Insights For Success

Strategy, Innovation, Leadership and Security

Cloud

GrandCrab Ransomware As A Service (RaaS)

GeneralEdward KiledjianComment
Capture.PNG

What is GrandCrab?

GrandCrab is a successful ransomware that encrypts files on the infected machine and demands payment to decrypt them.

Easy Money

What is you are a horrible human being willing to make gains from the suffering of others but you are lazy. You want to screw other people but don’t want to spend the time setup your own Command and control server? You don’t want to customize the malware to talk to your C2 server?

This is where Ransomware as a Service comes in.

Enter GrandCrab as a Service http://gandcr4cponzb2it.onion/

The offering

The GrandCrab RaaS has two tiers:

  • Standard at $230

  • Premium at $600

Standard Service

  • You can change and customize your ransomware

  • Name of the project

  • Change the demand of ransom

  • A description to help the victim in format .HTML, .PHP

  • You can change the logo, Remove GandCrab logo

  • You can choose the extension for example photo.png.gdb

  • Priority support

  • Automatically updated since the category (Ransom Builder)

  • The victim can pay you in Bitcoin or Dash

  • Withdrawal in Bitcoin or Dash

  • We will touch 10% fees ransom

  • You can add 3 users different free

  • You can create 3 ransomware

  • Victims can you contact by chat directly, you can also ban

  • You will have news about the dashboard

  • Geolocation victims infected

  • Show the IP of the victim

  • Manage the keys of decryption

  • You will be able to manage all the victims since the dashboard

  • With several possibilities

  • You can infected in unlimited

  • You can see the blockchain explorer

  • Spreading automatically without providing any effort or you can also spread manually

  • You will have full access to our forum with the rank Platinum (forum under construction soon available)

  • Victim URL automatically generated in .onion customize your own URL

  • View antivirus report in real time

  • Lifetime license !

  • Theme only white

Premium Service

  • The same features different even more fun

  • You receive 100% of the ransom paid by the victims no commission fees

  • Ransomware automatically updated by our support

  • Victims can you contact by chat directly, you can also ban

  • Spreading automatically without providing any effort or you can also spread manually

  • The victim can pay you in Bitcoin or Dash and Monero !

  • Withdrawal in Bitcoin, Dash, Monero

  • Automatically increases the ransom if no payment of the victim

  • Choose your own delete time

  • Create up to 10 different ransomware

  • You can add 8 users different free

  • Make the ransomware in format .pdf

  • bulletproof hosting, server VPN

  • Priority support by ticket since dashboard

  • Change all the logo, An icon in format .ICO, Remove the gandcrab logo, Add an animated logo in .GIF

  • Manage all the victims since the dashboard

  • You will have a fully functional 2019 tutorial to teach you, In format .pdf .mp4

  • Assignment on multiple computers in seconds from the same WIFI network

  • Undetectable by antivirus update regularly

  • Victim URL automatically generated in .onion customize your own URL

  • You can infected in unlimited

  • Manage the keys of decryption

  • Change the theme ransomware

  • You can see the blockchain explorer

  • Geolocation victims infected

  • You can also see the operating system

  • Show the IP of the victim

  • You will have full access to our forum with the rank Gold (forum under construction soon available)

  • You will have the ransomware source code, contact us from the dashboard with your login only for premium members

  • View antivirus report in real time

  • Crypter fud

  • Lifetime license !

  • Theme dashboard white, black

Conclusion

The conclusion is that security is hard and hackers are learning about the benefits of offering “things as a service” and using cloud to reduce costs. Attacking is become cheaper while protecting our organizations is becoming more costly

Google launches New Tasks App (Mobile & Web)

GeneralEdward KiledjianComment
Capture.PNG

In a blog post entitled "With new security and intelligent features, the new Gmail means business", David Thacker (Google VP Product Management, G Suite) announced, "We’re also introducing a new way to manage work on the go with Tasks."

The new refreshed Tasks system will be available on the web and have accompanying mobile apps (Android and IOS). The new updated Tasks system will allow you to create tasks & subtasks with due dates and notifications. 

Gmail_Convergence_Enterprise_Image_7.max-1000x1000.png

The current tasks was an anemic stand-alone product that barely worked. The new one will integrate into the G Suite and allow you to drag & drop emails from GMAIL, files from Google Drive and more. 

Now you can quickly reference, create or edit Calendar invites, capture ideas in Keep or manage to-dos in Tasks all from a side panel in your inbox.
— David Thacker

The announcement is happening in the G Suite (Enterprise blog), but this update will flow to the free consumer-friendly version as well. 

The Google help centre provides additional information about how all of this will work.

Download the new Android version here and the IOS one here

Did iCloud just get hacked?

technologyEdward KiledjianComment
Image by  Johan Viirok  used under Creative Commons License

Image by Johan Viirok used under Creative Commons License

Ordinarily, a bad actor would have to steal some of your information before breaking into your 2-factor protected iCloud account. They would need your AppleID, your password and a 2-factor authentication code (or a digital token stolen from an authenticated device like a laptop or desktop).

Now everyone's favorite russian purveyor of fine cracking software, Elcomsoft (link), has a tool called Phone Breaker. This new software requires the aforementioned information but then creates a permanent authentication token which means they won't have to re-authenticate until you change your password. 

It also has a long list of "wonderful" features to make stealing information easier. Sure law enforcement uses this but does anyone believe they use it for legal purposes with a warrant or that other more nefarious bad actors won't use it?

The biggest mistake CIOs are making today

technologyEdward Kiledjian2 Comments
"more than they can chew" Image by  JD Hancock  used under Creative Commons License

"more than they can chew" Image by JD Hancock used under Creative Commons License

First we saw digitization, then came appification, then gameification, then personalization and now we enter the era of hyper-personalization. 

Every consumer wants to feel loved, understood and wants to feel special. Being understood and being special means companies must understand the individual likes/dislikes of each consumer then tailor the consumer's experience during each interaction. 

This is done through signals and large companies have spent billions building and buying heavily used apps/service so that they can collect more. More signals means better tools for making hyper-personalization possible. 

When you open your Facebook news feed today, you often see elements that are of little interest to you. Facebook learns every time you choose to hide content and tries to do a better job next time. This is personalization. Hyper-personalization means the service will automatically know what it shouldn't show you and your feed will automatically be "clean".

This trend is spilling into other fields including medicine. If you are ill today, you go to one of the larger medical guidance sites, enter your symptoms (as best you can) then the site provides a laundry list of possible causes. It's better than rushing to the clinic every time you feel a little hot, but hyper-personalization demands more.

The Scanadu Scout is a health monitoring, tracking and recording device. It is designed for you will hold it to your forehead and it will scan your vitals then provide customized hyper-personalized recommendations on what to do? 

We are seeing pharmaceutical companies working on genetics based medicine in an effort to reduce negative side-effects and provide more effective treatments based on each person's genetic makeup (this is hyper-personalization of medication).

But what about the enterprise?

Most companies I have worked with still do not see the tidal wave about to hit them. Even though there are thousands of signals they can collect from employees, partners, suppliers and customers, most simply do not and waste valuable information that could lead to building a substantially more profitable organization. 

The hyper-personalized enterprise could design more efficient employee systems that pro-actively provide the right information to the right person at the right time using the right medium. 

If you are a car company, you can equip each of your cars with a car monitoring system that records and uploads millions of sensor data to the manufacturer every evening (when the car is parked in the driveway.) The car manufacturer can then tailor the service maintenance schedule per car based on distance driven, driving style, weather conditions, etc (instead of the generic oil change every x miles). Not only can it be used to generate custom maintenance programs but it should also know where the customer works/lives, where and when it is most convenient for them to take the car in and proactively call the customer with a proposed reservation. 

Shifting role of CIO

When I consult with large organizations or start-ups, my first recommendation is to source all commodity services from the cloud (where legally possible). Every dollar you save on non-value generating commodity services can then be used to drive these new hyper-personalization services. Using cloud services also means your hiring strategy will be much more evolved. Instead of hiring 12 employees to manage your email infrastructure, you hire 1 person to manage the vendor relationship and commit the 11 other hires to these new emerging value generating activities. 

Many CIOs will not be able to handle this radical shift we are asking them to make. Change is inevitable and pushing back will only force the business unit heads (which see the need for these new services to keep up with the competition) to build the missing pieces themselves [without IT] causing inefficient silos.

A modern CIO will see this as his/her opportunity to become a huge value driver within the organization, instead of the cost centre most IT departments have become. 

This modern CIO not only has to have the desire to change and evolve, but must also have a background in general business (finance, supply chain, legal, manufacturing, sales, strategy, etc) and understand the shifting nature of computer science (advanced computation, machine learning, etc).

Rewarded will be the organizations who see this shift coming and adapt quickly. The shift has already started, where does your organization stand?

SugarSync kills off its free storage option

technologyEdward Kiledjian3 Comments
Creative Commons image- Flickr  dell

Creative Commons image- Flickr dell

Most of us have gotten use to free storage tiers from the various cloud storage providers (Google Drive, Microsoft Skydrive, Dropbox, box.net, etc). Often times this free tier is enough to storage basic files and share things once in a while. Now SugarSync has said No More Free Storage. (link)

The company claims this is being done to allow Sugarsync to concentrate on updates and service improvements. The lowest cost paid tier will be $7.49 a month for 60GB of storage. 

TechCrunch is reporting that SugarSync will be offering 75% discounts for existing customers moving to one of the paid tiers (link).

New SugarSync pricing tiers

New SugarSync pricing tiers