WannaCry – Taking Ransomware Protection to Next Level

What is WannaCry?

A worldwide cyber-attack has been happening since Friday, affecting more than 200,000+ organizations in 150+ countries. The WANNACRY RANSOMWARE ATTACK has rapidly become the nastiest digital disaster to strike the internet, crippling transportation and hospitals globally. But, it progressively appears that it is not the work of hacker brains. Instead, cyber-security detectives see the recent breakdown of cyber-criminal scheme, which reveals amateur mistakes made at every steps.

How does Ransomware Work?

Ransomware is a kind of cyber-attack, in which, hackers take control of a computer system and block access to it until a ransom is paid. The cyber criminals need to download a type of malicious software onto a system within the network to gain access to the system. This is often done by making the victim click on a link or download it by mistake. Once the software gets into the victim’s computer, the hackers can launch an attack that will lock all the files it finds within the network. It tends to be a gradual process with files being encrypted one after the other.

Though the infection stage is somewhat different for each Ransomware version, the key stages are as follows:

• Initially, the victim gets an email that includes a malicious link or a malware attachment. Alternatively, the contagion can originate from a malicious website that delivers a security exploit to create a backdoor on the victim’s PC by using a susceptible software from the system.
• If the victim clicks on the link or downloads and opens the attachment, a downloader (payload) will be placed on the affected PC.
• The downloader uses a list of domains or C&C servers to download the Ransomware program on the system.
• The contacted C&C server responds by sending back the requested data.
• The malware then encrypts the entire hard disk content, personal files, and sensitive information. Everything, including data stored in cloud accounts (Google Drive, Dropbox) synced on the PC is encrypted by the malware. It can also encrypt data on other computers connected to the local network.
• Then a warning pops up on the screen with instructions on how to pay for the decryption key.

Taking Ransomware Protection to Next Level

One should take the threat of Ransomware seriously and do something about it before it smashes the data.

Here are few precautions to

Local PC:

Step 1: Do not store important data only on your PC. Take 2 backups of data: on an external hard drive and in the cloud – Dropbox/Google Drive/etc.

Step 2: The Dropbox/Google Drive/OneDrive/ applications should not be turned on by default.

Step 3: Turn off macros in the Microsoft Office suite – Word, Excel, PowerPoint, etc.

In the browser:

• Block and set the plugins to ask for permissions for the following plugins from the browser: Adobe Flash, Adobe Reader, Java and Silverlight and activate the plugins when needed.
• Adjust the browsers’ security and privacy settings for increased protection.
• Update all outdated plugins and add-ons from my browsers.
• Use an ad-blocker to avoid the threat of potentially malicious ads.

Online Behaviour:

• Never open spam emails or emails from unknown senders.
• Never download attachments from spam emails or suspicious emails.
• Never click links in spam emails or suspicious emails.
• Use Anti-ransomware security tools such as Norton, Bitdefender, Kaspersky, Trend Micro Internet Security, Zemana Anti-malware.
• Use a reliable, paid antivirus product that includes an automatic update module and a real-time scanner.

“Should I pay the ransom or not?”

The answer is a big NO.

Paying the ransom does not give guarantee that the online criminals at the other end of the Bitcoin transfer will give the decryption key. And even if they do, there will be further greedy attacks, which will become a never-ending malicious cycle of cyber-crime.

Putting things into perspective, 1 out of every 4 cyber-crime victim who paid the ransom didn’t get their data back. They lost both the information and their money.

How to get the data back without paying the ransom?

There are many versions and types of Ransomware, but cyber security researchers are working round the clock to break the encryption that at least some of them use. There are many other cryptoware strains that are well coded and only specialists are able to crack.

Not sure if your system in secure? Don’t Worry!!

Our Security Testing experts will guide You

To recover the data without funding Ransomware creators, we have put together a significant list of Ransomware decryption tools which can be used.

• OpenToYou
• Globe3 decryption tool
• Dharma Decryptor
• CryptON
• Alcatraz
• HiddenTear
• NoobCrypt
• CryptoMix/CryptoShield decryptor
• Damage ransomware
• .777 ransomware
• 7even-HONE$T
• .8lock8 ransomware decrypting tool
• 7ev3n decrypting tool
• Agent.iih
• Alma decrypting tool
• Al-Namrood
• Alpha
• AlphaLocker
• Apocalypse
• ApocalypseVM
• Aura
• AutoIt
• Autolocky
• Badblock
• Bart decrypting tool
• BitCryptor
• BitStak
• Chimera
• CoinVault
• Cryaki
• Crybola
• CrypBoss
• Crypren

• Crypt38
• Crypt888
• CryptInfinite
• CryptoDefense
• CryptoHost
• Cryptokluchen
• CryptoTorLocker
• CryptXXX
• CrySIS decrypting tool
• CTB-Locker Web
• CuteRansomware
• DeCrypt Protect
• Democry decrypting tool
• DMA Locker decrypting tool + DMA2 Locker decoding tool
• Fabiansomware
• FenixLocker
• Fury decrypting tool
• GhostCrypt decrypting tool
• Globe / Purge
• Gomasom
• Harasom
• HydraCrypt
• Jigsaw/CryptoHit
• KeRanger
• KeyBTC
• KimcilWare
• Lamer decrypting tool
• LeChiffre
• Legion
• Linux.Encoder
• Lock Screen ransomware
• Locker
• Lortok

• MarsJoke
• Manamecrypt
• Mircop decrypting tool + alternative
• Merry Christmas / MRCR decryptor
• Nanolocker
• Nemucod
• NMoreira ransomware
• ODCODC
• Operation Global III Ransomware
• Ozozalocker ranomware decryptor
• PClock
• Petya
• Philadelphia
• PizzaCrypts
• Pletor
• Pompous
• PowerWare / PoshCoder
• Radamant
• Rakhni
• Rannoh
• Rector
• Rotor
• Scraper
• Shade / Troldesh
• SNSLocker
• Stampado
• SZFlocker
• TeleCrypt
• TeslaCrypt
• TorrentLocker
• Umbrecrypt

Please read about how these tools work before using it as a solution.

Do keep in mind that decryptors could become outdated due to constant updates and new versions released by cyber criminals. This is a never-ending battle, which is why we should focus on prevention and having multiple backups for your data.

API Testing of Online Communication App

http://www.indiumsoft.com/casestudy/integrated-api-testing.pdf

Successfully implemented QA Methodology and process

Game Testing; Not as Easy as It Sounds!

Gaming!!!! Be it online, mobile, console or PC games, it is a multi-billion-dollar industry and it is not child’s play. Hence, expert-level game testing is extremely important for game’s success. Games that are built exclusively for mobile are very much different than the web-based games, which in turn are completely different from console or PC games. Nevertheless, quality of the game is critical irrespective of the media platform.

Modern gaming industry has become more sophisticated over a period of time and this has been made possible by all those passionate game developers and testers, who work tirelessly, to add new magnitudes to it. They contribute to the fact why game testing is a much more serious endeavor.

The gaming industry is all set for the ninth generation of consoles and games, with new and advanced features. This sets up a high standard for test requirement. As always, the game testers need to access the game, to test its functionality and performance but with new and updated testing techniques.

A high-quality game purposes to exceed the expectations of the players, throwing enough challenges to make the game-play interesting. It also tested to pass the cross-platform performance standards without negotiating the player’s privacy and security.

Here are a few common challenges faced by game testers: 

Testing Multiplayer Feature

This can be a big challenge particularly when players are emulated or when the players aren’t in the same room and rather playing from whole different geographies. Multiplayer games are very challenging to test, tough to debug, can contain issues that are nearly impossible to break.

To mitigate this challenge, the game should be made sure for its robust design. Some best game development frameworks like Unity, Unreal etc. can be used, which has been unit tested on at least one devices. Adapt user testing for evaluating multiplayer game. But in addition to that, load testing is required. Load testing can be performed by either having a large beta population, simulated users, or both.

Game Authenticity Challenges

It is never forgivable to have an insecure authentication system. No gamer would ever want their saved game or high score crumbled just because of poor security.

“Imagine after spending sessions worth of time, perhaps dollars on buying the weapons and gears, unlocking the difficult levels your user credentials get misused and all your saved data get lost”

And weapons!!!!!

Oh No!!!

So it is the tester’s job to find out these bugs and take care of them. Before game play, a game needs to be authenticated properly. There are a few authentication options, and some can be used in combination with others. These can be User authentication, Device Authentication or Social authentication. These methods will match the information against a database allowed for players and make the game more secured.

Testing Across Various Game Engines

It is said that choosing a right game engine frequently proves to be the first step in deciding the success or failure of a game. With the arrival of so many game platforms over the past few years and the release of the latest generation of consoles such as Play Station 4, Microsoft Xbox One, Nintendo Switch, Oculus and Wii U, selecting the right game engine can be difficult. With so many game engines available for each of these platforms, it can be a hair-pulling moment for a game tester. For Example, many PlayStation games are developed using GameMaker game engine while most online casinos like Mansion Casino prefer PlayTech!

Although this is a decision that is often taken by the game studio executives and lead programmers, as a game tester should be trained and should ready to test most of these latest game engines and platforms.

Ensuring Accurate Social Integration

It was not too long back when Facebook introduced social media games and in 2013 when the launch of Wii U (and Miiverse that came with it) made it obvious that social integration and social media as a whole were going to play a major role in video games over the coming years. Today, the video games are becoming increasingly more connected to various social networks, but this also means that as game testers you will have to be even more attentive.

Social media can be a double-edged sword; if used intelligently, it can not only serve as a way to bring together like-minded gamers into a closely knit community but also be a great way for the companies to push their products (gaming accessories, weapons, gears etc) to targeted and loyal gamers. However, if done poorly it can be the end of the game and the gaming studio! Hence, as the game tester you need to make sure that the social integration is accurate, and is able to be interesting to the demography that your game is targeting.

Game’ Ability to withstand Concurrent Load

No testing is complete without a round of load testing before the product is launched and it applies to Game Testing as well. With more and more network based games emerging every day, the focus is shifting to MMO and MORPG games. The game should be tested to withstand real-time concurrent load before it is shipped. Load testing should be done to achieve consistent performance across all hardware/software/platform/device combinations that your target audience might use.

The first challenge faced is security when setting up a test facility for console games. With high stakes involved in console games, security concern becomes a big point that must be taken care of.  MMO Performance Testing addresses scaling of games to thousands of users at the same time and ensures the security of the games from external attacks and vulnerabilities across different multi-player genres

That’s all folks!!!
We will discuss further about game testing in our upcoming blogs.
Subscribe now if you want to stay updated.