Here is the new kid around the block – “Ransomware”. Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans, cryptoworms or scareware) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive, while some may simply lock the system and display messages intended to coax the user into paying. Modern ransomware attacks were initially popular within Russia, but in recent years there have been an increasing number of ransomware attacks targeted towards other countries, such as Australia, Germany, and the United States among others. The first full blown case of Ransomware was “Revton”. It’s variants continues to trouble IT systems to date.
Reveton, a popular ransomware campaign behind the Citadel banking Trojan, has been increasingly detected in infections globally. Reveton is included in a number of automated attack toolkits, including the popular Black Hole toolkit. Stefan Sellmer, a researcher with Microsoft’s Malware Protection Center opines that Reveton authors are using password-stealing Trojans to monetize the threat when victims fail to pay the ransom. Here is where the threat has morphed itself into a new animal.
The ransomware attack targets vulnerabilities in Microsoft Office, Internet Explorer as well as browser components such as Adobe Flash and Java. In January 2013, the cybercriminals behind Reveton quickly incorporated an exploit targeting a flaw in Oracle Java 7, logging hundreds of thousands of infections.
Victims are typically infected when visiting an attack website, but the attack also has spread in phishing messages containing malicious attachments. The campaign has been successful and has even caught the eye of the FBI, which issued an advisory about attacks in November. The FBI warned of the gang’s new extortion technique, which locks up a victim’s computer screen and displays a phony warning that a federal law has been violated.
Security experts say that software vulnerabilities, configuration weaknesses and stolen passwords are the biggest problems facing enterprises and computer users. Passwords are highly coveted, according to research by Microsoft, because attackers can easily gain access to corporate networks and appear to be valid users. The Reveton cybercriminals have the attack down to a science, according to Sellmer, uploading location information on victims’ systems to a remote command and control server. Reveton “can steal passwords for a comprehensive selection of file downloaders, remote control applications, FTP, poker, chat and email clients, as well as passwords stored by browsers and in protected storage,” Sellmer wrote.
Updating patches is still the best (and only) solution. It is recommended to install all the relevant Microsoft security updates and update browser plug-ins like Java and Flash Player.
Comments are closed.