By Ondrej Kubovič
There are many spooky things in this world
and Halloween brings them all to the spotlight. Does your biggest fear involve spiders,
zombies, ghosts, horror movies or is it rather something from cyberspace? Many online
users would probably opt for the latter – after their experience with ransomware.
It’s due to the methods this kind of malware
uses when attacking its victims. Honestly, who wouldn’t get spooked by computer
screen suddenly flashing a notice from your local police that your computer
contains illegal data, subjecting you to hundreds of dollars in fine? Ok, this
could be a bit too obvious…
Or take another way of making its victims
squirm often used by the cybercriminals regardless if it’s Halloween, European Cyber Security Month, or Mother Theresa Day. It involves placing a giant countdown
timer smack in the middle of your screen. And if you don’t comply within the
given timeframe, you risk losing access to all the valuable data, which is now
encrypted by the malware.
And flaming fears is exactly what the
cybercriminals want. They don’t need a mask or dramatic music to scare the hell
out of their victims. They simply force them to act under pressure, inviting
mistakes along the way. Their one aim is to extort money − and in the worst
case scenario, not even bother returning/decrypting the captured information.
Boogeymen
for your mobile devices
And you want to know what is really annoying
about ransomware? The bad guys are moving
over from PCs and laptops to mobile platform, making their malware creations even
more sophisticated along the way. So, the bad news is, you need to be a bit
more careful on your mobile. Here is why:
Android/Lockerpin.A
discovered by ESET only a few weeks ago. It is a first mobile lock-screen-type
ransomware detected by ESET research that sets the phone’s PIN lock. After this,
the victims are forced to pay $500 for the alleged viewing and harboring of forbidden
pornographic material. Spooky, isn’t it?
In 2014 there was another nasty piece of
malware at work – dubbed Simplocker.
Its goal? Scanning the SD card of the infected Android smartphone,
looking for specific extensions, and encrypting the files until the ransom is
paid for their decryption.
But as we mentioned earlier, aggressive ransomware
isn’t just targeting mobile platforms. At
the beginning of 2015, CTB-Locker
(detected by ESET Telemetry as Win32/Filecoder.DA) was spotted making
its rounds on desktops and laptops.
It spread through fake emails purporting to
contain an important fax message (Yes, fax oddly enough). The actual attachment
was a downloader (detected by ESET as Win32/TrojanDownloader.Elenoocka.A) intended
to download a variant of Filecoder. This all under time pressure heightened by
a countdown function.
Again, the CTB-Locker’s ultimate goal was
to encrypt files on the victim’s device and extort them for bitcoins – as a
means of staying anonymous. It even contained instructions for obtaining this
cryptocurrency, in case the user had none in their stash. To enhance its reach,
the extortion message was translated to four languages – German, Dutch,
Italian, and English – also adjusting the currency to the specific region.
So
what’s the trick for staying safe?
Of course this article does not have the
ambition to offer an exhaustive list of all the ransomware out there (or malware
in general). There are others that would “deserve” to be mentioned – from
recent Cryptolocker,
Torrentlocker
or CryptoFortress, all the way back to the first ransomware PC
Cyborg – but the more pressing question is: how to shield yourself from
these threats?
There are actually lists
of advice put together by ESET researchers over the years, offering
guidance not only for the cases of ransomware infections, but for many other
types of malware. To save you time, what it basically boils down to is prevention.
Keeping your systems backed-up, updated and using a reliable
security solution are the very first steps, which help you to keep online boogeymen
away from your doorstep and chase away your worst cyber nightmares.