Ransomware
There are numerous viruses and worms which can put your computers, tablets, smartphones in danger. They can corrupt your data and destroy your important files too. One new threat has arisen, which is named as Ransomware. It contains a class of malwares which can stop access to your computer processor system. It infects your system and asks for a ransom amount to be paid to the worm developer, which in turn will remove or eradicate that worm from the system.
There are different forms of Ransomware, some of them encrypt files on the hardware of the system. On the other hand other may lock up your system and display messages. The message will aim to make the user to pay the ransom amount to make the system worm free. In the beginning it attacked in Russia and gradually the threats of Ransomware were increasing on international grounds. In mid of this year McAfee, a security software dealer, revealed that data on Ransomware attacks. It collected more than 3,20,000 distinct samples of the worm from year 2012-13. They announced that the worm is building up the number of problems from last several quarters and situation is becoming worse.
Taking a look at the operation of the worm, it specifically propogates same as Trojan. It is like a traditional computer worm which enters into the computer system while downloading a file or during vulnerability in a network service. The program in turn runs a payload like one which will initiate to encrypt personal files on the hard drive. Some refined Ransomware may hybrid encrypt the user’s plaintext with a symmetric key and a fixed public key. The creator of the worm is the only person who has the required private decryption key. Some Ransomware payloads don’t need encryption even. In this case the payload is an application designed to confined victim’s interaction with the system.
It sets the Windows Shell to itself or modifies the master boot record or partition table. Some of the payloads display the messages like ostensibly issued by any company or law firm or law enforcement agency which may falsely argue about the system of the victim is used in illegal work or holds illegal contents or pirated software or media. It may even show false Windows XP’s product activation notices or needing re-activation. All these and many more tactics scares the victim and scare them to pat extortion money for the system. Thus they provide money to malware developer and developer in turn decrypt the file or send an unlock code or supply a program which deactivates the changes made by payload. The payments are made generally by using online voucher services or premium rate text messages or a wire transfer. There are two major cases in which ransomware attacked were severe. They are:
- Reveton: in year 2012 a chief ransomware worm known as Reveton began to spread. Its payload warning displayed purportedly from a law enforcement agency, showing that the computer had been used for illegal activities. This gave it another name as Police Trojan or citadel Trojan. It told the victims that to unlock their system; they would have to pay a fine using a voucher from an anonymous prepaid cash service. The screen also showed the computer’s IP address, while some versions presented footage from a computer’s webcam to give the illusion that the victim is being allegedly recorded too. It spread in various European, UK, US and Candian countries.
- CryptoLocker : this was second big Ransomware attack. This encrypting Ransomware appeared in year 2013 with a worm named as CrytpoLocker. The creator of the worm sent an attachment to a malicious e-mail or as a download drive. It initially attempted to connect to a command and control server. Then it produced a 2048-bit RSA public and private key pair. Then uploaded the key to the server. While the public key is stored on the computer, the private key is stored on the command-and-control server; CryptoLocker demands a payment with either a Money or Bitcoin to recover the key to start decrypting files. It also threats the users to delete the private key if a payment is not received within 3 days. Due to the extremely large key size it acquired, the researchers and those victims affected by the worm have considered CryptoLocker to be extremely difficult to repair.
These and many more cases are there. Taking advantage of anonymous payment services, cyber criminals are more rapidly using malicious software ‘ransomware’ that holds a computer hostage until the victim pays to free it. One chief reason for ransomware’s increasing growth is that it is an efficient means for criminals to earn money as they employ various unidentified payment services. The process of collection of money is much nice to that used by fake AV products which must processed credit card orders for the fake software. An added reason is that a dissident network is already there to help them with services like pay-per-install on computers which can be easily infected by other malware, such as Citadel. The US-based major cyber security also accounted about 7lakhs fresh Android malware samples, which made upto 30% through the third quarter pointing at an increase in the number of attacks on the mobile operating system. Malware, or malicious software, threats are increasing especially on Android mobile phones. Regardless of liable new security measures by Google, McAfee Labs assumes that the largest mobile platform will continue to grab the most attention from hackers. As the hackers have the largest base of potential victims to attack.
We hope that the worm be controlled and we’ll soon get rid of the problem or find a permanent solution to it. Till then be aware!!
