Petronella Blog Archive

Visit our New Blog

Ransomware Just Got Even Tougher

Blog Post

Recent versions of ransomware make it easier for the malware to infect your computer, easier for it to spread and harder to get rid of it.  Here's a look at the latest in ransomware.

First off, in case you don't recall, ransomware is malware that infects a computer and encrypts the files then throwing up a screen with instructions for the user on how to regain control of their files.  Usually the user pays the cybercriminal $400 or $500 in Bitcoins and shortly thereafter, their computer is fully theirs again.  One way to get around this was to simply restore a backup, but even that isn't a sure bet anymore.

Let's start with Cryptowall 4.0.  It's harder for antivirus programs to detect.  It alters file content and filenames to make it harder for victims to figure out what's been encrypted.  One versions encrypts and decrypts on the fly to try to stay undetected, meaning even backups could have encrypted files on them, even going back months.  Yet another version threatens to publish stolen data online if the ransom isn't paid.  To top it all off, if you're on a network it will search for other computers or devices and try to infect those as well.

Another version of ransomware has been named Linux.Encoder.1.  This nasty bit of work victimizes websites on Linux servers.  It's nearly undetectable and gets into websites via unpatched vulnerabilities in third party software, such as the Magento ecommerce system.  (Yet another reminder that you MUST keep things as up-to-date as possible.)

Linux.Encoder infects all the files in the home directory as well as backups and system folders.  It gets into everything, making it nearly impossible to do anything but pay the ransom or nuke the server and start over from scratch.  Even when you do that though, in one documented case it was discovered that there some characters in the code are slightly different after decryption, which can cause websites to fail anyway.

Ransomware is a very serious concern.  Even though backups are vulnerable now, make sure you do maintain backups, keep all your software up to date and don't open attachments in emails unless you know for sure that it's a file you're expecting someone to send.