The dirty tricks ransomware uses to fool us

The dirty tricks ransomware uses to fool us

[[167210]]

Finding ransomware...

Today, ransomware has become one of the most important threats faced by enterprises. A large amount of valuable data is locked by it, and the ransom paid for it is also very considerable. Cyphort has summarized a series of ransomware behavior characteristics, hoping to help everyone take the initiative in the fight against ransomware.

[[167211]]

Jigsaw

Deleting files regularly creates a sense of urgency to urge victims to pay the ransom faster. Jigsaw ransomware deletes an encrypted file on the computer for every hour that the victim's ransom is not received - even if the ransom is paid later, it cannot be recovered. In addition, Jigsaw will delete an additional 1,000 files every time the victim restarts the computer and logs into Windows.

[[167212]]

Petya

To encrypt the entire drive, Petya ransomware directly encrypts the Master File Table, which contains information about the allocation of files and folders.

[[167213]]

RansomWeb, Kimcilware

Encrypting Web server data. RansomWeb and Kimcilware ransomware families both adopted this unusual method of wreaking havoc, namely, based on Web servers rather than client computers. They infect and encrypt website databases, Web servers and hosted files, and demand that website administrators pay them a ransom.

[[167214]]

DMA Locker, Locky, Cerber and CryptoFortress

Encrypts data on network drives - even unmapped drives. DMA Locker, Locky, Cerber, and CryptoFortress all walk through all open network Server Message Block (SMB) shares and encrypt any information they find.

[[167215]]

Maktub

Maktub ransomware compresses files first to increase encryption speed.

[[167216]]

The cloud environment is not safe either

Delete or overwrite all cloud backups. In the past, it was often safer to back up data to cloud storage and file sharing platforms. However, various new types of ransomware have begun to extend their claws to shared file systems.

[[167217]]

SimpleLocker

For non-Win platforms, SimpleLocker can encrypt files on Android and Linux systems, while Encode.1 targets Linux, and KeRanger specifically attacks OS X.

[[167218]]

Cerber

Use the computer speaker to deliver voice messages to the victim. Cerber ransomware generates a VBScript titled "#DECRYPT MY FILES#.vbs" that allows the computer to play random messages to the victim. It can only read English at present, but the decryption website it uses provides 12 language versions. The content it plays includes "Attention! Attention! Attention!" and "Your files, pictures, databases and other important files have been encrypted!"

[[167219]]

Tox

Ransomware as a service has become a new form of profit in underground forums. It can provide malicious code and infrastructure, urge ransom payments and provide decryption keys to victims. Tox ransomware is a prominent representative in this regard.

Original link: The despicable methods that ransomware uses to fool us

[Translated by 51CTO. Please indicate the original translator and source as 51CTO.com when reprinting on partner sites]

<<:  IoT devices will surpass smartphones in 2018

>>:  Why hasn’t the fourth pole of China’s Internet emerged besides BAT?

Recommend

O2O is ultimately a war between BAT

Some people say that the National Day Golden Week...

One article explains user activation!

User activation, as a key link in the user growth...

6 tips for writing Facebook ad copy with high click-through rates!

A successful Facebook ad is inseparable from eye-...

Four years later, MIUI6 starts to reduce the size of Xiaomi

August 16th is Xiaomi's birthday. In the past...

Do cats really think they are liquid? They can get into anything.

Produced by: Science Popularization China Author:...

How to promote Baidu Q&A? How does Baidu Q&A make money?

Nowadays, Baidu's own products are ranking hi...

Tips for breaking 1 billion GMV in live streaming!

Many people may think that a set of gameplay must...

Promotion and traffic generation: How to use Zhihu to attract traffic and fans?

I believe everyone knows Zhihu, which gathers pro...