Just days before the inauguration of President Donald Trump, cyber criminals infected 70 percent of storage devices that record data from feds surveillance cameras in Washington D.C. in a cyber attack.
Any guess, What kind of virus could have hit the storage devices?
Once again, the culprit is Ransomware, which has become a noxious game of Hackers to get paid effortlessly.
What’s the worst that could happen when a Ransomware hits a Hotel?
Recently, hundreds of guests of a luxurious hotel in Austria were locked in or out of their rooms when ransomware hit the hotel’s IT system, and the hotel had no choice left except paying the attackers.
Today, we are living in a digital age that is creating a digital headache for people and organizations around the world with
A recent indie horror film called It Follows explores an interesting moral grey area. In that film a shape-shifting creature slowly but unstoppably chases a victim. This victim -who faces the inevitable prospect of being worn down and caught- can pass on this curse to someone else by sleeping with them. The question the film poses: Would you sacrifice someone else in order to save yourself?
A recently discovered type of malware is, strikingly, asking internet users the very same question in a real world setting. The context is admittedly far less grandiose –replace shape-shifting monsters with computer hackers- though the name of the new type of malware certainly feels like an allusion to its worthiness as a cyber suspense thriller.
Popcorn Ransomware
Popcorn Time Ransomware, which is named after but unrelated to a bittorrent client, encrypts the contents of your computer or device (using AES-256 encryption) so you cannot access them. Then it gives you a choice; you can pay a ransom, or sell out people you know.
MalwareHunterTeam, who discovered the new ransomware, have reported cases where victims have been given the ability to restore their files for one bitcoin (worth roughly $770 and £610). The second option though, described by its anonymous developers as “the nasty way”, is to send the link on to other people. “If two or more people install this file and pay, we will decrypt your files for free,” the developers say.
If that wasn’t surprising enough, a read of the developers’ information on the ransomware message throws yet another curveball at the infected computer’s owner. The money you are forced to send will, the infectors say, be used as charity.
Yes, you read that right.
The Popcorn Time ransomware developers claim to be computer science students living in war-torn Syria. Due to their horrific circumstances, living with the death of friends and relatives and “with no one helping”, they claim, they are taking things into their own hands. “Be perfectly sure that the money we get goes toward food, medicine and shelter to our people,” they say before actually apologizing for their actions. “We are extremely sorry we are forcing you to pay but that’s the only way we can go on living.” There is, of course, no way to verify this information and it may be completely untrue.
Advice on how to avoid being infected by ransomware varies.
A general rule though is that backing up important files regularly to an external hard drive or cloud storage keeps you one step ahead of any potential attackers. It is also best to download only from reputable sources and be wary of email links that could be part of a phishing attack.
Fear of hackers using our devices to spy on us has long been a fascination in Hollywood. As far back as 1983 the film WarGames explored the realm of computer hacking. Much has changed since then. Hackers have been vilified as well as championed in popular culture; Mr Robot is part of an anti-establishment organization, whilst the popular, hacker founded, Icelandic Pirate Party are making use of a Robin Hood trope to describe their political stance.
Ransomware is one of the most frequent forms of cyberattack that a company can face. Through an infected email or by some other means, criminals can lock a computer, encrypt files, or sequester an entire corporate network. The main goal: ransom money, usually in the form of cryptocurrency, in exchange for freeing up the virtually hijacked computer or mobile device.
The FBI calculates that cybercriminals using ransomware have made off with up to $1 billion over the last year. However, many companies have learned how to combat this kind of attack. In addition to having the right protection, it’s possible to avoid paying the ransom by completely erasing the system and recovering it with a backup.
This particular kind of malware has evolved, and cybercriminals have honed their attacks against companies and individuals, making them more profitable. The future of ransomware is already here, and it’s called doxware.
This type of threat starts off in the same way as ransomware: cybercriminals take a company computer hostage and seek a ransom for its safe return. However, the risk is far greater. The cybercriminal threatens to make public the archives, confidential information, and conversations saved on the sequestered device. So, out of fear of having enormous quantities of corporate data put out there for all the world to see, victims will most likely pay the ransom.
It may be the case that this attack is practically a brand new, but some companies have already been infected. And it’s just the beginning. In fact, the malware is expected to continue evolving and cybercriminals will continue to perfect it until it becomes a global threat.
Just asSony Pictures suffered in late 2014 a chain of cyberattacks followed by the leakage of some of the company’s confidential data, any other company in the world could suffer the same fate. If you’re not adequately protected against all kinds of threats, your devices could be hijacked and their secrets unveiled. Doxware is here, and it doesn’t bode well. Better be prepared.
A few days ago, our colleagues at G-Data published an interesting analysis of Spora, a new ransomware that appeared in January. It had first been spotted by the people at ID Ransomware, and is mainly affecting Russia. A link was published in a forum detailing the analysis results of one of the samples sent by way of spam in VirusTotal. It is an HTA file that none of the engines present there detected, neither Panda Security, nor G-Data, nor any other.
Does this mean that the 53 participants in VirusTotal are unable to detect and block this new threat? Not at all. It means that at the time of the analysis nobody had bothered to write a signature to detect a file that, besides, is actually ephemeral. The important thing is to protect users and prevent them from becoming infected. If there is no other way to accomplish this than by creating signature, there’s not much you can do about it. But at least for some of us this is seems to be completely unnecessary in most cases, as in the present one.
Taking a look at the information in our cloud, we have observed and blocked Spora detections from the first moment, without having to create signatures for it. We can confirm that indeed most of the cases are in Russia, although we have also seen cases in Japan.
These are the different hashes that we’ve seen:
312445d2cca1cf82406af567596b9d8c
acc895318408a212b46bda7ec5944653
c1f37759c607f4448103a24561127f2e
c270cf1f2cfeb96d42ced4eeb26bb936
Always make sure to detect threats well in advance with a good cybersecurity solution such as Panda’s Adaptive Defense 360.
A link shows up in your inbox from a colleague that you never really hit it off with, or a cousin you’re on the outs with. You open it, and the cat’s out of the bag: you’ve been infected with a ransomware that has abducted all of the files on your computer.
This new malicious software is called Popcorn Time and its purpose is to get the victim to collaborate with the cybercriminal to infect new users. It is particularly cruel because, aside from demanding a 1 bitcoin payment (about $900 as of this writing) to return access to the encrypted files, the victim is offered the chance to recover the files for free if they contribute to its propagation.
Infecting Others to Free Yourself
The victim will be able to share the Popcorn Time download link with other users. If two of the newly infected decide to pay the ransom or pass the chain along, the accomplice will receive a code to unblock their files.
Essentially, Popcorn Time works like any other ransomware — it infects computers and encrypts its files. The twist lies in the morbid way it spreads itself that enables cybercriminals to take advantage of the word-of-mouth phenomenon.
“The model for getting it off your system is sort of a pyramid scheme, multi-level marketing style approach,” explains Kevin Butler, security expert at the University of Florida. “It could certainly make for some interesting discussions amongst one’s group of friends if you’re trying to figure out who infected you with this malware.”
How can you protect yourself from Popcorn Time?
Dissemination strategies like this one may not have such a significant impact as they seem to have at first glance. Is it easier to propagate a malware by asking for the collaboration of users, or by sending mass emails that get to many recipients quickly and at the same time?
One way or another, it’s crucial to be protected in the face of such dangerous threats as Popcorn Time, whether or not they propagate as a viral phenomenon. Keeping our operating systems updated, not clicking on suspicious links — even if an acquaintance has sent it — and keepinga good cybersecurity solutioninstalled — this is some of the advice to be followed if you want to avoid having your files abducted by a cybercriminal.