eScan Advisory on Ransomware

ransomware

Ransomware is again in the news! Almost major social media, e-mails are infested with discussion forums on various ransomware and their adverse effects on the respective devices. eScan delves deep into the R&D again and resurfaces the advisory on the same.

Overview of Ransomware

Half of the year has passed by and we have witnessed various Ransomware such as Locky, Petya, Samas, Android.Trojan.SLocker.CV attacking individual computers, personal mobile phones and business organizations. We already predicted in our threat prediction that “Ransomware creators would be looking to target new operating system such as Mac”, KeRanger happened to be first Ransomware to target Mac OS X system.

What is Ransomware?

According to US-CERT, Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars and is sometimes demanded in virtual currency, such as Bitcoin.

How does it spread?

Locky Ransomware enters user’s e-mail as highly obfuscated JavaScript (file with .JS extension) inside an archive, which is attached to a Spam Mail, usually pretending to be an official document. Opening of such an attachment is enough to get system compromised with Ransomware. This virus can also spread via file sharing services and social networking sites, which may contain similar attachments and files. It might be presented to user as useful or something required, like an update.

Petya Ransomware, another destructive Ransomware is transmitted through spam e-mails targeting business users pretending to contain job applications. For instance, HR personnel receiving a Dropbox link to a file, which pretends to be resume of a candidate, seeking a position in the company. Clicking the file leads to installation of Ransomware.

Impact

Ransomware not only targets individuals, but businesses and government can also be victims to it. Around 150 Computers of Mantralaya, headquarters of Maharashtra Government were attacked by Locky.  Paying the ransom amount doesn’t guarantee that encrypted files would be released.

Solution

  • Update your antivirus software (like eScan) on regular basis, which will protect your system from all kinds of Malware attacks.
  • Always download apps from their official website or Google Play Store instead of unknown sources because many apps store are still offering the app.
  • Download applications of a reliable app developer. In addition, check the user ratings and reviews of the app before download.
  • Ensure that all the software installed in your system are updated frequently, including Oracle Java and Adobe.
  • Implement a three dimensional security policy in your organization, i.e. firstly understand your requirement based on which IT Security policy would be prepared accordingly. Secondly, educate your staff about the policy and finally enforce the policy.
  • Make sure you either implement MailScan at gateway level or enable Mail Anti-virus on endpoint in order to block extensions such as *.EXE, *.SCR, *.JS, *.VBE etc. These attachments would infect your system.
  • Open emails only if you are positive about the source.
  • Regularly create backup of your important files.

 

 

 

This entry was posted in eScan 11, eScan 14, MailScan, Security and tagged , , , , , , , . Bookmark the permalink.