Ransomware: The Latest in Threats and Protection
Faster than the battle scenes of a Hollywood action flick come the latest iterations of ransomware. Before you can see one iteration, the next is hijacking your attention. So what to do? Bear in mind that ransomware exploits a finite set of human vulnerabilities. There are only so many ways that humans can be careless or hasty or greedy. That said, it does take practice and often education to learn to resist ransomware’s temptations, including the one to open an email while rushing through a pile them.
So let’s look at four top ransomware threats and how to avoid them. First, some cautions:
- Don’t be the hasty email user who opens a SPAM email containing an Osiris-infected Excel invoice.
- Don’t be the heedless Android user who picks up E while downloading apps outside the Google Play Store.
- Does anyone want to be the irresponsible Bit Torrent user who picks up Patcher while downloading pirated software?
- Don’t fall for the phishing emails that Dharma often uses to trick its way into peoples’ computers.
Now for some background on each of the four, and fixes:
- .Osiris In December 2016 the bad guys who developed the Locky Ransomware started encrypting highjacked files with the .osiris extension, writes Lawrence Abrams at Bleeping Computer. At the time of writing, Abrams stated that “it is not possible to decrypt the Locky Ransomware OSIRIS Variant” for free. Backups are necessary! However James Kramer at BugsFighter offers the Kasperskey RannohDryptor as a solution. For protection against future Osiris attacks he recommends “Malwarebytes Anti-Ransomware Beta along with EasySync Solutions”.
- Lockdroid.E How nasty does ransomware get? At Dark Reading, Kelly Jackson Higgins describes this Lockroid as one that “requires the victim [to] read aloud – via voice recognition – the code to free his or her infected mobile device.” And IT PRO says this variant could infect “up to 67 per cent of Android devices”. Protection? “The best way of avoiding Android ransomware”, says Catalin Cimpanu at Bleeping Computer,” is to avoid installing applications from outside the official Play Store, and by not giving mobile apps more permissions than they’re required to do their job.” For file recovery? Spy2War offers Lockdroid removal guidelines.
- Patcher On February 23 Jay Vrijenhoek at the intego Mac Security Blog reported that the new Patcher “file-encrypting ransomware program finds its way onto macOS systems through BitTorrent websites, masquerading as an Adobe Premiere CC or Office 2016 patcher.” And “if it makes its way onto your Mac and gets a chance to run, it will thoroughly ruin your week.” The ESET WeLiveSecurity blog ads that paying the demanded ransom will not get your files back because “there is no way for [the crooks] to provide a way to decrypt a victim’s files.” Best protection? Obviously, back up your data. And don’t mess with pirated software.
- Dharma Recently a Chi Networks Customer was infected by Dharma, a variant of the high-risk CrySIS ransomware virus, that came from the Legionfromheaven@india.com Dharma is distributed not only by phishing emails but also by RDP brute force hacking of Terminal Servers. We restored encrypted data from existing backups (the simplest way). When backups do not exist, the Kaspersky RakhniDecryptor, recently tested by Lawrence Abrams at Bleeping Computer, was found to work “flawlessly” in decrypting Dharma.
There you have just four of the more prominent current ransomware types. Are others bothersome to you? Let us know! In closing, a quick reminder: when infected by ransomware, the accepted best practice now, says the FBI, is to resist whenever possible the temptation to pay ransom, especially in Bitcoin.