[av_image src=’http://www.zologic.nl/wp-content/uploads/2016/10/ransomware-900×430.png’ attachment=’173′ attachment_size=’featured’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’][/av_image]
[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’ animation=”]
[av_textblock size=’14’ font_color=” color=”]
In June 2014, the first file-encrypting ransomware for Android, known as Android.Simplocker,was discovered. With a demand initially in Russian, by July 2014 an updated English version (Android.Simplocker.B) was being seen that employed an FBI social engineering theme. October
2014 saw the emergence of Android.Lockdroid.E (a.k.a.Porndroid), which once again used a fake FBI social engineering theme. This threat, however, also used the device’s camera to take a picture, which would then be displayed alongside the ransom demand. Android.Lockdroid further spawned new variants that included worm-like capabilities, allowing self-replication via SMS messages sent to contacts in the address book on an infected device, along with a social engineering catch.
[/av_one_full][av_textblock size=’14’ font_color=” color=”]
There are several different crypto-ransomware families, such as Cryptolocker, Cryptodefense,
and Cryptowall,but their method of exploitation is the same. Rather than locking your desktop
behind a ransom wall, crypto-ransomware encrypts your personal files and holds the private keys
to their decryption for ransom at a remote site. This is a much more vicious attack than traditional
ransomware. Methods of infection vary, but commonly it’s via a malicious email attachment purporting to be an invoice, energy bill, or image. The delivery often forms part of a service actually provided by different criminals from those executing the crypto-ransomware. This is just one of the darker sides of the underground economy, where criminals offer services such as “I can infect X computers for a fixed price of Y.”
CryptoDefense, brought to light back in March, is a perfect example of just how serious crypto ransomware is and how hard the criminals behind it are to track. It’s delivered via malicious email attachments and encrypts a victim’s files with public-key cryptography using strong RSA 2048 encryption.
[av_textblock size=” font_color=” color=”]
On a human level, ransomware is one of the nastiest forms of attack for victims. Criminals use
malware to encrypt the data on victims’ hard drives—family pictures, homework, music, that unfinished novel—and demand payment to unlock the files. The best, and pretty much only,
defense is to keep a separate backup of your files, preferably offline, to restore from.