Endpoint

10/25/2016
03:00 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail

7 Scary Ransomware Families

Here are seven ransomware variants that can creep up on you.
2 of 8

1. Locky

Locky ransomware's potency comes from its ability to change tactics. Locky uses multiple exploit kits, including Angler, and Neutrino, and it also uses macros and script files to encrypt files once a user opens up a document. Locky is delivered via download in a Microsoft Office document (.doc) or JavaScript and is sent via an email attachment in a phishing campaign. Files that are encrypted are fully renamed. After executing, Locky displays the ransom note in text and bitmap forms, setting the latter as the victim's wallpaper. Victims are instructed to pay on a web page that is accessed via Tor. By using multiple exploit kits and tactics, Locky proved to be an easy way to deploy malware. 

Image Source: Trend Micro

1. Locky

Locky ransomwares potency comes from its ability to change tactics. Locky uses multiple exploit kits, including Angler, and Neutrino, and it also uses macros and script files to encrypt files once a user opens up a document. Locky is delivered via download in a Microsoft Office document (.doc) or JavaScript and is sent via an email attachment in a phishing campaign. Files that are encrypted are fully renamed. After executing, Locky displays the ransom note in text and bitmap forms, setting the latter as the victims wallpaper. Victims are instructed to pay on a web page that is accessed via Tor. By using multiple exploit kits and tactics, Locky proved to be an easy way to deploy malware.

Image Source: Trend Micro

2 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
11/1/2016 | 8:52:13 AM
Cyber security
As holiday season nears, it is the by far most lucrative season for hackers and keyboard warriors to sneek into people's data for their monetary gains. Protect IP address with genuine vpn server like PureVPN that offers encryted online connection and those with strict no logs policy. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/27/2016 | 12:15:16 PM
Re: Jigsaw
Wow.  What a (scarily, saddeningly) clever way to still get something out of those who have had the foresight to back up their data (and, accordingly, otherwise wouldn't pay to get ransomed data unlocked).
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/27/2016 | 12:12:27 PM
Re: Jigsaw
@Dr.T: On top of that, it's a way for them to "double-dip."  First, pay up to get your data back.  Next, pay up so that no one else gets it.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/27/2016 | 12:11:24 PM
Re: Ransomware; new industry
@Dr.T: A big contributing factor to why this "industry" developed has to do with spam.  After the huge spam crackdown a few years ago, black-hatters had these botnets and malware under their control...but spamming was no longer particularly profitable or worth the risk for them.  Accordingly, they had to come up with new business models.

Enter ransomware.

Ironically enough, if we had left the spammers alone, we might not have seen this particular "innovation."
Shantaram
50%
50%
Shantaram,
User Rank: Ninja
10/26/2016 | 6:01:27 PM
Re: 192.168.l.l
It's really impressive

thx
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/26/2016 | 3:17:20 PM
Re: Jigsaw
"... doxware ..."

I was reading about this the other day, obviously when the victim does not pay for the old files hackers still want to get someting out of it. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/26/2016 | 3:14:54 PM
Re: Jigsaw
"... As companies grow aware of the threat of ransomware ..."

I say they are not. It looks like companies are willing to pay to get the data back instead of investing a good backup system.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/26/2016 | 3:12:32 PM
Re: Jigsaw
"... Jigsaw's scheme is particularly brilliant  ..."

there might be better ways but it is impressive.

 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/26/2016 | 3:09:30 PM
Re: candid photographer
" ... Excellent blog  ...":

Agree. Good information.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
10/26/2016 | 3:08:27 PM
Ransomware; new industry
I could not believe that there has been a new instruct created out of cyber-attacks. We are not in the right track at all.
Page 1 / 2   >   >>
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-17158
PUBLISHED: 2018-05-24
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prag...
CVE-2017-17315
PUBLISHED: 2018-05-24
Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP m...
CVE-2018-5485
PUBLISHED: 2018-05-24
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.
CVE-2018-5487
PUBLISHED: 2018-05-24
NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.
CVE-2018-7902
PUBLISHED: 2018-05-24
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privile...