Ransomware

Ransomware is a type of malicious software from crypto virology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto viral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented crypto viral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the “WannaCry worm”, travelled automatically between computers without user interaction.

Starting from around 2012 the use of ransomware scams has grown internationally. In June 2013, vendor McAfee released data showing that it had collected more than double the number of samples of ransomware that quarter than it had in the same quarter of the previous year. Crypto Locker was particularly successful, procuring an estimated US $3 million before it was taken down by authorities, and Crypto Wall was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over US $18m by June 2015.

Self Help Guide:

  1. Check your Anti-virus, ensure its up to date (Free/Windows Anti-virus is not good enough)
  2. Check your backups, ensure you keep an offline copy (Backup drives can get infected too, have a rotational strategy or offsite backup in place)
  3. DO NOT OPEN ATTACHMENTS FROM PEOPLE YOU DO NOT KNOW

Assistance:

EXAMPLE OF INFECTED FILES

 

admin