5.4.16

US and Canada issue a ransomware alert


A ransomware alert has been issued by the US and Canada to ensure that individuals and organizations are aware of the threat posed by this type of malicious software.

The alert, from the Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Centre (CCIRC), comes on the back of what seems to be a proliferation of ransomware attacks. They said that it is now apparent to cybercriminals that this particular approach is remarkably “profitable”, resulting in not only a general increase in the number of attacks, but also in the number of ransomware variants.

“In 2013, more destructive and lucrative ransomware variants were introduced, including Xorist, CryptorBit, and CryptoLocker,” the official statement highlighted. “Some variants encrypt not just the files on the infected device, but also the contents of shared or networked drives. “These variants are considered destructive because they encrypt users’ and organizations’ files, and render them useless until criminals receive a ransom.”

Both security organizations drew attention to Locky – recently analyzed by ESET’s Diego Perez – which has been especially prolific as of late. This variant, described as “destructive”, is delivered through spam emails, which include corrupted Microsoft Office documents (as an attachment). Once downloaded, the trojan gets to work, encrypting files without the victim at first being aware. It is only when they receive a demand for a ransom that they realise what has happened.

“Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist,” stated the DHS and CCIRC in their alert.
In spite of this, their advice is to never pay, something that WeLiveSecurity’s editor in chief, Raphael Labaca Castro, has previously noted.

Speaking last year, the information security expert explained that in doing so, you are, in effect, “supporting cybercrime activities”. Additionally, there is no guarantee that files or devices will be decrypted. “Remember, this is not a service, they are cybercriminals,” he went on to say. “[And] even if you pay, you are not going to be ‘whitelisted’ so you could get infected again so it’s not a real solution for the future either. “Prevention is the most important tool against Ransomware, since the infection can be usually cleaned afterwards but not always the information restored.”