Lead Image © sandra zuerlein, fotolia.com
Halting the ransomware blackmail wave
Ransomware Storm
Since February, there have been continuous waves of Locky infection. Windows users are attacked by drive-by downloads or email attachments. After infection, the malicious program encrypts individual files or even the entire hard disk, and demands an anonymous Bitcoin ransom payment from its victims. Locky, an encryption trojan, has found many victims, including well-known corporations and institutions. The trojan changes almost weekly and is known under the following names:
- Ransom: Win32/Locky.A:
- TrojanDownloader: O97M/Bartallex
- TrojanDownloader: BAT/Locky.A
- TrojanDownloader: JS/Locky.A
Encrypt and Blackmail
The name "Locky" already suggests its function. The ransomware encrypts files on the affected computer, on network drives, and even in the cloud, thanks to synchronization. These data can only be restored if you have the decryption key or have made copies of the files on an external, non-affected storage medium. Locky searches specifically for audio files, documents, movies, images, databases, and archive files. Once the trojan has found these files, it encrypts them using the Advanced Encryption Standard (AES). In addition, the malware deletes volume shadow copies, which could be used to recover the encrypted files.
Once the encryption process is complete, Locky stores a ransom demand and also sets up a desktop background with a ransom demand. It requires the victim to pay a ransom of 0.5 to 1 bitcoins (about EUR200-400/$217-434) to the cybercriminals. In return, the victim receives the private key for decrypting the files.
This blackmail trojan is currently spreading rapidly throughout Germany, according to some security researchers, with up to 5,000 new infections per hour. The Netherlands and the United States follow in the ranking at some distance. Locky is mainly spread by email. A fictitious invoice serves as
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Discover ransomware with PowerShell
Simple backup strategies cannot protect files encrypted by ransomware, because they can be affected as well. A PowerShell script can ensure that your files are okay before sending them to backup. -
Ransomware: Prepare for emergencies
The danger of ransomware attacks calls for a robust backup and monitoring strategy. -
Fight Windows ransomware with on-board tools
Ransomware defense involves two strategies: identifying attacks and slowing the attackers to mitigate their effects. - New Ransomware Infects by Using MS Word Macros
-
Freeing your data from ransomware
Cyber criminals don't need access to sensitive information to blackmail their victims. Simply encrypting everyday files can be enough to extort money from users, whose data is only unencrypted after they pay a ransom – and possibly not even then.