As predicted by security researchers, 2014 is really turning out to be the year for new forms of ransomware attacks.
Ransomware is a form of malware that takes over your system and restricts access to your files and folders until you pay the ransom amount to the malware author. Without the knowledge of the victim, the malware slowly manages to encrypt all the files, folders and documents present on the victim’s machine. Your system will not show any sign of infection, as it will take hours to encrypt all the files and folders.
Once all your files and folders are encrypted, a message with a timer will pop up on your computer screen asking you to pay a ransom amount or to lose access to your important files forever.
Last year, a ransomware perpetuator named “Cryptolocker” managed to infect nearly 250,000 computers, stealing millions of dollars. Cryptolocker was very successful, as it was extremely difficult to detect. After the success of Cryptolocker, the developers of this malware came up with new and improved versions, like CryptoDefense and Cryptowall. Cryptodefense appeared this March, and is a slightly more improved version of Cryptolocker. It uses RSA 2048 encryption on the victim’s computer files until he pays a ransom amount to get them decrypted.
The only issue with this version was that the decryption keys were concealed in the files or folders of victim’s computer. Although it is difficult for the victim to find a way to work around and get to the decryption keys, it’s still possible. To remove that 1% chance, the developers came up with a new form of malware called Cryptowall. With Cryptowall it is almost impossible for the victim to decrypt the encrypted files and folders. Cisco revealed this highly complex and effective ransomware, which was successful in infecting a large number of computers. Cryptowall basically uses malicious advertisements on well-known domains, like Disney, Facebook, and The Gurdian, to encrypt computer files until a ransom is paid.
Cisco uses a security tool called Cloud Web Security that monitors their customer’s web surfing and sends a report if they end up accessing malicious websites. The security team at Cisco noticed that CWS was blocking requests to 90 domains. After doing some more research, they discovered that the CWS users were viewing advertisements on the domains such as “apps.facebook.com,” “awkwardfamilyphotos.com,” “theguardian.co.uk” and “go.com.” By clicking on advertisements with these domains, the users were redirected to one of the 90 malicious websites. Once the user lands at one of these websites, an exploit kit called RIG is inserted in his system. The RIG exploit kit was first discovered by Kahu security. This kit checks for systems using an unpatched version of Java, Flash, and Silverlight multimedia. It immediately exploits the systems that are not patched. Then, the Cryptowall ransomware program is installed, encrypting victims files and folders until they pay a ransom amount. As mentioned earlier, the decryption keys are almost impossible to access; the only option left for the victim is to pay the ransom amount.
Another improved feature in Cryptowall is the use of TOR network. In order to pay the ransom amount to the attacker, users have to use the hidden TOR website. This makes it extremely difficult to track down the attacker. The scope of this ransomware attack looks dangerous. But the good news is we can take certain steps to protect our systems from this kind of attack:
- Use of proper judgment: As we now know, Cryptowall spreads by clicking on advertisements within well-known domains. Therefore, we need to be very careful when it comes to surfing on these websites. Users should exercise proper judgment and common sense when they come across ads on these websites. Although many advertisers take proper security precautions in order to prevent malware attacks, there are chances that one of the ads might lead you to a malicious site and hijack your system. Unless you are positively certain about the source of the ad, do not click on it. Your one click can infect your system, but this can be avoided if you are careful.
- Regular patch management: Install patches and software updates on a regular basis. Since the RIG exploits kit targets unpatched version of Java, Flash and Silverlight media, it is very important to make sure that these are up-to date.
- Regular System backup: This kind of attack indicates the importance of regular backup. If you have backed up all your files regularly, then you are no longer trapped if such a situation arises. You can access/retrieve your files from any computer, anytime. All you need to do is completely re-format or replace the hard-drive, and then download all your files from the cloud storage system. Regularly schedule your cloud backup to prevent yourself from being held hostage in such a situation.
- Use Anti-Malware or Antivirus: Last but not the least, install the latest anti-malware or antivirus application on your system. They should be constantly running in your background to ensure that no malware or virus takes over your system.
PROTECTION FROM RANSOMWARE ATTACKS WITH SPIDEROAK:
Ransomware attacks are on the rise these days. In order to ensure protection against attacks like Cryptowall, it is extremely important to back up your files and folders in a trusted cloud storage system.
SpiderOak is one of the few cloud storage systems that uses Zero Knowledge privacy and uses strong security controls to protect customer data. SpiderOak encrypts the files in your computer before uploading them to the server. As a result, only you, have access to your unencrypted data. Even SpiderOak cannot read your data because the keys used for encryption only belong to you.
Try it out for yourself: