Do You Want to Play a Game?
The presence of ransomware is well and truly prevalent and spreading at a rapid pace globally. 2016 has seen an explosion of ransomware attacks which are progressively targeting business networks rather than individual users. Cyber criminals target businesses as there is a far more considerable amount to profit from rather than targeting the individual user. The total amount of loss related to these attacks is estimated to reach $1 billion this year.
Ransomware varies in different forms, each as deadly as the other. This blog post is solely dedicated to three of the most dangerous forms of ransomware around. Firstly, what is ransomware? Ransomware is a specific type of malware that is used to infect a computer system to restrict access to a user’s personal data. The reason why this is called ransomware is because the perpetrator of the virus will demand a ransom fee from the owner of the device in order retain their personal data. Ransomware attackers generally demand bitcoin currency from the victim as it is impossible for law enforcement agencies to trace. Ransomware attacks mostly come from phishing emails.
Locky is a new piece of ransomware that is spreading globally. Locky get’s it’s name because it renames your files with a .Locky file extension. Locky is quite similar to other crypto ransomware, if you get infected, a ransom note appears on the users wallpaper in text and bitmap forms (ref image 1). It encrypts all of your files using strong AES encryption. The victim is directed to a webpage that is accessed via Tor, where they are instructed to pay a ransom fee generally in bitcoin currency.
Tor browser prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
Cerber is another recent variant of ransomware. Cerber, like other forms of ransomware, encrypts every single file on your computer. The virus infects all files except for application files, meaning every file is encrypted bar application extensions.
All encrypted files are turned into .cerber files and three decrypt files are then present. These files direct you to a webpage where you are informed of the virus and furthermore, demanded to pay a ransom fee to decrypt the files.
The ransom note comes in two forms, one in HTML and one in TXT as seen below.
The victim is directed to a website which can only be accessed via Tor.
The link directs the victim to a page where they are required to select a language.
Once the victim has selected their language of choice, they are directed to a page that details further instructions and guidance to managing the payment. The victim is given a “special price” offer to decrypt the files within the first 7 days of the infection, after that, the ransom is doubled.
For further information and a potential solution to Cerber ransomware, watch the video below.
Jigsaw, again like other ransomware variants encrypts your files when your device is infected. Jigsaw separates itself from others as it deletes your files on an hourly basis if you delay the payment which creates a sense of urgency. Jigsaw adopted it’s name from the iconic character from the Saw movies.
Thankfully there is some good news! Bleepingcomputer.com have solved the jigsaw puzzle with a decypter that you can download from the link below. This decrypter will retrieve all of your files back without having to pay any ransom fee.
Decrypter for Jigsaw: http://www.bleepingcomputer.com/download/jigsaw-decrypter/