Ransomware: 5 Threats To Watch
Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.
July 17, 2014
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blte55dc8cafb779116/64f0dd15c7f14ba77b4e5bd7/simplelocker-threat-translated-wordlens.png?width=700&auto=webp&quality=80&disable=upscale)
PCs aren't the only targets of ransomware: Now there's a form that targets Android devices. One such variant is Simplocker -- mostly found in Russia and Ukraine -- that poses as an Android app that, once installed, finds files and encrypts them. The good news, researchers say, is it's more of a "proof of concept" at this point.
"It operates as crypto-ransomware and does encrypt popular consumer document files," Bambenek says. "It is theoretically possible to recover files because the private key is not stored elsewhere but in the code of the malware itself."
(Source: Blue Coat)
Urausy was the second most pervasive ransomware threat in the second half of last year. It's similar to Reveton in that it shows up in the form of "law enforcement" messages warning the victim that he or she is being fined for viewing pornographic material, or for some other offense that requires a fee to free his or her computer from lockdown.
The good news is that the system can be recovered without paying the ransom, and the Urausy malware ultimately can be eradicated from the victim's machine, security experts say.
(Source: AlienVault)
Reveton was the most pervasive ransomware family as of the second half of last year, according to Microsoft's recently published Security Intelligence Report. The malware increased by 45% from the first and second half of 2013, and it typically lures its victims with phony messages posing as the FBI or other law enforcement agencies.
Reveton "is generally the type of ransomware people thought of until CryptoLocker came on the scene and popularized 'information-destruction' as a form of extortion. There is some renewed interest in tackling this," says forensic examiner John Bambenek.
(Source: Microsoft)
Cryptowall, a.k.a. Cryptodefense, is emerging as the top ransomware threat now that CryptoLocker has been crippled. Security experts say it's not likely the handiwork of the same criminal gang, however, although it does also encrypt files and use Bitcoin as its payment plan.
Dell SecureWorks researchers sinkholed one Cryptowall domain during the period of June 10 to 28, and found around 10,000 victims. The operation is known to have at least five domains, so that was only a snapshot of the threat, SecureWorks says. Cryptowall's operators made about $150,000 per week from their ransom demands during that period of time.
Cryptowall does things a little differently, including its countdown timer: "Unlike its predecessor, CryptoLocker, which threatened to delete the decryption key after 72 hours, Cryptowall's countdown timer is merely a trigger to a doubling of the ransom," says Andrew Brandt,director of threat research at Blue Coat in a blog post.
(Source: Blue Coat)
CryptoLocker has been quiet -- too quiet -- ever since the massive disruption in early June of the GameoverZeus botnet used by the ransomware gang to spread their nasty and destructive malware.
But not before it kidnapped files from some 400,000 victims over a nine-month period, making more than $4 million for its operators, according to data from KnowBe4.
CryptoLocker-watchers say the infamous ransomware operation has gone dark: for now, anyway.
(Source: KnowBe4)
As Windows software vulnerabilities have gradually decreased in the wake of Microsoft's secure development lifecycle approach to writing code, the bad guys have been forced to raise the bar and get more creative. Enter ransomware, a nasty form of malware that not only infects your machine but also locks you out of it -- and in many cases, encrypts the data so you can't retrieve it.
The most infamous of these malware families is CryptoLocker, which uses a strong encryption algorithm to lock a victim's files on local drives and network shares. Some victims have paid $300 or more to get their data decrypted and returned to them -- but even paying ransom doesn't guarantee you'll get your data back, or that the bad guys don't still sell it for profit.
[A Black Hat USA speaker will give the backstory on how he and others helped disrupt the infamous CyptoLocker operation, and what they learned about it. Read How Researchers Helped Cripple CryptoLocker.]
But CryptoLocker's head was lopped off in early June after a massive global initiative by the FBI, international law enforcement agencies, and security firms, which seized its key command and control servers. CryptoLocker remains out of action at this point, but there are plenty of other ransomware families circulating and waiting in the wings to fill the void. One such family, Cryptowall, is being blamed for a recent breach at brokerage house Benjamin F. Edwards & Co.
"Ransomware, because of its high-margin profits and the rather simple chain of people that need to be involved, will likely surge in the near-term for PC users," says John Bambenek, chief forensic examiner at Bambenek Consulting and a ransomware expert. "Unlike typical credit card fraud and the like that require money mules, reshippers, and card cloners… all you need to make money with ransomware is a tool and access to Bitcoin or a means to cash in moneypak or similar cards. The trick is a good delivery mechanism."
Here's a look at the top ransomware threats to watch out for:
As Windows software vulnerabilities have gradually decreased in the wake of Microsoft's secure development lifecycle approach to writing code, the bad guys have been forced to raise the bar and get more creative. Enter ransomware, a nasty form of malware that not only infects your machine but also locks you out of it -- and in many cases, encrypts the data so you can't retrieve it.
The most infamous of these malware families is CryptoLocker, which uses a strong encryption algorithm to lock a victim's files on local drives and network shares. Some victims have paid $300 or more to get their data decrypted and returned to them -- but even paying ransom doesn't guarantee you'll get your data back, or that the bad guys don't still sell it for profit.
[A Black Hat USA speaker will give the backstory on how he and others helped disrupt the infamous CyptoLocker operation, and what they learned about it. Read How Researchers Helped Cripple CryptoLocker.]
But CryptoLocker's head was lopped off in early June after a massive global initiative by the FBI, international law enforcement agencies, and security firms, which seized its key command and control servers. CryptoLocker remains out of action at this point, but there are plenty of other ransomware families circulating and waiting in the wings to fill the void. One such family, Cryptowall, is being blamed for a recent breach at brokerage house Benjamin F. Edwards & Co.
"Ransomware, because of its high-margin profits and the rather simple chain of people that need to be involved, will likely surge in the near-term for PC users," says John Bambenek, chief forensic examiner at Bambenek Consulting and a ransomware expert. "Unlike typical credit card fraud and the like that require money mules, reshippers, and card cloners… all you need to make money with ransomware is a tool and access to Bitcoin or a means to cash in moneypak or similar cards. The trick is a good delivery mechanism."
Here's a look at the top ransomware threats to watch out for:
PCs aren't the only targets of ransomware: Now there's a form that targets Android devices. One such variant is Simplocker -- mostly found in Russia and Ukraine -- that poses as an Android app that, once installed, finds files and encrypts them. The good news, researchers say, is it's more of a "proof of concept" at this point.
"It operates as crypto-ransomware and does encrypt popular consumer document files," Bambenek says. "It is theoretically possible to recover files because the private key is not stored elsewhere but in the code of the malware itself."
(Source: Blue Coat)
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024