The last two years have seen an astounding growth in the number of people encountering ransomware.
Tag Archives: teslacrypt
Ransomware turns over a new leaf … maybe
Something odd is happening in the world of ransomware – morality, advanced business strategy, or mom got angry.
The post Ransomware turns over a new leaf … maybe appeared first on Avira Blog.
What is ransomware?
Ransomware – it’s the online threat everyone’s talking about. Crypt0L0cker was one of the first on the scene in 2013; and since then, the costs of attacks continue to grow.
As an individual or business owner, you may be wondering just what ransomware is, what kind of risk it poses to you, and how attacks like these can occur.
Here’s the breakdown.
What is ransomware?
Ransomware is a type of malware with the ability to silently encrypt your files, before demanding payment for their return – often with a time limit.
And not only does ransomware target your most valuable files, like photos, documents and spreadsheets, it can also lock down system files to render your web browser, applications, and entire operating system unusable.
Our VirusLab has analyzed many variants of ransomware, including the well-known Crypt0L0cker, Locky, and TeslaCrypt.
But the threat isn’t limited to PCs. Both Android™ mobile devices and Macs can be infected as well.
How does ransomware get on my PC?
Most commonly, ransomware is spread via malicious email links and attachments – often concealed by changing the file extension and compressing the malicious code into a zip file. Opening the file infects your system.
Ransomware can also be bundled into other applications, such as games, video players, etc. So any application from an unknown or untrusted publisher is a potential risk upon installation.
Once on your system, ransomware works in the background, connecting to a remote server to encrypt single files, whole directories of files, or complete drives.
How do I know if my PC is infected?
You’ll see a message pop up demanding payment, which can range from a few hundred to tens of thousands of dollars. Payment must usually be made in some form of anonymous currency, like Bitcoin.
But even if you pay the ransom, there are no guarantees your files will be unlocked.
So naturally, this kind of malware has incredibly serious consequences, particularly for businesses holding sensitive customer information or internal data that’s not securely backed up.
Does AVG protect against ransomware?
It sure does. Both our PRO and FREE versions of PC antivirus provide protection against ransomware. This goes for AVG Business Editions, too.
Our protection is multi-layered. Not only do we check against known malware variants and behavioral patterns in our virus database, we also further test previously unseen files in a secure virtual environment before they are executed on your PC. This is done using artificial intelligence, sophisticated behavioral analysis and various other methods.
And we automatically update it all, so you stay protected.
Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion
Researchers at Endgame have found new versions of TeslaCrypt in the past few weeks that target a host of new and unusual file extensions, and deploy new obfuscation and evasion techniques.
ZeuS Banking Trojan Resurfaces As Atmos Variant
Atmos banking malware has perilous pedigree that includes Citadel and ZeuS.
New Server-Side Ransomware Hitting Hospitals
Hackers are escalating recent attacks against hospitals with new stains of server-side ransomware whose most recent variants are dubbed SamSam and Maktub.
Massive Malvertising Campaign Lands On Top Websites
Malvertisers tricked ad networks to run ads which link to Angler EK on major websites such as Answers.com.
New Silverlight Attacks Appear in Angler Exploit Kit
Exploits targeting a patched Silverlight vulnerability have found their way into the Angler Exploit Kit and victims are being hit with TeslaCrypt ransomware.
Ransomware on the rise – how to protect your devices and data
Dozens of active ransomware variants such as TeslaCrypt, Locky and Crypt0L0cker continue to extort victims daily. And Ransomware-as-a-Service threatens to make matters worse.
Ransomware – you will not find a more frequently used word in the antivirus industry in these past few months. AVG’s viruslab have analysed dozens of different ransomware “families” in that time.
Based on the number of new unique samples per day, it seems that the ransomware trend is steadily increasing.
Some ransomware families appear to have been created by amateur programmers eager to earn easy money (Radamant, LeChiffre, or Hidden-Tear derivatives, just to name a few), while others are developed by professionals and operated by cyber gangs (e.g. CryptoWall).
At present, the most active families are TeslaCrypt, CryptoWall, and Crypt0L0cker (aka TorrentLocker) with each of these families spreading in multiple ways. The most common infection methods are via exploit kits and phishing emails (as links or attachments).
We’ve noticed many different approaches to creating ransomware, such as the programming language used. While C, C++, C#, and Delphi are very popular among malware authors in general, we have seen ransomware created in JavaScript, Java, and even purely in Windows .bat files.
More worryingly, we have identified “Ransomware-as-a-Service” offerings that are threatening to make things much worse. These often Tor-hosted (anonymous) websites make it possible to generate custom ransomware with just a few clicks – in return for a share (5-20%) of future earnings, i.e. ransom revenue.
But it’s also the brazen attitude and apparent confidence of some ransomware authors that is disturbing. We have found the Nanlocker ransomware contains a now famous (and very unfortunate) statement that was made by a member of the FBI at a security conference.
How to protect your computers and networks against ransomware.
- Don’t trust any links or attachments in email – this remains the most common way that ransomware takes hold. If you weren’t expecting the email, do not open it. If unsure, always seek a second opinion from a tech savvy friend – or just delete the email.
- Keep your software and operating system updated. Ransomware is targeting not only Windows, but also Linux (e.g. Linux.Encoder) and even Mac.
- Uninstall unused or notoriously vulnerable applications – for example, if you don’t need Adobe Flash Player, remove it and any other applications you’re not using. Stick to the minimum.
- Use the latest protection software. AVG Internet Security is great choice because it offers multiple layers of protection – we take the ransomware threat very seriously, and our software is capable of detecting the ransomware families mentioned earlier, plus more.
- Backup your files regularly and don’t forget to keep your backup media disconnected from your PC. Otherwise, your backups might get encrypted as well. This also applies to cloud storage and network drives (e.g. Dropbox, Google Drive).
What if it’s too late, and your files are already being held to ransom?
- If your files have already been encrypted by ransomware, the most important thing is to stay calm.
- You should immediately contact technical support (e.g. your IT department, your AV vendor) for further assistance, if available to you. You need to seek expert advice as early as possible.
- We strongly advise against paying the ransom. You’ve got no guarantee from the criminals that your files will be restored. And, if every ransomware victim refused to pay the ransom, this type of crime would quickly reduce in occurrence.
- It is quite possible that the decryption key is still located in the computer. Many ransomware families contain weaknesses in their encryption algorithm, which may lead to decrypting your files even without paying the ransom! It may take some time to spot and exploit such weaknesses, but in the meantime don’t delete your encrypted files, there may still be hope. (so call tech support).
WordPress Infections Leading to TeslaCrypt Ransomware
A massive string of WordPress compromises are redirecting victims to the Nuclear Exploit Kit and Teslacrypt ransomware.