The dirty tricks ransomware uses to fool us

The dirty tricks ransomware uses to fool us

[[167210]]

Finding ransomware...

Today, ransomware has become one of the most important threats faced by enterprises. A large amount of valuable data is locked by it, and the ransom paid for it is also very considerable. Cyphort has summarized a series of ransomware behavior characteristics, hoping to help everyone take the initiative in the fight against ransomware.

[[167211]]

Jigsaw

Deleting files regularly creates a sense of urgency to urge victims to pay the ransom faster. Jigsaw ransomware deletes an encrypted file on the computer for every hour that the victim's ransom is not received - even if the ransom is paid later, it cannot be recovered. In addition, Jigsaw will delete an additional 1,000 files every time the victim restarts the computer and logs into Windows.

[[167212]]

Petya

To encrypt the entire drive, Petya ransomware directly encrypts the Master File Table, which contains information about the allocation of files and folders.

[[167213]]

RansomWeb, Kimcilware

Encrypting Web server data. RansomWeb and Kimcilware ransomware families both adopted this unusual method of wreaking havoc, namely, based on Web servers rather than client computers. They infect and encrypt website databases, Web servers and hosted files, and demand that website administrators pay them a ransom.

[[167214]]

DMA Locker, Locky, Cerber and CryptoFortress

Encrypts data on network drives - even unmapped drives. DMA Locker, Locky, Cerber, and CryptoFortress all walk through all open network Server Message Block (SMB) shares and encrypt any information they find.

[[167215]]

Maktub

Maktub ransomware compresses files first to increase encryption speed.

[[167216]]

The cloud environment is not safe either

Delete or overwrite all cloud backups. In the past, it was often safer to back up data to cloud storage and file sharing platforms. However, various new types of ransomware have begun to extend their claws to shared file systems.

[[167217]]

SimpleLocker

For non-Win platforms, SimpleLocker can encrypt files on Android and Linux systems, while Encode.1 targets Linux, and KeRanger specifically attacks OS X.

[[167218]]

Cerber

Use the computer speaker to deliver voice messages to the victim. Cerber ransomware generates a VBScript titled "#DECRYPT MY FILES#.vbs" that allows the computer to play random messages to the victim. It can only read English at present, but the decryption website it uses provides 12 language versions. The content it plays includes "Attention! Attention! Attention!" and "Your files, pictures, databases and other important files have been encrypted!"

[[167219]]

Tox

Ransomware as a service has become a new form of profit in underground forums. It can provide malicious code and infrastructure, urge ransom payments and provide decryption keys to victims. Tox ransomware is a prominent representative in this regard.

Original link: The despicable methods that ransomware uses to fool us

[Translated by 51CTO. Please indicate the original translator and source as 51CTO.com when reprinting on partner sites]

<<:  IoT devices will surpass smartphones in 2018

>>:  Why hasn’t the fourth pole of China’s Internet emerged besides BAT?

Recommend

Li Miao: Physics in the Three-Body Problem

Li Miao: Introduction to Physics Resources in The...

A practical user growth plan!

Using fission to achieve user growth can be said ...

What? Edamame is soybean? Lentil stewed with noodles is actually green beans?

A few days ago, a heated debate broke out in the ...

Science Time Machine | How was Uranus discovered?

Uranus is the first planet in human history to be...

How do information flow ads dominate HeroAPPs such as Toutiao and Weibo?

Information flow advertising first appeared on th...

WOT Zhang Xingye: Practice of Weex technology in Meizu small applications

【51CTO.com original article】Seven years of hard w...

Huawei's creation of Hongmeng should not be praised in a flattering way

Recently, Huawei's Hongmeng system has become...

4 tips to improve the work efficiency of operators!

The operations staff are all young people, so rap...

Channel pitfalls: 8 hidden rules of App operation

First, let’s deconstruct the position of App Oper...

How does product operation achieve user fission?

Invitation is one of the ways to achieve product ...