Blockchain Consultants

Blockchain Transformations Done Here

ransomware

How Can Blockchain Reduce Cyber Risks?

by

How Can Blockchain Reduce Cyber Risks

If you are new to the concept of Blockchain and wondering what roles it plays in reducing and preventing cyber risks, this article has got you covered. Let’s delve deeper and get started.

Table of Contents 

  • Overview 
  • Role of Blockchain in Combating Cyber Risks
  • Concluding Lines 

Overview 

As technology is progressing, the vulnerability risks associated with cybersecurity are catching up at a rapid rate. Considering the complexity and risk associated, there is an urgent need to protect the entire system.

Today, cyber-attacks have become more complicated due to advanced ransomware and the increasing threat of professional cyber organizations. Blockchain is gaining momentum these days as a result of the rising incidence of cyberattacks. Blockchain describes itself as a peer-to-peer(P2P), decentralized distributed ledger that operates without involving any central authority. Due to its decentralized, immutable, and transparent nature, Blockchains can help in improving cyber defence and preventing fraudulent activities from taking place.

Want to gain an in-depth understanding of Blockchain and become a Certified Blockchain Expert? We are here to assist you.

Role of Blockchain in Combating Cyber Risks

Let’s delve deep and explore the role of Blockchain technology in reducing and preventing cyber risks.

Authentication and Authorization control

Restricting only authorized parties to access the appropriate task is one of the common concerns for organizations. In public Blockchain, there is no need to control network access as everyone has the right to participate and access the entire network. But private Blockchains require appropriate security controls to protect network access from unauthorized users. But as the technology is advancing, it is incorporating authentication and authorization controls to provide authentication, authorization, and encryption to adequately guard data access. 

But what if by chance an attacker or any third-party gains access then? In that case, he will not be able to read or retrieve any information stored on the Blockchain network. Thus technology helps maintain confidentiality by utilizing cryptographic algorithms, which are hard to break. 

Use-Case in Threat Intelligence 

Threat intelligence is a high-level process that involves gathering valuable insights about an emerging or existing cyberthreat. But the major issue related to threat intelligence is that companies spend a lot of time researching the same threats, while others are left unnoticed. Blockchain, with its decentralization, peer-to-peer oriented architecture, can help in maintaining synchronization between different parties, thus transforming the threat intelligence process. 

Moreover, Blockchain’s decentralized infrastructure also acts as an anti-tampering infrastructure that helps detect everything in real-time. Even if an attacker tries to delete every proof of his presence by deleting every log which can link him with an incident, Blockchain’s immutable design does not let it happen.

Data Consistency and Integrity

Maintaining data consistency and ensuring Integrity is crucial for all organizations and enterprises. Blockchain’s ability to offer immutability and transparency ensures data integrity. Technology makes use of sequential hashing and cryptography, and this combination makes data tempering almost impossible. The technology ensures that all transactional records are digitally signed and timestamped, meaning organizations can trace back each transaction and identify the corresponding party whenever required. In the Blockchain, non-repudiation is ensured, meaning no one can deny the transaction and behavior in the transaction, which further ensures the reliability of the system.

Ensures Accuracy and Quality of the Information 

Blockchain helps prevent cyberattacks, but it also helps in ensuring accuracy and maintaining the quality of information. While it can not guarantee or enhance data quality, it is responsible for the information’s accuracy and durability after it has been entered into the Blockchain. As long as the data input is reliable, Blockchain technology can act as a powerful tool for transforming data output, as the technologies’ near real-time capabilities allow companies to validate transactional data quicker and take more constructive measures.

Ensuring Timely and Reliable Access

Availability is another use-case where Blockchain could be put to use. DDoS, being one of the most common types of attacks, can cause the most disruption to internet services, and Blockchain can provide a viable solution in dealing with this. Although technology has already suffered from a DDOS attack in the past, this is something that is not frequent.

DDoS attacks on blockchains are not regular. This is because they are costly as they strive to defeat the network with large volumes of small transactions.

Concluding Lines 

As we have read, it is clear that Blockchain is much more than just cryptocurrencies. It has the potential to be applied to multiple industries as a trusted infrastructure. As far as you will dig Blockchain, you will realize its capabilities and possibilities, ranging from a vast spectrum of functionalities and covering various use cases. The true potential will be realized in the subsequent years that will decide where Blockchain will stand?

If you want to gain a complete understanding of Blockchain’s inherent security features and associated risk and knowledge of best security practices for Blockchain infrastructure, you can enroll in Blockchain Council and become a Certified Blockchain Security Professional.

To get instant updates about Blockchain Technology and to learn more about online Blockchain Certifications, check out Blockchain Council

How Can Blockchain Reduce Cyber Risks?

Source

Why is Blockchain Booming in the Healthcare Industry Despite Challenges?

by

If you are curious to know how Blockchain can transform the healthcare industry, you have landed at the right page. 

Table of Contents

  • Blockchain More Than A Bitcoin
  • How Blockchain is Revamping Healthcare Industry
  • Cyberattacks Encourage Blockchain Implementation in Healthcare  
  • Challenges that Need to Addressed
  • The Verdict

Blockchain More Than A Bitcoin

Blockchain technology is a P2P decentralized distributed public ledger that mitigates the dependence on a centralized authority while enabling secure and pseudo-anonymous transactions between the participating parties. Many aspects of Blockchain, such as decentralization, transparency, and immutability, are potentially drawing attention in the healthcare industry. Technology is addressing two of the most pressing issues that are: difficult access to health-related information by patients and incomplete records at the point of care. 


Technology emerged in 2009 as the foundation for trading the digital currency bitcoin, and since then, it has taken the world by storm. Blockchain developers, technocrats, and healthcare industry players believe that technology has the potential to provide a measure of data protection against hacker attacks as well.

Want to become a Certified Blockchain Developer? Sign up to the Blockchain Council now!

How Blockchain is Revamping Healthcare Industry

Initially, Blockchain had its implications in the finance domain, but today as it is much matured; therefore, it is expanding its use cases in the healthcare sector as well. Presently, healthcare suffers from fragmented data, delayed communications between the participating parties, and lack of interoperability. Blockchain helps in facilitating access to medical records stored in fragmented systems. Technology has the potential to enhance medical record management and the insurance claim process, along with accelerating clinical and biomedical research. With smart contract functionality, technology can create a secure, transparent, and effective technical infrastructure to revamp existing healthcare departments, promoting individuals’ and communities’ wellbeing. 

Blockchain can potentially help keep a decentralized, transparent, and incorruptible log of all records without involving central authority/third-party intermediaries. Although it offers transparency, it ensures that all logs of records are kept private. Its decentralized nature allows everyone in the healthcare department, including patients, doctors, and healthcare providers, to safely and quickly share the information. Most importantly, it empowers patients by giving rights in their hands while deciding who gets access to their medical records.

Apart from that, in the drug production and distribution supply chain, it benefits multiple players, including manufacturers, distributors, wholesalers, and pharmacies, by allowing everyone on the supply chain to know the true source and track its distribution whenever they want. 

Cyberattacks Encourage Blockchain Implementation in Healthcare  

As Blockchain indicates no sign of stopping, US healthcare officials believe that Blockchain can provide data security against cybercriminals and hackers since technology does not suffer from a central failure point. 

Reports suggest that in 2018, healthcare institutions were subjected to multiple cyber-attacks, which resulted in the penetration of more than 15 million patient records in 503 violations. Further, in 2019, such breaches increased by 60%.

Unlike traditional systems, the blockchain network is secured through cryptography. Only the intended users can access data using their own private keys, thus eliminating the chances of ransomware and other kinds of attacks. 

According to the DevPro Journal, “Blockchain, with its instantaneous exchange of medical and financial information, could allow insurance claims to be instantly filled and fulfilled as all data will be verified and coming from trusted partners.”

Want to know more about Blockchain technology? Become a Certified Blockchain Exert today! 

Challenges that Need to Addressed 

Blockchain is constantly improving rather than completed, and it has a few potential challenges that must be considered for it to be adopted in the healthcare industry. Few challenges are as follows:

  • Despite its popularity across multiple sectors, the perception that it only links best with Bitcoin has hindered its acceptance within the medical research communities. All entities involved in the healthcare department must accept and embrace this new model for its mass adoption. 
  • The complexity of processing large amounts of data in a single transaction, such as an MRI image, a CAT scan, is the other significant issue that needs to be addressed. 
  • Blockchain is incapable of removing deleted or replaced modified records. Instead, it adds additional blocks to represent such deletions and modifications, which indicates this process results in the need for ever-increasing storage. 

The Verdict 

Top pharmaceutical conglomerates, including blockchain developers and technocrats, are working to figure out the most productive ways to utilize blockchain technology. Blockchain is no more an emerging technology; rather, it is a mature concept that is creating unique opportunities with its decentralized approach, leading to secure and immutable information. In the giant field of the medical field, we can say Blockchain is here to stay. 

To get instant updates about blockchain certifications and become a blockchain expert, check out Blockchain Council

Why is Blockchain Booming in the Healthcare Industry Despite Challenges?

Source

The Covid-19 Pandemic Reveals Ransomware’s Long Game

by

The novel coronavirus pandemic has stretched the world's health care systems to their limits, creating a global crisis. New research from Microsoft shows that ransomware attackers are actively making that crisis worse, forcing health care and critical infrastructure organizations to pay up when they can least afford downtime. In many cases, hackers are reaping the rewards of groundwork they laid months ago, before Covid-19 fully hit.

Hackers have known for years that hospitals and other health care providers make perfect targets for ransomware attacks, since there's life-or-death urgency in getting back up and running quickly. During the pandemic, though, the risk has become even more dire. After a hospital in the Czech Republic was hit by a debilitating ransomware attack in March, the country's cybersecurity oversight agency warned two weeks ago that it was bracing for widespread cyberattacks against critical services in the country. Two Czech hospitals reported attempted attacks a day later, and the US State Department threatened consequences if the antagonism continued.

The Czech incidents reflect just one corner of a worrying global trend of opportunistic ransomware activations.

"The attackers are definitely being what I’ll call rational economic actors, which unfortunately also means vicious," says Rob Lefferts, corporate vice president of Microsoft 365 security. "We see behavior where they will break into organizations and actually lie dormant, both because they’re doing reconnaissance but also because they are apparently estimating what is the moment in time when that organization will be most vulnerable and most likely to pay."

An initial attack might give hackers access to a victim's network. But they'll then wait weeks or months for a particularly opportune moment to actually infect the system with ransomware. Microsoft has been tracking such behavior from groups using a number of prominent strains of ransomware, like Robbinhood, Maze, and REvil. While some ransomware groups had pledged not to attack hospitals during the coronavirus crisis, in practice hackers are increasingly attempting to cash in.

The Microsoft researchers often observed attackers getting their initial network access by exploiting unpatched vulnerabilities in victims' web infrastructure. They saw some hackers taking advantage of a widely publicized flaw in the Pulse Secure VPN and others exploiting flaws in remote management features like remote desktop systems. Attackers also targeted vulnerabilities and insecure configurations of Microsoft's own products. Attackers could guess passwords of organizations using Remote Desktop Protocol without multifactor authentication or exploit known bugs in Microsoft SharePoint and Microsoft Exchange servers that victims had neglected to patch.

Attackers even took advantage of tools used in security to proactively find and plug network holes, including the attack emulation platform Cobalt Strike and malicious techniques in Microsoft's remote management framework PowerShell. This activity often looks legitimate and can sneak past scanners, allowing attackers to lie in wait and do reconnaissance undetected on the network until they choose the moment to actually strike.

While attackers wait for the right conditions to release the ransomware, they often exfiltrate data from their victims' networks. The motive of this activity isn't always clear, though, Microsoft says. It can be difficult to tell the difference between attackers who have IP theft or other intelligence gathering as their main goal and those that just collect what they can as a secondary benefit of positioning themselves for ransomware attacks.

"That dwell time can vary between days, weeks or even months," says Jérôme Segura, head of threat intelligence at the monitoring firm Malwarebytes. "When the time has come for ransomware deployment, threat actors will typically choose weekends, and preferably the wee hours of Sunday morning. This made sense pre-pandemic as staff would typically return to work on Mondays to witness the damage. Now many businesses have their resources stretched far more than before and as a result may be in a tougher position to respond to a compromise."

Advertisement

Microsoft's Lefferts emphasizes that attack groups can't be reliably traced by the tools or type of ransomware they're using, because so many groups copy each other or use different techniques against different targets. And he says that while most of the activity simply capitalizes on known vulnerabilities, ransomware groups are generally smart about rotating their infrastructure like IP addresses to make it harder to trace them.

"It does point to a real need for organizations to think about posture and hygiene and how they do detection and monitoring," Lefferts says. "In many ways organizations have been catapulted five years into the future by the pandemic continuing remote work trends we were already on. It presents moments to ensure that you are thinking about these kinds of attacks—crisis moments like this do create opportunities to make things happen and take action."

Microsoft's findings are mostly based on ransomware attacks during the first two weeks of April that began as intrusions during the prior months, and the researchers say they saw a small increase in ransomware attacks during this time. But this doesn't necessarily mean that attackers always succeeded in collecting a ransom. The cryptocurrency firm Chainalysis said two weeks ago that it has seen a decrease in traceable ransomware payments throughout the pandemic. The company notes that it can only track certain payments, though, and that many organizations pay ransoms quietly to avoid bad publicity.

At the beginning of April, Interpol issued a global warning about the threat of ransomware to health care providers. "As hospitals and medical organizations around the world are working nonstop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” Interpol secretary general Jürgen Stock said in the notification.

The best defenses against ransomware have largely remained the same over the years, and the pandemic may serve as special motivation to finally get old vulnerabilities patched, change easily guessable default passwords, and expand system monitoring capabilities. But the spread of Covid-19 presents unique challenges—just as ransomware is at its most threatening.

Updated Tuesday April 28, 2020 at 3:30pm ET to include comment from Malwarebytes researcher Jérôme Segura.

More From WIRED on Covid-19

Read more: https://www.wired.com/story/covid-19-pandemic-ransomware-long-game/

Hackers publish ExecuPharm internal data after ransomware attack

by

U.S. pharmaceutical giant ExecuPharm has become the latest victim of data-stealing ransomware.

ExecuPharm said in a letter to the Vermont attorney general’s office that it was hit by a ransomware attack on March 13, and warned that Social Security numbers, financial information, driver’s licenses and passport numbers, and other sensitive data may have been accessed.

But TechCrunch has now learned that the ransomware group behind the attack has published the data stolen from the company’s servers.

It’s an increasingly popular tactic used by ransomware groups, which not only encrypts a victim’s files but also exfiltrates the data and threatens to publish the data if a ransom isn’t paid. This new technique was first used by Maze, a ransomware group that first started hitting targets in December. Since then, a number of new and emerging groups, including DoppelPaymer and Sodinokibi have adopted the same approach.

The data was posted to a site on the dark web associated with the CLOP ransomware group. The site contains a vast cache of data, including thousands of emails, financial and accounting records, user documents and database backups, stolen from ExecuPharm’s systems.

When reached, a company executive confirmed to TechCrunch that CLOP was behind the attack.

“ExecuPharm immediately launched an investigation, alerted federal and local law enforcement authorities, retained leading cybersecurity firms to investigate the nature and scope of the incident, and notified all potentially impacted parties,” said ExecuPharm operations chief David Granese.

Since the outbreak of COVID-19, some of the ransomware groups have shown mercy on medical facilities that they have pledged not to attack during the pandemic. CLOP said it too would not attack hospitals, nursing homes or charities, but said ExecuPharm would not qualify, saying that commercial pharmaceutical companies “are the only ones who benefit from the current pandemic.”

Unlike some strains of ransomware, there is no known decryption tool for CLOP. Maastricht University found out the hard way after it was attacked last year. The Dutch university paid out close to $220,000 worth of cryptocurrency to decrypt its hundreds of servers.

The FBI has previously warned against paying the ransom.

The sinkhole that saved the internet

Read more: https://techcrunch.com/2020/04/27/execupharm-clop-ransomware/

A set of new tools can decrypt files locked by Stop, a highly active ransomware

by

Thousands of ransomware victims may finally get some long-awaited relief.

New Zealand-based security company Emsisoft has built a set of decryption tools for Stop, a family of ransomware that includes Djvu and Puma, which they say could help victims recover some of their files.

Stop is believed to be the most active ransomware in the world, accounting for more than half of all ransomware infections, according to figures from ID-Ransomware, a free site that helps identify infections. But Emsisoft said that figure is likely to be far higher.

If you’ve never had ransomware, you’re one of the lucky ones. Ransomware is one of the more common ways nowadays for some criminals to make money by infecting computers with malware that locks files using encryption. Once the Stop ransomware infects, it renames a user’s files with one of any number of extensions, replacing .jpg and .png files with .radman, .djvu and .puma, for example. Victims can unlock their files in exchange for a ransom demand — usually a few hundred dollars in cryptocurrency.

Not all ransomware is created equally. Some security experts have been able to unlock some victims’ files without paying up by finding vulnerabilities in the code that powers the ransomware, allowing them in some cases to reverse the encryption and return a victim’s files back to normal.

Stop is the latest ransomware that researchers at Emsisoft have been able to crack.

“The latest known victim count is about 116,000. It’s estimated that’s about one-quarter of the total number of victims.”
Emsisoft

“It’s more of a complicated decryption tool than you would normally get,” said Michael Gillespie, the tools’ developer and a researcher at Emsisoft. “It is a very complicated ransomware,” he said.

In Stop’s case, it encrypts user files with either an online key that’s pulled from the attacker’s server, or an offline key, which encrypts users’ files when it can’t communicate with the server. Gillespie said many victims have been infected with offline keys because the attackers’ web infrastructure was often down or inaccessible to the infected computer.

Here are how the tools work.

The ransomware attackers give each victim a “master key,” said Gillespie. That master key is combined with the first five bytes of each file that the ransomware encrypts. Some filetypes, like .png image files, share the same five bytes in every .png file. By comparing an original file with an encrypted file and applying some mathematical computations, he can decrypt not only that .png file but other .png of the same filetype.

Some filetypes share the same initial five bytes. Most modern Microsoft Office documents, like .docx and .pptx, share the same five bytes as .zip files. With any before and after file, any one of these filetypes can decrypt the others.

There’s a catch. The decryption tool is “not a cure-all” for your infected computer, said Gillespie.

“The victim has to find a good before and after of basically every format that they want to recover,” he said.

Once the system is clean of the ransomware, he said victims should try to look for any files that were backed up. That could be default Windows wallpapers, or it can mean going through your email and finding an original file that you sent and matching it with the now-encrypted file.

When the user uploads a “before and after” pair of files to the submission portal, the server will do the math and figure out if the pair of files are compatible and will spit back which extensions can be decrypted.

But there are pitfalls, said Gillespie.

“Any infections after the end of August 2019, unfortunately there’s not much we can do unless it was encrypted with the offline key,” he said. If an online key was pulled from the attacker’s server, victims are out of luck. He added that files submitted to the portal have to be above 150 kilobytes in size or the decryption tools won’t work, because that’s how much of the file the ransomware encrypts. And some file extensions will be difficult if not impossible to recover because each file extension handles the first five bytes of the file differently.

“The victim really needs to put in some effort,” he said.

top

The current share of worldwide ransomware infections (Image: Emsisoft)

This isn’t Gillespie’s first rodeo. For a time, he was manually processing decryption keys for victims whose files had been encrypted with an offline key. He built a rudimentary decryption tool, the aptly named STOPDecrypter, which decrypted some victims’ files. But keeping the tool up to date was a cat and mouse game he was playing with the ransomware attackers. Every time he found a workaround, the attackers would push out new encrypted file extensions in an effort to outwit him.

“They were keeping me on my toes constantly,” he said.

Since the launch of STOPDecrypter, Gillespie has received thousands of messages from people whose systems have been encrypted by the Stop ransomware. By posting on the Bleeping Computer forums, he has been able to keep victims up to date with his findings and updates to his decryption tool.

But as some victims became more desperate to get their files back, Gillespie has faced the brunt of their frustrations.

“The site’s moderators were patiently responding. They’ve kept the peace,” he said. “A couple of other volunteers on the forums have also been helping explain things to victims.”

“There’s been a lot of community support trying to help in every little small bit,” he said.

Gillespie said the tool will also be fed into Europol’s No More Ransom Project so that future victims will be notified that a decryption tool is available.

The sinkhole that saved the internet

Read more: https://techcrunch.com/2019/10/18/stop-djvu-puma-decryption-tools/

Police hijack a botnet and remotely kill 850,000 malware infections

by

In a rare feat, French police have hijacked and neutralized a massive cryptocurrency mining botnet controlling close to a million infected computers.

The notorious Retadup malware infects computers and starts mining cryptocurrency by sapping power from a computer’s processor. Although the malware was used to generate money, the malware operators easily could have run other malicious code, like spyware or ransomware. The malware also has wormable properties, allowing it to spread from computer to computer.

Since its first appearance, the cryptocurrency mining malware has spread across the world, including the U.S., Russia, and Central and South America.

According to a blog post announcing the bust, security firm Avast confirmed the operation was successful.

The security firm got involved after it discovered a design flaw in the malware’s command and control server. That flaw, if properly exploited, would have “allowed us to remove the malware from its victims’ computers” without pushing any code to victims’ computers, the researchers said.

The exploit would have dismantled the operation, but the researchers lacked the legal authority to push ahead. Because most of the malware’s infrastructure was located in France, Avast contacted French police. After receiving the go-ahead from prosecutors in July, the police went ahead with the operation to take control of the server and disinfect affected computers.

The French police called the botnet “one of the largest networks” of hijacked computers in the world.

The operation worked by secretly obtaining a snapshot of the malware’s command and control server with cooperation from its web host. The researchers said they had to work carefully as to not be noticed by the malware operators, fearing the malware operators could retaliate.

“The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” the security company said. “But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”

With a copy of the malicious command and control server in hand, the researchers built their own replica, which disinfected victim computers instead of causing infections.

“[The police] replaced the malicious [command and control] server with a prepared disinfection server that made connected instances of Retadup self-destruct,” said Avast in a blog post. “In the very first second of its activity, several thousand bots connected to it in order to fetch commands from the server. The disinfection server responded to them and disinfected them, abusing the protocol design flaw.”

In doing so, the company was able to stop the malware from operating and remove the malicious code to over 850,000 infected computers.

Jean-Dominique Nollet, head of the French police’s cyber unit, said the malware operators generated several million euros worth of cryptocurrency.

Remotely shutting down a malware botnet is a rare achievement — but difficult to carry out.

Several years ago the U.S. government revoked Rule 41, which now allows judges to issue search and seizure warrants outside of their jurisdiction. Many saw the move as an effort by the FBI to conduct remote hacking operations without being hindered by the locality of a judge’s jurisdiction. Critics argued it would set a dangerous precedent to hack into countless number of computers on a single warrant from a friendly judge.

Since then the amended rule has been used to dismantle at least one major malware operation, the so-called Joanap botnet, linked to hackers working for the North Korean regime.

The sinkhole that saved the internet

Read more: https://techcrunch.com/2019/09/01/police-botnet-takedown-infections/