Category Archives: Ransomware

Increased threat of Ransomware

Virus alert! You have to contact support.

Beware of Increased Threat of Ransomware

Did you know that ransomware attacks against businesses increased threefold in 2016? Why is that, you might ask? Well, that’s because major ransomware gangs are now capable of infecting millions of computers. These gangs lock your data with strong and often unbreakable encryption. Success of these illegal and harmful practices encourages more and more people to commit these crimes.

Even though wide-scale, indiscriminate ransomware campaigns are among the most common, there is an increased focus on targeted attacks against large organizations. These require high levels of technical expertise and are more common to cyberespionage.

How might these cyber-attacks affect your business? Well, they could cause a massive operational disruption and seriously damage your revenues and reputation. Under no circumstances should you pay the ransom or more attackers will follow suit! As an organization, especially, you should be aware of such threats and build appropriate defenses accordingly.

The most affected businesses in the past year have been in the Services sector, followed by Manufacturing, Finance, Insurance, Real Estate and Public Administration. Additional, although somewhat less affected, industrial sectors were Wholesale Trade, Transportation, Communications, Utilities, Retail Trade, Construction, Mining, Agriculture, Forestry and Fishing. The average ransom demand has more than doubled. Even those criminals with relatively low levels of technical expertise can now attack you through the use of ransomware-as-a-service (RaaS).

All of the new variants of ransomware discovered this year are crypto-ransomware compared to 80% last year. During this time, US has been most affected by ransomware followed by Canada, Australia, India, Japan, Italy, the UK, Germany, the Netherlands and Malaysia.

Why this shift towards crypto-ransomware? Well, it is usually the most effective form of ransomware.

In order to evade detection by security products, ransomware has been coded using different programming languages such as JavaScript, PHP, PowerShell or Python. Additional features of high profile ransomware have extended beyond its core functionality of locking devices or encrypting files, thus increasing the level of threat.

You may wonder what sort of ransomware hit many businesses over the course of last year. Well, good examples are TeslaCrypt (also known as Trojan.Cryptolocker.N) and Locky.

So why are some businesses affected more than others? Even though the answer to this question is not yet completely clear, it is believed that the higher the level of integration a given organization has with different internet services, the higher the risk of exposure to infection.

At this stage it would be good to talk a little bit more about the factors driving growth and persistence of ransomware, particularly crypto-ransomware.

The first factor is effective deployment of encryption. Attackers can rapidly encrypt your files with an encryption key and then encrypt the encryption key itself. Second is the rise of Bitcoin and other cryptocurrencies which operate outside the traditional financial system. Ensuring effective spread of ransomware to as many users as possible has also been a factor. Fourthly, advanced attack techniques have allowed hackers to penetrate entire networks with ransomware and then traverse them using legitimate tools, effectively infecting hundreds of computers. The fifth and final factor is RaaS which allows inexperienced hackers to purchase ransomware executables and distribute malware for RaaS creators (experienced hackers), thus earning them percentage of profits.

Finally, if you own a business, Mission Repair Centre believes that you should really take note of the following. Business email compromise (BEC) scams attempt to trick C-level executives into making large wire transfer payments. Bug-poaching attacks compromise corporate servers, stealing data and requesting a fee for information on how the attack was carried out. The Carbanak gang target banks directly instead of bank customers.

Darius Romanek

Mission Repair Centre Team 🙂

Ransomware : How can You protect yourself ?

virus 1

Ransomware: How Can You Protect Yourself

Ransomware is a type of computer malware that installs covertly on your computer to execute so called crypto virology attack which adversely affects your machine and demands payment to decrypt it. It is a denial-of-access attack preventing computer users from accessing files since you cannot decrypt them without the decryption key. These types of attacks range from less to more serious.
Simple attacks may just lock the system in a way which may not be difficult to reverse if you are knowledgeable enough, displaying a message requesting payment to unlock it. In a more serious case, your files become encrypted and inaccessible and ransom payment is demanded to decrypt them. In the worst case scenario, the ransomware may even encrypt the computer’s Master File Table (MFT) or the entire hard drive.
Between 2012 and 2014, 5 major ransomware Trojans were released. Their names are Reveton, CryptoLocker, CryptoLocker.F, TorrentLocker and CryptoWall, variants of most of which continue to be a threat.
Currently, there are 10 major existing ransomware threats infecting different computers throughout the world and these are: Tescrypt.E, Tescrypt.D, Locky.A, Locky, Crowti.A, Exxroute.A, Win32/Cerber.A, FakeBsod.A, HTML/Cerber.A and Brolo.C.
The question is then how can you, as a user, mitigate the threat of ransomware attacking your computer and even when it does what measures can you take against it.
Unfortunately, as is the case with other types of malware, security software may not always detect ransomware. Data damages and/or losses can be stopped or greatly reduced if an attack is suspected or detected in its early stages as it takes time for encryption to take place.
The best recipe is of course prevention. As security software cannot always block at least some of this malware or more from launching and infecting your computer, it is advisable to keep backups of your stored data in locations inaccessible to the targeted area or space such as on external storage drives. It is also important that you keep your computer operating system and application software up to date. Another preventative measure constitutes never opening potentially infected spam emails or emails from unknown senders, never downloading attachments from any suspicious emails and never clicking links in spam. Having a traffic-filtering solution can provide proactive anti-ransomware protection.
If your files have been locked by ransomware, at least partial data recovery may be possible with the recovery of the encryption key (a process which may take several days). If the same encryption key is used, decryption tools use files for which there are both uncorrupted backups and encrypted copies.
New software tools intended specifically to deceive, divert and eventually stop ransomware prior to it encrypting files on your computer have recently been developed. These new software tools are specialized applications of deception technology recently available in the summer of 2016.
So at this stage you might ask: what are the best antivirus programs to protect against ransomware and the best ransomware protection currently available? Well, the best antivirus programs that provide ransomware detection and removal offer On Demand Malware Scan, Behavior Based Detection and Malicious URL Blocking.
Some of the most reputable antivirus solutions you may wish to consider are McAfee, Norton and Kaspersky software. Zone Alarm’s Threat Emulation software detects harmful content before you click (solid offense is at times the best defense against ransomware).

Darius Romanek

Mission Repair Centre Team 🙂