Ransomware is now the preferred means of extorting money from online victims. Attackers communicate their intentions by encrypting the victim's data and promising to release the keys to unlock the data once payment has been made. In previous years hackers disguised their malware as anti-virus software, this method has gradually been replaced by spreading file-encrypting viruses.
Ransomware (e.g. Tox) is increasingly easy to reproduce, hence the growth in its prevalence. Device-lockers and crypto-ransomware do not directly steal information but prevent the legitimate user from accessing their own files, folders and information. Similarly, unlike other forms of malware that aim to stealthily requistion information, ransomware does not run quietly in the background but rather announces itself to the victim immediately so as to prompt payment.
There are two main forms of ransomware: crypto-ransomware and device-lockers. Device-lockers block the user from using their own hardware. The lock screen is used to communicate the message of extortion. Crypto-ransomware is the more evolved, targeted version of ransomware that irreversibly encrypts particular files, documents and folders.
Ransomware may be spread via spam emails or social engineering and unauthorized direct 'drive-by' download (prompted by opening a suspect web page or email) so as to obfuscate the presence of malware in the installation file.
Apple Mac OS X users have become the most recent victims targets of this crime. The OS X version of the popular bittorrent client software, Transmission, was used as the conduit to spread the ransomware code-named KeRanger. Attackers infected two installers of Transmission version 2.90 with malware which was then erroneously issued an official Apple security certificate.
The means by which KeRanger has been spread is typical, likewise the execution and financial demands (to be paid in bitcoins), the major difference with this particular case is to be found in the target operating system – KeRanger appears to the first multi-target crypto-ransomware to affect Mac OS X. The success of KeRanger will inevitably lead to more hackers looking to make their mark (and money) by targeting Apple's operating systems.
Readers are advised to invest in a quality external hard drive and back up data regularly. Adherence to the principle of least privilege is a must - avoid running programs as root unless absolutely necessary. Windows users should keep UAC enabled.
0 comments:
Post a Comment