Sunday, 28 February 2016

Beware the Rise of Ransomware

Latest versions of Ransomware (CryptLocker and Cryptowall ) is not a typical malware that aims to destroy or still your personal documents. It restricts access to the infected files as it is encrypts (changing file extension as well) certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. After infection completed a message appears offering to decrypt the data if a payment (through either pre-paid card or bitcoins ) is made by a stated deadline, and threatened to delete the private key if the deadline passes. If the deadline is not met, the malware offered to decrypt data via an online service provided by the malware's operators, for a significantly higher price in bitcoin. For that reason Ransomware considered a "scareware".


Researchers considered CryptLocker infeasible to break.

Philosophy of Ransomware is to “force” all users that has been infected to pay the hackers in order to unlock their files. Important data such as photos, word documents, excel documents, pdf documents are sensitive to CryptLocker, and the only way to ensure data integrity and protect your data from CryptLocker is to backup everything to an external source. As the cryptography is not possible to break and is not reversible, the only way to regain control of your data is to pay the only trusted source that can remove the cryptography from your files, the creators of that malware. 


“Trusted” Source

It is very simple, they want to force infected users pay the amount but simultaneously they want all users to know that they will recover all data back 100%. From the beginning that was the philosophy of Ransomware. On the other hand, paying the ransom demand only encourages even more crypto ransomware campaigns.


The cybercriminals behind ransomware do not particularly care who their victims are, as long as they are willing to pay the ransom. 



Notable examples

  • In 2012, a major ransomware trojan known as Reveton began to spread. 
  • Encrypting ransomware reappeared in September 2013 with a trojan known as CryptoLocker
  • In September 2014, a wave of ransomware trojans surfaced that first targeted users in Australia, under the names CryptoWall and CryptoLocker (which is, as with CryptoLocker 2.0, unrelated to the original CryptoLocker).
  • Another major ransomware trojan targeting Windows, Cryptowall, first appeared in 2014.




**Images from Symantec "The evolution of ransomware" Version 1.0 – August 6, 2015
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)