Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and costly ransomware to come. “Ransomware authors are always looking for bigger payouts and to further their reach,” said Joe Marshall, security research manager with Cisco Talos. “We believe ransomware authors are going to look to past successful campaigns when they look to cast a wider net in the future.”
The FBI is seeking help from US firms as it investigates a nasty strain of ransomware, Reuters reports.
Ransomware encrypts data on infected machines and then asks for money before restoring access to information.
The FBI is analysing a strain of ransomware called MSIL/Samas that tries to encrypt data across entire networks rather than single computers.
We live in an online age, one where malware infections have become commonplace. Some might say this is the price of doing business online. News headlines report damaging attacks on well-known brands with depressing regularity. Consumer confidence suffers as customers look to organizations to sort out the issue, secure their transactions and fix the problem
Cryptowall ransomware is on the rise again after a spam wave attempting to spread the virus was uncovered by the security experts at Bitdefender.
Hackers were said to have sent out messages to potential victims in the UK, the US, Australia and other European countries, having located their servers around the globe to spread the malware, which encrypts a person's files before demanding payment for their release.
Catalin Cosoi, chief security strategist at Bitdefender, said: "Interestingly, in this instance hackers have resorted to a less fashionable yet highly effective trick to automatically execute malware on a victim's machine and encrypt its contents - malicious .chm attachments."
"Attackers began exploiting .chm files to automatically run malicious payloads once the file is accessed," Cosoi said. "It makes perfect sense: the less user interaction, the greater the chances of infection."
The crooks behind Cryptowall are thought to be targeting company networks through fake fax reports that spoofs computers in the victims' domain to disguise the nature of the attack.
In the past those behind the virus have sought to spread the malware through malvertising, with the ransomware having overtaken CryptoLocker last September in terms of financial damage, according to Dell.
Since the destruction of infrastructure used to spread CryptoLocker and the associated trojan GameOver Zeus last summer, the Russo-Ukrainian gang behind the viruses is thought to havemoved on to other malware, including more sophisticated bits of ransomware like Cryptowall.
We have talked a lot about Ransomware in the past weeks, and the threat it poses. It has never been greater. Yesterday, security firm Sophos released a security report warning that cyber-criminals and their associated groups are working together to make mass production "Deployment Kits" for Ransomware, enabling them to more easily make their own versions of the popular malware, and to allow OPEN PURCHASE of these tools on the internet. Ransomware is a type of malware that systematically encrypts all user data on a computer’s hard drive. Once it has encrypted all of the user’s data, it deletes the unencrypted originals. Users are then prompted to transfer money – often around $350 – for the encryption key to unlock the data. Sophos states that in the last year, the problem has become incredibly widespread, and that the release of a kit could lead to an explosion of Ransomware worldwide.
What make Ransomware so incredibly problematic is that there is NO FIX FOR IT. Anti-Virus WILL NOT protect you. Nor can a local computer shop, our company, nor the collective powers of the U.S. Federal goverment, and all other nations combined. Ransomware uses completely unhackable encryption to lock up your computer, and lock all your files, and can also lock up EVERY COMPUTER ON YOUR NETWORK INCLUDING ANY CONNECTED EXTERNAL DRIVES. This is NOT sensationalism, it is real. Hundreds of companies, TV stations, and even a few POLICE STATIONS have had to pay big bucks to ransom their data.
DO NOT BE A VICTIM. We can help you prepare to prepare for these attacks.
Here are some tips to help:
- NEVER leave Your External Backup Drive hooked up to your computer when done. Backup, and when finished, Disconnect it.
- DO NOT open attachments in emails unless they are from close trusted family members or friends, and even then, do not open attachments EVER with the file extensions: .exe, .zip, .rar, .bat
- Regularly back up your files. Do both local OFFLINE backups and Online Backups through services like Carbonite. If you are unfamiliar with how to perform local backups of your data, see these great tools from Acronis, Genie 9, and Rebit 5. And if you prefer, Rethink Associates provides quality backup solutions as well. Let Us do it for you!
If you become infected with any of these viruses or any others:
- Immediately Disconnect all external drives from your system to prevent infection.
- Disconnect you computer from the Internet, as some of these spread to other computers on the network.
- Contact Rethink Associates so that we can help!
Rethink Associates is working to set up a class (or few) on how to insulate your home and business networks against Ransomware attacks, so you can safeguard your livelihood!