacks start with an email. Proofpoint’s research confirms what we all suspected – email is where the party starts for hackers. So let’s ruin their fun:

Technical Controls:

• SPF, DKIM, and DMARC: Email authentication protocols that prevent spoofing
• Email Gateway Security: Filters malicious attachments and URLs before delivery
• Sandboxing: Detonates suspicious attachments in isolated environments
• Data Loss Prevention (DLP): Prevents sensitive data from being emailed externally

User-Level Protection:

1. Use unique, complex passwords for email accounts (minimum 16 characters)
2. Enable login alerts and review account activity regularly
3. Configure email client to display full sender addresses
4. Disable automatic image loading to prevent tracking pixels
5. Use encrypted email services for sensitive communications (ProtonMail, Tutanota)

6. Update Your Stuff (Yes, Right Now)

You know those update notifications you keep dismissing? Yeah, stop doing that. CISA’s data shows that most hacks exploit old vulnerabilities that already have fixes. The patches exist! You just need to actually install them. Wild concept, I know:

Automated Update Strategy:

• Operating System: Enable automatic security updates
• Browsers: Use auto-update features and restart regularly
• Plugins: Remove unused plugins, update remaining ones monthly
• Firmware: Check router, IoT device firmware quarterly

7. Backups: Your “Get Out of Jail Free” Card

Real talk – ransomware is everywhere now. It’s like a digital pandemic that never ended. But here’s the secret weapon hackers don’t want you to know about: good backups make ransomware worthless. Can’t ransom data that’s already backed up, right? Check our ransomware survival guide for the full story.

The Backup Formula That Actually Works (3-2-1-1-0):

• 3 copies total (because stuff happens)
• 2 different storage types (don’t put all eggs in one basket)
• 1 offsite backup (in case your house burns down – yeah, it happens)
• 1 offline copy (unplugged = unhackable)
• 0 errors when you test it (please actually test your backups!)

Implementation Best Practices:

1. Automate backups to prevent human error
2. Encrypt backups using AES-256 encryption
3. Test restoration procedures monthly
4. Implement immutable backups that cannot be altered or deleted
5. Use versioning to protect against ransomware that encrypts over time
6. Consider additional secure storage strategies for critical data

8. Your Passwords Probably Suck (Sorry, But It’s True)

Want to feel better about yourself? NordPass found that “123456” is STILL the most common password. In 2024. After literally decades of warnings. We’re doomed.

But seriously, let’s fix your password game:

The “My Password Doesn’t Suck” Checklist:

• Make it long – 16+ characters minimum. Yes, really. I use full sentences sometimes
• Mix it up – ThRoW !n S0me W3!rd StUfF l!kE th!s
• One password per account – I know it’s a pain, but trust me on this
• Keep it random – Your dog’s name + your birth year = you’re getting hacked

Password Manager Selection:

• Zero-Knowledge Architecture: Provider cannot access your passwords
• Cross-Platform Support: Sync across all devices
• Breach Monitoring: Alerts for compromised credentials
• Secure Sharing: Share passwords without revealing them

9. Phishing Isn’t Just Nigerian Princes Anymore

Gone are the days of obvious scam emails with bad grammar. Today’s phishing is scary good – we’re talking hijacked code repositories and AI-written attacks that would fool your own mother. Seriously:

Advanced Phishing Techniques:

• Browser-in-the-Browser (BitB): Fake browser windows that appear legitimate
• Adversary-in-the-Middle (AitM): Bypasses MFA by stealing session cookies
• QR Code Phishing (Quishing): Malicious QR codes in emails or physical locations
• Voice Phishing (Vishing): AI-generated voice calls impersonating executives

Detection and Prevention:

1. Verify sender identity through secondary channels
2. Check URL legitimacy (look for typos, suspicious domains)
3. Never enter credentials after clicking email links
4. Report suspicious messages to IT/security teams
5. Use anti-phishing browser extensions and email filters

For more detailed guidance, see our comprehensive guide on recognizing and avoiding phishing scams and learn about social engineering tactics.

10. Your Smart Toaster Might Be Plotting Against You

I’m only half-joking. With billions of “smart” devices out there – from fridges to doorbells to, yes, toasters – each one is a potential entry point for hackers. And most of them have the security of a wet paper bag:

IoT Security Measures:

• Network Segmentation: Isolate IoT devices on separate VLANs
• Change Default Credentials: Replace factory passwords immediately
• Disable Unnecessary Features: Turn off unused services (UPnP, WPS)
• Regular Firmware Updates: Check monthly for security patches
• Monitor Network Traffic: Use tools to detect anomalous behavior

Router Security Configuration:

1. Access router admin panel (typically 192.168.1.1)
2. Change default admin credentials
3. Enable WPA3 encryption (WPA2 minimum)
4. Disable WPS (Wi-Fi Protected Setup)
5. Create guest network for IoT devices
6. Enable automatic security updates
7. Disable remote management unless required
8. Review connected devices monthly

The Scary Stuff That’s Coming Next (Brace Yourself)

AI Is Now Helping the Bad Guys Too

Remember when we thought AI would just help us write emails faster? Yeah, about that… Turns out hackers love AI too. Here’s what’s keeping security teams awake at night:

• Automated vulnerability discovery and exploitation
• Deepfake-based identity fraud
• AI-generated phishing content that bypasses filters, as seen with WormGPT tools
• Polymorphic malware that changes to evade detection

Quantum Computing Threats

While still emerging, quantum computing poses future risks to current encryption. The NIST Post-Quantum Cryptography standards recommend organizations begin transitioning to quantum-resistant algorithms.

Social Media Privacy Protection

Social media platforms collect vast amounts of personal data. Research shows that the majority of users are concerned about corporate data collection:

Privacy Settings Optimization:

• Review and limit app permissions monthly
• Disable location tracking when not needed
• Limit profile visibility to friends only
• Remove phone number from account recovery (use authenticator apps instead)
• Regularly audit and remove third-party app access
• Enable login alerts for all platforms

Building a Security-First Mindset

Effective data protection requires continuous vigilance and adaptation. The CIS Critical Security Controls emphasize that security is an ongoing process, not a destination. Key principles include:

• Assume Breach: Design systems expecting that breaches will occur
• Least Privilege: Grant minimum necessary access rights
• Defense in Depth: Layer multiple security controls
• Continuous Monitoring: Detect and respond to threats in real-time
• Regular Training: Keep security knowledge current

So, Are We Doomed? (Spoiler: No, But You Need to Act)

Look, I’m not going to sugarcoat it – protecting your data in 2025 is harder than ever. The threats are real, they’re sophisticated, and they’re not going away. But here’s the good news: you don’t need to be a tech genius to stay safe.

These ten strategies? They actually work. I’ve seen them stop attacks that would’ve ruined people’s lives. Will they make you 100% unhackable? Nope. Nothing will. But they’ll make you such a pain to hack that criminals will move on to easier targets. And honestly? That’s the goal.

One last thing – security isn’t just the IT department’s job anymore. It’s on all of us. Companies can have the best security in the world, but if you’re using “password123”, you’re the weak link. Sorry, but someone had to say it.

Want to stay ahead of the hackers? Keep learning. Check out CISA’s advisories (they’re actually readable now), follow the Microsoft Security Blog (they break down the complicated stuff), and maybe bookmark this page. You know, just in case.

The bottom line? The bad guys aren’t slowing down. AI attacks, quantum computing threats, social engineering that would make a con artist jealous – it’s all coming. But you’ve got this. Start with the basics, work your way up, and don’t panic.

Oh, and if you want to really geek out on this stuff, we’ve got deep dives on how AI is being weaponized and managing your cyber risk. Warning: rabbit hole ahead.

Stay safe out there, and remember – when in doubt, don’t click that link. Seriously. Just don’t.

The post Your Personal Data Is Under Attack: 10 Ways to Fight Back in 2025 appeared first on Gridinsoft Blog.

Ransomware encrypted main server “Ethyrial: Echoes of Yore”

On October 19, 2023, ransomware actors successfully attacked the main server of the Ethyrial: Echoes of Yore game. The attackers encrypted all data, including local backup drives – as it usually happens in the course of ransomware attacks. They also left a ransom note demanding payment in Bitcoin for a decryption key.

What is unusual though is the profound impact on all 17,000 player accounts, resulting in the loss of account and character databases. However, game-related files, such as zones, items, monsters, etc., were not lost. Moreover, no customer data was accessed or removed – which is definitely a positive sign for both the developers and users.

Legend says that paying the ransom does not guarantee the return of files. So, faced with the dilemma of trusting the attackers, the developers chose not to negotiate with them. Instead, Gellyberry Studios pledged to restore lost all the info possible manually. To express gratitude for player acceptance and support, impacted users will receive their items and progress back, along with a premium “pet”.

Mitigation

This is not the first time a game publisher has been targeted in ransomware attacks. However, they usually impact the company rather than the players. It’s been a bumpy ride for Gellyberry Studios. The developer outlined security measures it will implement to prevent future incidents in light of the attack. These include:

• Increased frequency of offline account database backups. This solution will reduce the potential impact of any future attacks. So, in case of any security breaches, player accounts and progress can be immediately restored, and the effect of such incidents can be minimized.
• Implementation of a P2P VPN for all remote access to the development server. P2P VPN establishes a secure connection between two or more devices without a central server. This is a reasonable solution, that provides secure networking and additional protection against unauthorized access attempts. It elevates the overall security posture of the development environment.
• Restriction of access to a specific IP address range. By restricting access to the development server within a specific IP address range ensures that only designated IP addresses. By implementing this restriction, the studio reduces the attack surface and strengthens defense against potential external threats seeking unauthorized entry into the server infrastructure.

Although the game servers are currently available, users are prompted to create a new account when logging in. The developer asks players to email echoesofyore@gmail.com to restore the game’s progress. It’ll be interesting to see how the indie team comes out of the other end of this attack and whether or not the majority of those 17,000 accounts affected will return.

The post Ethyrial: Echoes of Yore Ransomware Attack Wiped Player Accounts appeared first on Gridinsoft Blog.

WeChat and Kaspersky products are Banned in Canada

The Canadian government, like many others, is committed to safeguarding government information and networks from potential threats. As part of this commitment, it regularly monitors emerging threats and takes swift action to mitigate risks. Consequently, Tencent’s WeChat and Kaspersky’s suite of applications have been removed from government-issued mobile devices.

Anita Anand, President of the Treasury Board, explained that this decision aligns with a risk-based approach to cybersecurity. It is emphasizes the importance of securing government mobile devices. The banned applications were singled out due to their considerable access to device contents. It is raising concerns about potential data breaches and privacy compromises.

But why so much suspicion towards these two programs?

While suspicions may appear politically motivated to some, they reflect a growing trend in many Western countries to scrutinize the cybersecurity implications of technology with ties to certain nations.

Here’s an example – WeChat, a Chinese messaging app, has been under scrutiny due to China’s history of strict internet censorship and surveillance. With over 1.2 billion active users worldwide, WeChat’s reach is extensive. However, its close alignment with the Chinese government’s regulations and laws raises concerns about data privacy and potential government access to user data.

Kaspersky, a Russian cybersecurity vendor, faces suspicions linked to Russia’s history of cyber espionage and interference in other nations’ affairs. Moreover, Eugene Kaspersky himself was once working for FSB, which means life-long ties with the Russian special services. The worry is that Kaspersky’s products could be exploited to facilitate Russian cyberattacks. The U.S. government’s ban on Kaspersky products from its devices heightened these concerns.

Implications for Canadians

The ban on WeChat and Kaspersky applications in Canada represents a significant development in the context of national security and data privacy. Canadians should stay informed about the potential risks associated with these apps and take proactive measures to safeguard their digital lives.
The ban has several implications for Canadians:

• Those using WeChat and Kaspersky on their government-issued mobile devices must remove the apps by October 31, 2023, or potentially face disciplinary actions.
• The ban does not extend to the general public, but users should be aware of the associated risks and potential data privacy concerns.
• Businesses employing WeChat and Kaspersky should also be cautious and take steps to safeguard their data and their clients’ information.

This decision is part of a broader international trend. Where Western governments are taking measures to restrict the use of Chinese and Russian technology. While some criticize it as discriminatory, others defend it as a necessary step to ensure national security.

Is it Safe to Use Russian and Chinese Software?

The safety of using Russian and Chinese software has been the subject of much scrutiny. It is recently due to concerns about data privacy and national security. Both countries have been associated with government surveillance and cyber espionage, raising doubts about the integrity of their software products. In light of the developments described above, we recommend using analogs of similar software. It keep your data and your organization safe. Info about one person is not valuable, while info about millions of people can give serious hints in politics, economy and other large-scale topics.

The post WeChat and Kaspersky Ban in Canada – What You Should Know? appeared first on Gridinsoft Blog.

What is MOVEit MFT?

MOVEit is a software solution that allows convenient and secure data transfer inside the organisation. The product under this brand name has a long story that begins in 2002, and on its path got the cloud storage feature and support of mobile platforms. Solutions of such kind gained significant popularity since the companies started bearing on electronic document management. Retaining diligent security level for that process is tremendously important, as such apps are used to transfer any kind of corporate documents.

MOVEit MFT 0-day Allows to Steal Data

According to the advisory published by the Progress, the vulnerability in MOVEit MFT allows for unauthorised access that ends up with remote code execution. The vulnerability also relies on two HTTP ports – 80 and 443. Known cases of this vulnerability usage were bearing on an SQL injection that grants hackers access to the MOVEit MySQL server. Researchers detected a sample of the webshell code uploaded to VirusTotal – it is completely undetected. The consequent requests to the database tries to pick the password, and once the input is correct, the door is open. After the successful penetration, hackers get access to the list of the files, and possess the ability to add new and download what is already present.

The list of the vulnerable and secure MOVEit versions is as follows:

Security Advisory for Vulnerable Versions

Aside from the update request, developers released a list of recommended actions. The only solution is banning the connections via the aforementioned 80 and 443 ports in the firewall rules. Though, it is not lossless – without the access through these ports, users will not be able to log into the web interface; built-in automation tasks as well as some of the APIs and add-ons will not work either. After this manipulation, Progress still recommends checking the logs for potential attempts of malignant access and updating the software.

The post MOVEit MFT 0-day Vulnerability is Used to Steal Corporate Data appeared first on Gridinsoft Blog.

1.Use Tor for Ultimate Privacy

First and foremost, it’s essential to choose a browser that offers advanced privacy protection features, such as Tor . By using Tor, your online activities become untraceable since it encrypts your traffic. Sure, it is not the best option for everyday usage, but will fit well to conduct activities that require increased level of privacy.

When you use the Tor browser, your traffic is routed through a chain of Tor servers known as “relay nodes” or simply “nodes”. The data is first encrypted and then progressively decoded one layer at a time in each node. The encrypted data then passes through an ingress/protection node, several relay nodes, and an egress node, leaving no trace of your IP address, but only the IP addresses of previous and subsequent nodes.

Tor is a powerful tool for protecting your privacy online, which provides data encryption and anonymization of your IP address. However, it is important to remember that using Tor does not guarantee 100% protection of your privacy, so you should be careful and follow the security rules.

2.Don’t Forget about Incognito Mode

Next, enable the privacy or anonymity mode available in most browsers. This mode does not store your browsing history, cache, or cookies, which helps to protect your privacy.

Incognito mode simply does not save your browsing information. Sites can still track your IP address, operating system, browsing behavior, and other details they can use to identify you.
Incognito mode simply does not save information on the computer. It does not prevent sites from tracking you while you browse. If a site uses tracking technologies, it will still be able to see you and track your activities.

3. Use Special Browser Extensions and Install Updates

Browser extensions are also an excellent option to enhance your privacy protection. Many extensions block tracking and advertising, which can help you maintain your privacy while browsing the web. Some may also block the script’s execution and show you if the website gathers any data about you. Still, it’s important to use well-proven plugins rather than just baubles which only imitate the effect or even make the website malfunction by excising some of its elements.

Also, ensure that your web browser is always up to date with the latest version to take advantage of any security improvements and patches that could prevent possible attacks.

Criminals constantly find new ways to attack users and gain access to personal information. Developers are usually quick to find browser vulnerabilities and improve security with each new version. If you haven’t updated your browser for a long time, then there is a high possibility that you will become a victim of information theft.

Apply Reliable Password Storages to Improve Privacy

Avoid saving passwords and payment information in your browser, as it could jeopardize your privacy if someone else gains access to your device or computer. In this way, your private and payment information can simply be stolen by criminals who somehow gained access to your computer. Therefore, it is better to store passwords and private information with a password manager, or in a “safe place”, such as encrypted documents.

Picking the password-storing tool is either not an easy task. Fortunately, the Internet never forgets, thus any data breaches or cyberattacks related to a certain app will likely appear in the search results. Do a diligent search before trusting a service not only with your money but also with keys to all your private information.

Use Virtual Private Network (VPN) Service

Finally, use a VPN (a virtual private network) to safeguard your online privacy further. VPNs encrypt your traffic, preventing it from being tracked or monitored by anyone. Moreover, it makes it impossible for website masters to filter your traffic depending on your IP address. The latter will always be one of the VPN provider’s, which is generally different from your location.

VPN has numerous applications, but it is almost essential when you use Wi-Fi in public places. Such networks are usually unprotected and may easily be scanned by hackers. But it is worth remembering that choosing a VPN should not be less careful than choosing a password manager. For example, free VPNs can also collect your personal information, payment details, etc. And the providers of such a VPN will sell this information about you. It is especially probable with “free” services, that monetize the server time spent for you by selling data. Before downloading, it’s worth doing a little research and choosing a provider with a strict privacy policy and one that won’t log your online activity.

The post 5 Tips to Improve Your Privacy on the Web appeared first on Gridinsoft Blog.

The basics of VPN encryption

A VPN encrypts all your Internet traffic so it can only be decrypted using the correct key. Before leaving your device, the outgoing data is encrypted and sent to the VPN server, which decrypts the data using the appropriate key. From there, your information is sent to its destination, such as a website. This way, the encryption prevents anyone who can intercept the data between you and the VPN server from decrypting the content. This could be your ISP, a government agency, or hackers. In some cases, they may be synonymous with each other.

With incoming traffic, the same thing happens, only in reverse order. For example, when the data comes from a website, it goes to the VPN server first, gets encrypted, and arrives at your device. Your device decrypts the data, and you can browse the website as usual. All of this ensures that your Internet data remains private and does not fall into the hands of unauthorized parties. But, of course, if the VPN provider does not keep much data about its users and will not provide it by order of the police.

Encryption types may differ in the following ways:

• The persistence of encryption, or the method and degree to which your data is encrypted.
• How encryption keys are managed and exchanged
• What interfaces, protocols, and ports do they use
• What OSI (Open Systems Interconnection) layers do they operate on
• How easy is it to deploy
• Performance (read: speed)

Difference between IPSec and SSL: Security

In a nutshell, a slight advantage in favor of SSL. IPSec connections require a shared key on both the client and the server to encrypt and send traffic to each other. However, sharing this key allows attackers to hack or capture the pre-shared key. SSL VPNs are devoid of this problem because they use public key cryptography to negotiate the handshake and exchange encryption keys securely. Unfortunately, TLS/SSL has a list of other vulnerabilities, such as Heartbleed.

Some SSL VPNs allow untrusted self-authenticating certificates and do not verify clients, which are especially common in SSL VPN browser extensions. Such virtual private networks allow anyone to connect from any computer and are vulnerable to man-in-the-middle attacks. However, this does not apply to most of OpenVPN’s clients. Likewise, SSL usually requires frequent patches to update the server and the client.

The lack of open source for IPSec-based VPN protocols may worry people who fear government spies and spyware. Thus 2013, Edward Snowden reported that the U.S. National Security Agency’s Bullrun program was actively trying to “insert vulnerabilities into commercial encryption systems, IT systems, networks and communication endpoints used by targets.” The NSA allegedly used IPSec to add backdoors and side channels that hackers could exploit – even the ones hired by the government. In the end, strong security is likely the result of experienced and careful network administrators, not protocol choices.

Firewall traversal

In short, SSL-based VPNs are better suited for bypassing firewalls. However, most Wi-Fi routers and other network equipment contain NAT firewalls. So they reject unrecognized Internet traffic and data packets without port numbers to protect against threats. IPSec encrypted packets (ESP packets) do not have default port numbers assigned to them. Therefore, NAT firewalls can intercept them, which can interfere with IPSec VPN workflow.

To avoid this, many IPSec VPNs encapsulate ESP packets into UDP packets. This assigns the data a UDP port number (usually UDP 4500). Although this solves the problem of NAT traversal, your network firewall may not allow packets through this port. Thus, network administrators at airports, hotels, and other locations may only allow traffic through certainly required protocols, and UDP 4500 may not be one of them.

SSL traffic can go through port 443, which most devices know as the port used for secure HTTPS traffic. Since almost all networks allow HTTPS traffic through port 443, it is likely to be open. In addition, although OpenVPN uses port 1194 by default for UDP traffic, it can be redirected through UDP or TCP ports, including TCP port 443. This makes SSL more helpful in bypassing firewalls and other forms of censorship that block port-based traffic.

Speed and reliability

Although both are reasonably fast, IKEv2/IPSec negotiates connections faster. Most IPSec-based VPN protocols take slightly longer to negotiate connections than SSL-based protocols. However, this does not apply to IKEv2/IPSec. IKEv2 is an IPSec-based VPN protocol that is more than a decade old. Nevertheless, it is still popular among VPN providers. Its crucial feature is quickly reconnecting whenever the VPN connection is interrupted. This makes it especially useful for mobile iOS and Android clients who don’t always have a reliable connection or frequently switch between Wi-Fi and mobile data.

As for the actual bandwidth, things are not clear here, as there are arguments on both sides. However, according to some claims, IKEv2/IPSec can offer higher throughput than OpenVPN, although both protocols typically use 128-bit or 256-bit AES encryption. The extra layer of UDP that many ISPs add to IPSec traffic to help it pass through firewalls adds to the load. This means that more resources may be required to process it. However, most people won’t notice the difference because, in most consumer VPNs, throughput is determined by server and network congestion, not the VPN protocol.

Ease of use

IPSec is more versatile, but most VPN provider applications users will not notice the difference. Because IKEv2, SSTP, and L2TP are built-in IPSec-based VPN protocols in most major operating systems, they do not necessarily require an additional application to run and work. However, most consumer VPN users will still use an ISP application to connect. In addition, although SSL works by default in most web browsers, you will need a standalone application to use OpenVPN. From an end-user perspective, IKEv2 offers a more user-friendly interface. This is because IKEv2 connects and handles interruptions faster. That said, OpenVPN is more versatile and may be better suited for users who can’t get what they need with IKEv2.

If we talk about corporate VPNs, they aim to provide access to the company network, not the Internet. The consensus is that SSL is better suited for remote access, and IPSec is preferred for VPNs between networks. Because IPSec operates at the network layer of the OSI model, it gives the user full access to the corporate network regardless of the application. Consequently, restricting access to specific resources can be more difficult. On the other hand, SSL VPNs allow businesses to control remote access to specific applications at a fine level.

Generally, network administrators who work with VPNs find that client management using SSL is much easier and less time-consuming than using IPSec.

Conclusion

If you have both options, we recommend using IKEv2/IPSec first, and if you have any problems, try OpenVPN. IKEv2 connection speed will be more comfortable for everyday VPN users while offering comparable security and speed. However, it may not work in some circumstances. Until recently, OpenVPN/SSL was considered the best VPN combination for most consumer VPN users. It is fast enough, secure, open-source, and can overcome NAT firewalls. It can also support UDP or TCP.

In turn, IKEv2/IPSec is a new competitor to OpenVPN. It improves L2TP and other IPSec-based protocols with faster connections, excellent stability, and built-in support for most new consumer devices. In any case, SSL and IPSec boast reliable levels of security with sufficient bandwidth, safety, and ease of use for most commercial VPN service customers.

The post Difference Between IPSec and SSL appeared first on Gridinsoft Blog.

Why Ransomware Protection Matters?

The problem of ransomware protection is pretty hot since more than a dozen ransomware groups target different categories of users. Each has different spreading ways, disguises, and toughness. Some of the ransomware¹ attacks may be decrypted due to the recklessness of its developers, some have design flaws that make the cipher decryptable with the simple brute force.

To avoid such reactions, we will show you how to protect yourself when you are an individual user and in the corporation, bearing on typical tricks they use. Moreover, we’ll also explain the working steps of protecting against ransomware.

Is Protect Against Ransomware Your PC Important?

First, let me explain why ransomware attack is such a bad omen. It is not only about making your data inaccessible. Several other malware types prevent the users from accessing the files. However, they did not get any significant spreading. Things like screen lockers, archiving, and shortcutting malware ceased to exist – not just because of a bad accident. That is why it is vital to find a good and working ransomware attack protection solution.

Ransomware (at least most) uses a tough cipher that makes it almost impossible to get your data back. Even if you use a modern quantum computer, you’ll probably spend several thousand years decrypting this cipher.

NOTE: The list of dangerous ransomware includes: avaddon ransomware², STOP/Djvu ransomware, lockBit ransomware³, makop⁴, etc.

But it is still not the only disaster – some ransomware samples carry spyware attacks together with their main payload and collect all credentials it can reach. Unfortunately, nobody (despite crooks on their own) can delete the stolen credentials. That is why it is important to find working solutions for best ransomware protection software to be armed.

File recovery after a ransomware attack is complicated if you are not going to pay the ransom. Modern ransomware variants can disable Volume Shadow Copies, OneDrive backups, and other popular backup methods. Crooks often scares the victims that any attempt at file recovery will lead to data loss.

They may also say that your data will be deleted if the ransom payment demand is unmet. While the first thing is partially true, the second is a complete lie – to scare you and force you to pay the ransom. However, dealing with the consequences of an attack is never a pleasant case. Let’s figure out how to prevent ransomware attacks.

You can explore some working tips to protect yourself from ransomware in the picture above.

Tips to Prevent Ransomware Attacks

The advice on how to stay secure depends on your environment. Crooks will apply different approaches to attack the individual user or company employee. Even when you are working from home on your personal computer, you will be attacked differently when crooks aim at your PC and the whole company.

1. Don’t use dubious/untrustworthy sources of software, films and other risky stuff. Around 90% of ransomware cases are accounted for by the use of third-party sites to get the program or film they want without paying a penny.
2. Remember – the only thing for free is a piece of cheese in a mouse trap. Major players of the ransomware market, such as STOP/Djvu, even create their one-day sites that mimic the forums with hacked software or pages with new films to download for free. Torrent trackings that are spread through these sites contain a payload that executes as soon as the downloading is over.
3. Don’t open email attachments from unknown senders. Crooks will try to mask their email addresses to look legitimate, but an attentive look at them will show you the truth.
4. If you are not sure if the email from Amazon you’ve received is a real one, don’t be too lazy to check the list of real Amazon support/delivery email addresses. And don’t be naive – no one will offer you to get a prize for a lottery you never took part in.
5. Be careful with software you’ve found on the forums or social networks. Not all of them are dangerous, and not all of the dangerous ones carry ransomware. But still, using such programs is like buying drinks in a dirty doorway.
6. You never know if it is good or counterfeit, but you definitely know who to blame for your heavy hangover the next day. This spreading way is rare but must not be crossed out, especially considering the high trust in such apps.

Tips to Prevent Ransomware Injection in Corporation

These tips will be useful for both administrators and employees who have to deal with potential attack surfaces. Generally, attacks on companies are committed with specific methods and ones that repeat the attack vectors on individuals. Thus, you may see the things that are common in both situations.

• Use the protected RDP connection. RDP brute force attacks are one of the most widespread attack vectors. They are used to deploy ransomware, spyware, advanced persistent threats, and only God knows what else.
• Controlling this moment is essential; it will be ideal if system administrators will set all RDPs on their own – to prevent any wrong moves. Brute forcing the RDP connection is available only when the ports used to establish the connection are not secure. Unfortunately, these ports are used by default, so inexperienced users who set up the RDP for the first time will likely choose them
• Cluster the internal corporate network. Most companies have all the computers connected to a single local network inside a single office. Such a step eases the management but makes it much easier to infect. When there are 4-5 pieces, each of them controlled by a separate administrator PC, and only then – by the domain controller, hackers will likely fail to make it through.

Sure, one segment of this network will likely be down, but all others will be OK, and your office will not be idle, having any ability to use the computers.

Tips and ransomware prevention best practices that can help.

• Apply the 2FA for logging into all vulnerable places. To extend their presence in the infected network, attackers try to steal credentials or brute force all places that may be used to spread the malware in the network. Their final target is the domain controller – the computer that handles the whole network and has access to the servers. Its protection must be as high as possible.
• Initiate regular password changes among the personnel. Some known attacks happened after the password leak from one of the networks. Besides that, advanced attacks may last for several months – and suddenly changed passwords will confuse their cards. So changing the passwords on the internal accounts is about to happen every 4-6 weeks. It may look like it too often, but believe me – that’s worth it.

As a postscript, I want to recommend avoiding some common passwords – “qwerty,” “12345”, or something like that. The success of brute forcing particularly bears upon such easy passwords. Even the cheapest (or free) password databases for brute forcing contain them. Use strong passwords so that they cannot be cracked – this is one of the main key to success.

* PLEASE NOTE: Another widespread mistake is adding some personal information to the passwords. Your or your spouse’s birth date, the name of your pet, and the date you joined the company are all effortless to figure out with open-source intelligence. Keep that in mind when creating such an important thing!

Show the employees how to distinguish the counterfeited email. While individuals rarely fall victim to email scams, companies are the primary targets of such an event.

*Cybercriminals are not lazy to create some ingenious disguise for their emails. They may mimic the requests to your tech support, offers from other companies, notifications about the bills the company needs to pay, and so on. There is nothing dangerous in seeing the exact message, but any links in it and attached files expose you to potential danger.

It is better to avoid interacting with them at all, but if it may inflate your working process, check the sender’s address meticulously. Companies’ officials never text you from personal email addresses and never contact you.

*I WANT TO REMIND: It is essential to choose the best ransomware protection solution for yourself to protect yourself and your PC. After studying the necessary materials and research, you protect your PC from adware, spyware, ransomware, and other threats.

The best anti-ransomware protection is possible when you have constant database updates and, more importantly, proper proactive protection. These two things will already give you a pretty high protection ratio.
Nonetheless, the problems of most of the mass-market antiviruses don’t disappear: they still may overload your CPU/RAM, as well as scatter your privacy by sending a lot of telemetrics.

That’s why I’d recommend the one that does not have both of those disadvantages – Ransomware Protection & Removal Tool. Its databases are updated every hour, and the overall CPU and RAM consumption is low enough to fit even the weakest systems.

Proactive protection, based simultaneously on heuristic engine and neural network, will make your device much more protected from most of the malware types.

The post The Best Ransomware Protection for 2024 appeared first on Gridinsoft Blog.

Using these vulnerabilities, attackers could remotely steal files from computers running Windows or macOS.

“I really wanted to find a major security flaw in a well-known and widely used service, and I felt like WhatsApp was a good start. So I gave it a go since I already had some clue of existing security flaws in WhatsApp mobile and web applications. I managed to find four more unique security flaws in WhatsApp which led me all the way to persistent XSS and even reading from the local file system – by using a single message”, — writes Gal Weizman.

In particular, the specialist discovered a potentially dangerous vulnerability such as Open Redirect, which allows conducting an XSS attack by sending a specially crafted message. If the victim sees a malicious message, the attacker can execute arbitrary code in the context of the WhatsApp domain.

Another problem was the incorrectly configured Content Security Policy (CSP) on the WhatsApp web-domain, which allows downloading useful XSS-loads using iframes from a site controlled by an attacker.

“If the CSP rules were correctly configured, the impact of the XSS attack smaller. The ability to bypass the CSP configuration allowed an attacker to steal valuable victim information, easily load external payloads, and much more”, – noted the expert.

Weizmann demonstrated a remote file attack via WhatsApp, gaining access to the contents of the hosts file from the victim’s computer. According to the researcher, the open redirect vulnerability could also be used to manipulate URL banners – a preview of the domain that WhatsApp displays to recipients when they receive a message containing links.

“It is 2020, no product should be allowing a full read from the file system and potentially a RCE from a single message”, – summed up Gal Weizman.

Weizmann announced in Facebook his discovery, and the company released a revised desktop version of the messenger.

What a dumb thing is WhatsApp, only I recently wrote that attacker in a WhatsApp group chat could disable messengers of other participants. However, the Internet and real world are quite dangerous too.

The post Dangerous vulnerabilities in WhatsApp allowed compromising millions of users appeared first on Gridinsoft Blog.

Alas!

The browser starts to act stupid, redirecting and taking you places filled with creepy adverts or worse yet, issuing warnings of possible harm if you don’t “Update Your Flash Player.” And while the naïve would likely fall for the trap, smart and tech-savvy individuals may automatically note the adware running in the background. But as ubiquitous as the phenomenon is, adware attacks are a discreet way cyber criminals are using to make money off the unsuspecting.

Though it is probably the most popular way of telling that you are under attack, there are other subtle and perhaps less ferocious cyber attacks. There’s a form of adware gradually going mainstream. Besides redirecting, the virus goes ahead and alters your default search engine to something weird.

You start your PC, ready to browse the web, but once you key in whatever you need to search the web, you are redirected to a page with bizarre search results. It happens often and hurts the unsuspecting!

Pop-ads are yet another sign your computer is under an immense adware attack.

Simple as they appear, these pop-ads can be a source of immense misery, hurt your typical browsing habits and perhaps steal valuable data as you browse.

Many other times, these malicious occurrences make the PC act slower than it normally does, including lowering the average browsing speed and how the computer executes simple tasks. Of course, the phenomenon becomes more suspicious when you note the occurrence yet your PC doesn’t have a heavy program running or when you’re connected to a fast internet.

How Adware Works

Generally, these malicious tools are embedded into ‘free-ware’ or pirated software and act as part of a bundle of payment to the proprietor of the freely downloaded software.

Adware is simple software that comes with integrated advertising materials, including those that trigger redirects and pop-ups.

Mostly, the adware is activated whenever the tool that it is embedded in runs and the PC is connected to the internet.

At the moment, many software developers offer their products as “sponsored software” so that the ad pays for the free services provided. It is a pretty common type of adware and may continue until the user pays to register and thus unlock the ad off the software.

Regardless of how they work, these malicious attacks are very much annoying. Pop-ads waste a lot of time, while redirects and the slowing down of the PC hurt the ordinary performance of the computer. Aside from these, adware can set the stage for various other attacks, including spyware, ransomware and virus attacks.

How to avoid Adware

Tip #1 Never click any suspicious-looking pop-up windows and ads
Tip #2 Don’t answer or reply unsolicited emails and messages
Tip #3 Exercise utmost caution when downloading free software applications

Above all, invest in the best malware removal software. GridinSoft Anti-Malware does a great job!

The post Adware Everywhere: Who Knows What Is Happening? appeared first on Gridinsoft Blog.

1. Update your software: Before you leave for vacation, make sure your laptop’s operating system and security software are up to date. This will help protect against known vulnerabilities and keep your computer secure.
2. Use a strong password: Use a strong, complex password to protect your laptop. Avoid using common passwords like “password” or “123456,” and consider using a password manager to keep track of your passwords.
3. Enable two-factor authentication: Two-factor authentication adds an extra layer of security by requiring a code in addition to your password. Enable this feature on your laptop and any accounts you access while traveling.
4. Encrypt your data: Encrypting your data can help protect it from unauthorized access. Use software like BitLocker or VeraCrypt to encrypt your hard drive, and consider encrypting any sensitive files you’ll be traveling with.
5. Use a VPN: A virtual private network (VPN) encrypts your internet traffic and hides your IP address, making it harder for hackers to intercept your data. Use a reputable VPN service when accessing public Wi-Fi networks.
6. Be cautious on public Wi-Fi: Public Wi-Fi networks can be vulnerable to cyber attacks. Avoid logging into sensitive accounts or transmitting sensitive data when using public Wi-Fi networks.
7. Disable automatic Wi-Fi connections: Many laptops are set to automatically connect to available Wi-Fi networks. Disable this feature to prevent your laptop from connecting to unknown or unsecured networks.
8. Back up your data: Make sure you have a backup of all your important data before you leave on vacation. This will protect your data if your laptop is lost, stolen, or damaged.
9. Use a laptop lock: A laptop lock can help deter theft when you’re out in public. Use a cable lock to secure your laptop to a fixed object, such as a desk or table.
10. Keep your laptop with you: Finally, the best way to protect your laptop is to keep it with you at all times. Don’t leave it unattended in public places or in a hotel room, and always keep it within your sight when traveling.

Following these tips can help keep your laptop and data secure while on vacation.

Safe travels!

The post 10 Tips to Secure a Laptop on Vacation 🏝️ appeared first on Gridinsoft Blog.

• CIH, 1998

  This virus was created by a student from Taiwan whose initials were CIH. It had spread across the network on April 26 – the date of the Chernobyl accident, so many users call it simply – Chernobyl. This virus is dangerous because it not only overwrites data on the host PC’s hard drive, making it unusable, but it is also capable of overwriting the BIOS of the host. After this, the PC can’t boot up. For the time being, CHI or Chernobyl has infected nearly half a million PCs worldwide.

• Morris worm (1998)

  The first ‘Worm’ virus. It gained a huge amount of attention via the press, and the creator was the first person convicted in the USA under Computer Fraud and Abuse Act. November 1998 was the month when one virus paralyzed the entire Internet’s work, resulting in direct and indirect losses totaling $96 million. It crashed a lot of PCs because of a minor mistake in its’ code – it continued installing on one PC an unlimited number of times, causing the total death of the system.

• Melissa (1999)

  On Friday, March 26, 1999, a new problem appeared– Melissa. It’s an email-based virus. You received an e-mail that contained just one sentence, “Here is that document you asked for…don’t show anyone else. ;-),” with an attached Word document. Nowadays, we understand that it is a virus, but in 1999, it was something new. Those who opened the DOC file (thousands did so) allowed the virus to infect their system and send this e-mail to all the contacts in your e-mail account using your name. Even worse, this virus modified users’ Word documents with quotes from the TV show “The Simpsons. The cybercriminal responsible was caught and sentenced to twenty months’ imprisonment.

• ILOVEYOU (2000)

  The most romantic one on our list of dangerous viruses is the ILOVEYOU virus. Maybe because of its lovely name or insidious strategy, it infected 45 million users for two days! The CHI virus would have taken about two years. So how did it work? A person receives an e-mail with a ” LOVE-LETTER-FOR-YOU ” file with a VBS extension (Visual Basics script). When entered into the system, it would replace all your files, images, and music and then spread itself to all your contacts. The damage was enormous – no one had expected this type of virus. And do you know what? The creator was found but wasn’t charged for this crime because the Philippines had no laws against cyber criminals then.

• Code Red (2001)

  July 13, 2001 – The day when another virus infected the Web. This time, you didn’t need to install a malicious file or even open the e-mail. Code Red or Bady virus just needed an Internet connection that changed the Web page you opened by displaying the text “Hacked by Chinese!”. It spread quickly, and it took less than a week to infect almost 400 000 servers and nearly one million damaged computers.

• MyDoom (2004)

  My Doom appeared in the malware world on January 26, 2004. Not for days, but for hours it infected nearly 2 million PCs! So how did it work? It came as an attachment to an e-mail with an error message containing the text “Mail Transaction Failed.” When you clicked on the attachment, it duplicated this e-mail to all addresses found in your address books. To stop this invasion was tough because the virus blocked access to the sites of antivirus software developers and Microsoft update services.

• Sasser (2004)

  This virus impressed the world because it managed to shut down the satellite communications for French news agencies and even led to the cancellation of several Delta airline flights. Impressive, isn’t it? Instead of e-mail, this virus used a security flaw in non-updated Windows 2000 and Windows XP systems to break into the system. Once the virus infected a computer, it looked for other vulnerable systems. Infected systems were experiencing repeated crashes and instability. Interestingly, this virus was written by a student who released the virus on his 18th birthday. He was fortunate because he wrote the code when he was a minor, so he just got a suspended sentence.

• Bagle (2004)

  At the beginning of 2004 new virus appeared – The Bagle worm. It has a classic method of infection – via e-mails. Why have we put it on the list? Because this virus is the first one created to make a profit by gaining access to financial, personal, and other information. Since then, a malware-for-profit movement has appeared and is currently a huge problem for many users and antivirus companies.

• Conficker (2008)

  Worm Win32 Conficker or just Conficker is a very insidious virus written to attack the Microsoft Windows systems. Using OS vulnerabilities, “Conficker” slipped unnoticed by antivirus programs, and even worse, it blocked access to their databases and updates for the OS. The names of all services were substituted, and the virus was registering in different parts of the system, so it was almost impossible to find and destroy all its fragments. There were more than 12 million infected computers worldwide, and it taught antivirus companies and OS providers a harsh lesson to improve their security.

• Stuxnet

  Last but not least was the worm called Stuxnet. It was discovered in 2010, and you’ve probably already heard about it. It targeted industrial control systems that monitor and control large-scale industrial facilities, including power plants, dams, waste processing systems, and chemical and nuclear operations. It allows the hackers to take control of every important system control without being noticed. This is the first-ever attack that allows cybercriminals to manipulate real-world equipment and bring huge damage to world security. Iran has suffered the most damaging effects of Stuxnet (nearly 60 percent of all the damage caused)..

So, as we can see, it took less than 20 years to develop viruses from the commonplace spam e-mail to a massive threat to the world. What will be next? Will antivirus programs be capable of protecting us in the future? And what about world peace? There are a lot of questions, and there are no definite answers. Leave a comment below. What do you think awaits us in the future of viral progression?

The post Top 10 Deadliest Virus in appeared first on Gridinsoft Blog.