Report: 2.5 million people fell victim to ransomware last year, up 11% from 2016

istock-645374756.jpgThe number of people who reported encounters with ransomware worldwide in the past year rose from 2.3 million to nearly 2.6 million—an 11.4% increase, according to a report released Monday from Kaspersky Lab.

Mobile ransomware, in particular, continues to be a concern, with 218,625 mobile Trojan-Ransomware installation packages detected in the first quarter of 2017 alone—3.5 times more than the previous quarter, the report found. However, the total number of users targeted by mobile ransomware fell by 4.6% between this year and last year, the report noted.

Kaspersky Lab examined security data from April 2016 to March 2017 and compared it with data gathered the previous year. And these attacks are most common in wealthy countries, with the US experiencing the highest percentage of mobile users attacked with mobile ransomware, followed by Canada, Germany, and the UK.

“Despite a small reprieve, the mobile threat landscape is still arousing anxiety, as criminals target nations with developed financial and payment infrastructures,” according to a press release announcing the report. “Developed markets not only have a higher level of income, but also more advanced and widely used mobile and e-payment systems that can be easily compromised.”

SEE: Cyber Security Volume I: Hackers Exposed (TechRepublic Academy)

In the US, the rise of mobile attacks came primarily from the Svpeng and Fusob malware families, the report noted. Germany was the country with the highest percentage of mobile users attacked the year before, but the US shifted from fourth to first position this year, with almost 19% of users attacked.

“These geographical changes in the mobile ransomware landscape could be a sign of the trend to spread attacks to rich, unprepared, vulnerable or yet unreached regions,” said Roman Unuchek, security expert at Kaspersky Lab, in a press release. “This obviously means that users, especially in these countries, should be extremely cautious when surfing the web.”

Kaspersky Lab offered the following seven tips to combat ransomware:

It’s clear that prevention is the superpower that defeats cryptomalware. Learn more about the timeline of a cryptor attack and follow the 10 steps we recommend to ensure that you can prevent an attack from sidelining your company.

eBooks provided by Kaspersky Lab

1. Back up data regularly, and always keep software updated on all devices.

2. Use a reliable security solution that protects against ransomware.

3. Treat email attachments, or messages from people you don’t know, with caution. If in doubt, don’t open it.

4. If you fall victim to an encryptor, use a clean system to check the No More Ransom site for a decryption tool that could help get your files back.

5. Educate employees and IT teams; keep sensitive data separate; restrict access; and backup everything, always.

6. Download Kaspersky Lab’s free anti-ransomware tool for your business, regardless of the security solution installed.

7. Report any ransomware attack to your local law enforcement agency, as these attacks are criminal offenses.

Windows 10 Source Code Leaked

Image result for Windows 10 Source Code LeakedMicrosoft has confirmed that a portion of the source code for Windows 10 has leaked online. The leak, containing software elements not normally visible to the public, may represent an opportunity for hackers to uncover and exploit security weaknesses.

The leak was originally reported by U.K. tech site The Register, which described the leaked files as “a massive trove” including both code for USB and Wi-Fi modules, and full unreleased builds of Windows 10 and Windows Server 2016. The Register claimed the trove was stolen from Microsoft as recently as March.

Get Data Sheet, Fortune’s technology newsletter.

However, The Verge has contradicted part of that assessment, claiming that the leak is “relatively minor.” Much of the leaked material has already circulated outside of Microsoft, as part of code packages regularly shared with development partners and other customers.

However, there is worrisome evidence that the content came from hacks of Microsoft’s network. The Verge points to the arrest this week of two men in England accused of hacking Microsoft, and Ars Technica received unconfirmed reports of a hack on Microsoft in March.

The files have since been removed from Beta Archive, a collection of abandoned or incomplete software, where they originally surfaced.

[“Source-fortune”]

ISRO to Launch 31 Satellites on Friday, Including Cartosat-2

ISRO to Launch 31 Satellites on Friday, Including Cartosat-2

HIGHLIGHTS
India will launch 31 satellites with its PSLV rocket
Total weight of all the 31 satellites is about 955kg
Rocket will sling the satellites into a 505km polar sun sunchronous orbit
India on Friday will launch its earth observation satellite Cartosat-2 series weighing 712kg and 30 co-passenger satellites (29 foreign, one Indian) with its rocket Polar Satellite Launch Vehicle (PSLV), the Indian space agency said on Tuesday.

According to Indian Space Research Organisation (ISRO), the PSLV rocket’s XL variant is expected to lift off on Friday morning at 9.29am from the Sriharikota rocket port.

The 30 satellites will together weigh 243kg and the total weight of all the 31 satellites, including Cartosat, is about 955kg, ISRO said.
The rocket will sling the satellites into a 505km polar sun sunchronous orbit (SSO).

The co-passenger satellites comprise 29 nano satellites from 14 countries – Austria, Belgium, Britain, Chile, Czech Republic, Finland, France, Germany, Italy, Japan, Latvia, Lithuania, Slovakia, and the US as well as one Indian nano satellite.

The 29 international customer nano satellites are being launched as part of the commercial arrangements between ISRO’s commericial arm, the Antrix Corporation Ltd and the international customers.

[“Source-ndtv”]

SpaceX Successfully Launches Iridium Satellites Into Orbit Atop Falcon 9

SpaceX Successfully Launches Iridium Satellites Into Orbit Atop Falcon 9

SpaceX Successfully Launches Iridium Satellites Into Orbit Atop Falcon 9Photo Credit: SpaceX
HIGHLIGHTS
SpaceX has succeeded in landing a Falcon 9 first-stage booster
Falcon 9 blasted off carrying 10 satellites for Iridium Communications
It was the second series of Iridium satellites launched by SpaceX
The American company SpaceX on Sunday successfully placed 10 satellites for the communications company Iridium into orbit using a Falcon 9 rocket.

After launching as scheduled from the Vandenberg Air Force Base in California at 1:25pm local time (8:25pm GMT or 1:55am IST), the Falcon 9’s first stage returned less than eight minutes after taking off.

As planned, it landed on a barge floating in the Pacific Ocean.

SpaceX has successfully landed multiple rockets on both land and water, as part of its effort to bring down the cost of space flight by re-using multimillion dollar components instead of jettisoning them in the ocean after launch.
It was the second series of Iridium satellites launched by SpaceX, after a set of 10 were delivered in January.

In total SpaceX, which is headed by billionaire entrepreneur Elon Musk, will launch a series of 75 satellites for Iridium’s satellite constellation, Iridium NEXT by 2018.

The $3 billion (roughly Rs. 19,350 crores) project is a bid to upgrade the Virginia-based Iridium’s global communications network.

[“Source-ndtv”]

LinkedIn app for Windows 10 Mobile gets a stealth “upgrade”

Earlier this month we reported on the disappearance of the LinkedIn app for Windows 10 Mobile from the Windows Store.

Microsoft never made an official announcement regarding the disappearance of the app, but we assumed Microsoft intended Windows Phone users to use the Edge browser to access their own enterprise social network.

It seems this was not far off the mark, even when the app has recently been updated.

We have received a number of messages today, and there have also been other posts on various web forums, that the app, which can still not be found in the Windows Store, has been updated.

The new app has a whole new look, and closer scrutiny reveals the old app has been replaced with a link to the LinkedIn Mobile website, still prominently displaying a banner linking to the Google Play Store urging users on more vibrant platforms to download “a faster” mobile app.

Beggars can of course not be choosers, and we assume after paying $26.2 billion for LinkedIn Microsoft did not have any spare change left to develop a proper UWP app.

The LinkedIn app for Windows 10 Mobile can not be found (but may make a reappearance) at the link below.

[“Source-mspoweruser.”]

Tim Sweeney is positively steam-ed about Microsoft’s Windows Cloud operating system

Image result for Tim,Sweeney,is,positively,steam-ed,about,Microsoft’s,Windows,Cloud,operating,system

Yesterday, we reported on Windows Cloud — a new version of Microsoft’s Windows 10 that’s supposedly in the works. Windows Cloud would be limited to applications that are available through the Windows Store and is widely believed to be a play for the education market, where Chromebooks are currently popular.

Tim Sweeney, the founder of Epic and lead developer on the Unreal Engine, has been a harsh critic of Microsoft and its Windows Store before. He wasted no time launching a blistering tirade against this new variant of the operating system, before Microsoft has even had a chance to launch the thing.

With all respect to Tim, I think he’s wrong on this for several reasons. First, the idea that the Windows Store is going to crush Steam is simply farcical. There is no way for Microsoft to simply disallow Steam or other applications from running in mainstream Windows without completely breaking Win32 compatibility in its own operating system. Smartphone manufacturers were able to introduce the concept of app stores and walled gardens early on. Fortune 500 companies, gamers, enthusiasts, and computer users in general would never accept an OS that refused to run Win32 applications.

The second reason the Windows Store is never going to crush Steam is that the Windows Store is, generally speaking, a wasteland where software goes to die. The mainstream games that have debuted on that platform have generally been poor deals compared with what’s available on other platforms (like Steam). There’s little sign Microsoft is going to change this anytime soon, and until it does, Steam’s near-monopoly on PC game distribution is safe.

Third, if Microsoft is positioning this as a play against Chrome OS, Windows Cloud isn’t going to debut on high-end systems that are gaming-capable in the first place. This is a play aimed at low-end ARM or x86 machines with minimum graphics and CPU performance. In that space, a locked-down system is a more secure system. That’s a feature, not a bug, if your goal is to build systems that won’t need constant IT service from trojans, malware, and bugs.

Like Sweeney, I value the openness and capability of the PC ecosystem — but I also recognize that there are environments and situations where that openness is a risk with substantial downside and little benefit. Specialized educational systems for low-end markets are not a beachhead aimed at destroying Steam. They’re a rear-guard action aimed at protecting Microsoft’s educational market share from an encroaching Google.

 

 

[Source:- Extremetech]

Who makes the most reliable hard drives?

blog-lifetime-by-drive-size

Backblaze is back again, this time with updated hard drive statistics and failure rates for all of 2016. Backblaze’s quarterly reports on HDD failure rates and statistics are the best data set we have for measuring drive reliability and performance, so let’s take a look at the full year and see who the winners and losers are.

Backblaze only includes hard drive models in its report if it has at least 45 drives of that type, and it currently has 72,100 hard drives in operation. The slideshow below explains and steps through each of Backblaze’s charts, with additional commentary and information. Each slide can be clicked to open a full-size version in a new window.

Backblaze has explained before that it can tolerate a relatively high failure rate before it starts avoiding drives altogether, but the company has been known to take that step (it stopped using a specific type of Seagate drive at one point due to unacceptably high failure rates). Current Seagate drives have been much better and the company’s 8TB drives are showing an excellent annualized failure rate.

Next, we’ve got something interesting — drive failure rates plotted against drive capacity.

The “stars” mark the average annualized failure rate for all of the hard drives for each year.

The giant peak in 3TB drive failures was driven by the Seagate ST3000DM001, with its 26.72% failure rate. Backblaze actually took the unusual step of yanking the drives after they proved unreliable. With those drives retired, the 3GB failure rate falls back to normal.

One interesting bit of information in this graph is that drive failure rates don’t really shift much over time. The shifts we do see are as likely to be caused by Backblaze’s perpetual rotation between various manufacturers as old drives are retired and new models become available. Higher capacity drives aren’t failing at statistically different rates than older, smaller drives, implying that buyers don’t need to worry that bigger drives are more prone to failure.

The usual grain of salt

As always, Backblaze’s data sets should be taken as a representative sample of how drives perform in this specific workload. Backblaze’s buying practices prioritize low cost drives over any other type, and they don’t buy the enterprise drives that WD, Seagate, and other manufacturers position specifically for these kinds of deployments. Whether or not this has any impact on consumer drive failure rates isn’t known — HDD manufacturers advertise their enterprise hardware as having gone through additional validation and being designed specifically for high-vibration environments, but there are few studies on whether or not these claims result in meaningfully better performance or reliability.

 

Backblaze’s operating environment has little in common with a consumer desktop or laptop, and may not cleanly match the failure rates we would see in these products. The company readily acknowledges these limitations, but continues to provide its data on the grounds that having some information about real-world failure rates and how long hard drives live for is better than having none at all. We agree. Readers often ask which hard drive brands are the most reliable, but this information is extremely difficult to come by. Most studies of real-world failure rates don’t name brands or manufacturers, which limits their real-world applicability.

 

[Source:- Extremetech]

Nintendo stands by Switch’s sparse

3DS-Sales

Nintendo released its annual financial report this week, and president Tatsumi Kimishima defended the Switch’s sparse launch lineup, along with giving additional details on Nintendo’s mobile and console business performance. The Switch’s software lineup has been widely criticized for its unusually small size. Kimishima attempted to push back against this argument, saying:

Our thinking in arranging the 2017 software lineup is that it is important to continue to provide new titles regularly without long gaps. This encourages consumers to continue actively playing the system, maintains buzz, and spurs continued sales momentum for Nintendo Switch. April 28 Spring, 2017 Summer, 2017 For that reason, we will be releasing Mario Kart 8 Deluxe, ARMS, which is making its debut on the Nintendo Switch during the first half of 2017, and Splatoon 2, which attracted consumers’ attention most during the hands-on events in Japan, in summer 2017.

The problem with this argument is that the Switch’s lineup is painfully thin, no matter how Nintendo tries to paper over the issue. The North American Switch will launch with 10 titles:

  • 1-2 Switch
  • The Binding of Isaac: Afterbirth+
  • Human Resource Machine
  • Just Dance 2017
  • The Legend of Zelda: Breath of the Wild
  • Little Inferno
  • I am Setsuna
  • Skylanders: Imaginators
  • Super Bomberman R
  • World of Goo

The Wii U launched with 32 titles, while the PS4 had 25 and the Xbox One had 22. Clearly launch titles alone don’t make or break a console, or the Wii U would’ve beaten both its rivals. But consumers do tend to treat launch support as indicative of overall developer buy-in.

What’s perhaps more worrying is the way this problem doesn’t resolve through the end of 2017. There are more games coming through the rest of the year (17 in total), but comparatively few top-franchise games. Mario Kart 8 Deluxe is a warmed-over refresh of a two-year-old game, and Splatoon doesn’t have the mass market appeal of a Mario or Pokemon game. Super Mario Odyssey is the biggest post-launch game for Switch with a 2017 launch date, and it won’t drop until the holiday season. When you combine the weak game lineup with the high price ($300), accessory costs, and lack of a bundled game, it’s hard to make a strong argument for the handheld — especially since Nintendo remains resolute that the Switch isn’t a handheld at all.

This graph helps explain why. Nintendo sold roughly 2.1 million 3DS devices in 2016 in the US alone (Wikipedia estimates CY 2016 sales at 7.36 million devices worldwide). That’s vastly better than the Wii U, which saw a complete sales collapse this year, even in comparison with its previous anemic performance. As we’ve previously speculated, Nintendo literally can’t afford to quit on the 3DS, particularly with the Switch’s long-term sales strength so uncertain. The company continues to insist that the Switch and 3DS will exist concurrently, with separate libraries of games and different price points.

We suspect that this is little more than convenient fiction. Nintendo has proven perfectly happy to mislead the public about its plans in the past, arguing that the Nintendo DS wasn’t a replacement for the original Game Boy line, and more recently claiming that the Wii U would remain in production for the rest of the year when it ended hardware manufacturing well before that point. In both cases, the company was hedging its bets, giving itself room to pivot if a product didn’t take off. The monstrous success of Pokemon Sun and Moon explains the difference between FY 2016 and FY 2017 software sales for the 3DS — and also why Nintendo won’t step away from its established handheld until it knows it has a suitable replacement available. This  could prove to be a mistake; the Switch’s capabilities position it much more effectively as a high-end handheld than as a living room console.

If the Switch sells well, Nintendo can introduce a cost-reduced version that would compete more directly against the 3DS at a later point, if needed. Both platforms will remain in market through 2017, with more games arriving for 3DS throughout the year.

Nintendo also acknowledged it has had some trouble converting Super Mario Run’s success into sales. While 78 million people have downloaded the game, the conversion rate is reportedly ~5%. That’s still an entirely respectable four million paying customers, but Nintendo seems to have had higher hopes for its first mobile title. Given that Super Mario Run actually has an up-front price tag rather than a micropayment system, 5% conversion rates sound fairly solid to us.

Finally, Nintendo confirmed that it continues to have trouble stocking the NES Classic Edition, but still managed to sell 1.5 million of the consoles through the holiday season. Considering that store fronts still can’t keep the system in stock for more than a few minutes at a time, the company severely underestimated demand here.

 

 

[Source:- Extremetech]

Squirrel ‘threat’ to critical infrastructure

Grey squirrel

The real threat to global critical infrastructure is not enemy states or organisations but squirrels, according to one security expert.

Cris Thomas has been tracking power cuts caused by animals since 2013.

Squirrels, birds, rats and snakes have been responsible for more than 1,700 power cuts affecting nearly 5 million people, he told a security conference.

He explained that by tracking these issues, he was seeking to dispel the hype around cyber-attacks.

His Cyber Squirrel 1 project was set up to counteract what he called the “ludicrousness of cyber-war claims by people at high levels in government and industry”, he told the audience at the Shmoocon security conference in Washington.

Squirrels topped the list with 879 “attacks”, followed by:

  • birds – 434
  • snakes – 83
  • raccoons – 72
  • rats – 36
  • martens – 22
  • frogs – three
  • He concludes that the damage done by real cyber-attacks – Stuxnet’s destruction of Iranian uranium enrichment centrifuges and disruption to Ukrainian power plants being the most high profile – was tiny compared to the “cyber-threat” posed by animals.

    Most of the animal “attacks” were on power cables but Mr Thomas also discovered that jellyfish had shut down a Swedish nuclear power plant in 2013, by clogging the pipes that carry cool water to the turbines.

    He also discovered that there have been eight deaths attributed to animal attacks on infrastructure, including six caused by squirrels downing power lines that then struck people on the ground.

    Mr Thomas – better known as SpaceRogue – set up Cyber Squirrel 1 as a Twitter feed in March 2013 and initially collected information from Google alerts.

  • It has since evolved into a much larger project – collecting information from search engines and other web sources.

    Mr Thomas only collected reports compiled in the English language and admitted that he was probably only capturing “a fraction” of animal-related power cuts worldwide.

    “The major difference between natural events, be they geological, meteorological or furry, is that cyber-attacks are deliberate orchestrated by humans,” said Luis Corrons, technical director of security firm PandaLabs.

    “While natural disasters are taken into account when critical infrastructure facilities are built, that’s not the case with computers. Most critical facilities were never designed to connect to the rest of the world, so the kind of security they implemented was taking care of the physical world surrounding them.

    “The number of potential attackers is growing, the number of potential targets is also going up. So we all need to reinforce our defences to the maximum – and also worry about squirrels.”

 
[Source:- BBC]

Porn videos streamed ‘via YouTube loophole’

YouTube logo

Adult video websites appear to be exploiting a YouTube loophole to host explicit material on the platform.

News site TorrentFreak found some sites had uploaded videos that did not show up on YouTube, but could be viewed on third-party websites.

The exploit allows a website to host its video library for free, using Google’s server space and bandwidth.

YouTube told the BBC its policies “prohibit sexually explicit content like pornography”.

Videos can be uploaded to YouTube under a “private” setting that prevents them from appearing publicly on the website or in search results. This setting also disables the embed function that usually lets videos be posted on other websites.

However, TorrentFreak reported that some websites had found a way to play secretly uploaded videos on their own external services, by streaming the raw data from googlevideo.com – a domain operated by Google.

The news site said it was not clear exactly how the websites were achieving this.

Hosting videos on YouTube secretly would let an adult video site keep its costs low, while earning money selling access to its videos.

One California-based adult film producer suggested that the loophole was also being used to host pirated adult content.

“Copyright infringers take advantage of a private-video-share setting,” Dreamroom Productions told TorrentFreak.

“They upload and store videos, and freely use them on third party websites to earn profits.”

The company said Google did take down infringing copies of its content when notified, but added that the process sometimes took up to three weeks.

“YouTube should be aware of this. They are allowing the situation to continue by not plugging this hole,” the firm said.

A spokeswoman for YouTube said: “We have teams around the world that review flagged content, regardless of whether it is private, public or unlisted. Content that violates our policies is quickly removed.”

 

[Source:- BBC]