By now, you should be very familiar with ransomware and just how prevalent they are on the internet. It’s a global problem but Australia has become a popular target for this kind of cyberattack which can hold computers to ransom. While the IT security industry is constantly finding new ways to combat this type of threat, cybercriminals are just as quick in developing new varieties of ransomware to evade detection and mitigation. Here are a few new and interesting strains of ransomware that have been spotted by security vendor FireEye.
Ransomware image from Shutterstock
These new ransomware variants use a number of new tactics to increase their chances of infecting computers they target, according to the FireEye research team:
- Chimera: The operators behind the Chimera ransomware not only used the malware to encrypt victims’ files, but further threatened to publish the encrypted data if victims failed to pay the ransom. The threat actors began targeting German-based small and medium-sized business enterprises around mid-September 2015.
- Ransom32: Ransom32, first publicly reported in late December 2015, is purportedly one of the first ransomware variants based entirely on JavaScript, potentially allowing for cross-operating system (OS) compatibility and packaging for both Linux and Mac OS.
- LowLevel04: According to open-source reporting, operators of LowLevel04 purportedly spread the ransomware using the unconventional infection mechanism of exploiting Remote Desktop and Terminal Services.
- Linux.Encoder.1: According to open-source reporting, Linux.Encoder.1 debuted in late 2015 as one of the first ransomware variants targeting Linux web-based servers. While the encryption capabilities of the earliest variants proved to be suspect – with multiple reports alleging faults in its predictable encryption key — the targeting associated with this malware family represents a deviation from more traditional Windows-based attacks.
Another thing that the FireEye team has noticed is that ransomware cybercriminals are loving the attention they are getting in the media. This may have encouraged more ransomware activity, which would explain the spike in ransomware attacks in the month of March. But it’s better to keep the public informed about the dangers of ransomware so that people can be more vigilant about these potential threats.
Comments
5 responses to “Here Are Some New And Improved Ransomware Variants Out In The Wild”
All my data is saved on my NAS, even if my computer gets infected with some ransom ware, there’s no data in there so, I will just format my hard drive and start fresh again.
…and if the ransomware sniffs out your NAS?
( I hope you have a NAS backup too in another location !)
I don’t always have my NAS shares mapped on my computer, so there’s no way for the ransomware to sniff it out.
They don’t have to be mapped, which is why I said “sniffed”.
http://www.bleepingcomputer.com/news/security/dma-locker-ransomware-targets-unmapped-network-shares/
https://blog.malwarebytes.org/threat-analysis/2016/03/look-into-locky/
In order for the Malware or Ransomware to connect to my shares, it will need to brute force my password, as I never allow anonymous login, in addition, I never use common passwords, but complex ones. Also, any failed login attempts will only result in the IP address getting blocked.
On the other hand, unless the malware/ransomware has a zero day exploit that hasn’t been patched yet, it will not be able get into my NAS, as its constantly being updated and all security features enabled.
Thanks for those articles though, I have bookmarked them for future reference.