Wednesday, 23 March 2016

Stand aside Locky – system locking ransomware is poised to return

Stand aside Locky – system locking ransomware is poised to return

All we've been hearing about lately is ransomware, but apparently malware peddlers out there are reverting back to locking up PCs rather than bothering encrypting files.

As the Register reports, malware locking the entire system upon boot fell out of fashion because it's easier to deal with (for example by using a rescue disc) than file encrypting nasties such as Locky.

However, a new strain of malware discovered by Cyphort Labs is a 'ransom locker' variant, except it is more stubborn and sophisticated than what we've seen previously.

For example, it prevents the user booting in safe mode to attempt to deal with the malware, and it uses Tor to communicate with its command and control servers. That not only gives the malware author protection in terms of anonymity, it also creates a "Tor hidden service that allows the attacker to utilise your system for Bitcoin payments" or other nastiness, Cyphort notes.

Homeland Security

Cyphort Labs discovered the malware on a pornography site, and it locks the user's system with a message purporting to be from 'Homeland Security: National Cyber Security Department', demanding a $500 (around £350, or AU$650) payment via Bitcoin (or other online means).

Apparently this is an early strain with the authors testing the malware out, so the re-emergence of this kind of attack is something to keep an eye on. As ever, be careful where you browse and use your common sense online.

And if you're not sure about a link, don't visit it. The old adage better safe than sorry has never been truer when it comes to surfing the web.

However, ransomware is still the prevalent danger right now, and even Mac users have been hit by it of late.










http://ift.tt/1RkLxqD

No comments:

Post a Comment