A Look at the Current Malware Preying on Surfers and How to Prepare

detective_spyThere was a time when average computer users were mostly concerned with sociopathic cyber threats that would erase data and cripple the operating system.

Early computer viruses were mostly intended for cyber vandalism; however, the world of malicious software (malware) would eventually evolve into invasion of privacy, data theft, fraud, blackmail, and even extortion.

According to a mid-2016 global cyber threat report published by tech security giant Symantec, the most common threats faced by Internet users these days consist of malware intended to bring durect profit to attackers. Browser redirection schemes increase page views, spyware builds personal profiles for identity theft, keystroke loggers are used to get online banking information, and ransomware attacks extort money directly from victims.

The evolving and still popular ransomware has become one of the most problematic cyber threats in modern times. The basic mechanism consists of the execution of malicious code that arrives by means of a Trojan kit, a virus, an infected attachment, etc. After the malware has been activated, it proceeds to apply a layer of encryption to all files in local storage, which may include hard drives, external devices, SD cards, and others.

Once all files are encrypted, the user is essentially locked out of his or her desktop, laptop, tablet, etc. The ransomware then displays an intimidating message that prompts users to enter credit card information or else send bitcoin for the purpose of obtaining a decryption key. In 2015, more than $300 million were collected by ransomware attackers using a single variant known as Cryptowall.

The following two very popular ransomware versions have been affecting users in 2016:

UltraCrypter

One interesting fact about the ransomware trend is that it has evolved as a business model. CryptXXX was the name of an exploit kit sold to attackers; essentially, it was a Ransomware-as-a-Service model. The aforementioned CryptoWall became CryptXXX and later UltraCrypter.

This exploit kit deploys malicious code that connects the infected device to a criminal server where the ransomware resides. UltraCrypter is sophisticated in the sense that it actually scans the target device and checks for exploits that will allow it to install.

Locky

Although attacks that deploy this specific ransomware version have been reported to be on the decline since the summer of 2016, security researchers are keeping an eye on Locky in case of a resurgence.

Locky was part of a spear phishing attack that used a fraudulent email that appeared to be an Amazon order tracking update. This ransomware got by certain security measures by appearing to be a benign JavaScript applet. Once Locky started its malicious encryption, it targeted PDF documents, Microsoft Office files, and even source code. A notable victim was Presbyterian Medical Center in Hollywood, which paid a hefty sum for the decryption keys.

Preparing Against Ransomware Attacks

When it comes to developing a strategy to prevent ransomware attacks, defense is the best offense. The best and most important measure against for even the most dangerous threats is to have a solid backup and recovery system in place. To this effect, there are numerous tools on the market, and many of them involve cloud storage. The idea is to be able to shrug off a ransomware attack by simply resetting, reformatting, reinstalling the operating system, and restoring from backup as required.

In cases of portable devices that connect to public Wi-Fi networks, application whitelisting and antivirus software are essential. A whitelist utility only allows certain applications to run under certain environments. Many antivirus scanners and Internet security suites offer free versions that can protect against ransomware, some examples include BitDefender and Panda Free Antivirus; the latter one includes a cloud-based scanning option that does not take up too many computing resources.

In general, making ransom payments is not recommended. On one hand, the decryption process may not be successful; on the other hand, it only encourages cyber-crime groups to continue targeting victims. Once again, the best policy is to have backed up in the first place. Modern computing devices such as Chromebooks, Windows 10 tablets and Android-powered solutions use the cloud for personal storage, and they also feature reset buttons and other solutions that can restore the device to an initial state. The operating system and apps can always be recovered, and the same goes for personal files stored in the cloud.

If there is no backup and restore plan in place, ransomware victims may take their infected devices to repair shops where technicians may try some of the tools in use today, which include: Windows Defender Online, DecryptCryptoLocker, Trend Micro Ransomware Removal, Norton Power Eraser, and the Norton Bootable Recovery Tool.

Guest article written by: John Porter is a Southampton-based freelance English-German translator, writer and a tech head, so he enjoys keeping up with tech trends and writing about anything related to modern technology with a special interest in all types of productivity apps. FB: https://www.facebook.com/john.retrop – TW: @johnpourter – G+: https://plus.google.com/u/0/111000613210037266503/posts

1 thought on “A Look at the Current Malware Preying on Surfers and How to Prepare”

  1. Arrived here thanks to CommentLuv. Thanks for sharing about this savage topic. Prevention is the number one prize!

    Reply

Leave a Comment