http://clonezilla.org/clonezilla-live.php
Emsigner problem
KnowYourGST.com
Questions GSTGST DSC-Digital Signature Issue, Failed to establish connection to the s...
GST DSC-Digital Signature Issue, Failed to establish connection to the server . Kindly restart the Emsigner Click here to troubleshoot.
Hi,
I am trying to register DSC on GST Portal but its giving following error:
Failed to establish connection to the server . Kindly restart the Emsigner Click here to troubleshoot.
Troubleshooting is also of no help.
Asked 12 months ago by Ambica Sood
Comments:In first place they should have introduced a utility like Income tax department, where a java software is used to generate signature file and upload. Emsigner is causing hardship and it takes an hour for just a minutes work. - GST PayerEven updating java can be helpful. But read below answers. - GST PayerYou need to perform the below steps 1) Make sure your DSC is registered and USB token is plugged in. 2) Run emSignerGSTN as Administrator 3) In "Configure Java" add https://127.0.0.1:1585 to the exception list 4) In chrome browser open https://127.0.0.1:1585 and accept/proceed/advanced the certificate warning 5) Open another chrome browser, login to GST website and submit your return. - Santosh MishraThis IP url worked in my Sept filing, but today, it says the 127.0.0.1.1585's server DNS not found. I did all steps, added to configure Java in Chrome. In explorer the GST site is not giving access to returns (error, inconvenience is regretted). - Rekha CSantosh Mishra, just now tried. Your procedure is working fine for me. Thanks a Ton for your support -sriraam sri
Comment
Check the Free GST Billing software
18 Answers
Sir
I am Commercial Tax Inspector in Kerala
I have succeeded after various steps by this method.
1. I have first uninstalled all DSC token softwares from my PC.... like Trustkey, ePass, WD Proxkey etc by going to Control Panel > Programs > Programs and Features >Uninstall Program.
2. Secondly I have uninstalled emSignor software.
3 Then Updated 'Chrome' Browser with latest version from their website
4.Then Go to Chrome Settings menu by
(There may some slight variations in Chrome Menus in different versions)
In Chrome : Settings>Advances Settings /Show Advanced Settings(menu seen at the bottom) > Content / Content Settings > Java / Java Script/Java Settings > Exception / Manage exceptions > Then in the web site entry column / Host name Pattern entry column (example.com) > Click Add Button ( if shows - in some Chrome versions don't have this 'Add' button) Then......
replace the 'example.com' with the following address
http://127.0.0.1:1645
and dont change the status as 'Allow' ( If it shows status as ' Block / Blocked' change to 'Allow' / 'Allowed' )
press "Enter' key. Then 'OK'
5. Install latest version of emSignor from GST website by logging with user id and password from the link provided at Update / DSC menu on Dash Board .
6. After installation 'Right click' on the desktop icon of the emSignor and select 'Run As Administrator'.
7. Then insert the DSC Usb Tokens and install the concerned software related to the DSC issuing Authority.
It may be successful for such issues
Shijoy James
Commercial Tax Inspector ,
Kozhikode, Kerala
+91 9447529426
Answered 7 months ago by Shijoy James
Million of thanks to you.... i just followed these above steps, and completed.. thanks a milllion - Joseph Vincent
Comment
SOLVED. Well, I tried all the steps given by @Shijoy James, but I could see the same problem. i.e
Failed to establish connection to the server . Kindly restart the Emsigner Click here to troubleshoot.
I was using chrome browser, instead I used Internet Explorer 11 version (but any 10+ version will work).
Just restart emSigner application and then again try to Register.
Answered 4 months, 1 week ago by jayant shirwadkar
Was it only because of change or browser or you had different setting in Internet Explorer? - GST Payer
Comment
Hello, I have succeeded after tried a lot. 100% Worked.
Update java with latest version.Add https://127.0.0.1:1585 and https://www.gst.gov.in in google chrome -> Advanced setting ->Content setting -> Cookies/JavaScript (Allow/Add)Add https://127.0.0.1:1585 and https://www.gst.gov.in in control panel ->Java -> security tab ->Edit site list.Install emsigner with latest version (Currently 2.6 version available)Restart the computerLogin to GST portal via Google chrome.Start emsigner utility with administrator right (Right click and “Run as administrator”)Click “Register DSC Add/Update” on GST portal.
Enjoy…...!!!
Answered 1 month, 2 weeks ago by Kiran Harile
Comment
The issue with DSC signing in GST portal is due to same ports being used by signing application and other application.
Even I was getting repetitive error and could not find which application was blocking the e-signer to work.
Is restarted the system and it worked. Do not open any other application while signing.
Edit, I have answered this to another user. The answer there is explained with technical specification and actionable steps to solve the DSC signing problem at GST portal.
Here is a video I have tried on this issue.
Answered 12 months ago by Pulkit Sharma
Restarting the system works. Hopefully GST comes up with a solution to this problem of server connection problem. Actually which server it points error to? Our local machine or GST server? - GST PayerI have no idea how this work, but i noticed that running tally along with Emsigner cause causes this error. May be tally and Emsigner are using same port number. Waiting for any confirmation from GST department. - Pulkit Sharma
Comment
Please watch my video on youtube
Answered 2 months, 1 week ago by Shijoy James
Please embed the video. I have edited it, so that users can directly watch it here. Thank you very much. Even I was planning to make a video on this topic. Voice is not audible, may be mic issue. By any chance if you are in Bangalore, lets meet and make some videos on youtube. I have made a channel for knowyourgst. - Pulkit Sharma
Comment
Lot of calls are coming still the problem exist.after setting the address in 'Add Exception column."
The only solution is that please UNINSTALL your old version emsigner first. If any DSC token softwares- ePass, TrustKey etc- installed it also should be uninstalled. Download latest version 2.6 from
https://tutorial.gst.gov.in/installers/dscemSigner/emsigner-2.6.msi
https://www.gst.gov.in/help/docsigner
Restart the computer. Restart your emSigner as "Run as Administrator " mode by right clicking the emSigner icon in desktop and selecting the menu. Your icon name will be changed to 'emSignerGSTN' ( Earlier version it was 'emSigner'. only, ). In earlier version the port was 1645. But in latest version you can see the port has been changed to 1585. You can see the port by double clicking the emSigner icon on the system tray.
Then try to install your DSC by inserting your key to the usb port. Install the DSC software- ePass, Trustkey etc. (earlier we have uninstalled it.)
Then run the signing.
Still the problem exist try my steps in my earlier post on this topic in this forum by replacing the web address (ie http://127.0.0.1:1645) for add exception in Java with new address http://127.0.0.1:1585
Restart the computer. Then restart emSignor. Use the token
Again the problem shows in Chrome and Mozilla Firefox. Try another good browser "Securebrowser" in your PC. This 'securebrowser' can be download from the following links
http://filehippo.com/download_secure-browser/
https://secure-browser.en.softonic.com/
Regards
Shijoy James
Answered 5 months, 3 weeks ago by Shijoy James
Comment
If you still fail you can try following method::::::
Please install the new emSigner version v2.6 from the website .Run as Administrator by right clicking on the desktop icon. (Sometimes it is not required.)
FIRST login to your GST account in GST portal and goto the menu Update / Enroll DSC.
Click on the menu. You will enter the DSC Update page.
Open a new tab in your browser.
Type the address https://127.0.0.1:1585
You may see some errors and also a button BACK TO SAFETY .
Don't click on that.
Dont Worry ...
Instead click on ADVANCED and click 'Proceed Anyway '.
Then return to your GST login tab with DSC Update/ Enrollment page.
Try to enroll your DSC .. It may work.

Answered 4 months, 2 weeks ago by Shijoy James
Comment
Please don't forget to restart browser and sometimes the system also after the settings
Answered 7 months ago by Shijoy James
Comment
We faced the same error. We were using wi fi internet connection to connect to GST web site.
Tried steps mentioned in all the websites. Added port number shown by emsigner. Uninstalled and reinstalled emsigner, reset the winsock, Added the port number in firefox, chrome, Internet Explorer browser. Also added the port number to windows firewall !!!. Updated JAVA. Disabled firewall and antivirus. Nothing seemed to work!
We also called helpline who gathered all information and gave GST helpline number. We called them and they informed us to take a screenshot and send an email stating that we had tried all steps and the error persisted. We did send an email with screenshot!
Pinging gst.gov.in brought timeout and 100% lost failure results.
And the same error came up. Error:FAILED TO ESTABLISH CONNECTION TO THE SERVER . KINDLY RESTART THE EMSIGNER .
This had taken about six valuable hours of our time!
SOLUTION:
The solution that worked for us: Try different internet connection. We switched on to mobile hotspot and it worked like charm!
Probable Cause: The wi fi router has inbuilt hardware firewall which was blocking the process. So the port had to be added or given exception there. We did not make any changes to the wi fi router firewall.
Note: Try a cable connection or mobile hotspot and this should work for you too!
Hope this helps you too!
Answered 2 weeks, 6 days ago by Sampa Mukherjee
Comment
If you are facing issue such that DSC works once and then stops working then it is problem with your emsigner.
Emsigner uses a port and sometime any other application might occupy the port.
In this situation, exit emsigner.
Again right click on emsigner icon on desktop and run as administrator.
Once emsigner has started try signing the return using your DSC.
Answered 3 weeks, 4 days ago by anonymous user
Comment
Hello Refer this video for solution
https://www.youtube.com/watch?v=NU49iOLlVjM
Answered 2 months, 2 weeks ago by Sameer Gupta
Embed the video and also right information for others to read. Simply pointing a link is not a good solution. - GST Payer
Comment
Use INTERNET EXPLORER...!!
It will work without any problem
Answered 4 months, 1 week ago by Praveen Kumar
Comment
It seems everyone is facing this issue of Digital signature signing on GST website. I think GST portal has made a bad decision of using msigner. This tool is using a port which is already used by another application. Most of the time solution is to close all your software running on computer and then try. If it does not work that way then restart your computer and try. It should work. Even in my case it gave errors. Error says restart the Emsigner, restarting does not solve the problem. How do your restart Emsigner?
Answered 10 months, 1 week ago by GST Payer
Comment
Sir
Lot of calls are coming still the problem exist.after setting the address in 'Add Exception column."
The only solution is that please UNINSTALL your old version emsigner first. If any DSC token softwares- ePass, TrustKey etc- installed it also should be uninstalled. Download latest version 2.6 from
https://tutorial.gst.gov.in/installers/dscemSigner/emsigner-2.6.msi
https://www.gst.gov.in/help/docsigner
Restart the computer. Restart your emSigner as "Run as Administrator " mode by right clicking the emSigner icon in desktop and selecting the menu. Your icon name will be changed to 'emSignerGSTN' ( Earlier version it was 'emSigner'. only, ). In earlier version the port was 1645. But in latest version you can see the port has been changed to 1585. You can see the port by double clicking the emSigner icon on the system tray.
Then try to install your DSC by inserting your key to the usb port. Install the DSC software- ePass, Trustkey etc. (earlier we have uninstalled it.)
Then run the signing.
Still the problem exist try my steps in my earlier post on this topic in this forum by replacing the web address (ie http://127.0.0.1:1645) for add exception in Java with new address http://127.0.0.1:1585
Restart the computer. Then restart emSignor. Use the token
Again the problem shows in Chrome and Mozilla Firefox. Try another good browser "Securebrowser" in your PC. This 'securebrowser' can be download from the following links
Regards
Shijoy James
Answered 5 months, 3 weeks ago by Shijoy James
Comment
go and see this link to solve. Simple in 3 clicks and easy solution for firefox browser and chrome browser . See the video to resolve the problem.
But you should restart the browser once after applying url
That's it
Thankyou...
Answered 6 months, 2 weeks ago by kishang007 .
should logged on to Administrator account is must -kishang007 .should logged on to Administrator account is must -kishang007 .
Comment
go and see this link to solve. Simple and easy solution for firefox browser and chrome browser in simple 3 clicks. See the video to resolve the problem
Answered 6 months, 2 weeks ago by kishang007 .
But you should restart the browser once after applying url should logged on to Administrator account is must - kishang007 .should logged on to Administrator account is must -kishang007 .should logged on to Administrator account is must -kishang007 .Thank you - kishang007 .
Comment
It's still a pain registering DSC on gst site ,full day wasted but still not able , can any body help on the basis of today experience
Answered 6 months, 2 weeks ago by anonymous user
No wonder the issue is not solved for you. You used here answer box to comment, must be doing similarly something wrong on computer too. Comment using comment box. - Rahul Rai
Comment
Simple and easy solution for firefox browser and chrome browser in simple 3 clicks.
See the video to resolve the problem
But you should restart the browser once after applying url. should be logged on to Administrator account (windows) is must
https://youtu.be/Bfqf_sEDnGQ
But you should restart the browser once after applying url. should be logged on to Administrator account (windows) is must
Answered 6 months, 2 weeks ago by kishang007 .
ISM Keyboard layout and download link
ISM Layout and ISM Download link
Download Link ⬆
Keyboard Layout
Download Link ⬆
http://sghsk.blogspot.in/2011/07/ism-publisher-304-download-here.html
Turn Off windows 10 auto update
Windows 10 software updates install on your device automatically (whether you like it or not), but this guide can help you retake control and decide when to install them.
On Windows 10, you no longer have absolute control over software updates. They're mandatory, and they download and install automatically to ensure your device stays up to date with the latest security patches and improvements. This approach is convenient for many users, but it's not one that everyone wants.
If you're running Windows 10 Pro or higher, it's possible to retake control and prevent the OS from downloading and installing updates automatically using the Local Group Policy Editor or the Registry.
In this Windows 10 we'll walk you through the steps to prevent updates from automatically installing on your computer.
We can block it using group policy editer and registry edit
Here's how to change the Local Group Policy Editor settings:
Use the Windows key + R keyboard shortcut to open the Run command.Type gpedit.msc and click OK to open the Local Group Policy Editor.
Browse the following path:
Computer Configuration\Administrative Templates\Windows Components\Windows Update
On the right side, double-click the Configure
Automatic Updates policy.
·
o
§ On
the left side, check the Enabled option to enable the policy.
§
§ Under Options,
you'll find a number of ways to configure automatic updates, including:
o
§ 2 -
"Notify for download and notify for install."
§ 3 -
"Auto download and notify for install."
§ 4 -
"Auto download and schedule the install."
§ 5 - "Allow local admin to choose setting."
You should select the update option you want to configure. If you select option 4, you can specify exactly when to install new updates. You can also choose to install updates during automatic maintenance, on a particular day and time, and you can even check the option to include other Microsoft product updates when updating the OS.
You should select the update option you want to configure. If you select option 4, you can specify exactly when to install new updates. You can also choose to install updates during automatic maintenance, on a particular day and time, and you can even check the option to include other Microsoft product updates when updating the OS.
1.
Click Apply.
2.
Click OK to
complete the task.
While you can pick from any of the available options,
your best choice is probably 2 - Notify for download and
notify for install. This option will not only prevent the OS
from downloading updates automatically, which can save you data when using a
metered internet connection, but you'll get a notification when new updates are
available.
When new updates are released, you'll receive a
notification in Action Center, but updates won't download and install until
you're ready and do the following:
3. Open Settings.
4. Click on Update
& security.
5. Click on Windows
Update.
6. Click the Download button.
How to prevent automatic updates
using the Registry
Instead of using the Local Group Policy Editor, you can
also change the Windows 10 updates using the Registry.
Important warning: Editing the registry is risky,
and it can cause irreversible damage to your installation if you don't do it
correctly. It's recommended that you make a full backup of your computer before proceeding.
1. Use the Windows
key + R keyboard shortcut to open the Run command.
2. Type regedit,
and click OK to open the Registry.
3. Browse the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
4.Right-click the Windows (folder)
key, select New, and then click Key.
5. Name the new key WindowsUpdate and press Enter.
6.Right-click the newly created key, select new, and click Key.
7.Name the new key AU and press Enter.
8.Inside the newly created key, right-click on the right side, select New, and click on DWORD (32-bit) Value.
9.Name the new key AUOptions and press Enter.
10.Double-click the newly created key and change its value using one of the following options:
5. Name the new key WindowsUpdate and press Enter.
6.Right-click the newly created key, select new, and click Key.
7.Name the new key AU and press Enter.
8.Inside the newly created key, right-click on the right side, select New, and click on DWORD (32-bit) Value.
9.Name the new key AUOptions and press Enter.
10.Double-click the newly created key and change its value using one of the following options:
o
2 - "Notify for download and notify for
install."
o
3 - "Auto download and notify for
install."
o
4 - "Auto download and schedule the
install."
o
5 - "Allow local admin to choose
settings."
11.
Click OK.
12.
Close the Registry to
complete the task.
Although you can use any of these available values, your
best choice is to change the value to 2 to configure the "Notify
for download and notify for install" option. Using this value prevents
Windows 10 from downloading updates automatically, and you'll get a
notification when new updates are available.
After tweaking the Registry, when new updates become
available, you'll receive a notification in Action Center, but updates won't
download and install until you're ready and do the following:
1.
Open Settings.
2.
Click on Update
& security.
3.
Click on Windows
Update.
4.
Click the Download button.
5.
Click the Restart button
to complete the task.
Wrapping things up
The steps mentioned in this guide are meant to prevent
regular updates that patch security vulnerabilities and improve the overall
performance of Windows 10. If you're looking to prevent the OS from installing
feature updates, such as the Windows 10 Creators Update, you need to use this guide to defer major updates.
We do not recommend using a computer without the latest
updates, because they're often key to keeping your Windows 10 PC running
properly. However, there will be times when you may want to manually apply new
updates, when you want to install them during a particular time, or because you
want to wait until you're sure the update will not cause issues.
How to protect yourself from ransomware
Back up your files
The greatest damage people suffer from a ransomware attack is the loss of files, including pictures and documents.
The best protection against ransomware is to back up all of the information and files on your devices in a completely separate system. A good place to do this is on an external hard drive that isn't connected to the internet. This means that if you suffer an attack you won't lose any information to the hackers.
Be suspicious of emails, websites and apps
For ransomware to work hackers need to download malicious software onto a victims computer. This is then used to launch the attack and encrypt files.
The most common ways for the software to be installed on a victim's device is through phishing emails, malicious adverts on websites, and questionable apps and programs.
People should always exercise caution when opening unsolicited emails or visiting websites they are unfamiliar with. Never download an app that hasn't been verified by an official store, and read reviews before installing programs.
Use an antivirus program
An age-old computer security tip, antivirus programs can stop ransomware from being downloaded onto computers and can find it when it is.
Most antivirus programs can scan files to see if they might contain ransomware before downloading them. They can block secret installations from malicious adverts when you're browsing the web, and look for malware that may already be on a computer or device.
Always install updates
Companies often release software updates to fix vulnerabilities that can be exploited to install ransomware. It is therefore advisable to always download the newest version of a software as soon as it is available.
Never pay the ransom
Victims of ransomware attacks are advised to never pay the fee as it encourages attackers and may not result in files being recovered. There are some programs that can help decrypt files. Or, if you have a back up, you can restore your device from that.
What is Ransomware
Ransomware
RANSOMWARE IS MALWARE that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom, usually demanded in Bitcoin. The digital extortion racket is not new—it’s been around since about 2005, but attackers have greatly improved on the scheme with the development of ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer. Most recently, a global cyberattack spread ransomware to countless computers over 150 countries.
And these days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones. In 2015, ransomware in the wild masqueraded as a porn app. The so-called Porn Droid app targeted Android users and allowed attackers to lock the phone and change its PIN number while demanding a $500 ransom from victims to regain access.
Also that year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims. The malware can infect you via a malicious email or website, or attackers can deliver it straight to your computer if they've already infected it with a backdoor through which they can enter.
The Ransom Business Is Booming
Just how lucrative is ransomware? Very. In 2012, Symantec gained access to a command-and-control server used by the CryptoDefense malware and got a glimpse of the hackers’ haul based on transactions for two Bitcoin addresses the attackers used to receive ransoms. Out of 5,700 computers infected with the malware in a single day, about three percent of victims appeared to shell out for the ransom. At an average of $200 per victim, Symantec estimated that the attackers hauled in at least $34,000 that day (.pdf). Extrapolating from this, they would have earned more than $394,000 in a month. And this was based on data from just one command server and two Bitcoin addresses; the attackers were likely using multiple servers and Bitcoin addresses for their operation.
Symantec has estimated, conservatively, that at least $5 million is extorted from ransomware victims each year. But forking over funds to pay the ransom doesn't guarantee attackers will be true to their word and victims will be able to access their data again. In many cases, Symantec notes, this doesn't occur.
Ransomware has come a long way since it first showed up in Russia and other parts of Eastern Europe between 2005 and 2009. Many of these early schemes had a big drawback for perpetrators, though: a reliable way to collect money from victims. In the early days, online payment methods weren’t popular the way they are today, so some victims in Europe and the US were instructed to pay ransoms via SMS messages or with pre-paid cards. But the growth in digital payment methods, particularly Bitcoin, has greatly contributed to ransomware’s proliferation. Bitcoin has become the most popular method for demanding ransom because it helps anonymize the transactions to prevent extortionists from being tracked.
According to Symantec, some of the first versions of ransomware that struck Russia displayed a pornographic image on the victim's machine and demanded payment to remove it. The victim was instructed to make payments either through an SMS text message or by calling a premium rate phone number that would earn the attacker revenue.
The Evolution of Ransomware
It didn't take long for the attacks to spread to Europe and the US, and with new targets came new techniques, including posing as local law enforcement agencies. One ransomware attack known as Reveton that is directed at US victims produces a pop-up message saying your machine has been involved in child porn activity or some other crime and has been locked by the FBI or Justice Department. Unless you pay a fine—in bitcoin, of course, and sent to an address the attackers control—the government won't restore access to your system. Apparently the fine for committing a federal offense involving child porn is cheap, however, because Reveton ransoms are just $500 or less. Victims are given 72 hours to pay up and an email address, fines@fbi.gov, if they have any questions. In some cases they are threatened with arrest if they don't pay. However improbable the scheme is, victims have paid—probably because the extortionists distributed their malware through advertising networks that operated on porn sites, inducing guilt and fear in victims who had knowingly been perusing pornography, whether it was child porn or not. Symantec determined that some 500,000 people clicked on the malicious ads over a period of 18 days.
In August 2013, the world of ransomware took a big leap with the arrival of CryptoLocker, which used public and private cryptographic keys to lock and unlock a victim's files. Created by a hacker named Slavik, reportedly the same mind behind the prolific Zeus banking trojan, CryptoLocker was initially distributed to victims via the Gameover ZeuS banking trojan botnet. The attackers would first infect a victim with Gameover Zeus in order to steal banking credentials. But if that didn’t work, they installed the Zeus backdoor on the victim’s machine to simply extort them. Later versions of CryptoLocker spread via an email purporting to come from UPS or FedEx. Victims were warned that if they didn’t pay within four days—a digital doomsday clock in the pop-up message from the attackers counted down the hours—the decryption key would be destroyed and no one would be able to help unlock their files.
In just six months, between September 2013 and May 2014, CryptoLocker infected more than half a million victims. The attack was highly effective, even though only about 1.3 percent of victims paid the ransom. The FBI estimated last year that the extortionists had swindled some $27 million from users who did pay.
Among CryptoLocker’s victims? A police computer in Swansea, Massachusetts. The police department decided to pay the ransom of 2 Bitcoins (about $750 at the time) rather than try to figure out how to break the lock.
“(The virus) is so complicated and successful that you have to buy these Bitcoins, which we had never heard of,” Swansea Police Lt. Gregory Ryan told the Herald News.
In June 2014, the FBI and partners were able to seize command-and-control servers used for the Gameover Zeus botnet and CryptoLocker. As a result of the seizure, the security firm FireEye was able to develop a tool called DecryptCryptoLocker to unlock victims’ machines. Victims could upload locked files to the FireEye web site and obtain a private key to decrypt them. FireEye was only able to develop the tool after obtaining access to a number of the crypto keys that had been stored on the attack servers.
Prior to the crackdown, CryptoLocker had been so successful that it spawned several copycats. Among them was one called CryptoDefense, which used aggressive tactics to strong-arm victims into paying. If they didn’t fork over the ransom within four days, it doubled. They also had to pay using the Tor network so the transactions were anonymized and not as easily traced. The attackers even provided users with a handy how-to guide for downloading and installing the Tor client. But they made one major mistake—they left the decryption key for unlocking victim files stored on the victim’s machine. The ransomware generated the key on the victim’s machine using the Windows API before sending it to the attackers so they could store it until the victim paid up. But they failed to understand that in using the victim’s own operating system to generate the key, a copy of it remained on the victim’s machine.
The "malware author’s poor implementation of the cryptographic functionality has left their hostages with the key to their own escape," Symantec noted in a blog post.
The business of ransomware has become highly professionalized. In 2012, for example, Symantec identified some 16 different variants of ransomware, which were being used by different criminal gangs. All of the malware programs, however, could be traced back to a single individual who apparently was working full time to program ransomware for customers on request.
The Ransomware to Watch Out for Now
Recently Fox-IT catalogued what they consider to be the top three ransomware families in the wild today, which they identify as CryptoWall, CTB-Locker, and TorrentLocker. CryptoWall is an improved version of CryptoDefense minus its fatal flaw. Now, instead of using the victim's machine to generate the key, the attackers generate it on their server. In one version of CryptoWall they use strong AES symmetric cryptography to encrypt the victim's files and an RSA-2048 key to encrypt the AES key. Recent versions of CryptoWall host their command server on the Tor network to better hide them and also communicate with the malware on victim machines through several proxies.
CryptoWall can not only encrypt files on the victim’s computer but also any external or shared drives that connect to the computer. And the shakedown demand can range anywhere from $200 to $5,000. CryptoWall's authors have also established an affiliate program, which gives criminals a cut of the profit if they help spread the word about the ransomware to other criminal buyers.
CTB-Locker's name stands for curve-Tor-Bitcoin because it uses an elliptic curve encryption scheme, the Tor network for hosting its command server, and Bitcoin for ransom payments. It also has an affiliate sales program.
TorrentLocker harvests email addresses from a victim's mail client to spam itself to other victims. Fox-IT calculated at one point that TorrentLocker had amassed some 2.6 million email addresses in this manner.
Protecting against ransomware can be difficult since attackers actively alter their programs to defeat anti-virus detection. However, antivirus is still one of the best methods to protect yourself against known ransomware in the wild. It might not be possible to completely eliminate your risk of becoming a victim of ransomware, but you can lessen the pain of being a victim by doing regular backups of your data and storing it on a device that isn’t online.
Subscribe to:
Posts (Atom)
Sample works barcode
How to test barcode printer using tets file SIZE 78.6 mm, 25 mm GAP 3 mm, 0 mm SPEED 2 DENSITY 7 DIRECTION 0,0 REFERENCE 0,0 OFFSET 0 mm S...
-
Hello World Referance My Reference Hardware shopping Windows Tips Windows run command How to enable windows photo viewer in Win10 Run C++ ...
-
Office 2021 if exist "C:\Program Files\Microsoft Office\Office16\ospp.vbs" cd /d "C:\Program Files\Microsoft Office\Office16&...
-
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print] "ConfigModule"="PrintConfig....