How to avoid Ransomware damage?

How to avoid Ransomware damage?

While the world is preparing to spend up to $170 billion on cybersecurity by 2020, we’d like to tell our readers how to protect themselves from the cybercriminals.

Over the past few years, a whole class of cybercriminals has emerged. Their aim was not just to harm, but to benefit financially. Now they get a net financial benefit of $400-$1000 per user through extortion.

Ransomware Discoveries - Symantec

The first ransomware viruses were simpler and could be decrypted without paying money. Each new version of the virus is becoming more inventive. Users already can’t decrypt the files themselves, so they either have to pay or lose data.

As it was considered earlier that only Windows is vulnerable, however all the popular platforms have been infected in a year. The cybercriminals could make a virus for any system – Mac OS, Windows, Linux, Android. Therefore, the only question is, when we face it what should we do?

The generation of Ransomware viruses is growing everyday, as well as new methods and purposes of harming. Let’s go through the main ones.

There are two main forms of ransomware today:
Locker ransomware (computer locker): Denies access to the computer or device.
Crypto ransomware (data locker): Prevents access to files or data.

All the following examples are about crypto ransomware.

 Ransomware for Linux

Linux.Encoder.1, the first ransomware, appeared in November 2015.

Spread “A completely new ransomware variant was discovered to be targeting websites instead of users’ hard drives. Injected into web sites via known vulnerabilities in site plugins or third-party software, this malware then infects the host machine and encrypts all the files in the “home” directories of the system. It also encrypts backup directories and most of the system folders typically associated with the website itself.”– writes TrendMicro.
Purpose Encrypts files with the extensions: “.php”, “.html”, “.tar”, “.gz”, “.sql”, “.js”, “.css”, “.txt” “, “.tgz”, “.war”, “.jar”, “.java”, “.class”, “.ruby”, “.rar” “.zip”, “.db”, “.7z”, “.doc”, “.pdf”, “.xls”, “.properties”, “.xml” “.jpg”, “.jpeg”, “.png”, “.gif”, “.mov”, “.avi”, “.wmv”, “.mp3” “.mp4”, “.wma”, “.aac”, “.wav”, “.pem”, “.pub”, “.docx”, “.apk” “.exe”, “.dll”, “.tpl”, “.psd”, “.asp”, “.phtml”, “.aspx”, “.csv”.
Ransom Payment $420 (in bitcoins).
The scale of destruction 2,000 Linux users.

Linux.Encoder has been recompiled on Mac and called KeRanger.

Ransomware for Mac OS

Among the operating systems defeated by Ransomware Mac OS is the newest.

The case of Mac OS infection started from an installed file, which is unusual for ransomware viruses that used to come from emails. The file on the official website was replaced by a malicious fake version. Another point is that the file was signed with the certificate that Mac app considered valid. And Mac protection system Gatekeeper didn’t notice a threat.

KeRagner, appeared in March 2016.

Spread An installed file from the official website.
Ransom Payment $400 (in bitcoins).
Activation period 3 days.
The scale of destruction 7,000 Mac users.

“Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.” – writes Palo Alto Networks.

 Ransomware for Windows

The number of viruses for Windows are really big.

CryptoWall, these group of viruses first appeared in June 2014.

Оne of the most widespread and damaging threats (CryptoWall, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0).

  • Via spam emails with a link and drive by downloads.
  • Can be downloaded by other malware.
Purpose Encrypts big list of file extension types.
Ransom Payment $300-$500 (in bitcoins)
Global charges $18 million

TeslaCrypt,  appeared in February 2015.

Spread Spreads through Angler exploit kits, like Adobe Flash that download the virus into the computer. It gets through compromised websites’ frame.
  1. Encrypts video game related files. The virus searches the file related to 40 different games, that can be installed on the computer, such as Call of Duty series, World of Warcraft, Minecraft and World of Tanks and encrypts them. It falls under the encryption player profiles, data, custom maps and game modifications stored on the victim’s hard drives.
  2. Encrypts Word, PDF and JPEG files. Newer variants of the virus infect computers without these games.
Ransom Payment $400 – $500 (in bitcoins).
$1,000 by PayPal My Cash cards.
$500 USD by bitcoins.
The virus gives possibility to restore one file for free to make sure that decryption is possible.

TorrentLocker,  appeared in February 2014.

Spread Via spam email with a link or an attached document.
Emails used the specific language of the targeted country and were sent by familiar localised brands or by government departments.
Purpose Windows system process is launched in a suspended state.
The virus deletes volume shadow copies to reduce the chance that encrypted files can be recovered using standard Windows file recovery tools.
Ransom Payment $400-$500 for the first few days and it doubles after.
Then, within 1 month in case no payments are made, the files become unrecoverable forever.
The virus gives possibility to restore one file for free to make sure that decryption is possible.

CryptoLocker, appeared in September 2013.

Spread Emails from legitimate companies that have infected attachments.
Purpose Files of Microsoft Office, OpenDocument, pictures,  AutoCAD files and other documents.
Ransom Payment $400 – $800 (in bitcoins) within 72 or 100 hours.
Global charges Around $3 million.

A new threat – encrypted files on Web servers.
The new CTB-Locker edition already encrypted data on more than 70 servers located in 10 countries, the USA is the most affected one.

What is the solution for business and regular user?

The ideal solution may look like:
User's Computer -> Cloud Storage -> Cloud-to-Cloud Backup

The most important point is that, if at the time of virus attack your computer’s documents sync with cloud storage (Google Drive, Dropbox, OneDrive), the cloud storage will be infected as well and you will not have access to it. Moreover, if these files are shared with your colleges, the files will be infected for them too.


Do you want to protect your sensitive data?


So the solution is only to have a backup on the separate cloud storage that will copy your documents everyday, because no one knows when it happens. Cloud-to-cloud backup provider keeps the files as long as you will need them. And the virus has no chance to infect them.


Previous posts on this topic:

5,400 total views, 3 views today