The world is projected to spend up to $170 billion on cybersecurity by 2020. We want to provide our readers with the information to help them avoid ransomware and protect their business from cybercriminals.
Over the past few years, an entirely new class of Ransomware delivering cybercriminals has emerged. Their aim was not just to harm, but to benefit financially. Now they get a net financial benefit of $400-$1000 per user through extortion.
The first ransomware viruses used to be simpler and could be decrypted without paying money. Each new version of the virus is becoming more inventive. Users already can’t decrypt the files themselves, so they either have to pay or lose data.
As it was considered earlier that only Windows is vulnerable, however, all the popular platforms have been infected in a year. Cybercriminals could make a virus for any system – Mac OS, Windows, Linux, Android. Therefore, the only question is, when we face it what should we do?
Avoid ransomware damage
Use SpinOneRansomware viruses are becoming increasingly common. Furthermore, new methods and purposes are becoming more sophisticated. Let’s discover how to protect ourselves from them.
There are two main forms of ransomware today:
- Locker ransomware (computer locker): Denies access to the computer or device.
- Crypto ransomware (data locker): Prevents access to files or data.
All the following examples are about crypto-ransomware.
Table of Contents
Ransomware for Linux
Linux.Encoder.1, the first ransomware, appeared in November 2015.
| Spread | “A completely new ransomware variant was discovered to be targeting websites instead of users’ hard drives. Injected into websites via known vulnerabilities in site plugins or third-party software. This malware then infects the host machine and encrypts all the files in the “home” directories of the system. It also encrypts backup directories and most of the system folders typically associated with the website itself.”– writes TrendMicro. |
| Purpose | Encrypts files with the extensions: “.php”, “.html”, “.tar”, “.gz”, “.sql”, “.js”, “.css”, “.txt” “, “.tgz”, “.war”, “.jar”, “.java”, “.class”, “.ruby”, “.rar” “.zip”, “.db”, “.7z”, “.doc”, “.pdf”, “.xls”, “.properties”, “.xml” “.jpg”, “.jpeg”, “.png”, “.gif”, “.mov”, “.avi”, “.wmv”, “.mp3” “.mp4”, “.wma”, “.aac”, “.wav”, “.pem”, “.pub”, “.docx”, “.apk” “.exe”, “.dll”, “.tpl”, “.psd”, “.asp”, “.phtml”, “.aspx”, “.csv”. |
| Ransom Payment | $420 (in bitcoins). |
| The scale of destruction | 2,000 Linux users. |
Linux.Encoder has been recompiled on Mac and called KeRanger.
Ransomware for Mac OS
Among the operating systems defeated by Ransomware, Mac OS is the newest.
The case of Mac OS infection started from an installed file, which is unusual for ransomware viruses that used to come from emails. The file on the official website was replaced by a malicious fake version. Another point is that the file was signed with the certificate that Mac app considered valid. And Mac protection system Gatekeeper didn’t notice a threat.
KeRagner, appeared in March 2016.
| Spread | An installed file from the official website. |
| Ransom Payment | $400 (in bitcoins). |
| Activation period | 3 days. |
| The scale of destruction | 7,000 Mac users. |
“Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.” – writes Palo Alto Networks.
Ransomware for Windows
The number of viruses for Windows is really big.
CryptoWall, this group of viruses first appeared in June 2014.
Оne of the most widespread and damaging threats (CryptoWall, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0).
| Spread |
|
| Purpose | Encrypts a big list of file extension types. |
| Ransom Payment | $300-$500 (in bitcoins) |
| Global charges | $18 million |
TeslaCrypt, appeared in February 2015.
| Spread | Spreads through Angler exploit kits, like Adobe Flash that download the virus into the computer. It gets through compromised websites’ frames. |
| Purpose |
|
| Ransom Payment | $400 – $500 (in bitcoins). $1,000 by PayPal My Cash cards. $500 USD by bitcoins. The virus gives the possibility to restore one file for free to make sure that decryption is possible. |
TorrentLocker, appeared in February 2014.
| Spread | Via spam email with a link or an attached document. Emails used the specific language of the targeted country and were sent by familiar localized brands or by government departments. |
| Purpose | Windows system process is launched in a suspended state. The virus deletes volume shadow copies to reduce the chance that encrypted files can be recovered using standard Windows file recovery tools. |
| Ransom Payment | $400-$500 for the first few days and it doubles after. Then, within 1 month in case no payments are made, the files become unrecoverable forever. The virus gives the possibility to restore one file for free to make sure that decryption is possible. |
CryptoLocker, appeared in September 2013.
| Spread | Emails from legitimate companies that have infected attachments. |
| Purpose | Files of Microsoft Office, OpenDocument, pictures, AutoCAD files, and other documents. |
| Ransom Payment | $400 – $800 (in bitcoins) within 72 or 100 hours. |
| Global charges | Around $3 million. |
A new threat – encrypted files on Web servers.
The new CTB-Locker edition already encrypted data on more than 70 servers located in 10 countries, the USA is the most affected one.
How to Avoid Ransomware Attacks?
The ideal solution may look like this:
The most important point is that, if at the time of a virus attack your computer’s documents sync with cloud storage (Google Drive, Dropbox, OneDrive), the cloud storage will be infected as well and you will not have access to it. Moreover, if these files are shared with your colleges, the files will be infected for them too.
Do you want to protect your sensitive data?
So the solution is only to have a backup on the separate cloud storage that will copy your documents every day because no one knows when it happens. A cloud-to-cloud backup provider keeps the files as long as you will need them. And the virus has no chance to infect them.
