Tag Archive: ransom

lockyRansomware, what is it? Defined as “malware for data kidnapping,” it is one of the top security issues in the digital and cloud age, wherein the hacker or attacker encrypts data and asks for ransom (usually a Bitcoin payment) for the decryption key.

Today, another ransomware threatens the online community “Locky” that can hit you if you were ‘unlucky.’ It works similarly like the modus conducted by the banking software Dridex.

How Locky works?

A victim will be sent an email with a Microsoft Word attachment disguising as an INVOICE that requires macro.

[By default, Microsoft disables it due to security reasons. So a user normally will see a warning if an attachment contains it.]

Now if you would enable the macro function, it will run and then download Locky to your PC, according to the Palo Alto Networks.

[It is the same modus operandi used by Dridex, a notorious Trojan that steals banking account details.]

There are suspicions that the distributors of Locky are connected to one of the main men of Dridex because both use the same mode of malware distribution.

If you or your organization happens to be the unlucky target, your files will be unrecoverable unless you have a regular backup or if your data has not been touched yet.

Lately, the Hollywood Presbyterian Medical’s computer system was infected by ransomware in which the hackers ask for 9,000 bitcoins (or approximately US$3.6 million).

Reports indicated that the operators behind Locky may have conducted a large attack. Palo Alto Networks revealed that it had detected 400,000 sessions that used the same downloader “Bartallex,” which is the one that deposits the infection onto a computer system. Over half of the targets were recorded in the United States and the rest included Australia and Canada.

Locky utilizes its command-and-control infrastructure for conducting a memory exchange before encrypting the files.

Kevin Beaumont from Medium said that encrypted files have the ‘.locky’ extension. He wrote guidance on how to figure out who among the people in an organization has been infected and recommended that the active directory account of the victim must be locked and its network access must be shut down. Finally, he said that you are more likely to rebuild the victim’s PC from scratch.

Check out the full story here.

mail2Brien Mc Elhatten of ‘The List’ talks about Ransomware, what it is and how much it will cost you. According to his conversation with a tech expert from Data Doctors, Ken Colburn, it all starts with an email. The content of the email is so deceptive that there’s a very high possibility that the recipient will undoubtedly click the link on the email. And once the link has been clicked, all files in your computer will be encrypted and scrambled by a hacker. The worst part is that the only way to get your files back is to pay a hefty ransom which can reach up to 1,500 dollars.

Source: ABC Action News

Ransomware is a rampant malware that many businesses and individuals experience due to lack of online security. It is a sad truth that law enforces cannot restrain this nature of malware. This leaves users vulnerable to the creator of the malware who forces users to pay to access their hard drives and remove the malware from their system. Encrypted files can also be decrypted. There are also tools such as CryptoLockercrimeware, FireEye/Fox-IT Decrypt CryptoLockerthat can help you recover encrypted files. If encryption recovery didn’t work, you can try the backup Microsoft Windows’ System Restore function. You can also use Shadow Explorer or Windows’ Previous Version functionality to do the same.

Source: Dark Reading