Ransomware Viruses – A Growing Threat
James Gordon | 26.11.2015 14:58 | Technology
Ransomware is a computer virus that encrypts system and personal files and asks for payment. Ransomware may propagate in different ways, but commonly as a Trojan by entering a PC through a downloaded file, email or a vulnerability in a network or website.
Ransomware may propagate in different ways, but commonly as a Trojan by entering a PC through a downloaded file, email or a vulnerability in a network or website. It’s important to note, that paying for the required money does not ensure that the users can access the infected system. The demanded money vary, ranging from $USD 20 to more than $USD 1000.
After entering the system, ransomware runs in various ways. It may appear as a simple display of fake warning notice that sometimes imitate the warning notices issued by law enforcing agencies or as a gift.
Ransomware message may claim that the infected PC contains illegal content (pirated software or multimedia or porn or it has been used for unlawful activities. Some ransomware payloads falsely state that a computer's installation and activation is fake by imitating product activation notices.
By the action they perform, ransomware viruses can be categorized into two main types. First are those that encrypt files with an encryption key and the second type of ransomware just locks the system screen.
The first type encrypts documents, spreadsheets and other important files. Where in the second type, the malware shows a full-screen notification, preventing the victim from using their system (mostly web browsers) making it unresponsive to all commands. This notification shows the instructions on how the victims can pay to recover their computer system. Some of the examples of ransomware are given bellow.
In a case of encrypting files, the ransomware also installs spyware that may steal Bitcoin wallets and passwords.
Cryptowall is a major ransomware Trojan for now. It targets Windows mostly. It first appeared in 2014. In September 2014, one strain of it circulated as part of a malvertising campaign on a network named Zedoad. This strain targeted several major websites; the ads (redirected to rogue websites) used a browser plugin to download the payload. Cryptowall 4.0, which the most recent version, uses a JavaScript written payload as an attachment to an email, which downloads executables hidden as JPG images. This ransomware creates special fake svchost.exe or explorer.exe to communicate with its servers.
During only one month in 2015, nearly one thousand people reported Cryptowall infections to the authorities, and at least 19 million dollars were lost because of these Cryptowall attacks.
Crypt0L0cker is another encryption ransomware which appeared in late 2013. It generates a 2048-bit RSA key, uploads it to a command & control server, and encrypt files changing file extensions. If a payment was not made, usually within three days of the infection, the ransomware threatens the victim to delete the private key. Crypt0L0cker uses extremely large key due to which infected files are considered extremely difficult or impossible to repair.
Approximately 3 million dollars was lost by the victims of this malware before it was shut down.
After entering the system, ransomware runs in various ways. It may appear as a simple display of fake warning notice that sometimes imitate the warning notices issued by law enforcing agencies or as a gift.
Ransomware message may claim that the infected PC contains illegal content (pirated software or multimedia or porn or it has been used for unlawful activities. Some ransomware payloads falsely state that a computer's installation and activation is fake by imitating product activation notices.
By the action they perform, ransomware viruses can be categorized into two main types. First are those that encrypt files with an encryption key and the second type of ransomware just locks the system screen.
The first type encrypts documents, spreadsheets and other important files. Where in the second type, the malware shows a full-screen notification, preventing the victim from using their system (mostly web browsers) making it unresponsive to all commands. This notification shows the instructions on how the victims can pay to recover their computer system. Some of the examples of ransomware are given bellow.
In a case of encrypting files, the ransomware also installs spyware that may steal Bitcoin wallets and passwords.
Cryptowall is a major ransomware Trojan for now. It targets Windows mostly. It first appeared in 2014. In September 2014, one strain of it circulated as part of a malvertising campaign on a network named Zedoad. This strain targeted several major websites; the ads (redirected to rogue websites) used a browser plugin to download the payload. Cryptowall 4.0, which the most recent version, uses a JavaScript written payload as an attachment to an email, which downloads executables hidden as JPG images. This ransomware creates special fake svchost.exe or explorer.exe to communicate with its servers.
During only one month in 2015, nearly one thousand people reported Cryptowall infections to the authorities, and at least 19 million dollars were lost because of these Cryptowall attacks.
Crypt0L0cker is another encryption ransomware which appeared in late 2013. It generates a 2048-bit RSA key, uploads it to a command & control server, and encrypt files changing file extensions. If a payment was not made, usually within three days of the infection, the ransomware threatens the victim to delete the private key. Crypt0L0cker uses extremely large key due to which infected files are considered extremely difficult or impossible to repair.
Approximately 3 million dollars was lost by the victims of this malware before it was shut down.
James Gordon