live casino online

arrow_back
search
close

Ransomware Recap: TorrentLocker's New Tactics

March 10, 2017

The ransomware known as TorrentLocker has been spotted against European nations such as Germany and Norway. While the ransomware’s behavior isn’t too different from the earlier variants, its new method of propagation makes it a dangerous threat for end users who lack awareness of the various phishing techniques used by cyber criminals.

These variants (Detected by live casino online as RANSOM_CRYPTLOCK.DLFLVV, RANSOM_CRYPTLOCK.DLFLVW, RANSOM_CRYPTLOCK.DLFLVS and RANSOM _CRYPTLOCK.DLFLVU), use social engineering to trick its victims—primarily company employees—into clicking a Dropbox URL embedded in a phishing email. This URL leads to a fake “invoice document" which is actually the ransomware’s file. TorrentLocker’s use of Dropbox makes for an additional detection hurdle, as the site itself is a legitimate one.

The ransomware’s distribution of targets based on live casino online’s Smart Protection Network (SPN) data can be seen in the chart below:


Python-based ransomware make an appearance

A couple of notable Python-based ransomware dubbed PyL33t (Detected by live casino online as Ransom_PYLEET.A) and Pickles (Detected by live casino online as Ransom_CRYPPYT.A) made the rounds during the end of February.

Internet culture bears a heavy influence on the PyL33t ransomware, as seen in its Comic Sans ransom note, its use of the 1337 port, and its use of the .d4nk extension, which it adds to files it encrypts. Once PyL33t is downloaded and executed in the victim’s computer, it will encrypt various files that use extensions such as .docx, .jpg and .xlxs.

Pickles is a harmless-sounding name for another dangerous Python-based ransomware. Once Pickles infects the victim’s computer, it encrypts files and renames them with the .EnCrYpTeD extension, changes the wallpaper to the message seen above, and drops a ransom note called READ_ME_TO_DECRYPT.TXT which contains the expensive ransom demand of 1 bitcoin, which roughly amounts to $1200. The decryptor is also dropped along with the ransomware; however, decrypting the affected files requires a password.

Ransomware Solutions:

Enterprises can benefit from a multi-layered, step-by-step approach in order to best mitigate the risks brought by these threats. Email and web gateway solutions such as?live casino online? Deep Discovery? Email Inspector?and?InterScan? Web Security?prevents ransomware from ever reaching end users. At the endpoint level,?live casino online Smart Protection Suites?deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimizes the impact of this threat.?live casino online Deep Discovery Inspector?detects and blocks ransomware on networks, while?live casino online Deep Security??stops ransomware from reaching enterprise servers–whether physical, virtual or in the cloud.

For small businesses,?live casino online Worry-Free Services Advanced?offers cloud-based email gateway security through Hosted Email Security. Its endpoint protection also delivers several capabilities such as behavior monitoring and real-time web reputation in order detect and block ransomware.

For home users,?live casino online Security 10?provides strong protection against ransomware by blocking malicious websites, emails, and files associated with this threat.

Users can likewise take advantage of our?free tools?such as the?, which is designed to detect and remove screen-locker ransomware; as well as?, which can decrypt certain variants of crypto-ransomware without paying the ransom or the use of the decryption key.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Cybercrime & Digital Threats, Ransomware

We Recommend