The Anti-virus Times

Thursday, November 11, 2021

A hacked social-networking account opens access to a heap of information: cybercriminals can gain access to personal correspondence, photos, phone numbers and much more. They have a choice of how to dispose of your data: sell it or get a ransom for it. We recently wrote about where our data is leaked, and in today's issue of the Anti-virus Times, we will talk in detail about everything associated with online extortion.

Encryption ransomware

Encryption ransomware is one of the most common types of malware. Cybercriminals use it to corrupt user files and demand a ransom to decrypt them. What results is a rather primitive blackmail with a “sauce” of "terrible" threats: "a reboot will delete your files", "do not do a system reinstall" and a bunch of different warnings, supposedly for your own good.

Most often encryption ransomware is distributed in the same way as other malware: via mailing lists or illegal content. That's why you must pay close attention to all files that get into your device; do not use applications and programs downloaded from unofficial sources.

The human eye is unable to monitor each received file, so preventive protection methods come to the rescue. No one is immune from infection by unknown encryption ransomware, so, in advance, you should make sure that Dr.Web is always enabled and configured correctly. Take advantage of Ransomware Protection and update your anti-virus regularly to minimise the risk of an attack by known encryption ransomware.

What to do if encryption ransomware penetrates a system

When under pressure, the first idea is to pay the money and forget about it. We strongly recommend that you never do that so that you can avoid the following situations:

• after you make payment, your files will remain encrypted;
• the attacker will keep your data;
• your files and data will be permanently lost.

It would be a shame to hand over a large amount of money and still lose all of your files. You should not try to negotiate with attackers, let alone expect them to be honest. If you have already been deceived once, your attackers will not hesitate to deceive you a second time.

If Dr.Web was installed on your device, seek assistance from our technical support service. Every month Doctor Web receives about 500 file-decryption requests.

It is also worth remembering that extortion of any kind is illegal. Making a police statement wouldn't go amiss—after all, this is the only way to punish cybercriminals. Most likely, the ransomware operators will not be found the next day, but by submitting a statement, you will be sure that you did everything possible to prevent other people from falling for the same trick.

Social engineering techniques

In addition to ransomware, other, more sophisticated, extortion scenarios exist. Imagine such a situation: an attacker has gained access to your social networking accounts, thoroughly ransacked them, and found compromising correspondence, photos, videos, or other valuable data. On the global marketplace, this information is worthless. No one will buy your correspondence or explicit photos on the Darknet, unless, of course, you are a famous person.

Attackers know that they can offer you the chance to buy back this data by threating to send them to friends, relatives, or someone else. The scheme of the scammers' actions is very simple. They buy or hack an account, go through the extremely long correspondence in search of something "profitable", and then nag the victim to transfer money, promising to erase what they have found.

Of course, paying a ransom in this case is not a good idea. It’s not a fact that the fraudster will keep their word and delete the compromising data from their disk. In some cases, a cybercriminal can ask a victim to repeat the money transfer under various pretexts: "oh, your first transfer was not successful", "OK, now send it again; you need to make 3 transfers", etc. These are all unpleasant manipulative techniques that you should learn to resist; otherwise, you will have to pay regularly with your money and your nerves.

In general, this scheme works in much the same way as the one with encryption ransomware, except that in the first case, attackers leave one message and silently wait for a ransom. In our example, the criminal will annoy you every minute, which is more time consuming for both parties: they will have to blackmail you, and you will become increasingly worried about the oppressive feeling of wasting your time. The following thoughts will enter your head, “I must send the money as soon as possible; then they will delete everything".

Sometimes this works because the victim is highly fearful of the social stigma and potential problems. Do not allow yourself to be led by cybercriminals; strictly suppress all attempts to extort money from you.