Saturday, January 16, 2016

Crypto Ransomware

Crypto Ransomware

Data and information are becoming the new wealth day by day. The evolution of crime becomes more and more sophisticated in time. There is a new threat named ransomware just entered. These ransomware are just malwares that encrypts all your data. Hackers are willing to exploit data and information as much as possible to make it for their own economic benefit.

Crypto-ransomware are malicious malware that encrypt a victim’s most important files and hold them reserved with them from user until a payment is made to the hacker. Most of the payments they demand in form of crypto currency like bit coins. 

There are some professional hacking agency who develop and distribute the malware. They are building invincible malware variants, such as TorrentLocker and CryptoWall etc.

A brief about TorrentLocker

TorrentLocker malware was initially observed in 2014. It uses a symmetric block cipher AES to encrypt target’s files and system. This was affected to European countries more. 

This ransomware is being sent through infected spam emails and sometimes they use a infection chain which involves three steps such as;

  • URL redirection
  • Leading or routing to malicious page
  • CAPTCHA verification.

In first step, the hacker compromise the web servers and inject them with a redirect rule. Then it constantly redirects or changes the URL address to avoid detection.

Eventually victims land on to web pages that seem to be legitimate and those are backed, controlled by the hackers. Again it asks for CAPTCHA code for feeling more authentic to the victim.

Then, when the victim fills the captcha, the ransomware downloads its package and encrypts all the files who have extensions like, .DOCx, .PDF, and .ZIP.  

Security experts warned not to trust those unknown sites, always keep back up of your data. A consistent backup can help to rebuild the business without hassle in case of any attack happens.

Everyone should use antimalware programs to prevent in downloading to system or it can warn the user before downloading.

And last but not least a lot of user level training or awareness is required to learn this type of attacks and their consequences.

-DR



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Basics of Ethernet
    Ethernet   Ethernet is the Media access method in a network where all the device or hosts , that share data or share the bandwidth in betw...
  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • General IT Controls -ITGC & GTAG
    General IT Controls (GITC or ITGC) Information Technology General Controls is a type of internal controls which is combined a set of policie...