Though, ransomware has been mentioned in previous issues of this advisory, there is a constant need to be reminded again of this menace. Simply because it’s not about to go away.
Ransomware seem to have taken a sinister turn. It has, indirectly, caused victims to pay the ultimate price for ransomware – with their lives. There have been two reported cases: in one case a single father, a Romanian citizen, was informed that he had to pay a fine of EUR13,000.00 for watching pornographic content. A message appeared on this computer screen claiming to be from the Romanian police, and that if he failed to pay the fine, he would be jailed for 11yrs. Feeling under pressure as he had no way to pay the fine, he killed his son and committed suicide. He believed that the threat of fine was real. It was actually bogus. Earlier this year, in another tragic case, a British student committed suicide. He was accused of visiting illegal websites in a fake email. The message was purportedly from the Cheshire police and threatened him with a fine of 100 for browsing illegal web pages. This menace does not seem to be on a decline. In fact the number of crypto-ransomware is growing at an alarming rate. Next generation Cryptowall (see Definition) are so well developed that it could put many a legitimate business to shame. The developers have also realized that the weakest link in this ecosystem is the command and control (C&C) infrastructure that can be taken down by law enforcement. For one, the ransom paid is now split among individuals and the Bitcoin (see Definition) wallets are generated on an ad-hoc basis. This makes it difficult for investigators to see the immense profit that these operators have made. The C&C has also migrated to the Darknet (see Definition), that it makes it impossible for law enforcement to gauge the size of the botnet (see Definition). It has come to a stage that it is more difficult to detect Cryptowall as it has a variety of features. One particular feature is the polymorphic builder used to create a new virus for every potential victim. Ransomware can inflict huge financial damage to businesses and users. Though ransomware has killed people (the two cases mentioned above), it is not the attackers main goal. Their main goal is to make profit from the victims. With their tentacles spreading far and wide, it seems that nobody is safe.
|
Recommendation |
1. Ensure that the operating system and security software regularly updated.
2. Install anti-malware tools. 3. DO NOT open email attachments from unknown sources or emails that appear to be legitimate but suspicious. 4. Back up is very crucial. Important data to be regularly backed up onto an external media. 5. Awareness – staff are to be educated in best computing practices and how to identify threats. 6. If computers are infected, disconnect it from the network immediately and seek help. 7. If you have been compromised, change online account passwords and network passwords.
|
Definition |
1. Cryptowall – a Trojan horse that encrypts files on a compromised computer. It will then request that a ransom be paid in have the files decrypted.
2. Bitcoin – digital currency, created and held electronically. It is an online payment system developed by a Japanese man, Satoshi Nakamoto. 3. Darknet – a secretive place lurking underneath the Internet. It’s a dangerous place where a lot of illicit business occurs; where people can hide their digital tracks. Think of it as a lawless land. 4. Botnet – also known as a zombie army, where a number of compromised computers have been set up to forward spam, malware, etc., without the knowledge of the owners of the computers. It is normally controlled by a Botmaster. |
Source |
Information Week |