Ransomware Threats Growing

The malware typically encrypts data or disables master boot records, then extorts money to undo damage and restore access.

(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions
A malicious type of attack dubbed ransomware is on the rise, with antivirus vendor Symantec seeing at least three new variants appearing in recent months. Such attacks often utilize viruses to not just steal a persons sensitive or financial information, but also to disable hard drives and demand money to restore them.
Threats that use extortion can be some of the most aggressive and, in some cases, offensive viruses encountered, said Symantec security researcher
Gavin O Gorman
in a blog post.
Unfortunately, attackers continue
to advance
the ransomware state of the art. For example, GPCoder.G, which first appeared in November 2010, is a small -- only 11 kilobytes -- piece of malware which, if executed, searches a hard drive for files with specific extensions, relating to everything from videos and Microsoft Office files to images and music. It then encrypts the first half of all files found, using a symmetric RSA encryption algorithm and a random key. The random, private key is then encrypted using a public key. Without the private key from this key pair, it is not possible to obtain the symmetric key in order to decrypt the files, said O Gorman.
To get the private key, the ransomware victim must forward the encrypted symmetric key to attackers, who decrypt and return it. Unfortunately, aside from restoring the encrypted files from a backup, there is no way to bypass this technique, he said.
Some ransomware attacks, however, go light on innovative technology and heavy on psychology. For example, the Trojan application Ransomlock, discovered in December 2010, locks a users desktop and lists a premium-rate mobile phone number the user must call to restore desktop access, at a cost of $400.
But in a twist, the attack also changes the frozen background image to a pornographic image. As a result, people are less likely to seek technical help from another person to solve the problem, in an effort to avoid embarrassment, said O Gorman. The fix, however, is as simple as installing and running antivirus software.
Other ransomware is little more than smoke and mirrors -- more akin to
fake AV
than
Stuxnet
. For example, the Bootlock Trojan application, which first surfaced in November 2010, infects a PC and then claims to have encrypted the entire hard drive. It demands $100 to restore it. In reality, however, the virus has simply corrupted the master boot record, which can be restored using recovery tools.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Ransomware Threats Growing