From out of nowhere it seems, Ransomware has emerged as one of the most dangerous security threats today. Although this malicious trend isn’t entirely new, the attacks have become alarmingly more sophisticated. Also, the victim count has steadily increased and it looks like the trend is now slowing down.
By now Recovery Zone regulars are familiar with the ransomware basics. Once installed, the malware blocks access to your files and demands you to pay a ransom amount in order to regain access. Unfortunately for the victims, this new wave of attacks stems far beyond the basics. Here are 10 things you may or may not have known ransomware can do:
1. Wear a Clever Disguise
The latest strain of DetoxCrypto malware is purposely trying to disguise itself as reputed security software Malwarebytes. Albeit, in an amateurish style, as the name of the poser software has typos: “Malwerbyte”. So beware what executables you install.
2. Works On Linux and Macs
As the world’s leading operating system, Windows is also number one with a bullet in the eyes of cyber attackers. And while Unix-like competitors have a reputation for offering better out of the box security, not even the best of them are spared in the ransomware onslaught. LinuxEncode gained a reputation as the first to target the Linux platform. It’s also one of the easiest to defeat due to its amateur approach to encryption. Then there’s KeRanger – some believe this is an updated version of LinuxEncode and the first ransomware launched on Mac OS X. KeRanger is distributed via BitTorrent client Transmission, suggesting that illegal downloads do in fact have a price.
3. It Can Talk To You
You’ve heard of talking mobile apps. Now meet the talking malware. After encrypting the victim’s files, the ransomware program known as Cerber delivers instructions on how to pay the ransom. The instructions are contained in TXT, HTML, and VBS files. The latter will recite the message in audio. Cerber demands an average ransom of $500 to $800 via anonymity network tunnel TOR with the amount doubling within a week’s time. Talk about a pain in the neck.
4. Target Mobile Phones, Tablets and Smart TV’s
Ransomware is primarily a computer-based threat that seeks to reek havoc on PCs and servers. However, it rears its ugly head on other devices as well. Stealing security headlines in this category is Fusob, a Trojan that targets porn viewers by masquerading as an XXX video player. The mobile commerce revolution is in full swing, and the fact that victims can transfer funds in swipe and tap fashion has to be incredibly appealing to ransomware creators. This theory is fueled by a Blue Coat report proclaiming ransomware as the number one security threat on mobile devices.
The only thing scarier than ransomware on your phone is the kind that invades your home. Franctic Locker or FLocker, originally started by targeting Android phones before eventually adopting capabilities that allowed it to attack Android-powdered smart TVs. Flocker attempts to send the victim into a panicked frenzy by locking their TV screen and alleging that they’ve committed a crime – all the while purporting as a law enforcement agency. The malware then demands a ransom of $200 be paid in iTunes gift card credits.
5. Perform Full System Encryption
Most of the ransomware threats on our list operate by encrypting your files. Some, however, aim to paralyze you entirely by locking up your whole system. Petya was one of the first discovered to have full system encryption capabilities. Overwriting the MBR allows it to encrypt the hard drive, crash the OS, and present the ransomware note. A few months after its initial discovery Petya returned, but it wasn’t alone. The updated version came bundled with a second piece of malware (Mischa) that performed the ransomware duties in the event that the initial infection failed to gain the necessary admin privileges.
6. Deletes Your Files One By One
The classic ransomware infection blocks access to your files until you pay up. Jigsaw goes one step further by encrypting your files and incrementally deleting them until the ransom is paid. Clearly the authors were heavily inspired by horror movie franchise Saw. The ransom note is accompanied by an image of Billy, the creepy puppet that makes an appearance in each film, as well as a red digital clock that performs the countdown.
7. Take Your Money and Delete Your Files
Some ransomware victims opt to simply pay the ransom to regain access to their mission-critical files as soon as possible. Sadly, giving in to the ransom demands can actually make matters worse. In a recent post we profiled RanScam, an aptly named infection that presents itself as ransomware, yet deletes your files whether you pay the ransom or not. Ironically this scheming malware was looked down upon by ransomware authors who realize that destroying files is a bad look for the community at large. After all, victims are not going to pay if they believe there’s no chance of their files will ever be returned.
8. Encrypt Unmapped Drives
When ransomware first emerged on the scene, the attacks looked to encrypt files in the default drive before moving on to other mapped drives. However, evolved strains like CryptoFortress, DMA Locker, and Locky emerged. CryptoFortress was the first to show the ability to lock files whether they are mapped to a specific drive or not. This functionality has made it more important than ever for IT administrators to protect shared network folders with strong permissions.
9. Pose as a Windows Update
In order to slap the cuffs on unsuspecting users, ransomware authors must first gain system access, which usually means packaging their malware in a clever disguise. It doesn’t get any craftier than posing as something that all users need – critical system updates. Fantom targets business users by pretending to be a Windows update complete with a Microsoft copyright and familiar dialog screen. But once you agree to the terms, the utility you think is updating your system is busy encrypting your files with AES encryption you couldn’t crack with a virtual sledgehammer. This one is scary!
10. Encrypt Backup Copies
Next to prevention, a solid backup and disaster recovery plan has proven to be the most effective way to combat ransomware. Malware writer are trying to cripple the best defense mechanism, too. The FBI was the first to send word regarding SAMAS. This ransomware strain not only targets the infected system, but all connected systems and resources. Among those resources are backup copies victims can ordinarily rely on to restore their files and avoid paying ransom fees. Needless to say, SAMAS is one of the most dangerous ransomware villains we’ve seen to date.
Malware seems to grow more advanced by the day and this extortion-driven threat is the worst possible example. Having an off-site backup is typically the best defense against ransomware. Nevertheless, a little common sense when browsing the Internet helps, too.