Greg Solar

Read this first

What is an APT - Advanced Persistent Threat?

Advanced_persistent_threat.jpg

The Advanced Persistent Threat - APT is a special type of attack where some unauthorized user avail access to certain network or system and stays there for a long run without even being detected. Such attacks are more dangerous for organizations as hackers may manipulate or steal sensitive data. Note that, APT attacks usually do not cause any harm to the local machines or network; rather, the main motive of the attacker use to steal data.

Such attacks are usually completed in several phases. It may include hacking the system or network, preventing detection, developing a plan for the attack, mapping the sensitive data, and filtering the accessible information.

From the past few years, APTs have caused serious data breaches in the cyberspace with their abilities for not being detected by traditional security methods. Hence, it is important to spread more awareness about these issues...

Continue reading →


Ensure the Security of Mac OS X When Installing Programs

Gatekeeper - this name received a process that regulates the launch of all applications downloaded from the global network. It significantly increased the security level of Mac OS X Mountain Lion, in which it was introduced.
Its behavior is regulated by the settings on the General tab of the Security and Security section.

These settings in their hardest version allow you to install the program only if it was downloaded from the Mac App Store. The third option is the maximum degree of freedom - any program, regardless of the resource from which it was downloaded, will run unhindered, except for the timid attempt of the system to warn about possible consequences.

I advise you to stay in the middle and allow the launch of programs downloaded from Identified Developers. In this case, Gatekeeper prevents the launch of any application, the developer of which does not have a certificate...

Continue reading →


Cerber Ransomware Abuses Data Encryption to Ransom Computer Files

Any weapon can be used to attack and to protect. Originally, data encryption has been though as means of ensuring the privacy of communication. It is still widely used for that purpose.

Alas, recent years have been marked by massive abuse of data encryption in the web. The criminals apply the most modern encoding techniques depriving us of access to our data. That is, infections like the Cerber ransomware encrypt data on the computers they manage to get into. The key that can decrypt the information is only available at the hacker’s site, which is virtually impossible to access.

In the case of Cerber encryption virus, the files get appended with same-name extension. That is obviously why the infection is known as Cerber Trojan. The virus impacts on data beyond the target machine, if such is available from the compromised device. That makes it a critical issue for corporate and other...

Continue reading →


Mp3 is now a new extension utilized by the famous TeslaCrypt 3.0 virus

If you have been unfortunate to see your files turning into .mp3 and being encrypted by the TeslaCrypt 3.0 virus, please do not panic. Many victims get rid of TeslaCrypt 3.0 and restore access to affected files without paying any ransom.

On the other hand, once you remove TeslaCrypt 3.0 ransomware, you are not able to pay the ransom and buy the decryption key. Needless to say, the option of paying the ransom shall apply, if ever, as a last resort measure.

The distributors of TeslaCrypt 3.0 are free to set the ransom amount. The virus provider only suggests not to be too greedy. The only available method of payment is bitcoins. The decentralized method of payment further aggravates identification of the scammers.

Again, the ransomware developers do not propagate its copies. The crooks that drop copies of the malware are not related and not personally acquainted with the malware...

Continue reading →


Get rid of CTB Locker and apply recovery routines instead of paying the ransom

CTB Locker is among the most lasting computer threats.

The infection modifies computer data using the advanced encryption algorithm. A user of compromised PC is prompted to pay a ransom. Otherwise, the invader claims it is going to destroy the decryption key.

The cyber attack has been ongoing since 2014. It is still active today.
IT experts have reported several times the infection no longer propagated. Another outburst sooner or later refuted those allegations. Such longevity rests upon constant and timely updating. That enables CTB Locker to exploit emerging vulnerabilities in OS and software.

The ransomware developers do not distribute copies of the application directly. They invite agents via black market forums. It is relatively easy to get into the underground community and obtain a copy of the ransomware.
Since there is a number of distributors acting independently, a...

Continue reading →


Get rid of RSA-4096 ransomware and restore access to affected data through recovery routines

RSA-4096 (all of your files were protected by a strong encryption with rsa-4096) is a header of the message the victims of ransomware stumbles upon. The message is basically a ransom note. It says that your data has been encrypted. User is prompted to pay ransom in bitcoins. The ransom amount varies, but typically exceeds USD 500.

Once ransom is paid, the victim is to receive the private key. The key serves to restore the access to scrambled information.

Removal of RSA-4096 ransomware does not restore readability of the affected data. RSA-4096 is a sophisticated cryptic method. It features asymmetric decryption so that two different codes apply to encrypt and decrypt the target data.

In any case, without the private key the data remains encrypted for sure. Each case of the encryption features unique private key. Thereby there is unlikely to be any ultimate solution for any case of...

Continue reading →


Qvo6 adware – nuisance or privacy risk?

ScreenShot005.jpg

When it comes to surfing the web, seeing advertisements is inevitable since ads are an inalienable part of the entire Internet industry in all of its versatility. So, this is a normal state of things everyone is accustomed to and takes for granted. However, if one’s computer gets compromised in order to forcibly redirect traffic over to pages containing sponsored links – that’s not the way this system should work.

Qvo6 is the name for an adware program that implements exactly the latter scenario. When it finds itself inside a computer, all the major web browsing preferences are no longer user-controlled. It changes the preferred search engine and homepage to Qvo6.com or Search.qvo6.com, both being identical. When doing this, the virus certainly doesn’t request user approval. Another thing that happens is the shortcut settings for different applications installed on the target machine...

Continue reading →