Tag: encryption

Emsisoft Releases Solution for BTC Demanding Ransomware WannaCryFake

Emsisoft, the cybersecurity firm, has released a new free fix for WannaCryFake—the malicious bitcoin (BTC) demanding ransomware.

Data Held Hostage

Emsisoft recently announced that they are releasing a free decryption tool to fix systems and networks infected with the WannaCryFake ransomware bug.According to a report by McAfee Labs in August, ransomware attacks increased by 118% in the first three months of 2019. Ransomware is a type of malicious software, or malware, designed to deny access through encryption to a computer system or—in the case of the WannaCryFake ransomware bug—data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. 

WannaCryFake is the next evolution of a particularly sinister ransomware bug—WannaCry worm which first began spreading across computer networks in 2017. Unlike typical ransomware, the WannaCry worm does not rely on Trojan access to a system but can travel automatically between computers without user interaction.

Specific to the WannaCryFake software, when a computer system is infected with the bug, data is encrypted then held hostage and a ransom in Bitcoin will be demanded to decrypt the files and release access to data. Emsisoft explains “According to the distributors, the price of decryption depends on how quickly you email them.”

Like all hostage situations, the terms are being set by the actors committing the exploitation and thus cannot be trusted. Emsisoft stresses that “under no circumstances should you attempt to make contact,” and to not ever pay the ransom.

Image via Shutterstock

Jack Daniel’s Parent Company Brown-Forman Targeted for Ransomware by Notorious REvil

Brown-Forman, Jack Daniel’s parent company and a giant powerhouse in the alcoholic industry, recently suffered a ransomware data breach originating from REvil. 

REvil ransomware gang strikes again 

One of the largest American-owned spirits and wine companies in the world and the official mother company of Jack Daniel’s whiskey, Brown-Forman disclosed that they had suffered from a cyber-attack in which some sensitive information, including but not restricted to employee data, had been stolen. 

An anonymous message was sent to Bloomberg to confirm the privacy branch and the compromising of Brown-Forman’s internal servers. Speaking about the ransomware attack, Brown-Forman said that they had everything under control and that they were working with law enforcement to resolve the issue. The company also added, “There are no active negotiations.” 

Who is REvil? 

This is definitely not the first rodeo for REvil ransomware group. The cybercrime operation, also known under the pseudonym Sodinokibi, rose to fame in the digital world with their criminal activities. It first made its appearance in early 2019, and the file blocking virus, which was closely monitored by cybersecurity giant McAfee, released by the cybercriminals would enable REvil hackers to seize private information.  

Often, they would demand payment from the targeted company. In exchange for unlocking the files and delivering the sensitive data safely back to its owner, REvil ransomware group would demand a hefty cryptocurrency sum. Should the victimized company fail to comply with their demands, REvil hackers would then threaten to release the stolen confidential files on websites and on the internet, for all to see and use to their own advantage. 

Come and get it – REvil claims to have stolen data 

Though Brown-Forman denied that there were any active negotiations currently set in motion, hackers have allegedly backed their ransom demands by stating that they possessed 1 terabyte of confidential data. Revil ransomware gang threatened to share the sensitive information and affirmed that the company-sensitive secrets would be available for all to see if ransom was not delivered. 

Sodinokibi group also shared screenshots of sensitives file names to back their claims. The ransomware group has been notorious for previously hitting big names such as Mariah Carey, rap star Nicki Minaj, and NBA superstar Lebron James to attain their ransom objectives. Revil also possesses a dedicated website for leaks to post and auction off stolen data.  

Blockchain against cybercrime 

With cybercrime on the rise and hackers capitalizing on COVID-19 to conduct their illicit activities online, numerous Asian countries have been reported to have increased the adoption of blockchain for security purposes. Schools, companies, and traditional institutions have all been victims of hackers’ deviant behavior at some time or another. With blockchain adoption, Asian entities hope that their institutions would be better equipped to battle scams. 

Advocating for blockchain technology for global digital advancement is the Senior Manager of PwC Consulting, Tomohiro Maruyama. The PwC manager said when speaking with Nikkei Asian Review:  

“Internet piracy has posed a major challenge for companies as they look to digitize operations. Blockchain emerged as a solution for fighting digital counterfeits, pushing businesses to adopt the technology.” 

Maruyama thinks that when COVID-19 finally passes, the world will change on a global scale, with more companies converting to blockchain technology and integrating it into their business for its numerous benefits.   

EARN IT Act Introduced in US House of Representatives, Critics View It as Threat—What This Means for Crypto

Despite being perceived as an “anti-security bill” by many, the EARN IT Act has made its way to the US House of Representatives and currently awaits approval.

Blockchain and industry critics disapprove of bill

The EARN IT Act is a bill that has been proposed by Attorney General William Barr in conjunction with other law enforcement entities to regulate internet activity. If passed, it will enable law enforcement to read users’ online messages, bypassing encryption.

The EARN IT Act will supersede the Communications Decency Act if approved by US law enforcement. The Communications Decency Act decrees that website owners and social media platforms will not be held accountable for posts and content uploaded by web users leveraging their platforms.

Numerous critics have shunned the bill, calling it a direct threat to encryption protection. If the proposed bill were passed by US regulators, it would entail that social media platform providers, from Twitter, Facebook to small website owners, would be held accountable for everything published on its network. As most have reiterated, this would be a threat to freedom of speech as censorship across the internet would undoubtedly increase.

Furthermore, experts have said that legislation regulating the internet could be inherently dangerous.

What the EARN IT Act entails

The EARN IT Act, which was examined by the Senate Judiciary Committee, made its way to the House of Representatives last week. If passed, platforms would be held accountable for users’ content, as long as the potential complaints were linked to crimes against children, such as child abuse, child pornography, etc. In addition, the bill suggests a last-minute amendment that guarantees legal protection to platforms leveraging end-to-end encryption for security purposes, a feature that prevents platforms from accessing users’ messages.

Crypto and blockchain critics still wary

Despite the amendment, blockchain experts have been reported to be cautious regarding the bill, as they claim that website surveillance will go up, with owners avoiding regulatory complications and being sued in the first place. If that were to happen, censorship will be inevitable, and users will be closely monitored.

Furthermore, governments may be able to leverage the bill to charge networks that do provide encrypted communication, posing a huge threat to privacy. As some blockchain and cryptocurrency platforms leverage encryption for digital transactions, the bill may hinder the crypto industry.

So far, the silver lining appears to be that through the EARN IT Act, online child exploitation can be halted. However, the trade-off may be that privacy provided by encryption layers may no longer be available, and censorship will be on the rise.

What this entails for the crypto and blockchain community still remains unclear, as certain crypto platforms leverage encryption to host user content.

Furthermore, with the bill possessing numerous loopholes due to amendments brought upon by public outcry, as reported by the Electronic Frontier Foundation, the question of whether the internet-regulating bill will even be passed still remains unanswered.

DOJ Wants to Bypass End-to-End Encryption to Fight Child Sexual Exploitation – Cause for Concern for Tech?

While end-to-end encryption has long been leveraged to deliver privacy and data protection to tech users, US government officials are attempting to find a way to bypass it, under the pretext that illicit activity revolving around child sexual abuse run unmonitored on strongly encrypted platforms.

DOJ on why it wishes to monitor content

The US Department of Justice (DOJ), along with the Home Department of the United Kingdom, the Australian Minister for Home Affairs, India, Japan, and other government officials have come together to assess encryption – a process in cryptography used to secure sensitive data and protect it from being intercepted by unauthorized viewers.

US lawmakers are saying that although “encryption is an existential anchor of trust in the digital world,” certain aspects of this technology may pose a threat to the public, in particular to “sexually exploited children.” The DOJ alleges that since encryption inhibits legal and government bodies to assess content and review it, criminals, terrorists, and child exploitation rings use platforms with strong encryption to further their illicit activities. The international statement reads:

“We urge industry (encryption technology) to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content.”

The DOJ also said that tech companies should be responsible for unlawful content that leveraged their services, as it alleges that social media and communications platforms are often used to “groom children online.” DOJ cited an example from 2018, where statistics found that Facebook Messenger was leveraged in many instances to further child sexual abuse material. US government officials stated:

“In 2018, Facebook Messenger was responsible for nearly 12 million of the 18.4 million worldwide reports of CSAM (child sexual abuse material). These reports risk disappearing if end-to-end encryption is implemented by default, since current tools used to detect CSAM do not work in end-to-end encrypted environments.”

EARN IT Act – the quest to up web surveillance

The international statement backed by many law enforcement and government officials echo the sentiments of the attorney general of the United States, William Barr, who has been actively working on getting the EARN IT Act approved in the United States.

The bill targets encryption protection and decrees that government entities and law officials should have the right to assess user content on encrypted sites, to monitor activity, and put an end to child pornography and child abuse. If passed, it would hold platform providers and website owners accountable for content published on their network.

Blockchain and tech community bite back

Cryptography and industry experts have shunned the bill, criticizing it as a direct threat to privacy. As some blockchain and cryptocurrency platforms leverage encryption for digital transactions, the bill may hinder the crypto industry. Furthermore, internet-regulating bills would hold technology companies and website hosts accountable for content on their platforms. This may subsequently result in censorship and website surveillance being amped up on platforms, with website hosts avoiding legal complications.

DOJ wants to ramp up cyber security

However, direct implications of encryption technology proposals such as the EARN IT Act still remain unclear, as the DOJ is still assessing the tradeoff of circumventing end-to-end encryption platforms at the expense of user privacy to annihilate threats to public safety, such as child sexual exploitation. The US Department of Justice said:  

“While encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online.”

EU’s Move to Bypass Encryption on Platforms like WhatsApp Sparks Indignation

European Union lawmakers have created a draft proposal that aims to circumvent end-to-end encryption on applications such as WhatsApp and Signal, in a move to increase cybersecurity measures.

EU wants to access encrypted chats

Following the news of terrorist attacks in France and Vienna, members of the European Union Council have attempted to up security by proposing a bill that would enable government officials to access data running on end-to-end encrypted applications.

The proposal indicated that the European Union wished to join forces with tech firms to ensure transparency and to enable authorities to verify information circulating on encrypted mediums. The goal was to ensure public security in light of recent events, and to protect victims from future terrorist acts, online child exploitation, organized crime, and the list goes on.

EU proposal met with criticism

The proposal has been met with a lot of criticism, as privacy advocates have argued that the EU’s proposal will do the contrary – by allowing lawmakers to access end-to-end encrypted platforms, this will inhibit the privacy and security of users. Currently, the draft is pending and is to be presented in front of the European Union Council board on November 19.

Expressing her disapproval, German politician and Left Party activist Anke Domscheit-Berg said:

“The proposed EU regulation is an attack on the integrity of digital infrastructure and therefore very dangerous.”

Others followed her sentiment and also said that it may create opportunities for hackers and foreign intelligence to infiltrate communication channels, according to the Associated Press.

EARN IT Act

The proposal is not unlike the EARN It Act proposed by Attorney William Barr, which is currently pending approval from the US Congress. The bill proposal seeks to regulate the internet and to hold website hosts accountable for content circulating on their platforms. Numerous critics have shunned the bill, calling it a direct threat to security provided by end-to-end encryption.

With bills as those mentioned above, censorship would be on the rise, and freedom of speech would be inhibited across the web. Digital experts have viewed these types of proposals as inherently dangerous, as it is seen as a way for governments to exert further control, therefore threatening overall security, privacy, and freedom of speech.

What this entails for the crypto and blockchain community still remains unclear, as certain crypto platforms typically leverage encryption to host user content.

Exit mobile version