In layman’s terms, ransomeware takes commonly used extensions (such as .doc for Microsoft Word, .xls for Microsoft Excel) and encrypts files associated with those extensions, which prevents you from ever accessing those files again (unless you’re lucky and a developer resolves the encryption algorithm) Cybercriminals often provide a link to send money, specifically BitCoins. Once payment is received, they’ll provide a code that can remove the encryption. Some actually follow through; many opine that if cybercriminals followthrough, more people will be more likely to pay. However, you should never pay them; or this behavior will never end.
Ransomware entered the public’s vernacular this summer when the WannaCry ransomeware attack, using an SMB protocol exploit called EternalBlue on unpatched Windows operating systems, propagated the internet. Analysts predicted that the financial cost of WannaCry could surpass $4 billion. Several major companies, especially the European healthcare industry, were hit especially hard. The spread suddenly stopped when a computer security researcher named Marcus Hutchins unexpectedly triggered a “kill switch” by registering a domain name. In an ironic twist, Hutchins was arrested by FBI agents, accused of selling a program called Kronos, “designed to steal online backing credentials.”
Thousands, tens of thousands, of ransomware variants exist on the internet today, and not all are targeting Windows machines. According to a Kaspersky Lab report, there was a 253% increase in mobile ransomware attacks during the first quarter of 2017.
Some 218,625 mobile ransomware files were detected in the first months of the year, compared to 61,832 in the previous quarter, the report found. The Congur family of ransomware—which sets or resets the device passcode, giving attackers administrator rights to the device—accounted for more than 86% of these mobile attacks. Certain variants of Congur can cause even more trouble, using administrator rights to install their module into the system folder, where it is almost impossible to remove, the report noted.
The Trojan-Ransom.AndroidOS.Fusob.h was the most widely used form of mobile ransomware, Kaspersky Lab found. This variant, once run, requests administrator privileges, collects information about the device (including GPS coordinates and call history), and uploads that data to a malicious server. The server may then send back a command to block the device, depending on how worthwhile the hacker views the data.
A twisted new variant called “NRansom” is especially messed up:
For years, cybercriminals have been extorting victims by locking their computers with malware. The hackers promise to give the victim their files back as long as they fork over the cryptocurrency—typically Bitcoin—within the stipulated time limit. Now, someone has added a new, perverse twist to this tried and tested scheme: demanding naked photographs instead of Bitcoin.
Researchers at MalwareHunterTeam, a research group focused on ransomware, spotted the software, called nRansomware on Thursday. The group posted a screenshot of the message that’s displayed when a victim gets infected:
Whatever you do, don’t send them your nudes. Yes. I had to say that. Seriously.
- Patch/update the software on your computer regularly. Most software includes automatic updates. Always set those, but always check to make sure they’re updating. Take 15-30 minutes out of your week to ensure your computer is updated (it will be less of a hassle if you’re infected).
- If you have important files/information on your computer, invest in a backup solution. During the above mentioned 15-30 minute weekly maintenance, plug a purchased USB external hard drive, copy your files and unplug the drive (you don’t want it plugged in WHILE your computer is being infected).
- Be aware of your actions. Do not open random attachments in email (a favored method of infection), or click on suspicious websites just because it comes up in a search result. Diligence always wins.