live casino online

arrow_back
search
close

Ransomware Recap: Sept. 16, 2016

September 20, 2016

ransomware-recapOn September 15, the Federal Bureau of Investigation issued a that strongly urged ransomware victims to report infections to the authority. The PSA is likely a response to the fact that cases of ransomware infections had reached an “all-time high” in the first few months of 2016, with newer, more sophisticated variants surfacing on a regular basis. According to the agency, one particular ransomware variant successfully compromised an estimated number of 100,000 computers daily.

[Threat Report: The Reign of Ransomware]

As reports released by media groups and threat research companies consistently talk about victims and the losses caused by ransomware attacks on individuals and organizations, the FBI emphasizes the difficulty of identifying the actual number of ransomware infections given the number of unreported cases. With the public advisory, the agency looks to establish a clearer understanding of the breadth and severity of ransomware attacks.

As such, the FBI noted in its advisory, “Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.”

Here are other notable ransomware stories from the past week:

LockLock

The beginning of the week saw the emergence of a ransomware named (detected by live casino online as Ransom_EDALOCK.A). Observed to be based on the open-source ransomware EDA2, initial analysis of the attacks show victims whose IP addresses appear to have come from China. This particular ransomware encrypts using the AES-256 algorithm and appends a “.locklock” extension to its targeted file types. The ransom note, under the file “READ_ME.TXT” demands that the victim communicates with the cybercriminals via an email address or Skype. Interestingly, a YouTube video channel created by the developer was also seen, with a video detailing a possible alternate version of the ransomware.

RAA

Last June, RAA (detected by live casino online as RANSOM_JSRAA.A) made its first rounds, notably using JScript scripting language. Much more recently, researchers a new RAA variant (detected by live casino online as RANSOM_JSRAA.L) targeting companies via spear phishing attacks. This evolved variant now arrives in the form of a password-protected .zip archive attachment. This, according to researchers, is an age-old technique that would thwart anti-malware systems from unpacking the file and scanning it for its malicious content.
However, the new variant proceeds with the encryption process without the need to communicate to a C&C server. Unlike its earlier version, the ransom note, written in Russian, does not ask for a specific amount in Bitcoins.

NoobCrypt

It looks like the developers of NoobCrypt (earlier variants detected as Ransom_NOOBCRYPT.A and Ransom_NOOBCRYPT.B) didn't learn much from their first release in July 2016, and are, in fact, still living up to its given name. This time, a (detected by live casino online as Ransom_NOOBCRYPT.C) reportedly made the mistake of using the same password for all of its victims. This allowed some researchers to develop a list of decryption keys based on the password. When the screen gets locked, a ransom note flashes saying “Made in Romania.” A ransom amount, deadline, and specific bitcoin address are then provided for the particular release on a per-victim basis.

Razy 5.0

Back in July, a ransomware variant that appears to have the same text-to-speech feature similar to Cerber was sighted. (detected at the time as Ransom_RAZYCRYPT.A) encrypted files using AES before appending the extension .razy to the locked files. The new variant of Razy, dubbed by researchers as Razy 5.0 (detected by live casino online as Ransom_RAZYCRYPT.B) uses a Jigsaw ransomware-inspired note that demands a payment of 10 euros via PaySafeCard. The ransom note issues a soft threat though—researchers noted that unlike Jigsaw, it does not delete the encrypted files after its set deadline.

Fantom

Following the surfacing of Fantom—a variant based on the open-source ransomware EDA2—by the end of August 2016, a (detected by live casino online as Ransom_FANTOMCRYPT.B) was recently spotted with several updates. Now, Fantom follows the trend of evolved ransomware variants that can encrypt files without having to connect to its C&C servers for the keys. Apart from the offline encryption feature, this updated variant adds network share enumeration, and a per-victim display of ransom values based on the targeted victim’s files in its routines.

The FBI, in its latest advisory, reiterates that paying the ransom is not a recommended solution. Performing regular backups of valuable files is a far better way to deal with ransomware threats. A solid backup strategy eliminates the leverage cybercriminals enjoy when they hostage data, thus stopping the endless cycle of compromise and extortion. Ultimately, a multi-layered approach that seals all possible gateways remains as the most effective way to , as it stops the malware before they can infect systems.   

Ransomware Solutions

live casino online offers different solutions to protect enterprises, small businesses, and home users to help minimize the risk of getting affected by ransomware:

Enterprises can benefit from a multi-layered, step-by-step approach in order to best mitigate the risks brought by these threats. Email and web gateway solutions such as Ի prevents ransomware from ever reaching end users. At the endpoint level,  deliver several capabilities like behavior monitoring and application control, and vulnerability shielding that minimize the impact of this threat.  detects and blocks ransomware on networks, while  stops ransomware from reaching enterprise servers–whether physical, virtual or in the cloud.

For small businesses,  offers cloud-based email gateway security through Hosted Email Security. Its endpoint protection also delivers several capabilities such as behavior monitoring and real-time web reputation in order detect and block ransomware.

For home users,  provides robust protection against ransomware, by blocking malicious websites, emails, and files associated with this threat.

Users can likewise take advantage of our  such as the , which is designed to detect and remove screen-locker ransomware; as well as , which can decrypt certain variants of crypto-ransomware without paying the ransom or the use of the decryption key.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Cybercrime & Digital Threats, Ransomware

We Recommend