Tuesday, May 30, 2017

WannaCry : Remove and Recover infected devices.


WannaCry ransomware attack is a worldwide cyber attack that started on 12th may 2017. It is called Wannacryptor/WannaCry and it took the world by storm. WannaCry attack was basically designed to exploit the computers running on Microsoft windows. This worm uses the EternalBlue exploit to enter a computer, taking advantage of vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. Earlier this vulnerability was discovered by National Security Agency of USA, but instead of informing about the same, they built the EternalBlue exploit for their mischievous works. This vulnerability was then hacked by the group called “The Shadow Broker” and since then the virus has been on loose.

How does the WannaCry virus spreads?


WannaCry virus belongs to the Wcry ransomware family. WannaCry uses EternalBlue vulnerability that states SMBv1 protocol in various versions of Microsoft Windows accepts specially crafted packets from remote attackers that allow them to run any executable file on the system. As soon as this worm or the executable file gains excess of the computer, it makes a copy of itself and then executes itself. Once the worm or virus is running on the system, it will try to connect to the following the domains depending upon the version of the windows.


If the worm is able to connect to any of the domains then this virus would stop spreading across the network. Ultimately these domains act like a kill switch for initialization of the virus. WannaCry virus uses the AES-128 cipher to target a list of predefined file type extensions which includes the following:

.123, .3dm, .3ds, .3g2, .3gp, .602, .7z, .aes, .ai, .ARC, .asc, .asf, .asp, .avi, .backup, .bak, .bmp, .brd, .c, .cgm, .class, .cpp, .crt, .cs, .csr, .csv, .db, .dbf, .dch, .dif, .dip, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .edb, .eml, .fla, .flv, .frm, .gif, .gpg, .gz, .hwp, .ibd, .jar, .java, .jpeg, .jpg, .js, .jsp, .key, .lay, .lay6, .ldf, .m3u, .m4u, .max, .mdb, .mdf, .mid, .mkv, .mml, .mov, .mp3, .mp4, .mpeg, .mpg, .msg, .myd, .myi, .n, .nef, .odb, .odg, .odp, .ods, .odt, .ost, .otg, .otp, .ots, .ott, .p12, .PAQ, .pas, .pdf, .pem, .php, .pl, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .psd, .pst, .rar, .raw, .rb, .rtf, .sch, .sh, .sin, .slk, .sql, .sqlite3, .sqlitedb, .stc, .std, .stw, .suo, .swf, .sxc, .sxd, .sxm, .sxw, .tar, .tarbz2, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .vb, .vdi, .vmdk, .vmx, .vob, .vsd, .vsdx, .wav, .wb2, .wk1, .wks, .wma, .wmv, .xlc, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .zip.


The original WannaCry ransomware is signed as counterfeit messaging application and is distributed to the victims via emails, infected software’s and even malicious ads. All the data is encrypted using the “.wcry” extension. WannaCry also creates a ransom note named @Please_Read_Me@.txt and executables that launch the decryptor named @WanaDecryptor@.exe.

How to Remove WannaCry Virus from your computer?


This section will provide you with a brief tutorial on how to remove WannaCry using certain applications. While the applications can single handedly remove the infection on their own, but it is better to have double-coverage during the scan.
WannaCry ransomware virus can be removed from system by using a combination of certain programs and along with antivirus and anti-malware application.

It is a simp0le three step process. We will be using the following software to remove the virus:
          .      Rkill program
          .      Emsisoft Anti-Malware
          .      Malwarebytes Anti-Malware

RKILL Program: 

We use this program so as to terminate any program that may hinder in the removal process of any running activity. One can download the Rkill program using the below link

                     https://www.bleepingcomputer.com/download/rkill/

Save the downloaded file iexplore.exe on desktop. On running the file it automatically stops any process associated with Sysprotector Registry Cleaner Tech Support Scam and any other malware. The process may take some time and once the program is finished, the processing window will be closed and a log file will be generated. Review the log file and continue with the next step. “Do not restart your system after the Rkill task is completed”


EMSISOFT Anti-Malware:


Download the EMSISOFT software from the below link, and place it on the desktop. 






  • Once the file has been downloaded, double-click on the EmsisoftAntiMalwareSetup_bc.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway. 
  • Run the program on safe mode and install. You will need to follow regular instructions and go for trial version. Once the file is downloaded, all the virus definitions will be updated.
  • We strongly suggest that you select Enable PUPs Detection to protect your computer from nuisance programs such as toolbars and adware. File will now be installed.
  • Go the scan section and select the Malware scan. When the scan has finished, the program will display the scan results that shows what infections where found. Now click on the Quarantine Selected button, which will remove the infections and place them in the program's quarantine.
You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please “do not reboot the system”.


MalwareBytes Anti-Malware (MBAM): 

Download the MBAM program from the following link:


Now, Double-click on the file named as “named mb3-setup-1878.1878-3.0.6.1469.exe.” to run the file. This will start the installation of MBAM onto your computer. After the installation is complete make sure to check the Launch Malwarebytes Anti-malware checked. “Do not reboot even if asked to”.
  • MBAM will now start and you will at the main screen below.



  •         We now need to find the largest amount of malware and unwanted programs that is possible with malware bytes. Go to settings > protections > enable the scan for root kits.

  •     Select the Threat scan from scan tab and start scanning. All the virus updated will be downloaded automatically. Scanning might take some time, scanned results will be shown on    the desktop.
 



  •      View and Remove the displayed files (.wcry.exe) and Do not yet reboot the system”.                                          


     How to recover infected files from WannaCry virus?

  •     WannaCry worm works on the victim’s device by generating a pair of keys i.e. a public and private key for encryption and decryption purpose.
  •     After studying the behavior of the virus, patches have been provided by Microsoft so as to prevent further damage.
  •    Github, an open repository has provided couple of tools to recover the encrypted data. The tools are WannaKey and WannaKiwi. This uses one of another windows flaw and tries to generate the prime numbers used to encrypt the data. However, the catch is that the infected computers have not been turned off, which is very least of the possible cases. Though, the advancements can be used in future and help protect our computers for further such attacks.
              One may download the tools from below links:
                      WannaKey :-  https://github.com/aguinet/wannakey

                       WannaKiwi :- https://github.com/gentilkiwi/wanakiwi/releases

          Restoring files from Shadow Volume Copies

    •      Windows provide a facility to create shadow copies if the System Restore is enabled on our system. Windows create shadow copy snapshots that contain the copies of your file from the time System restore was enabled.

    •       Note: This method is not fool proof, though as even these files may not be encrypted, they also may not be the latest version of the file. Please note that Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7 & Windows 8. While the chances are small that these files are not infected by the worm, but it is worth trying.
                   The below link is help in this too.
         
          It is always said that prevention is better than cure. One must always be one step ahead and keep themselves updated at every level to secure our personal information. There are several applications and anti-viruses available in the market that not only detects but also quarantine the evil activity before it could even take place. Always keep your data backed up. Never open mails from un-trusted sources. Keep your eyes open. Safe surfing !!

    Friday, May 26, 2017

    Ethereum: A Revolution Based on Block Chain Technology

    What is Ethereum !!

    Ethereum is a open-source, distributed, public, block chain based network and provide platform that enables developers to build and deploy decentralized applications (DApps).

    The working of DApps is based on functionality of scripting which is called here "Smart Contract". The virtual machine which is responsible for distributed execution of these scripts or say smart contracts is called Ethereum Virtual Machine (EVM).It executes the scripts using an international network of public nodes.

    This international network of public nodes are compensated by crypto-currency called "Ether" for computation performed by them.

    The basics of working of Ethereum network is concept of smart contracts. Actually, smart contracts are business rules encoded in programs that execute themselves automatically under certain conditions. For example, funds are only transferred if the majority of owners have digitally signed off on a transaction.

    Such contracts can also be combined to form wholly digital firms that are not based anywhere in the real world, but on a “blockchain”, the sort of globally distributed ledger that underpins crypto-currencies such as bitcoin.

    Difference between Bitcoin and Ethereum :




    • The bitcoin blockchain is used to track ownership of digital currency (bitcoins), the Ethereum blockchain focuses on running the programming code of any decentralized application.
    • In the Ethereum blockchain, instead of mining for bitcoin, miners work to earn "Ether", a type of crypto token that fuels the network. Beyond a trade-able crypto-currency, Ether is also used by application developers to pay for transaction fees and services on the Ethereum network.
    • If we make analogy then Ethereum can be regarded as digital oil for Web 3.0 while bitcoin can be regarded as  Gold. 
    • Ethereum is a lot younger having only been started in 2014, whereas bitcoin began in 2009. Ether's market cap is at $18.6 billion versus bitcoin's $39.2 billion, according to coinmarketcap.com.


    Smart Contract :


    Smart contract is nothing more than a certain computer code built within the network and it is executed by computers or the nodes to update a open-ledger. Smart contract work on IF-THIS-THEN-THAT logic. When run on the blockchain, a smart contract becomes like a self-operating computer program that automatically executes when specific conditions are met.


    Because smart contracts run on the blockchain, they run exactly as programmed without any possibility of censorship, downtime, fraud or third party interference.

    Ethereum Virtual Machine (EVM) :


    Ethereum’s core innovation is the Ethereum Virtual Machine (EVM). It is a Turing complete software i.e. we can say it is a self operating virtual machine that runs on the Ethereum network. It enables anyone to run any program, regardless of the programming language given enough time and memory. 

    The Ethereum Virtual Machine makes the process of creating blockchain applications much easier and efficient than ever before. Instead of having to build an entirely original blockchain for each new application, Ethereum enables the development of potentially thousands of different applications all on one platform.

    Ether :



    Ether is the utmost necessary element for operating the distributed application platform Ethereum. It is a form of payment made by the clients of the platform to the machines executing the requested operations. We also can conclude that, ether is the incentive ensuring that developers write quality applications (wasteful code costs more), and that the network remains healthy (people are compensated for their contributed resources. So it works like a crypto-fuel for working of the Ethereum.


    At last, right now Ethereum is being used as a core by technology giants and corporations to develop customized blockchain​ models. such as Microsoft Corporation, JP Morgan Chase Co., Intel Corporation and Bank of New York Mellon Corp are associated with it.

    The formation of the Ethereum Enterprise Alliance in February 2017 and its subsequent expansion to 116 members recently has generated interest and excitement in the community.  

    Wednesday, May 24, 2017

    Concept Behind Working of Block Chain Technology


    Block Chain Technology is a burning topic of conversation now a days especially among new investors of crypto-currencies like Bitcoin etc. . So this article is dedicated to our series for concepts of Block Chain Technology and one of its application : Ethereum Project.

    This article is first one from the series considering the basic concept behind working of Block Chain Technology.

    Introduction : What is Block Chain Technology ?
    • As the name signifies, Block Chain is basically a chain of blocks which helps in securing the information transparently and securely. It is done by performing pre-programmed operations on that information.
    • The purpose of Block Chain Technology is to eliminate the need for “trusted” third parties such as payment processors like Banks in case of financial transactions. Block Chain records and stores every transaction that occurs in the network. Therefore, because of features like Transparency and Security a Bock Chain is regarded as "Open Ledger".
    • In a Block Chain, the network architecture is not a central server based for information storage and retrieval but it is Peer to Peer (P2P). When we view concept of working of P2P we may find that it is not a network of computers, but a network run on computers. The information is not stored in a central server but sliced and distributed all over the nodes thus making it distributed and highly secured. Due to this virtue it is more properly called a "Distributed Ledger"



    • As above mentioned features Open and Distributed Ledgers, Block Chain can be described a innovation as a “transfer of trust in a trust-less world” referring to the fact that the entities participating in a transaction are not necessarily known to each other yet they exchange value with surety and no third-party validation. 
    For this reason, the Block Chain is a potential game changer.

    Working : How Block Chain Works ?

    At its core, Block Chain is a database of all the transactions happening in the network. The main virtue of this database is that it is distributed i.e. it is not governed or maintained or stored by anyone party or single computer/server but it is stored on many computers all over the world. Each node have complete details of all the transaction happened in the network till date.

    To keep the transactions up to date, this database is constantly synchronized and for its security most sophisticated methods of cryptography are applied.

    It contains following 4 features :
    • Transparency - Being publicly available as open-ledger.
    • Distributed - Same information distributed among all nodes/participants.
    • Synchronized - All nodes/participants have updated and same information for each transaction using mining.
    • Secure - By concepts of Cryptography.

    Thus in short Block Chain works as a network of computers all of which must approve a transaction that has taken place before it is recorded in chain of computer codes. Whenever a new transaction is done, its details are recorded on the public ledger so that anyone on the network (Internet) can see and validate. 

    Let we take each of above features in detail to understand working of Block Chain Technology :

    1.  Open Ledger : 

    Block Chain provides chain of transactions which is available open and public. Thus everyone on the network can see that where is the money/resource and how much amount. As ledger is open i.e anyone on the network can see the details so by this everyone can validate any transaction and also authenticate the one.

    2. Distributed Ledger :

    It means each transaction detail is distributed among member nodes i.e each node on the network hold a copy of all the transactions instead of having just a centralized system. 

    For this it is must that all the copies of the ledger should be synchronized and all the participants must see the same copy/version of the ledger. This virtue leads to the third concept of the block chain.

    3. Concept of Mining :

    This is the concept behind synchronization or entry of each transaction into the ledger.

    Miners are special nodes which can hold the ledger. These minors compete with each other to add the transaction into the ledger. In case of any transaction (valid one) the minor has to calculate that if the sender has enough amount to send and then whoever minor makes its entry first into the ledger will be awarded some fraction of crypto-currency as processing fee.

    Whenever a sender (node) make transaction to any receiver (node) it broadcast the details of the same all over the network. Everyone on the network immediately see that some transaction is about to take place. Till the transaction is not added into the ledger, it is regarded as a invalidated one. And the concept of minors take place at this point.

    As already mentioned, the minors are the special nodes holding the ledger. The task of minor be to listen the transaction that is about to take place. They take this invalidated transaction and the task is to check validitity and put it into the ledger first. Whoever minor do this work first, is awarded a financial reward i.e. the fraction of crypto-currency as processing fee.

    To validate any transaction the minor has to find a special key, that will enable the minor to take the previous transaction. By accessing the previous transaction the minor matches details to its records and find if the the transaction can take place or not. (As like when we make NEFT to anyone bank first check our present balance.)

    By accessing the previous transaction the minor will be enabled to lock the new transaction. Here in finding the special key the minor gives its time and computational power because the key is random in nature. The minor repeatedly keep on guessing the key till it find the first key that matches. It is like a random puzzle. So whoever the minor do this work first, it get the financial reward. 

    Asap the minor find the key, he opens its own ledger and after validation make entry of the transaction block and publish the results all over the network. It means the minor authenticate the validity of the transaction and he publish the key that enables everyone on the network (including other minors) to add the transaction to their own ledgers.

    Conclusion :


    Thus we can conclude that a blockchain is a globally available "chain of blocks" which resides in a distributed computing architecture where every network node executes the same transactions (or records). The group of such authenticated transactions results into blocks. 

    These blocks become part of the global chain only when they satisfy the "rules" of the blockchain. The “rules” of the blockchain not only ensure that only one block can be added at a time but also ensure that every block contains a mathematical verification that justifies its existence with the previous block. 

    The mathematical proof guarantees that the blocks are not tampered by malicious third parties and thus provide security to the network.

    These “rules” allow everyone that is running the blockchain software to agree on every single block or say on every single transaction of the blockchain. The blocks that make up the blockchain are commonly termed as the Block-Chain’s “distributed database”.