FreshRSS

🔒
❌ À propos de FreshRSS
Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierFlux principal

QNAP QLocker Recovery Walkthrough with QRescue Software

27 mai 2021 à 02:00

A Guide to Recovering Your NAS Files from the QLocker QNAP NAS Malware Attack

Good news for those of you whose QNAP NAS systems were affected by the QLocker Malware attack last month – a recoverable solution has been produced by QNAP on this (with assistance from 3rd party open source project PhotoRec) that, although a little long and technical, is a great deal more understandable than many QLocker solutions that have appeared yet. This new method does not need users to open SSH on their system and although there is a degree of command/code entry involved, it is moderately straightforward and will hopefully allow you to avoid paying the ransomware fee to recover files. This method centres around file recovery, rather than breaking the encryption, so like any data recovery practice, this is not going to be tremendously quick – i.e. it will be largely dictated by the volume of files that need recovery. It will be interesting to see how much QNAP HQ have learned from this Qlocker business, what can be done to avoid this in future and if QRescue and collaborative builds with recovery software like PhotoRec can build towards a standardized NAS tool that can be used more generally in recovery in the future. Nevertheless, below is the guide that was provided by QNAP and includes tools and links to resources that will help you get the recovery completed.

Important Note – Do not attempt this ‘casually’. This method is by no means as intrusive as other methods in the last few weeks that involved messaging with the encrypted files themselves but IS a guide you should be prepared to action from beginning to end in a single session – so make sure you have allowed a good stretch of time to do this! Additionally, you WILL need access to an external Hard Drive/SSD that is 1.5-2 times the size of the data you are trying to recover, as additional space is liked needed during the recovery of files before they are completed. Make sure the external drive is EMPTY as it WILL be formatted.

Step By Step Guide to Recovering Encryptioned QNAP NAS files from QLocker

Make sure your QNAP NAS is running normally and no firmware/restarts are scheduled during the process of running PhotoRec or QRescue on your NAS. Additionally, another reminder that the external HDD/SSD that you use for the recovered files from QLocker WILL be formatted during following these steps. This Guide covers:

  • Overview
  • Requirements

Steps

  • Part 1. Configure external HDD with the name “rescue” and create folders with the name “recup1” for recovery.
  • Part 2. Download and Manually Install the QRescue App
  • Part 3. Run PhotoRec
  • Part 4. Run QRescue
  • Part 5. Move the recovery data to your NAS.

Let’s begin.

Overview:

QRescue is the data recovery tool for Qlocker-encrypted 7z files. It contains:

  • PhotoRec (Open Source Project / GNU General Public License / Project Link):
    File recovery software designed to recover lost files from hard disks and CD-ROMs, and lost pictures (thus the Photo Recovery name) from the storage medium.
  • QRescue (Powered by QNAP):
    The script to recover file structures from the encrypted 7z files and PhotoRec files.

Requirements:

  • Download the QRescue app from this link.
    https://download.qnap.com/QPKG/QRescue.zip
  • Prepare an external hard disk drive with a capacity larger than the total used storage space on your NAS.
    • Note: It’s advised to prepare an external HDD with 1.5 to 2x free space than the total used storage space on your NAS. Additional space might be required during the recovery process. If the available space is less than the suggested value, error and other issues may occur.

Steps:

Part 1. Configure external HDD with the name “rescue” and create folders with the name “recup1” for recovery.

QRescue will process the recovery process to external drive first, and we need to do some configuration for this recovery process and create the specific destination and folder name.

  1. You need to prepare an external HDD that its usable capacity is larger than the total used storage size of your NAS. This is because you will recover the files to the external device first. Please check your used volume size first by clicking More > About on the QTS desktop.
  2. Insert the external drive to your NAS. Please go to Storage Manager > External Device > Select your external device > Click “Actions” > Click “Format” to format the external drive.
  3. The File System must be “EXT4”, and the Label name must be key in “rescue”. If these configuration is ready, please click “Format

    Notice:
    The QRescue app will use “rescue” as the external drive name. If you use other names, the recovery process might fail.
  4. (Optional) If you disable the admin account or you don’t use admin to login QTS, you might not see the external drive on the File Station. Please go to Control Panel > Privilege > Shared Folder > Edit Shared Folder Permission to enable or change read / write permission for “rescue” folder and to match the account that you log in the NAS.
    • Sample:
      Grant other administrator group account (Example: “_qnap_support” is the administrator group account for read/write permission to external hard drive naming “rescue”).

  5. Using File Station to check the volume for the correct external device name.
  6. Create the new folder and name as “recup1” (format: recup+{number}). If you have more than one storage volume, you need to add more folders for recovery.

    Notice:
    The QRescue app will use “recup+{number}” as the folder name. If you use other names, the recovery process might fail.

    Part 2. Download and Manually Install the QRescue App

    This QRescue app is a special build. Therefore, you need to manually install this app from the QTS App Center.

  7. Please go to this link to download the QRescue app.
    https://download.qnap.com/QPKG/QRescue.zip
  8. Please go to App Center > Click Install Manually > Click Browse to find the QRescue app location on your computer.
  9. After selecting the app location, you can click Install. Wait until the installation completes and open the QRescue app on QTS desktop or side-bar.
  10. When you open the QRescue app, you will see the web console. It can help to run PhotoRec and QRescue to recover your files.

    Part 3. Run PhotoRec

    Running PhotoRec can help you to recover the lost files from hard disks to the external drive. Now you will recover the NAS files to the “recup1” (example: recup+{disk_number}) folder on the external drive.

  11. Type this command and press Enter on your keyboard. You will start to run PhotoRec.
    Command:
    photorec
  12. Use Up/Down arrows to choose the hard drive. And you can start to select the NAS disk for running recovery by PhotoRec.
    • Sample:
      • /dev/mapper/cachedev1 as 1st data volume
      • /dev/mapper/cachedev2 as 2nd data volume
      • /dev/mapper/cachedev20 as 20th data volume
    • Note:
      You can check the number of data volumes in Storage & Snapshots > Storage/Snapshots
  13. Select the “ext4” partition and press “Enter
  14. Select the file system as [ ext2/ext3 ] and click “Enter” key.
  15. Select the space as [ Whole ] and click the “Enter” key.
  16. Now we need to select the external device’s folder as the recovery destination.
    • Source Destination: /share/external/DEV3301_01/qpkg/QRescue   [QRescue qpkg]
    • Recovery Destination: /share/rescue/recup1 [External Device]
    • Click “..” to go back to the upper level folder
      • Sample destination: External disk on QRescue app
      • Sample: External Device (name: rescue) > Destination Folder (name: recup1)
  17. Please click “C” on the keyboard when the destination is “/share/rescue/recup1”.
  18. Start to run the recovery process by PhotoRec. Now you can see the estimated time to completion.
  19. When you finish the PhotoRec, you can press enter when you select  [Quit] or type in “ctrl-c” to exit.

    Part 4. Run QRescue

    Run QRescue can help you to recover the files retrieved by PhotoRec. Now you will recover the files from the “recup+{number}” folder to the “restore+{number}” folder which auto creates on your external drive.

  20. Type this command and click Enter on your keyboard. You will start to run QRescue.
    Command:
    qrescue.sh
  21. (Optional) If you have two or more data volumes on your NAS, the screen will let you select which data volume you will start the process. Please type the number and press “enter”. If you only have one data volume, you might not see this step.

  22. (Optional) Now you can see the progress for which files were completed in the recovery process.
  23. When all of the QRescue process is completed, the screen will show the result summary and the process for sending the system log.
  24. QRescue app also will send the event log to QuLog Center / System Log and notify you on finishing the whole recovery process. If you have opened the QNAP support ticket, don’t forget to make the feedback for your case. QNAP support team will help you to double check. Thank you very much.

Part 5. Move the recovery data to your NAS.

You can move the recovery data to your NAS by File Station


 

So, did this QLocker recovery guide work for you? How did you find the PhotoRec and QRescue applications did their job? Let me know in the comments and share with others how well/poorly this guide helped you recover your files from ransomware encryption.

Alternatively, If you still need help choosing the NAS solution for your needs, use the NASCompares free advice section below. It is completely free, is not a subscription service and is manned by real humans (two humans actually, me and Eddie). We promise impartial advice, recommendations based on your hardware and budget, and although it might take an extra day or two to answer your question, we will get back to you.

 


Articles Get Updated Regularly - Get an alert every time something gets added to this page!


Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

Gelsemium: When threat actors go gardening

9 juin 2021 à 14:00

ESET researchers shed light on new campaigns from the quiet Gelsemium group

The post Gelsemium: When threat actors go gardening appeared first on WeLiveSecurity

BackdoorDiplomacy: Upgrading from Quarian to Turian

10 juin 2021 à 14:00

ESET researchers discover a new campaign that evolved from the Quarian backdoor

The post BackdoorDiplomacy: Upgrading from Quarian to Turian appeared first on WeLiveSecurity

Check Point Research publie son classement des malwares les plus actifs en mai 2021

22 juin 2021 à 14:12
Par : UnderNews

Classement Check Point Research – quels ont été les malwares les plus actifs au mois de mai 2021 ? Dridex sort du classement tandis que Trickbot se hisse en tête. Check Point Research constate que le Trojan Dridex, souvent utilisé dans les phases initiales des attaques de ransomware, a quasiment disparu après avoir été l'un des malwares les plus répandus des derniers mois.

The post Check Point Research publie son classement des malwares les plus actifs en mai 2021 first appeared on UnderNews.

Cyberattaque à Liège : les attaques par rançongiciel s’intensifient

23 juin 2021 à 11:53
Par : UnderNews

La ville de Liège fait l’objet d’une cyberattaque de grande ampleur. Les services administratifs de la ville sont bloqués laissant les Liégeois privés d’accès à leurs informations. Une attaque par rançongiciel serait à l’origine de l’attaque informatique qui a eu lieu lundi 21 juin au matin.

The post Cyberattaque à Liège : les attaques par rançongiciel s’intensifient first appeared on UnderNews.

WD My Book Live NAS – Remote Format Attack Reported

25 juin 2021 à 21:58

WD My Book NAS Devices Being Remotely Formatted

If you are reading this and you own a WD My Book or WD My Book Live Duo, then you might want to go check on it and maybe disconnect it from the internet for now. In the last 24+ hours, multiple users have reported that whilst trying to access their WD My Book NAS drive, they were barred entry with an ‘invalid password’ and mobile applications have ceased connectivity. Upon further investigation, they then find that their system has been completely formatted (ranging from directories, volumes and pools to in some cases everything) and all their data is now lost. This was originally raised over on the official WD Support blog here and not long after, multiple users at the same time have reported similar issues. Further examination of logs (once access to the system was possible) showed that remote access had been established to the system and a command to reset the system and storage be delivered. So what has happened? How did it happen and can the WD My Book Live data that people have lost be recovered?

How Did WD My Book Live NAS Drives Get Accessed Remotely

The WD My Book Live and My Book Live Duo are designed for access via the network and internet and were amoung some of WD’s first products for traditional NAS use, not just a HDD-on-the-internet, but have a GUI and dedicated CPU handling RAID, backups tasks and general system management. Remote access is conducted by accessing the NAS, through a firewall and via the official WD My Cloud Live servers (included with the cost of the device). However this remote access is what was used to push a command to the WD My Book Live system, executing the system reset with the following showing in the logs of the system )(from user Sunpeak on the WD Forums here)

Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script:
Jun 23 15:14:05 MyBookLive shutdown[24582]: shutting down for system reboot
Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start
Jun 23 16:02:29 MyBookLive _: pkg: wd-nas
Jun 23 16:02:30 MyBookLive _: pkg: networking-general
Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 MyBookLive _: pkg: date-time
Jun 23 16:02:31 MyBookLive _: pkg: alerts
Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive
Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api

Since this was originally raised yesterday, lots of users have followed reporting the same, clearly showing this is an orchestrated attack of WD My Book Live systems, with the additional sad note that there has been no ransom.txt or other ransomware style communication left – meaning this has been done with the pure intention to destroy people’s data! Pretty lousy stuff! Since then this has gained considerably traction on multiple websites and the details on the National Vulnerability database (click below) has been updated serval times:

 

How Has Western Digital Responded to the WD My Book Live Attack

The response from WD on this NAS attack has been remarkably swift, considerably faster than I have personally seen from other brands suffering similar circumstances in previous years, with official instruction and widespread notification on their platforms in considerably less than a day. WD Have stated on their Security Advisory pages:

WDC Tracking Number: WDC-21008
Product Line: WD My Book Live and WD My Book Live Duo
Published: June 24, 2021

Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.

Advisory Summary – At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device.
CVE Number:CVE-2018-18472

So, in short, WD believes this has been caused by the use of a remote command push to the WD My Book Live and WD My Book Duo Live NAS systems via an unpatched exploit on the system. They maintain that the issue is not caused from within their server-side, but are working on this right now to get to the bottom of it.

How Can A Vulnerability of the WD My Book Live Not Be Patching in a Firmware Update?

As previously mentioned, the WD My Book Live and My Book Live Duo were some of their earliest real NAS releases, as far back as 2010. Although these systems received numerous updates, the final update for this system was officially issued in 2015(see below)

Given the predicted life of hard drives, the lifespan of products and their broader commitment to customers, it is not unheard of that they would cease firmware updates on a product line after a given period of time (the same can be said of the majority of software-enabled hardware in our homes and business environment). However, this comes as little comfort to those data that has been deleted. Additionally, this is a vulnerability that was raised back in 2018 by ‘Wizcase’ and found on numerous ‘first generation’ NAS systems that were released in this period. At that time, WD responded to this officially with:

“The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012. These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle. We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device.”

Once again, there is a balance here that users need to keep in mind between reliance on the hardware purchased and the rigidity of a solution a considerable length of time since release, as well as the maintenance of backups in a robust data storage strategy. It will be interesting to see how WD respond to this situation as it unfolds.

Can The Lost Data on the WD My Book Live and My Book Live Duo Be Recovered?

As this has been a format conducted on the system as a whole, it makes the recovery of data on a Factory Reset/Wipred WD My Book Live very difficult! In previous cases of malware encryption or malicious data destruction, many users have taken advantage of the tremendously useful PhotoRec tool (previously featured in the QNAP Qlocker Recovery guides). PhotoRec is a file data recovery software designed to recover lost files including video, documents and archives from hard disks (as well as legacy storage media like CD-ROMs) and memory cards. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media’s file system has been severely damaged or reformatted. However, this is by no means full proof and does require a little more technical knowledge than many might have (with interfacing with the NAS in a software-accessible way being the first major hurdle). Here is an example of a PhotoRec recovery guide, but we are hoping quite soon for a more WD My Book Live specific guide with surface shortly.

Is My WD My Cloud or Regular WD My Book Direct Attach Storage Device Affected?

At this time there are no reports of this affecting the current generations of WD My Cloud, WD My Cloud Pro, WD My Cloud EX2 or WD My Cloud Sentinel Systems (which have far more recent firmware updates). Likewise, this will not affect WD My Book systems lack network/ethernet connectivity, as this lack both the means of communication and the software interface to inject the malicious command remotely.

 


Articles Get Updated Regularly - Get an alert every time something gets added to this page!


This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.   This description contains links to Amazon. These links will take you to some of the products mentioned in today’s video. As an Amazon Associate, I earn from qualifying purchases

Cybersécurité : comprendre le déplacement latéral et l’escalade des privilèges

2 juillet 2021 à 10:42
Par : UnderNews

D'après Gartner, d’ici à 2024, 50 % des organisations qui auront implémenté un modèle d'accès à privilèges éliminant les privilèges non définis éviteront 80 % des failles de sécurité par rapport à celles qui ne sont pas équipées en outil de gestion des accès à privilèges. Ces derniers sont en effet de plus en plus ciblés par les cybercriminels, qui se contentent rarement de leur ancrage initial une fois dans le réseau.

The post Cybersécurité : comprendre le déplacement latéral et l’escalade des privilèges first appeared on UnderNews.

Des Trojans Android volent des logins et mots de passe d’utilisateurs Facebook

2 juillet 2021 à 13:18
Par : UnderNews

Les analystes de Doctor Web ont détecté plusieurs applications malveillantes sur Google Play qui volent des logins et des mots de passe d’utilisateurs de Facebook. Ces Trojans-Stealers ont été diffusés sous le couvert d'applications inoffensives dont le nombre total d'installation a dépassé les 5 856 010.

The post Des Trojans Android volent des logins et mots de passe d’utilisateurs Facebook first appeared on UnderNews.

Bandidos at large: A spying campaign in Latin America

7 juillet 2021 à 11:30

ESET Research uncovers an active malicious campaign that uses new versions of old malware, Bandook, to spy on its victims

The post Bandidos at large: A spying campaign in Latin America appeared first on WeLiveSecurity

Les experts de Kaspersky prévoient une croissance du nombre d’attaques visant la vulnérabilité PrintNightmare

9 juillet 2021 à 10:43
Par : UnderNews

La semaine dernière, des chercheurs ont accidentellement publié l’expérimentation d'un exploit révélant une vulnérabilité critique du Windows Print Spooler, également connue sous le nom de PrintNightmare. Bien que l'exploit ait été rapidement retiré de GitHub, certains utilisateurs ont néanmoins réussi à le télécharger et à le repartager. 

The post Les experts de Kaspersky prévoient une croissance du nombre d’attaques visant la vulnérabilité PrintNightmare first appeared on UnderNews.

XLoader, un malware qui vole des identifiants sur macOS et Windows

24 juillet 2021 à 11:00

Un malware très populaire sur Windows, connu sous le nom de Formbook, dispose d'une variante nommée XLoader, capable de s'attaquer aussi bien à Windows qu'à macOS.

XLoader est conçu pour dérober des identifiants et des mots de passe sur les machines infectées, en collectant les informations enregistrées au sein des navigateurs (Chrome, Firefox, Opera, Edge, Internet Explorer) mais aussi des clients de messagerie (Outlook, Thunderbird, Foxmail). Mais attention, ce n'est pas tout ce qu'il sait faire...!

Il existe depuis février 2021 et ces derniers temps, sa popularité n'a cessé d'augmenter. Les chercheurs en sécurité de chez Check Point l'ont détecté dans 69 pays, même si plus de la moitié des victimes sont situées aux États-Unis.

Comment expliquer cette popularité ? Tout d'abord, parce que XLoader est un malware multiplateforme, car il est compatible Windows et macOS. Ensuite, parce qu'il s'agit d'un botnet qui ne s'appuie sur aucune dépendance, ce qui le rend facile à utiliser.

C'est grâce à un travail de reverse engineering qu'un lien a pu être fait entre les malwares Formbook et XLoader. En effet, l'exécutable serait le même, et le développeur de Formbook aurait contribué au développement de XLoader. Les fonctionnalités de ces deux logiciels malveillants sont les mêmes : voler des identifiants, prendre des captures d'écran, enregistrer la saisie au clavier, et exécuter des fichiers malveillants sur l'hôte infecté.

Dans la pratique, il est possible de louer XLoader pour un mois en l'échange de 49 dollars, pour la version MacOS, ce qui donne accès à un serveur fourni par les hackers. Concrètement, cette façon de faire permet aux hackers à l'origine de XLoader de garder la main sur l'infrastructure de serveurs C2 (Command and Control). Si vous souhaitez vous en prendre à des machines Windows, il faudra payer un peu plus cher : 59 dollars pour un mois. Pour trois mois, comptez 129 dollars.

XLoader - Génération d'un fichier JAR pour Windows ou macOS

Toujours d'après les chercheurs en sécurité de Check Point, XLoader est suffisamment furtif pour être difficilement détectable par un utilisateur lambda. D'ailleurs, même s'il a les mêmes fonctionnalités que FormBook, XLoader serait plus abouti et plus sophistiqué. Sur macOS, il est recommandé de supprimer les dossiers dans "/Users/<utilisateur>/Library/LaunchAgents" qui ont un nom aléatoire.

De manière générale, le gain en popularité de macOS en fait désormais une cible privilégiée par les hackers, en plus de Windows. Les chercheurs croient que de plus en plus de malwares seront mis à jour pour supporter macOS et cibler les appareils d'Apple.

Source

The post XLoader, un malware qui vole des identifiants sur macOS et Windows first appeared on IT-Connect.

Windows 11 : des fichiers d’installation malveillants circulent sur Internet !

25 juillet 2021 à 11:00

Depuis que Microsoft a annoncé Windows 11, le nouveau système d'exploitation est un sujet très à la mode ! Les pirates l'ont bien compris et veulent profiter de la situation. Des fichiers d'installation circulent sur Internet, sauf qu'ils intègrent des malwares en tout genre.

De nombreux utilisateurs veulent tester Windows 11, et pour cela, ils recherchent un fichier d'installation, généralement au format ISO, sur Internet. À force de chercher, on finit par trouver, mais malheureusement on peut trouver un fichier d'installation infecté par des malwares, qui n'a rien à voir avec un ISO officiel. C'est en tout cas ce qu'ont découvert des chercheurs en sécurité de chez Kaspersky.

Si vous exécutez le fichier d'installation de Windows 11 sur la machine depuis laquelle vous l'avez téléchargé, il va déployer sur votre machine des logiciels malveillants. Il peut s'agir de logiciels publicitaires, qui sont "inoffensifs" mais indésirables, mais également des malwares qui volent les mots de passe, ce qui est plus dangereux. L'éditeur Kaspersky en profite pour rappeler que ses solutions de sécurité ont déjà bloqué de nombreuses fois ces malwares.

Les chercheurs en sécurité citent l'exemple d'un installeur de Windows 11, d'une taille de 1,75 Go et qui prend l'apparence d'un installeur de Windows 11. Cependant, ce premier installeur a pour objectif de télécharger et d'installer un second installeur sur votre machine. Ce second installeur nommé "download manager for 86307_windows 11 build 21996.1 x64 + activator" affiche un contrat de licence et vous promet de télécharger Windows 11 et un activateur pour la licence. Ce qui ne sera pas le cas, bien sûr. Par contre, si vous acceptez, vous allez récupérer des malwares en tout genre sur votre PC, ainsi que des logiciels "sponsorisés".

Finalement, cette situation n'est pas surprenante. Il est bon de rappeler que si vous désirez télécharger et installer Windows 11, vous devez obtenir le fichier ISO par l'intermédiaire de la voie officielle : le programme Windows Insiders de Microsoft.

Il est gratuit, cela ne prend que quelques minutes à l'aide d'un compte Microsoft. Cet accès vous permettra d'obtenir un fichier ISO officiel de Windows 11 pour installer l'actuelle version Preview.

Source

The post Windows 11 : des fichiers d’installation malveillants circulent sur Internet ! first appeared on IT-Connect.

Trickbot, malware le plus actif au monde, pour le 2ème mois consécutif

31 juillet 2021 à 11:56
Par : UnderNews

Souvent utilisé dans les phases initiales des attaques par ransomware, Trickbot est le logiciel malveillant le plus répandu pour le deuxième mois consécutif. En France, il a opéré dans 6,31% des cyberattaques observées par Check Point.

The post Trickbot, malware le plus actif au monde, pour le 2ème mois consécutif first appeared on UnderNews.

Commentaire de Kaspersky sur le logiciel malware Pegasus

31 juillet 2021 à 11:59
Par : UnderNews

Une enquête réalisée par plusieurs médias met en lumière l’utilisation massive du logiciel espion Pegasus par des Etats pour cibler des journalistes, militants, avocats et responsables politiques, notamment en France. 

The post Commentaire de Kaspersky sur le logiciel malware Pegasus first appeared on UnderNews.

Rapport Deep Instinct sur les cybermenaces : augmentation de 800 % des attaques par ransomware depuis 2019

31 juillet 2021 à 12:03
Par : UnderNews

Deep Instinct a levé 240 millions de dollars à ce jour, ce qui permet à la société d'étendre considérablement ses capacités de commercialisation tout en étoffant ses équipes de recherche en apprentissage et de développement de produits, qui sont les meilleurs de leur catégorie, afin de mieux anticiper la prochaine vague de menaces.

The post Rapport Deep Instinct sur les cybermenaces : augmentation de 800 % des attaques par ransomware depuis 2019 first appeared on UnderNews.

No More Ransom fête ses cinq années de lutte contre les ransomwares

31 juillet 2021 à 12:29
Par : UnderNews

L'initiative No More Ransom, lancée en 2016 par des services de police spécialisés et des acteurs de la cybersécurité pour venir en aide aux victimes de ransomwares, fête ses cinq ans aujourd’hui. Les chiffres sont éloquents : 900 millions de dollars de profits illégaux ont été évités et plus de 6 millions de personnes ont téléchargé des outils de déchiffrement gratuits.

The post No More Ransom fête ses cinq années de lutte contre les ransomwares first appeared on UnderNews.

Un ransomware cible les Jeux Olympiques de Tokyo

31 juillet 2021 à 12:32
Par : UnderNews

Malgré la pandémie, les Jeux Olympiques de Tokyo ont finalement pu être lancés, avec un protocole sanitaire très strict. Mais le virus n’est pas le seul danger qui plane sur cette édition. La menace de cyberattaques est également très forte, à en croire la très récente mise en garde du Federal Bureau of Investigation (FBI), qui n’aura malheureusement pas tardé à devenir réalité puisque les organisateurs viennent de révéler avoir été victimes d’une attaque par rançongiciel.

The post Un ransomware cible les Jeux Olympiques de Tokyo first appeared on UnderNews.
❌