New Ransomware Should Cause You Pause

07/12/16

Unfortunately, almost every type of ransomware has a period where it becomes successful and makes headlines. In the last couple years, the pace at which we are seeing new ransomware threats has been increasing. It is inflicting major losses and damage to companies, organizations, and individuals, and earning cyber-criminals millions of dollars. In case you aren’t familiar, ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. It comes in many flavors, the most prevalent being the crypto-ransomware, a breed of the malware that encrypts files and ransoms the victim for the decryption key. Its main method of distribution is through infected email attachments and hacked websites, but there are cases where other methods are used as well. Why should you be concerned? Ransomware is much more efficient and easier than other money-making hack schemes such as stealing credit cards and bank info. Ransomware has already earned its spot as the number 1 malware of 2016 and is still poised to do much, much more damage.
viruses_on_laptop_400_clr_9495
 
 
 
 
 
One new ransomware trojan you should be alerted to is Bart, which encrypts the system files by not using any encryption methods such as AES as we have seen earlier, but by just converting them to a password protected zip archive. It is distributed through spam emails that masquerade as photos. The emails have ZIP attachments that contain JavaScript files. These files can be run directly on Windows without the need of additional software and are an easy way to distribute malware. If the rogue JavaScript file is executed, it downloads and runs a malicious program known as RocketLoader, that’s designed to download and install additional malware. In this case, RocketLoader installs Bart. Unfortunately for users, Bart is proof that attackers don’t need advanced crypto knowledge or complex infrastructure to create reliable and effective ransomware programs. That’s why this cybercrime model is so successful and why it won’t go away anytime soon. Learn more on how Bart works here.
Satana Ransomware is a newer threat and is targeting Windows users. Still under development, Satana is an aggressive ransomware for Windows that encrypts the computer’s master boot record (MBR) and prevents it from starting. Being underdevelopment means that this malware probably won’t be distributed on a large scale yet, but what is observed now is likely going to be a base for additional threats down the line. Satana resembles classic ransomware families in terms of how it works, but it is only the second to target the MBR. The MBR code tells the computer how to start so, when blocked, it doesn’t know which disk partitions are where. Satana is easier to fix as it only replaces the MBR with its own version. Learn more on how Satana works here.
In order to protect themselves against ransomware attacks, users should be wary of email attachments, especially those with unusual file extensions like JS. Here are some other quick tips:

  • Never click on a suspicious email
  • Keep your software on all of your devices up to date
  • Backup your data regularly
  • Try not to pay the ransom
  • Educate yourself on best practices

You do not need to become a security expert, but you do need to take steps to protect yourself and your business. 2W Tech is an IT Consultant that specializes in Infrastructure solutions and would be happy to work with you to ensure you and your data are protected.

Read More:

Upgrade to Windows 10 FREE
The Value of Managed Services

Product Info:

Managed Services
Disaster Recovery

Back to IT News