5 Latest Threats in Ransomware

Ransomware threats have proven to be a destructive force and are causing a lot of trouble for IT technicians worldwide. People are getting affected and some criminals are...

Ransomware threats have proven to be a destructive force and are causing a lot of trouble for IT technicians worldwide. People are getting affected and some criminals are making fortunes from it. Though ransomware threat has spread largely in recent years, ransomware history begins from 1989. It was at that time when first known ransomware “AIDS” or “PC Cyborg” was written by Joseph Popp.

Increasing attacks of ransomware have alerted common users to place some adequate measures against becoming a victim. Cyber experts are also working hard to provide security against ever evolving ransomware. The problem with these ransomware attacks is that most of them are still unbreakable. Here are some examples of the latest ransomware attacks on users around the world.

Fantom: This is one of the latest ransomware threats which has appeared to target Windows users. Fantom ransomware is written to target those users who are overly worried about their system’s security. This ransomware drops a phony Windows update screen asking users to download a new critical Windows update. Once you agree to download, the malware starts working in the background encrypting your files. It then runs another program called “WindowsUpdate.exe.” which launches a full-display update screen, restricting users from switching applications. Once it completes encrypting files on your system, it displays a ransom note with the message (Decrypt_Your_Files.HTML) and directions to decrypt the files to regain system access.

Fairware: This ransomware is mostly targeting Linux users. Attackers hack Linux servers using this malware. Further, they remove website folder replacing it with ransom note(READ_ME.txt) for the user. It asks victims to make payment of two bitcoins to regain access to affected files. The ransomware attackers do not encrypt files in this attack instead they retain affected files to upload it to the server under their control.

. Zepto Ransomware: This ransomware works similar to conventional ransomware. It encrypts the files on victim’s system and changes the file name to its own extension. zepto. Once the encryption process gets completes, it changes the desktop wallpaper to a ransom note. It then informs the victims how to get the decryption key. It creates files with the similar information in each of the encrypted file folder titled “_HELP_instructions.html”. Attackers demand a ransom of 0.5 Bitcoins to provide decryption key. This ransomware uses strong RSA-2048 and AES-128 ciphers to encrypt.

Locky: A new version of Locky ransomware has been circulating for since the beginning of September. It includes an embedded RSA key and it doesn’t communicate with C2 servers. This embedded RSA key allows Locky to encrypt files on a victim’s computer without having to contact their system’s Command & Control server. This malware is spread using contaminated emails and attachments. Once you click on these infectious links it starts encrypting your system files in the background and changes the files extension to “.locky”. Once files encryption is done, it displays a ransom message and directions on how to get the decryption key.

Locky uses RSA-2048 and AES-128 encryption. It changes the file extension of all files on the system including videos, image, source code and office files. It demands 0.5 to 1.00 bitcoin against the decryption key. Researchers are trying hard to get the permanent solution to it by working on a program to decrypt locky files.

Petya and Mischa: This combo malware is distributed via a spam emails posing as a job application. These emails contain a link to an online file storage service and a malicious executable file as a PDF document. Petya replaces the computer’s MBR or master boot record with its own malicious code. It further encrypts the system’s Master file table (MFT) which leaves the computer unable to boot. In order to overwrite the master boot record after it infects a system, Petya need to obtain administrator privileges (which is necessary to continue infection routine) via the User Account Control mechanism in Windows.  However, in the case of Mischa, which is the latest variant of Petya, it starts encrypting user’s files directly without any special privilege. Mischa demands 1.93 bitcoins as ransom. If this ransomware duo is downloaded and executed, the malicious PDF file first tries to install Petya and if it fails then it installs Mischa.

In this article

Join the Conversation

2 comments

  1. Emma Mcclellan Reply

    Kaspersky Security Network released a new report which published they had detected and blocked around 27,000 plus attempts by hackers at encrypting company data between Q3 2015 and Q3 2016. The year before Kaspersky noticed around just over 3,000 attacks. This continues to be something that businesses should take very seriously, as they are popular targets for creators and distributors of ransomware because essentially, business is where the money is.

  2. Kraul Reply

    New variations of ransomware strains appear on a daily basis. Whil people are willing to pay the ransom, cybercriminals will continue to create more sophiscated variations which are difficult to decrypt