2016 Tendenser i Ransomware - Hvordan, Teknologi og pc-sikkerhed Forum | SensorsTechForum.com
CYBER NEWS

2016 Tendenser i Ransomware

ransomware-sensorstechforum

Ransomware er ikke et nyt fænomen, men det er stadig en af ​​de mest populære former for cyberkriminalitet på grund af den lethed, dens udbredelse og de gode overskud, det giver til kriminelle. One of the reasons for the proliferation of ransomware is its diversity. Since ransomware constantly evolves in more sophisticated forms, organizations that do not follow the development of this particularly dangerous form of malware often find their computer networks completely paralyzed by it. The purpose of this article is to raise information security awareness about ransomware by exploring the latest five trends of conducting ransomware attacks. Nedenfor, they are examined in more detail.


1. Exploitation of vulnerable web servers

Large-scale ransomware attacks often use security vulnerabilities of web servers to infect other computers with ransomware. I 2016, the largest attack of this type utilized the self-spreading Samsam ransomware. It infected multiple systems connected to a single server, including medical institutions, regerings kontorer, skoler, and aviation companies. Samsam is designed to encrypt over 300 types of files by using Advanced Encryption Standard (AES) mechanism and Jexboss tools.

2. Ransomware distribution through Windows Script Files (WSF).

Security researchers have identified a surge in using WSF for distributing file-encrypting ransomware. The tactic relies on the use of malicious .wsf files that contain a mix of scripting languages and are hardly detectable by anti-malware software. For eksempel, i oktober 2016, crooks submitted fake itinerary messages urging their recipients to open .zip files that camouflaged .wsf files containing the ransomware Locky.

3. Ransomware in cloud platforms.

In the recent months, there has been a steady increase in the number of ransomware attacks on cloud sync-and-share platforms. Such attacks pose significant risks to organizations, as ransomware targeting cloud platforms is usually capable to spread itself throughout the computer network of the affected organizations. The advanced version of Virlock is a typical example of cloud-based ransomware. Unlike traditional ransomware, Virlock does not inform the infected user that his/her computer is infected with ransomware. I stedet, it impersonates an anti-piracy FBI warning and requests the victim to pay a fine of USD 250 in order to avoid larger monetary sanctions and imprisonment.

4. Personalized ransomware.

The major difference between personalized ransomware and classic forms of ransomware is that the former type of ransomware utilizes sensitive information in order to better camouflage itself. For eksempel, the ransomware Ransoc uses users’ data collected from Facebook, LinkedIn, and Skype to send them personalized ransomware requests containing information about allegedly illegal files owned by the affected users. Således, Ransoc misleads its victims into believing that, if they do not pay the requested amount, governmental authorities will commence court proceedings against them.

5. Ransomware mimicking Windows.

Cyber-attackers has recently started using a new form of “tech support” ransomware. The ransomware is designed as a Windows reactivation window inviting users to call a toll-free number in order to reactive their operational system. When the users call the toll-free number, they are usually asked to pay bogus fees for reactivating their Windows.

Konklusion

To mitigate the negative consequences associated with ransomware (f.eks, loss of sensitive information, disruption of business activities, and reputational damages), individuals and organizations need to use state-of-art security measures. Raising information security awareness remains the most effective of them.


Redaktionel note:

Fra tid til anden, SensorsTechForum funktioner gæst artikler af internetsikkerhed og INFOSEC ledere og entusiaster som dette indlæg. Udtalelserne i disse gæst stillinger, dog, er helt de af bidragydende forfatter, og kan afvige de SensorsTechForum.

Daniel Dimov (gæst Blogger)

Daniel Dimov (gæst Blogger)

Daniel Dimov er en Internet lov ekspert baseret i Belgien. Han er også en ph.d. kandidat ved Center for Law i informationssamfundet ved Leiden Universitet, Holland. Daniel Dimov er en fyr på internettet navne- og numre (ICANN) og Internet Society (ISOC). Han gjorde praktikophold med Europa-Kommissionen (Bruxelles), Europæiske digitale rettigheder (Bruxelles), og Institut for EU og international lov ”T.M.C. Asser Institute” (Haag). Han har en kandidatgrad i europæisk ret (Holland), en kandidatgrad i jura (Bulgarien), og et certifikat i folkeretten fra Haag Academy of International ret. Daniel Dimov har forfattet flere peer-reviewed publikationer inden for IT-ret. Han præsenterede sine artikler på konferencer i Cypern, Belgien, og Holland.

Flere indlæg

Følg mig:
Twitter

1 Kommentar

  1. AvatarMarina Meadows

    Mr.Dimov Please Follow me so I can DM you, Tak. Twitter At Meadows_Marin I am also in LinkedIn, very important matter.

    Svar

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...