Emsisoft

Last updated

Emsisoft
Company typePrivate
Industry Computer security
Founded2003
FounderChristian Mairoll
Headquarters
Nelson
,
New Zealand
Area served
Worldwide
Products Emsisoft Anti-Virus
Website www.emsisoft.com

Emsisoft Ltd. (est. 2003) is a New Zealand-based anti-virus software distributed company. [1] [2] They are notable for decrypting ransomware attacks [3] to restore data. [4]

Contents

History

Emsisoft is an anti-malware and cybersecurity software and consulting company founded in Austria in 2003 by Christian Mairoll. [5] [6] The company makes anti-malware software and decryption tools used by companies and individuals to help them recover computer files encrypted in ransomware attacks. [7] [8] It also tracks and generates studies on ransomware attacks. [9] [10]

Mairoll, who is CEO, relocated to rural New Zealand in 2014, [11] moving Emsisoft’s headquarters to the country, while its employees across Europe, Asia and the United States remained remote. [12] [5]

In 2019, Emsisoft donated decryption tools to Europol's No More Ransom project. [13] The company’s decryption tools were also used to help resolve the Kaseya VSA ransomware attack, [14] DarkSide and BlackMatter ransomware attacks against dozens of companies across the U.S., Europe and Britain in 2021. [15] [16]

Ireland’s National Cyber Security Centre used Emsisoft’s decryption tools in May 2021 to help the country's health service department recover from a ransomware attack. [17]

In early 2021 Emsisoft suffered a system data breach due to a configuration error, leading to the release of a database containing log records, including email addresses, generated by Emsisoft, and were accessed by at least one unauthorized individual. [18] After detecting the attack, Emsisoft implemented security mechanisms, including disconnecting the compromised system and investigated the incident using forensic analysis. Customers were notified and Emsisoft issued a public apology for the incident. [19]

Technology

Emsisoft's anti-malware technology is called Emsisoft Anti-Malware and has three versions: Anti-Malware Home, Business Security and Enterprise Security. [7] [8] [20] The company also makes an extension for the web browsers Google Chrome, Firefox and Microsoft Edge that enables blocking access to malicious and phishing websites. [20]

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">ESET</span> Slovak internet security company

ESET, s.r.o., is a software company specializing in cybersecurity. ESET's security products are made in Europe and provide security software in over 200 countries and territories worldwide. Its software is localized into more than 30 languages.

Ransomware is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

<span class="mw-page-title-main">Bitdefender</span> Romanian cybersecurity technology company

Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Bleeping Computer is a website covering technology news and offering free computer help via its forums that was created by Lawrence Abrams in 2004. It publishes news focusing heavily on cybersecurity, but also covers other topics including computer software, computer hardware, operating system and general technology.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

The CryptoLocker ransomware attack was a cyberattack using the CryptoLocker ransomware that occurred from 5 September 2013 to late May 2014. The attack utilized a trojan that targeted computers running Microsoft Windows, and was believed to have first been posted to the Internet on 5 September 2013. It propagated via infected email attachments, and via an existing Gameover ZeuS botnet. When activated, the malware encrypted certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displayed a message which offered to decrypt the data if a payment was made by a stated deadline, and it threatened to delete the private key if the deadline passes. If the deadline was not met, the malware offered to decrypt data via an online service provided by the malware's operators, for a significantly higher price in bitcoin. There was no guarantee that payment would release the encrypted content.

<span class="mw-page-title-main">WannaCry ransomware attack</span> 2017 worldwide ransomware cyberattack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end-of-life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.

<span class="mw-page-title-main">2017 Ukraine ransomware attacks</span> Series of powerful cyberattacks using the Petya malware

A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%. On 28 June 2017, the Ukrainian government stated that the attack was halted. On 30 June 2017, the Associated Press reported experts agreed that Petya was masquerading as ransomware, while it was actually designed to cause maximum damage, with Ukraine being the main target.

<span class="mw-page-title-main">Waikato District Health Board</span>

The Waikato District Health Board was a district health board that provided healthcare to the Waikato region of New Zealand.

<span class="mw-page-title-main">Health Service Executive ransomware attack</span> 2021 cyber attack on the Health Service Executive in Ireland

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.

Conti is a ransomware hacker group that has been observed since 2020, believed to be distributed by a Russia-based group. It operates as a ransomware-as-a-service (RaaS), enabling other cybercriminals to deploy this malware for their own purposes. Conti is particularly known for its utilization of double extortion techniques, where it not only encrypts victim's files but also steals and threatens to publish sensitive data if the ransom is not paid.

Wizard Spider, also known as Trickbot, DEV-0193, UNC2053, or Periwinkle Tempest, is a cybercrime group based in and around Saint Petersburg in Russia. Some members may be based in Ukraine. They are estimated to number about 80, some of them may not know they are employed by a criminal organisation.

In mid-May 2021 hospital computer systems and phone lines run by the Waikato District Health Board (DHB) in New Zealand were affected by a ransomware attack. On 25 May, an unidentified group claimed responsibility for the hack and issued an ultimatum to the Waikato DHB, having obtained sensitive data about patients, staff and finances. The Waikato DHB and New Zealand Government ruled out paying the ransom.

Clop is a cybercriminal organization known for its multilevel extortion techniques and global malware distribution. It has extorted more than $500 million in ransom payments, targeting major organizations worldwide. Clop gained notoriety in 2019 and has since conducted high-profile attacks, using large-scale phishing campaigns and sophisticated malware to infiltrate networks and demand ransom, threatening to expose data if demands are not met.

BlackCat, also known as ALPHV and Noberus, is a ransomware family written in Rust. It made its first appearance in November 2021. By extension, it is also the name of the threat actor(s) who exploit it.

References

  1. Popper, Nathaniel (9 February 2020). "Ransomware Attacks Grow, Crippling Cities and Businesses". The New York Times. ISSN   0362-4331 . Retrieved 1 June 2021.
  2. "Cyber Defense Test Labs Review: Emsisoft Anti-Malware 7.0". Cyber Defense Magazine. 4 February 2013.
  3. "NZ firm says its software, used by Ireland's ransomware-hit health service, could save Waikato DHB". NZ Herald. Retrieved 1 June 2021.
  4. "Ransomware gangs' slow decryptors prompt victims to seek alternatives". BleepingComputer. Retrieved 1 June 2021.
  5. 1 2 Chan, Rosalie (19 January 2019). "This is what a workday looks like for a CEO who runs his entire 40-employee tech company from a farm in New Zealand". Business Insider. Retrieved 8 August 2022.
  6. Muldrew, Claudia (23 January 2023). "Emsisoft launches two new programmes for partner revenue growth". New Zealand Reseller News. Retrieved 3 February 2023.
  7. 1 2 Rubenking, Neil J. (26 August 2021). "Emsisoft Anti-Malware Review". PC Magazine. Retrieved 16 August 2022.
  8. 1 2 Tidy, Joey (March 2019). "Hated and hunted". BBC. Retrieved 5 August 2022.
  9. PIcchi, Aimee (1 October 2019). "Ransomware's mounting toll: Delayed surgeries and school closures". CBS News. Retrieved 5 August 2022.
  10. Craver, Richard (11 August 2022). "Ransomware attack cost Hanesbrands $100 million in sales. It's unclear whether Winston-Salem company paid the ransom". Winston-Salem Journal. Retrieved 15 August 2022.
  11. Keall, Chris (26 May 2021). "NZ firm says its software, used by Ireland's ransomware-hit health service, could save Waikato DHB". New Zealand Herald. Retrieved 8 August 2022.
  12. Vasel, Kathryn (20 February 2019). "A company where everyone works from home. Here's how to make it work". CNN. Retrieved 8 August 2022.
  13. Tidy, Joe (26 July 2019). "The quiet scheme saving thousands from ransomware". BBC. Retrieved 5 August 2022.
  14. Nakashima, Ellen; Lerman, Rachel (21 September 2021). "FBI held back ransomware decryption key from businesses to run operation targeting hackers". Washington Post. Retrieved 8 August 2022.
  15. Perlroth, Nicole (24 October 2021). "A Rare Win in the Cat-and-Mouse Game of Ransomware". The New York Times. Retrieved 5 August 2022.
  16. Gallagher, Ryan (4 February 2022). "Ransomware Attack in Germany Tied to Colonial Pipeline Hackers". TIME Magazine. Retrieved 5 August 2022.
  17. Pullar-Strecke, Tom (23 May 2021). "NZ firm helps Irish health service recover from ransomware attack". Stuff. Retrieved 5 August 2022.
  18. Coble, Sarah (8 February 2021). "Emsisoft Suffers System Breach". Infosecurity Magazine.
  19. Mares, Octavio. "EMSISOFT ANTIVIRUS COMPANY WAS HACKED; CUSTOMER DATA LEAKED". Security Newspaper.
  20. 1 2 Williams, Mike (11 December 2019). "Emsisoft Anti-Malware Home review". Tech Radar. Retrieved 16 August 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.