Jump to content

Refined Ransomware Streamlines Extortion

draph91

By draph91
in General Chat

 Share

Recommended Posts

David H. Lipman

David H. Lipman

Posted
Posted

The place is fine.  However please do not just post a URL without explaining what the subject matter is.  "I didn't know where else to post this" is NOT the subject matter of the URL.
 
If you do not know, please ask someone who is a member of; "Moderators", "Experts", "Trusted Advisors", "Spam Hunters" or "Malware Hunters" as any one of them has experience with the Forum, and knows how it operates and has experience using "best practices".
 
The subject of the post should have been something like "new ransomware information" or the subject of the article you are providing information on "Refined Ransomware Streamlines Extortion"

The post's body should be something like...
 
------------------------------------------------------------------

Refined Ransomware Streamlines Extortion

"New CryptoWall, Crypto Tricks and Leak Threats"
 

Notably, the gang behind notorious CryptoWall ransomware, which has been tied to at least $325 million in criminal proceeds, has released an updated and more streamlined version of their data-encrypting malware, and more than doubled the ransom they demand to decrypt infected PCs.
To compel more ransomware victims to pay up, meanwhile, the attackers behind a different type of ransomware called Chimera have been threatening to publicly dump stolen data from victims whose PCs they have encrypted.
Other recent ransomware advances include improved encryption techniques, to make it tougher to decrypt encrypted files without paying a ransom. To foil the efforts of security researchers to crack the encryption used on ransomware-infected PCs, for example, the developer behind Ransomcrypt.U has updated the malware to no longer transmit the encryption key to the attacker's command-and-control server.

Ransomware Gets New Crypto Tricks
RansomecryptU was first spotted in the wild in June 2014 on Russian-language cybercrime forums, and has since been updated about a dozen times, researchers at security firm Check Point say in a Nov. 4 blog post.
In the latest version of Ransomcrypt.U, "the encryption functionality is built with several layers of encoding and encryption, including two separate levels of RSA," they say, adding that they anonymously reached out to the attacker's email address "and received a reply requesting a payment of 20,000 Russian rubles ($315) on the same day or 25,000 ($390) on the following day, to receive a decryption program and key."

Link to post
Share on other sites
sman

sman

Posted
Posted

If one can come out of dependancy on Windows and it's resource hogg, and embrace "Live-CD", will see a sea of change to computing and Online Security.. Find usage to even outdated/old hardware, to make the best use/lifetime of hardware on hand.. All forms of crypto threats a thing of the past.. I see Home users to benefit the most of this "Live-CD" approach...

Link to post
Share on other sites
draph91

draph91

Posted
  • Author
Posted

well here's another one

 

New Ransomware Targets Linux Powered Websites

 

https://hacked.com/new-ransomware-targets-linux-powered-websites/

 

A new strain of ransomware targeting Linux-powered websites and servers is discovered in the wild and continues the trend and threat posed by any other ransomware – encrypt a victim’s information and data in exchange for a ransom fee.

Ransomware is among the most notorious and damaging strains of malware in recent times with the most destructive of them all – CryptoWall is estimated to have raked in over $300 million for 
its developers this year alone. Other ransomware related to the Angler Exploit Kit have been found to net over $30 million for the authors behind the malware.

The ransom is commonly sought in Bitcoin in exchange for a decryption key that promises to release all the held up documents, files and data infected by the ransomware. A recent report also confirmed the presence of the newest version of the CrytoWall family, with CryptoWall 4.0.

The latest release of the strain is even more damaging as it encrypts individual file names along with the data itself, making it harder to identify important files needing to be rescued. As things stand, there is no fix for CryptoWall 4.0. You’ve got to pay the ransom demand or hope that you’ve backed up all your files.

Now, ransomware scammers have stepped up a gear in infecting end-users by developing ransomware for websites and web servers. Quite simply, “Linux.Encoder.1,” as it is called by Russian security firm Dr.Web, targets websites to encrypt and lock down the web pages, files, images and content hosted on a website in exchange for ransom.

 

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

No worries for End users as they stay protected with Live-CD use..

Not true.

 

As long as you load any OS that has access to data, and that OS can execute crypto trojan, that data is at risk.  How that OS is loaded is a moot point.

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

I once managed a CD/DVD ROM Server whose OS loaded the NT and SMB Sharing Service from ROM.  Loading an OS from ROM is akin to loading an OS from Read-Only Media.
 
I had the faux opinion that because the OS loaded from ROM, it was safe.  Then I got into a discussion and Thought Experiments where I became "educated" to the fact that once the OS was loaded into RAM and that OS was LAN connected, it was indeed a risk.
 
In the case of a crypto trojan, that CD/DVD ROM Server was not at-risk.  The data was in Read-Only format ( CD and DVD discs )  so it could not be encrypted.  However if the crypto trojan wasn't a trojan, and it was an Internet worm instead then CD/DVD ROM Server OS would be a risk.  Since it was on the LAN the worm could, possibly, compromise the OS and cause reinfection on the LAN or perform other functions.  Being that it was based upon a system that booted from ROM, just cycling power would remove it from memory and thus would no longer be an issue.  However during the time it was running on the system it was part of the broader problem.
 
Thus a "Live CD" is not a complete mitigation.  Just a reduction of risk.
 
On another note...

 

The following is my idea of a "Live CD"
Mental Jewelry, Throwing Copper, Secret Samadhi, The Distance to Here and Birds of Pray

 

post-14644-0-36193900-1447079994.gif

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

Yes.  A LAN could be their Home Network ( Internet TV, Tablets, Notebooks, Desktops, Smart Phones and other Internet ready/capable appliances.

 

I do not understand "for Live-CD to be effective in these environments to be accepted?.."

For me, Live CD acceptance is a platform capable of booting from CD or DVD media.

 

One must realize that an Internet Ready TV may boot a Linux based OS loaded from ROM.  Many TCP/IP capable "appliances" do in fact embed an OS like Linux.  One way to know is fully read the documentation.  Another is to see if there are Firmware updates for the appliance.  If the Firmware is 100's of MB ( such as 500MB ) then it is an embedded OS.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.