What is Ransomware?

 

 

What is Ransomware?

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.

Ransomware has been around for more than a decade, but cybercriminals have resurrected the scam over the last couple of years and have been immensely successful. Once the victim’s files are infected they are asked to pay a ransom-in the virtual bitcoin currency if the victims want their files unlocked.

Cryptowall Ransomware one of a family of malware programs that encrypts files and demands a ransom from victims, has undergone a revamp that is frustrating security researchers. CryptoWall uses strong public-key cryptography to scramble files with certain extensions. Aside from paying the ransom, the only other way to counter it is by restoring files from a backup, although CryptoWall hunts around and tries to encrypt those files as well. Please see Cryptowall Ransomware Variant has new defenses.

One of the new variants in the crypto ransomware family is the CTB-Locker which encrypts the victims hard drive and the victim has to pay a large sum in order to get the decryption key. The most famous strain of this is the CryptoLocker, which FBI and other authorities took down GameOver Zeus infrastructure which was used to distribute the Cryptolocker which significantly reduced the malware’s effectiveness.

Peace was only for a short time until the ransomware came in form of the Curve-Tor-Bitcoin (CTB) Locker. Traditionally CTB has been distributed through the Angler Exploit Kit. Now the new wave of CTB is being distributed from malicious spam messages.

The common infection vector of CTB is via an email containing a fake invoice, compressed in a “.zip” or “.cab” file. Once the archive is decompressed displays a decoy RTF document, and after 5 minutes drops the CTB-locker payload and then performs the encryption routine. Users infected are asked to pay two or three bitcoins and those who do not risk losing their files.

In early December 2014, there were several reports about yet another type of ransomware, VirRansom (see Protect Against Virulent Ransomware). Not only does it make data unavailable and lock your computer until you have paid the crooks the ransom they demand, but the key feature of the virus is in addition to taking your computer hostage it has a mechanism by which it spreads to others. Not only will it take your system hostage but also other systems which you communicate with by spreading the virus.

How can you prevent becoming a victim of Ransomware attacks?

1) Get educated about phishing. Never, ever open a file or link in an email or on a social website unless you’re sure it was deliberately sent by the person themselves. It may seem interesting as you are reading it but you could end being a victim.

2) Make backups of all your critical data and software on a separate storage device that is not attached to your network or computer except only when backups are made (during which time you should be offline). Once backup is complete disconnect that drive from the network.

3) Use effective and constantly updated anti-malware tools.

4) Keep your operating system updated with the latest patches.

5)  Don’t click on photos or videos without first considering the consequences. If the person who sent it is someone you know, ask them. Better verify than being sorry later.

6) Download email attachments only from trusted sources.

7) If you think you are infected immediately disconnect your system from the network. Run your updated antivirus program. If it is a University owned asset (work computer) run McAfee antivirus and call IT Service Desk.

8)  Educate your employees, family members and friends about destructive malware. Please read this security alert by US-CERT on Crypto Ransomware

Do not pay the criminals. If you take the required precautions especially backing up your critical software and data, you can reinstall and have a clean copy of your files.

P.S :For Your Information- FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker (Please see Decyptolocker).