Friday, 11 April 2014

The Ins and Outs of ransomware

Malware researcher Bart Blaze has published an extensive article about ransomware on his blog. In the article he interviews a number of anti-malware experts who give their opinion on the current trends and the evolution of ransomware.
The following experts shared their insights:
  • Malware researcher Malekal
  • Adam Kujawa - Malwarebytes Head of Malware Intelligence
  • Fabio Assolini - Kaspersky Senior Security Researcher
  • Fabian Wosar - Emsisoft GmbH Administration / Development
  • Hendrik Adrian - MalwareMustDie Security Research Group


The experts will discuss, among other things: their first acquaintance with ransomware, the psychological aspect of ransomware, how ransomware spreads, how effective it is in practice, and last but not least, how can one protect against this specific type of malware.
The experts agree on one thing: the first versions of ransomware were quite primitive but very effective. Over the years it has evolved greatly ransomware and cybercriminals are earning millions of dollars with it. The reason that this type of malware is so fast becoming popular is the fact that ransomware savings than "rogueware" (fake antivirus software), and in particular the variants encrypt files, such as Crypto Locker more money.
"Ransomware as Crypto Locker is currently more efficient than the FBI called Ransomware because almost everyone knows this form now. When the FBI was everyone thought it was legitimate, variant first spotted" explains Adam Kujawa out. "I can not give you exact percentages because I do not have it, but the golden rule is that when a particular attack vector of attack strategy is reused, meaning that the tactic is effective and therefore works. We now identify malware like Prison Locker (or Power Locker ) due to the success of Crypto Locker, just as we saw hundreds of variants and families of the FBI Ransomware in 2012. "


The article also contains several recommendations for both end users and companies. How can one protect against ransomware and what can one do when a computer is infected.

End users

For end users, it comes down to the following: keep all your software up to date, install an antivirus program, remove unused software (eg Java), install security add-ons such as NoScript in the browser (and update it also ), no download applications via spam or suspicious or unknown websites and make backups (and disconnect the external drive after taking the backup).


For companies, the recommendations are as follows: Use strong passwords for servers, RDP switch off if possible, use a spam filter, using group policies, limit the rights of users, instruct your users and also applies here: make backups.

Never pay

Victims of ransomware should certainly never proceed to payment. There is no guarantee that the cyber criminals the files or accessing the computer will recover. Maybe you even more vulnerable to a new attack, the cyber criminals will know after all that you will pay. By following the recommendations, however, you reduce the chance of becoming a victim already drastically.
Do you want more information, detailed advice and tips, then read the article at Blaze's Security Blog.

No comments:

Post a Comment