Ramblings of an old Doc
And threaten blackmail if personally damaging documents found.
Published on February 6, 2017 By DrJBHL In Personal Computing

 

Things seem to get worse, not better. Ransomware is now the most common form of malware.

Now ransomware will lock your OS, as well as hold your data for ransom, bricking your computer unless you pay.

"In the space of a year, ransomware appears to have evolved on from the simple but effective strategy of locking down the files of infected targets until they pay a ransom, to incorporating additional malicious elements, such as stealing personal or financial data from the victim's system...Now cybersecurity researchers warn that new ransomware features could make life even worse for victims. Rather than just encrypting key files, ransomware could soon infect a computer to such an extent that the only two options available to the user would be to pay, or to lose access to the entire system.

According to the Malwarebytes Stateof Malware Report 2017, we're likely to see more variants of this type of ransomware, which is designed to modify the infected computer's Master Boot Record, the part of the system which controls the ability to boot into the operating system.

Once modified in this way using malicious code, the system will boot into a lock screen set up by the malware, demanding payment not only to decrypt files but also to restore access to the main operating system. The inability to do anything with the system aside from viewing the ransomware note will only give victims two options: pay up, or have their system wiped completely. It's likely to make ransomware an even more appealing avenue of attack for cybercriminals." - ZDNet

This is noteworthy, as well:

"The attacks against Western targets might not surprise. They are the countries with the most access to technology, and there's also the potential that these states are being targeted for political reasons. The researchers points out that many cybercriminal syndicates work out of Eastern Europe.

"A country that seems to be missing from this list is Russia. This isn't because Russian citizens have a firm grasp on computer security. Rather, it's an indicator that Russian ransomware developers might shy away from targeting their own," the report says." - ibid

I recommend reading the linked article.

I do not recommend paying these criminals because nothing assures you that they won't leave the malware on your computer for subsequent activation. Certainly, never pay by credit card, if you decide to pay despite this warning. After all, are these the people to trust with such info? In the end, it might just be cheaper to buy a new computer.

I also recommend taking the steps necessary to foil or recover from ransomware attacks outlined in my prior articles.

 

Source:

http://www.zdnet.com/article/ransomware-is-about-to-get-a-lot-worse-by-holding-your-operating-system-hostage/#ftag=CAD-04-10aag0g&bhid=22934121128163694730898056497463

 


Comments (Page 1)
2 Pages1 2 
on Feb 06, 2017

Had one virus trash my computer a few years ago and it couldn't be repaired.  Had to buy another.  So I'

ve been there and try and watch where I go and what emails I open but that's getting harder to do.

on Feb 06, 2017

Sadly, such malware can be surreptitiously inserted in elements of very legitimate websites or in the advertising feeds that accompany them and you have no defense unless you have anti-ransomware & anti-exploit software deployed.  I'm using Cybereason RansomFree, MalwareBytes Premium which incorporates both functions and Bitdefender which also has anti-ransomware & anti-exploit modules.

Not sure that's enough.

on Feb 06, 2017

Daiwa

Not sure that's enough.

With all the variants, the lag in signature updating is impossible to narrow... damned criminals.

on Feb 06, 2017

Once again....

The absolute very best way to protect your system, yes that means OS (and yes protecting it from yourself) is now and always has been to never ever run any process with privileges it doesn't NEED.

Specifically any application and/or process that may ever come into contact with the internet (ie. browser, email, hell...pretty much any app these days). So....in that vein, USE your system from a heavily restricted account, and only ever break out the admin account when 'modification' of system properties is ABSOLITELY necessary.

 

 

 

 

 

 

 

 

 

on Feb 06, 2017

Listen to the_Monk.  Apply his principles.  Live long and prosper. 

on Feb 06, 2017

Boot sector viruses.... everything old is new again

 

 

on Feb 06, 2017

what the_Monk said and make an external back-up of OS and files.

ransomware... this world is crazy

I actually thought this world would become less and less crazy, but in the last decade craziness skyrocketed...

on Feb 06, 2017

the_Monk

never ever run any process with privileges it doesn't NEED.

If it were only that simple...how about apps which elevate privileges on installation...paradoxically, antivirals and anti-malware apps. They themselves become the holes in your system.

on Feb 07, 2017

DrJBHL


Quoting the_Monk,

never ever run any process with privileges it doesn't NEED.



If it were only that simple...how about apps which elevate privileges on installation...paradoxically, antivirals and anti-malware apps. They themselves become the holes in your system.

Absolutely.  Which is why one should seriously consider the 'need' for any/all apps, as well as additional security software.

Of course that doesn't change the fact that most payloads of malware that can start the delivery/installation process by simply 'touching' infected code via a web resource will in fact not be able to perform their nefarious tasks if you just simply don't 'browse the resource' with elevated privileges in hand.  That alone is a huge step towards keeping your system safe.

on Feb 07, 2017

What a sad, sad world we live in!  The amount of people trying to do unto others what they wouldn't want done to them is horrendous... and given this latest turn of events, things just seem to be getting worse.  If only these things could be traced back to the source so that appropriate action could be taken.

As for this newer ransomware infecting the MBR, I recall reading something a few years ago about undoing MBR attacks in the BIOS.  Whether that's possible with this new wave of ransomware or not, I don't know, but it's worth looking into.

Also, with the increase in malware and cyber attacks in recent times, the_Monk's advice is spot on.  Surfing the net and checking emails from a non-priveleged account is the best protection one can employ.  If you haven't done it as yet, go to Settings> User Accounts and create a new non-priveleged account.

on Feb 07, 2017

starkers

I recall reading something a few years ago about undoing MBR attacks in the BIOS.  Whether that's possible with this new wave of ransomware or not, I don't know, but it's worth looking into.

If only, Mark. The MBR is encrypted, just like data files...which in most cases can't be de-encrypted.

on Feb 07, 2017

You can also run your browser (and other apps as well) in a sandbox.

on Feb 07, 2017

DrJBHL

Quoting starkers,
reply 10
I recall reading something a few years ago about undoing MBR attacks in the BIOS. Whether that's possible with this new wave of ransomware or not, I don't know, but it's worth looking into.

If only, Mark. The MBR is encrypted, just like data files...which in most cases can't be de-encrypted.

You can actually boot off the windows install disc and replace (not decrypt) the MBR without reinstalling windows. The command for it is different than it used to be the last time I had to do that but it should still be there even in 10.

Of course, that doesn't help unless the OS files themselves are still usable. Not sure if this encrypts those as well or not.

on Feb 07, 2017

fixboot /mbr  [I think it was]

on Feb 07, 2017


You can actually boot off the windows install disc and replace (not decrypt) the MBR without reinstalling windows. The command for it is different been it used to be the last time I had to do that but it should still be there even in 10.

Thanks for the reminder.  It was a while ago so I wasn't 100% sure what the process was, having never had to do it, but that's pretty much what I read back then.  As for still being there in Win 10, I imagine it would be.  It's one thing for MS to remove things like WMP, but this is an important system tool and is likely still there.

I sort of recall [from the same article I think] that a similar thing could be done from the motherboard disc, though again I'm not 100% because my memory isn't what it used to be.


fixboot /mbr  [I think it was]

No, not fix /mbr... because it is encrypted.  The command needs to be rebuild /mbr or something like that... new /mbr perhaps.

Okay, just looked it up for Win 10..... c:\boot>bootrec /rebuildbcd

According to this article, that's how it's done in Win 10.  The article also covers the methods for XP; Vista; Win 7; Win 8/8.1

Hope this helps everyone... should it ever be needed.

2 Pages1 2