How Hackers Hold Files In Ransom
CryptoLocker-
CryptoLocker was a ransom ware Trojan which targeted computers running Microsoft Windows[1] and was first observed by Dell Secure Works in September 2013. CryptoLocker propagated via infected email attachments, and via an existing botnet; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA.
Ransom ware-
Ransom ware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.
The slide is advertising that ransom ware, in this case CryptoLocker, has taken over the victim’s computer. Malware bytes.org has determined that CryptoLocker searches for files with the following extensions:
3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx
What To Do About Ransom ware
Once infected with ransom ware, the options are simple. Victims either pay up, or they don’t. Neither option is a good choice. Not paying means the files are lost. Then the user has to decide whether to scrub the computer with an anti-malware product, or rebuild the computer completely.But paying out the ransom stinks too, because this forces victims to trust the extortionist. Before biting the bullet and paying the ransom, consider the following: Once the extortionist has the money, why send the decryption information? And, if it all works out and your files are released, you still have to go through the same process of deciding whether to scrub the computer with an anti-malware product or rebuild it.
Protecting Your Computer
So how can you protect yourself from being held ransom? Kleczynski provides some simple advice."Be careful when opening email attachments. In particular: Amazon, DHL, and other similar invoices that come as a zip file. More often than not these are fake, and contain malware," Kleczynski said.
Beyond that, there is no magic formula to avoid ransom ware. It's just malware looking for vulnerable computers to exploit. Anti-malware programs may be of some help, but they usually kick in after the data has been encrypted. The best solution is to keep the computer’s operating system and application software up to date, eliminating any weaknesses the bad guys could exploit.
Leave a Comment