Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Malware slingers have gone back to basics with the release of a new strain of ransomware malware that locks up compromised devices without encrypting files.

 

 

1W0Cpx5.png

The infection was discovered on a porn site that redirects users to an exploit kit that pushes the ransom locker malware.

 

Researchers at Cyphort Labs who discovered the threat said it was the first of its kind that they had seen in some time.

 

The success of file-encrypting ransomware such as CryptoLocker, CryptoWall, Locky has rendered earlier system locker malware unfashionable if not obsolete. Ransom lockers can be normally be cleaned by using “rescue discs”, unlike file-scrambling malware strains.

 

The latest strain represents an advancement of ransom locker malware as it is using Tor to communicate to its command and control servers. The Windows nasty prevents users from booting in safe mode.

Researchers at Cyphort Labs conclude that the malware slingers are testing the waters with a strain of malware that still in its early stages of development.

 

“This new discovery is an advancement of ransom locker malware as it is using Tor to communicate to its CnC servers,” Cyphort’s Paul Kimayong explains in a blog post. “By using Tor, the attacker adds a layer of anonymity while doing its malicious activity.”

 

“Also, while the attacker got your machine kidnapped, they created a Tor hidden service that allows the attacker to utilise your system for bitcoin payments or other malicious activity,” Kimayong added.

 

The Source

Link to comment
Share on other sites
  • Replies 3
  • Views 662
  • Created
  • Last Reply
DoctorSkillz

DoctorSkillz

Posted
Posted

I dont understand cant you just run Hirens or some rescue disk? Shouldnt the ransom boot with Windows and thus you can just boot a linux os in parallel then remove the ransom?

Link to comment
Share on other sites
Marcus Thunder

Marcus Thunder

Posted
Posted
5 hours ago, DoctorSkillz said:

I dont understand cant you just run Hirens or some rescue disk? Shouldnt the ransom boot with Windows and thus you can just boot a linux os in parallel then remove the ransom?

I think you can remove the ransom as long it doesn't corrupt your files or else you wil lose all your work.

The problem is that ransomware can bypass anttivirus protection...Ads in Certain sites can simply redirect you to the exploit so you simply become infected with ransomware... Best protection is don't visit the site at first place...Internet security and ad blockers should prevent malicious ads from loading in the first place, but p0rn sites contain tons of rubbish bouncing and banging ads...premium generators and some other sites detect adblockers and insist that you close them...i have even read that people who installed with malware byte ant ransomware and tested it with ransomalware got easily infected!

Read user comments:

https://blog.malwarebytes.org/news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/

So anybody got a solution other than staying offline...a bootable browser maybe where the hard disk is disconnected...

An encryption proof security app maybe where files are locked to be read only so that when ransom strikes, files can be retrieved...

Anybody...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...