Ransomware, increasingly subtle and make fun of the user

Last updated Jun 23, 2017 443

Encryption of the entire hard drive and ask for a ransom to provide the encryption key: the ransomware are an increasingly common danger for some years now.

In the field of information security, one of the most dangerous threats that spread in the last few years is represented by ransomware, or that class of malware that encrypts the entire contents of the hard disk and asks the user to pay a ransom with the promise to provide the key encryption to repossess the contents of the hard disk. It is software that are becoming increasingly difficult to counter and increasingly subtle, with the sole purpose of putting you in the position of having no choice but to pay the ransom.

A recent case of particular interest is to Chimera, which targets the main companies. In an effort to put more pressure on the victims, the malware threat publication of photographs and other personal data anywhere on the network, unless it paid a ransom in Bitcoin equivalent to about $ 650. There is as yet no evidence that the new ransom/cryptoware make publicly available user data, but the threat is obviously sufficient to stir the indecision of the unfortunate victim to pay the ransom.

The malware threat the user of this only after encrypted not only the data on local hard disks, but also on network drives connected to the system. All file extensions are also changed in .crypt to confuse even more ideas. Chimera, finally, is scheduled to hit specific employees within a company, probably those who have most frequently access to sensitive data / important to ensure that the redemption request is not ignored.

A second example of ransom / cryptoware exercising psychological pressure on the victims is the latest version of CryptoWall, among other things one of the pioneers of this type of malware. The latest version replaces the names of encrypted files with letters and numbers randomly generated. Encryption is also made with 2048-bit RSA keys, which if properly implemented are virtually impossible to crack. CryptoWall mocks the user, informing them to be joined the ” great community CryptoWall “, and explains in detail what happened:

The malware also states not to try to break the encryption or the files will be lost without possibility of appeal. According to security firm Heimdal Security, CryptoWall 4.0 uses a series of countermeasures to hide himself to anti-virus software and firewalls.

These two cases show how criminals behind the cryptoware operate with a business logic, or update and improve its products and services to expand the turnover. This commitment is reflected in reality, if you think that the FBI earlier this year estimated that CryptoWall had generated losses of more than $ 18 million, while another analysis has estimated about 325 million dollars in damages, only USA, by CryptoWall 3.0. Damage that translate directly into profits ” tax ” for criminals that support ransomware.

It seems clear that the ransomware represent a threat that will not dissipate quickly, and around them are raised more and more questions and doubts on the need to pay the ransom as required. An FBI agent recently claimed that the victims would be more quickly and easily, in order to regain possession of their files, pay such demands. The output generated some discontent among security professionals, who have pointed out that the payment of the ransom does not represent any guarantee of being able to actually recover as a hostage.

The remarks are correct, since there is no certainty that criminals maintain their word. And there is always the chance that a programming error or action the authorities will allow the recovery of encryption keys without having to pay any ransom, as happened last year with another ransomware particularly famous, CryptoLocker.