Tag: Trojan

Programming, Security, Tech

Ransom, Malwares & Joseph

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

someone writing in a notebook
Pen pals were the old school catfishing back in the day.
Photo by lil artsy, please support by following @pexel.com

Hey, do you remember the time when you could check the email that you had gotten from a random stranger and have nothing to worry about? Like the thought of you and them becoming pen pals was a possibility.

No, of course, no one would think that way since we’re all trained, due to our parents from a young age to stay away from strangers. However, let’s say that you did, and you were curious as to how this random chance of friendship would play out.

You email each other back and forth and things are going swell, right up until you get a notification saying, “You have twenty-two hours to hand over $65,356.34 if you want any chance of getting your computer back to normal and your dirty little secrets from being exposed.” This scenario isn’t exactly how the attack plays out, but you get the idea, your pseudo-friend has dirt on you and wants you to pay up or else.

two men sat across from each other.
Jake: I’m going to make you an offer you can’t refuse.
Steve: I refuse.
Jake: Okay, I didn’t see that coming so quickly. Oh gosh, you didn’t even think about it.
Photo by cottonbro studio, please support by following @pexel.com

You got Blockbuster

So back in 1989, hot movies were being released like Road House, Batman, and Indiana Jones and the Last Crusade, and the internet was booming. There was the raise of AOL or what’s better known as America Online, the movie The Godfather had been out for some years before then and people were drawing inspiration from the famous line that most jobs and now what seems like the current stance of every landlord, utility service provider, or insurance company are saying, “I’m going to make you an offer you can’t refuse.” Someone who may have taken inspiration from this movie was Joseph L. Popp.

A Harvard-trained evolutionary biologist who was the first person ever to create a ransomware virus. For those who don’t know, ransomware is a type of malware that acquires the victim’s information and denies access until the demands are met. These demands could be sending money, demanding the “truth” if it’s an activist act, or sending nudes. That last one was silly but I’m sure there’s some hacker out there using ransomware on Only Fans accounts for nudes.

Along with the creation of ransomware came interesting names such as “AIDS Trojan” and “PC Cyborg”. Popp made like capitalism and capitalized on the AIDS epidemic by sending out 20,000 infected diskettes labeled “AIDS Information” to people of the World Health Organization or widely known as W.H.O.

a photo of a diskette
Most if not all people of today have no clue what this is. Let me introduce you to the diskette.
Photo by Pixabay, please support by following @pexel.com

The diskettes housed malicious code able to hide file directories, lock file names, and demand victims send $189 to a PO Box in Panama to get their information back. This was the first generation of ransomware, and things have become more advanced since then.

man looking evil with a glass of scotch.
I drink, code viruses, and know things…for the right price.
Photo by cottonbro studio, please support by following @pexel.com

Father of Ransoms

After Joseph was deemed “The Father of Ransomware”, what category of people came to follow in his footsteps, not only to use but later improve this malware? They are called hackers and just a side note; anyone can use malware making them cyber-attackers, but I’m going to use hackers since their main objective is to exploit for profit.

Hackers tend to use ransomware via various methods such as phishing emails with malicious files attached, and drive-by downloading – a method where a file is downloaded without your interaction. And finally spoofing – is another method where a hacker is posing as a trusted entity.

Hackers can often obtain Ransomware-as-a-Service (RaaS) or malware-for-hire which has easier use and is cost-efficient for performing ransomware attacks. This is insane because this means hackers actually have a budget created to perform cyber-attacks. There are several ransomware variants, some of which could have you buck-naked out in the cold (or heat, depending on when and where you’re at in the world).

Popular ones are Ryuk – delivered through spear-phishing emails or gaining access to a desktop remotely, this variant can encrypt certain files avoiding the crucial ones for the computer’s operation and presenting the demand for ransom.

Ryuk can account for an average of $1 million. Maze can combine file encryption and data theft, this is done with the intent that if the victim decides not to pay the ransom their information could be exposed, sold online, or both.

REvil also known as Sodinokibi is a variant that has large organizations on the menu. This variant has been responsible for a number of large data breaches, a couple being “Kaseya” and “JBS” and has been known to have demanded a ransom of $800,000.

Lockbit, operating since September 2019, this variant rapidly encrypts data to prevent detection by security appliances and SOC (System and Organization Control) teams. There are a couple of other variants but at this junction, you pretty much get the point, they get access to your information, lock you out, and hold it for ransom.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

man sat holding his face.
What makes you think I can pay this ransom when I can’t even pay my rent?
Photo by Wallace Chuck, please support by following @pexel.com

Payments Not Made

Being hit with a ransomware attack is insanely dangerous and many vital organizations such as hospitals and public services have experienced significant losses from it as not paying the ransom can halt access to critical care.

Paying the ransom can lead to a chain reaction of events, a few being loss of the money used in ransom payment, productivity time lost, and the need to hire IT for disaster and recovery. And choosing not to pay the ransom could lead to whatever consequences the hacker has set in place.

So, how do you stop your information from being held against you? Well, there are a number of ways, most of which are pretty basic and get overlooked every day since we’re all creatures of habit.

Avoid clicking on links sent via email or other messaging means, staying away from compromised websites, ones where you may get a warning from your browser which displays “This site is not secure and may be unsafe, turning back is recommended.” Heed this warning as it may save you and your computer from being hit with a drive-by download.

And the most likely out of the bunch, if you suffer from being attracted to shiny things as I do, are ads that may pop up on your screen. A malicious link could be hidden within the ad to redirect you to an un-secure site for some non-consent time for your computer.

person sat with a mask in a hoodie holding a bank card.
Subscribe today so you or someone you know doesn’t have to experience ransomware or I will gain access to all your secrets.
Photo by Tima Miroshnichenko, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you think there’s something I missed on ransomware and want to add? Script a comment below.

Security, Tech

Owls Up There with Fed Banking

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

To be or not to be…poor. That is the question. WAIT, WHY IS THAT EVEN A QUESTION!?
Photo by Andrea Piacquadio, please support by following @pexel.com

Let’s start this off by asking a simple question and this is something that many of you can relate to. How many of you enjoy having a bank account full of money? It’s safe to assume that almost everyone reading this script enjoys having a decent sum of money in their bank account.

I know that there may have been a very, very, very small few that might have said, “Money isn’t real, the real value of you isn’t in the form of numbers.” To them, I ask, if that is true then why is it that every time I get a bill, I spiral into a panic attack? Explain that one, however, you’re not wrong, that’s not the point being made here, so hush.

Suppose like in many situations, you check your account before going to sleep to confirm you have a decent amount, but when waking up you get an alert sounding like the accountant bit from South Park talking about your bank account, “Annnd, it’s gone. Your money, it’s all gone.” Let me script for you how this may have happened.

Dear sweet Satan’s cornhole…Z-Daddy was right. My accounts are at zero.
Photo by Andrea Piacquadio, please support by following @pexel.com

Halloween Gone Mobile

So, the numbers in your bank account are gone with the wind and you’re probably wondering how you got to this junction. Well, let me inform you that you may have been infected with a virus called SOVA.

SOVA is a virus designed for mobile phones, as you can predict this is mainly for Android phones, but iPhone users don’t think you’re safe. Your sweet saucy phone jack is just not on the menu for now.

SOVA, in case you were wondering means owl in Russian, the name was given because owls are nocturnal birds of prey, they’re silent, and like a slow jam from the 80s, they stalk and capture their prey. As you could have already guessed, this is Michael Myers of the animal kingdom, and it very well could be on your mobile device.

I don’t stalk my prey; they just don’t see me coming. Stop making a big woot…oh I saw what you did there.
Photo by Pixabay, please support by following @pexel.com

Night-time Owls, Day-time Collection

Outside of SOVA being given a cute name by the threat actor, the first version made its first appearance on the underground markets back in September of 2021. For those who don’t know what the underground markets are, they’re the “dark web” or may also be called the “dark net”. And before you ask, no, there is not an underground store in either of those areas.

SOVA was shown that it not only had the ability to collect usernames, passwords, and other information, but it also has an interesting function that will be brought up later. Trust me, you’re not going to like this. If you suffer from having trust issues with people, you’re really going to have it with your phone after reading this script.

No, no, no, annnnnnd now it’s gone. All of my money, it’s all gone.
Photo by Karolina Grabowska, please support by following @pexel.com

Intruder at Hand

Right now, you’re probably looking at your phone and thinking “I don’t trust you.” And you would be right since your phone is the main attack vector for this malware/virus/trojan. That’s right, viruses have pronouns too.

SOVA is distributed by a smishing attack, which is another form of phishing where the attacker is trying to bait you into clicking on a link for further malicious intent via text messaging.

Once the fake application is installed on the phone, it then sends the list of all applications installed on your device back to the command-and-control server (C2C), this is done with the intent for the attacker to then choose which app to target.

The attacker fires back the malware that can perform collecting keystrokes, steal cookies, intercept multi-factor authentication tokens, copy and paste, and add fake overlays for a range of apps.

But are you ready to have some major trust issues? This malware can perform actions like clicking, swiping, and pretty much interacting the same way as if you were using it. This is all done via the accessibility service, guessing this is the last time you’ll trust a handicap sign.

All of our accounts are wiped clean, if only we kept reading Scriptingthewhy.
Photo by energepic.com, please support by following @pexel.com

Panic, Pause, and Simple Steps

While this seems like the sky is falling and you’re never going to dance again because empty words have no rhythm. Though it’s easy to pretend, knowing this information will not make you a fool. Always be very careful when you download from a friend as this could be potential harm that you have been given.

A few other ways of preventing from downloading such malware are to make sure you check all of the details of the application such as reviews and how often the application is downloaded. Make sure you download from only trusted sources like the manufacturer’s store or from the app store.

Other practices are making sure your OS (Operating System), applications, and anti-virus software are up to date. Most of the ways to keep your devices and information safe are to follow simple best practices but most of the time the combination of “It’s our app and we want it now” and reading takes too much effort that exposes us to possible threats.

This is my third time this month getting a spa treatment, and it’s all thanks to those cursed scripts. Bless you Z-Daddy.
Photo by John Tekeridis, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like I may have missed something about SOVA? Script a comment below.