Your browser is obsolete!

The page may not load correctly.

Encrypt everything

Закодировать всё

Other issues in this category (22)
  • add to favourites
    Add to Bookmarks

Greed XXXL

Read: 1013 Comments: 15 Rating: 42

Nowadays encryption ransomware programs are regular guests in corporate networks. One would think that the increase in the number of infections, especially since they are so widely publicised, would result in tighter security. However, nothing’s changed: high-ranking law enforcement officials still recommend that victims pay ransoms, and companies are still creating special reserves to offset the financial impact of ransomware infection incidents.

There is a Russian saying that “the appetite grows with eating” and criminals' appetites are no exception. The first iterations of encryption ransomware did their best to encrypt data, but once users started paying almost automatically as soon as they saw a ransom demand, a greedier breed of fraudsters was born. They don’t bother decrypting compromised files once they’ve got the ransom money in hand.

The encryption ransomware KillDisk is a cross-platform application that can run on Windows and Linux machines (that's why it has many ‘aliases’—just like any true criminal. For example, the Linux version is Linux.KillDisk.1). It is truly unique. But not because it has so many names—the ransom demanded for decryption amounts to 222 bitcoins which is equivalent to $210,000 at the current rate of exchange. Furthermore, once encryption is complete, the Linux version of the Trojan modifies the boot sector so that the operating system won't boot up and a reboot prompt is displayed instead.

If companies prefer to pay and don’t want to invest effort and money in training their employees in security basics, perhaps, the huge ransom amount will eventually become sufficient incentive.

But the bad news for those who believe that Linux provides great protection by default doesn't end here. An analysis of the Trojan revealed that it neither saves encryption keys locally nor sends them to a command and control server.

That is, even if a victim pays the ransom, they’ll get nothing in return.

#Trojan.Encoder #encryption_ransomware #extortion #corporate_security

Dr.Web recommends

  • Expecting criminals to honour a deal is pointless! Vampires regard people as food and nothing more. They don't know you and don't care about you. They don't care about their reputation either because they aren't interested in a long-term relationship with you.
  • Install an anti-virus on all your computers without exception. Malware exists for all platforms. Criminals are getting more and more interested in operating systems other than Windows.
  • Create backups!
  • Users in a corporate network shouldn't be allowed to download and launch applications—their permissions should be restricted.

It’s a shame that we have to keep repeating this over and over again.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments