Today security experts are warning of the continued spread of WCry and of numerous variants being released over the weekend.
Typical of Any Ransomware users should be vigilant with any emails that could be carrying a payload or be links to a payload. At this point Microsoft has not ruled out any attack vectors:
We haven’t found evidence of the exact initial entry vector used by this threat, but there are two scenarios we believe are highly possible for this ransomware family:
- Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit
- Infection through SMB exploit when an unpatched computer can be addressed in other infected machines
Microsoft has released a patch for Operating systems going as far back as XP:
Windows update MS17-010
Ransomware continues to be among most insidious threats facing computer users this year. Researchers have recently observed a spike in Locky Ransomware phishing. The most recent campaign uses emails with the subject Re:
The Locky ransomware encrypts files renaming the to [unique_id][identifier].locky. The malware will also delete all of the copies of documents in the Shadow Volume, making impossible to restore files.
The only real defenses against these types of attacks is user education and a solid backup plan.
A new ransomware called BadBlock has been released. BadBlock encrypts your data and then requests 2 bitcoins to get your encryption. When it encrypts your files it does not append a special extension to the files.
The most common way of distributing the BadBlock Ransomware is through corrupted email messages that contain corrupted embedded links or file attachments. When computer users open the content included in the email message, the BadBlock Ransomware runs on the victim’s computer encrypting files.
A new version of CryptXXX has been released which defeats the free decryption tool that Kaspersky released last week. With the speed variations and updates are being released getting a Crypto virus is still very much a restore situation and you should have a plan in place.
Two news ransomware products have been released, the first called TrueCrypter,encrypts your data using AES-256 encryption and then demands either .2 bitcoins or $115 USD in Amazon gift cards. The second called Alpha Ransomware encrypts your data with AES-256 encryption and then demands $400 USD in the iTunes Gift Cards.
This is another sign of how common Ransomware is becoming. As more people are infected it is effecting users who lack the knowledge to obtain Bitcoins and more payment methods are needed.
The Jigsaw crypto malware may be propagated online via corrupted archive files, text and PDF documents that are attached to spam mail. Emails may appear to come from an internal source or an outside vendor and you should be cautious when receiving invoices because they may be targeted with a spear phishing designed to bypass safe email practices.
The Jigsaw Trojan may disguise itself as an instance of Mozilla Firefox and display a program window that features an animated ransom note that is accompanied by a doll that you might have seen in the movie Saw from 2004. Jigsaw Ransomware prompts the victim to send a payment of 0.4 Bitcoins to receive a decryption key
We dedicate a lot of time to educating our clients to the dangers of Ransomware. Given exactly how devastating the impact can be from one infection and the fact that it is often successful due to human error.
This week the United States Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), is releasing an alert regarding Ransomware. This is how serious the situation is becoming. Every company needs to educate their system users about Ransomware and how to avoid infections.