Lead Image © Fernando Gregory, 123RF.com

Lead Image © Fernando Gregory, 123RF.com

Freeing your data from ransomware

Get Yours

Article from ADMIN 32/2016
By , By
Cyber criminals don't need access to sensitive information to blackmail their victims. Simply encrypting everyday files can be enough to extort money from users, whose data is only unencrypted after they pay a ransom – and possibly not even then.

One of the latest trends among cyber criminals is to encrypt files on a network, forcing the user to pay a ransom for the decryption of their data. Of course, criminals use cryptocurrencies such as Bitcoins, not your typical bank transfers. The attackers achieve their objectives via many routes. For example, a potential victim might be prepared to pay money for files because they have a certain emotional or economic value. An attacker will not be interested in why the owner wants to restore their files – as long as they are prepared to pay money for the decryption.

Based on current research, TeslaCrypt ransomware (which is also known as AlphaCrypt) seems to be backed by a fairly established team. Some years ago, CryptoLocker became famous for blackmailing its way to a $3 million fortune. TeslaCrypt is just one variant of many in the field of ransomware, including larger and more lucrative tools such as CryptoLocker, CryptoWall, and CryptoWall 2 and 3. The CryptoWall variants in particular are developing increasingly complex techniques to protect themselves against deletion or against decryption of the ransomed data.

TeslaCrypt Approach

In February 2015, the first successful attacks by TeslaCrypt were reported against both private users and large-scale enterprises, although it is unclear whether the enterprises were targeted actively. At first sight, the attacks seemed to be similar to those by CryptoLocker. Once TeslaCrypt infested a system, it performed a targeted search for photo and video files, as well as gaming files, including high score and activation keys for Valve's Steam gaming platform. This particular malware tool typically uses email attachments to invade a system or forwards the victim to a rogue website where their system is then infected. An exploit kit stored on the site then uses a Flash vulnerability (CVE-2015-0311) to run TeslaCrypt on the system.

A check is

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © sandra zuerlein, fotolia.com
    Halting the ransomware blackmail wave
    In the tsunami of ransomware infections this year, the Locky encryption trojan is a high-water mark. With a constant stream of novel attack patterns, this continually evolving pest makes life difficult for IT managers, users, and security vendors. Here's how to protect yourself.
    more »
  • Lead Image © Yoichi Shimizu, 123RF.com
    Encrypting files
    Encrypting your data is becoming increasingly important, but you don't always have to use an encrypted filesystem. Sometimes just encrypting files is enough.
    more »
  • Safe Files

    Encrypting your data is becoming increasingly important, but you don’t always have to use an encrypted filesystem. Sometimes just encrypting files is enough.

    more »
  • Free Tool To Decrypt WannaCry Ransomware
    more »
  • Photo by London Scout on Unsplash
    Automatic data encryption and decryption with Clevis and Tang
    Encrypting hard disk partitions during the installation of an operating system is standard procedure. When booting the computer, you then need to enter a matching passphrase to unlock the hard drive. We show you how to automate this process and link it to a policy.
    more »
comments powered by Disqus