Already a member? Login here

Malicious Software´s archives ↓

Ransomware – Threatens to Take Your Data Hostage

A rise in data kidnappings makes data protection more important than ever. It’s little more than electronic thuggery. Demanding payment for the safe return of your data is one of the newest scams perpetrated by cyber-criminals. And they’re using ransomware – malware that’s expressly designed to encrypt your data – to do it.In a ransomware attack, the criminal will send the victim an email saying that they have control of their system, and the victim can’t get any data on their system unless they pay the criminal through an untraceable wire service.

In this type of attack, a criminal may put a special file or program in an e-mail and send it to the victim. Or the victim may click on a pop-up window that’s been specially designed to infect the computer with the ransomware. If the victim opens or executes the attachment (or clicks on the pop-up), then the ransom application can encrypt files on the victim’s computer. And the victim can’t open the scrambled files without the key – which the criminal holds. In other instances, the criminals threaten to delete files on the victim’s computer.

The criminal then demands payment, usually with online currency or another wire service. The criminals keep ransom demands low — $15.99 to $19.00 in order to keep authorities from getting involved. If they target enough people, they can make a lot of money.

If the victim doesn’t pay, then he or she can’t access the data. Once the ransom is paid, the criminal will supposedly send the key to decrypt the data. But once the victim pays, he or she is now established as willing to pay “protection money.”

How to Protect Yourself

What can you do to protect your company? So far, most of the ransomware attacks have been relatively simple. The ransom applications used symmetric cryptography, which made it possible for security experts to extract the decryption keys from the files without contacting or paying the attackers.

While ransom attacks may be on the rise, you can take steps to protect your users and your business. You can address Ransonware with your existing security protections. Make sure all computers with browsers have the latest patches. Your firewalls, antivirus, intrusion detection and other layers of security protection will likely stop the malware before it infects your network. And do all your backups and keep them offline.

Glossary: Ransomware (malware)

A cryptovirus, cryptotrojan or cryptoworm is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration. The term ransomware is commonly used to describe such software, although the field known as cryptovirology predates the term “ransomware”.

This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim. If the victim opens/executes the attachment, the program encrypts a number of files on the victim’s computer. A ransom note is then left behind for the victim. The victim will be unable to open the encrypted files without the correct decryption key. Once the ransom demanded in the ransom note is paid, the cracker may (or may not) send the decryption key, enabling decryption of the “kidnapped” files.

The idea of maliciously encrypting plaintext is not new. The first example is probably the PC Cyborg Trojan that was found in 1989. It encrypted only filenames (using a very weak cipher) causing the file system to be corrupted. There have been other malware attacks that have maliciously encrypted plaintext since then. The 1996 IEEE paper by Young and Yung[1] reviews the malware that has done this, and shows how public key cryptography may be used in such threats.

A cryptovirus, cryptotrojan, or cryptoworm is defined as malware that contains and uses the public key of its author. In cryptoviral extortion, the public key is used to hybrid encrypt the data of the victim and only the private key (which is not in the malware) can be used to recover the data. This is one of a myriad of attacks in the field known as cryptovirology.

Source: Computer Associates

Related Links:

Banking Online? Information Intercepted by New Trojan

Just when you thought it was safe to go back into the water (am I the only one who understands this reference?)… Online banking is facing a new attack via a trojan which intercepts account information prior to encryption and then kindly transmits the data to be inlcluded in a central attacker database.

The Trojan, dubbed Trojan.Silentbanker by security software company Symantec, can intercept online banking transactions that normally are well guarded by two-factor authentication procedures. During a banking transaction, Silentbanker will change the user’s bank account details over to the attacker’s account, all the while mimicking what the user would expect to see from a typical banking transaction. Because users have no idea their account data has been changed, they then unknowingly send money to the attacker’s account after entering their second authentication password.1

While Symantec’s website indicates this trojan has a relatively low level of distribution, it still poses grave danger as it works without any user detection.

Click here to read more

Mainstream Websites Now Sometimes Corrupted by Viruses

compcrime.jpgEveryone knows that they should be careful on the Internet. But websites that you would ordinarily figure to be safe are becoming stomping grounds for e-thieves. Infected web pages first appeared in late 2005. Now even Google advertising links can be suspect. Top tier websites to mom and pop bakery sites are all now potential risk factors.

Click here to read more

Your PC’s Under Siege – Viruses, Spyware, Malware Oh My!

Sick ComputerViruses, Spyware and Malware – The Threat and How to Protect Yourself
Malicious software such as computer viruses, spyware and Malware have become an extremely serious threat to businesses and individuals and the threat is growing exponentially. There are even laws to help stop distributors of this malevolent software, yet the threat and circulation of intrusive and destructive software continues to grow. Many companies and malicious programmers continue to create intrusive and destructive software and distribute it to the masses in spite of consequences for doing so. Take a moment and learn how to determine if your computer or network is infected with Spyware and how to remove it.

Click here to read more