4/13/16 Weekly Security News: Petya Ransomware cracked, Wal-Mart scam resurfacing, and Chinese antivirus left exposed

This week started out a little slower, but some fairly interesting topics came up. First, there's good news for anyone with a system infected with the Petya Ransomware, second, reports of the Wal-Mart Mystery Shopper scam seem to be resurfacing, and third, a Chinese antivirus software was left exposed after they accidentally whitelisted malware.

4/11/2016,CIO: “Experts crack Petya ransomware, enable hard drive decryption for free.”

Some especially good news, CIO reported that experts from the online tech-support website, “BleepingComputer.com,” were able to find a way around the Ransomware known as “Petya.” This form of Ransomware was simple but effective, not actually encrypting your files but still locking you out of your system by preventing it from booting properly. Essentially, the Ransomware would encrypt one particular file that the system needs to start the OS, and so a user would be locked out of their files. Restoring or rebuilding were about the only options, until now. 

An expert at “BleepingComputer” was able to find a way to crack the key needed to restore this file and allow the system to boot properly. It still can be a little complicated for inexperienced people, but it works to reverse the effects of this Ransomware without having to pay the attackers. More specific instructions can be found in the article.

4/11/2016,CSO Online: “Walmart mystery shopper scam resurfaces.”  

An old scam seems to be coming back for another go, targeting shoppers at Wal-Mart, CSO Online reports. The scam claims to be a “mystery shopper” program where the victim is sent a check for up to $2000 to shop at Wal-Mart and rate their experience. The trick is, to sign up for the program, the victims have to go online and fill out a form containing their name, address, date of birth, and even SSN: plenty of information in order to steal someone’s identity. The checks are also fake and entirely worthless to the recipient. Wal-Mart itself has issued warnings to the public about this scam, and made it very clear that they do not utilize such services, but the scam must be fairly successful as it has been around for the last 5 years. 

4/11/2016,Security Week: “Cybercriminals Trick Qihoo 360 into Whitelisting Malware.”

Malware makers are becoming increasingly crafty. Last week, cyber-criminals managed to trick the Chinese antivirus software Qihoo into whitelisting their malware. Bribing employees of a gaming company in China, they placed their malware in with the company’s legitimate software to be whitelisted by Qihoo 360. Whitelisting essentially just marks software as being safe, so that the antivirus doesn’t block it from being installed. In this case, anyone who used Qihoo’s antivirus, which is fairly common in China, was vulnerable to the malware, because the software would not recognize that the malware was dangerous.


That’s all for this week, check back next Tuesday for further news from across the web, all here at Astria Horizon. If you want more information on how Astria Business Solutions can assist you in your Information Security goals, visit our website at AstriaBiz.com