Live
- WI vs Bangladesh Watch Controversial Banter Between Shakib and King
- EFLU Celebrates Bharatiya Bhasha Diwas
- Manchu Manoj Submits Bond of Rs. 1 Lakh to Rachakonda Commissioner
- Cuba denounces US 'theft' of Havana Club rum trademark
- Places of Worship Act: Mathura Shahi Eidgah mosque files intervention application in SC
- Violence erupts during 'Parbhani bandh'; MVA flays sacrilege to Ambedkar statue
- Addressing ethical challenges of AI, making social media accountable on fake news: Ashwini Vaishnaw
- Assam Congress to hold three-day review meeting to discuss bypoll debacle
- Indian pharma companies set to make further progress in US market in 2025: HSBC
- High Court Grants Relief to Mohan Babu, Orders Surveillance at Residence
Alert! Nemucod is out to rob you
The most reliable way to protect yourself from crypto ransomware is to backup files regularly, says Artem Baranov of ESET.The number of infected emails has grown exponentially, claims ESET, an IT security company. These infected emails contain a containing a malicious attachment, which downloads and installs ransomware onto the infected device. When opened, it encrypts victims’ files on their PCs
The most reliable way to protect yourself from crypto ransomware is to backup files regularly, says Artem Baranov of ESET.The number of infected emails has grown exponentially, claims ESET, an IT security company. These infected emails contain a containing a malicious attachment, which downloads and installs ransomware onto the infected device. When opened, it encrypts victims’ files on their PCs and requires a ransom for decryption. The malicious downloader is JS/TrojanDownloader. Nemucod has registered an unusually high incidence in Europe, North America, Australia and Japan.
According to ESET, Nemucod is spread via emails, which contain attached zipped files. Emails are written in a trustworthy way, claiming to be invoices, notices for appearance in court or other official documents. Attackers are just trying to get users to open the malicious attachment that contains a JavaScript file, which after it is opened, downloads and installs Nemucod to the victim’s PC. Nemucod is known for downloading a diversity of other malware available in-the-wild.
In layman’s language, if you are infected by Nemucod and ransomware, you may end up losing a fortune. To understand the threat better, TechGig.com caught up with Artem Baranov, malware researcher at ESET Russia. Excerpts from an interview:
How different is Nemucod from the previous ransomware downloaders that we have come across?
Nemucod is not a ransomware. It is a downloader, which is generally used by cybercriminals to deliver other malware to the victim’s system. In recent malware campaigns, we have noticed spread of ransomware named TeslaCrypt which doesn’t have any particular characteristics that would single it out of the many other ransomware variants targeting Windows. TeslaCrypt belongs to a class of ransomware that once executed begins to encrypt some types of files usually used to store images, videos, office files and more, launching the screen in the web browser that explains to the victims that they need to pay a ransom if they want to recover their personal files. This family of malware is called crypto ransomware. In case of Nemucod downloader, it is very much the same. There is nothing new or unique in that malware.
What new kinds of ransomware should we expect this year?
It is unlikely that anything new will appear in the ransomware scene. At this moment, the cybercriminals have already created a strong and effective tactics of forcing users to pay a fee (ransom). It includes symmetric and asymmetric file encryption (AES + RSA). AES uses symmetric keys (the same key is used to encrypt and decrypt information) while RSA is an asymmetric key cryptography, which means it uses two keys (one meant to encrypt the data and another to decrypt the data).
This allows cybercriminals to use distributed architecture, make encryption faster and assures that no one can get to the decryption key stored in a remote server. This trend will continue in 2016. However, it can be expected that attackers will focus on Apple OS X platform and Mac file encryption.
'Ransomware as a service' is a new term that has become a threat particularly in CIOs. Can you explain details of RaaS and how is it likely to infect users?
The term ransomware as a service (RaaS) is relatively new. It is not used widely yet as the number of ransomware using RaaS is still not that big. RaaS should be considered a model of organised cybercrime. It is not a different type of ransomware. The RaaS called Ransom32 is well-known. It uses a ransomware written in JavaScript. This ransomware distribution scheme has a particular feature -- one cybercriminal contacts the other in order to rent the ransomware, which means the bad guy does not need to write the malware. He can just rent it out. The scheme presumes paying commission to the lessor of the malware -- the actual developer of the ransomware. The delivery methods for Ransom32 are not different from any other ransomware. It is distributed using corrupted email attachments or compromising websites.
What are the ways in which one can keep away ransomware?
The most reliable way to protect yourself from crypto ransomware is to backup your files regularly. In case files are compromised, they can be quickly restored from the backup. The key measure is also the use of good antivirus software that helps prevent ransomware executables from being downloaded on a user's computer. You should also regularly update the operating system (OS) and all the software. Ransomware is often installed making use of vulnerabilities in the OS or the software. So updating your software often will significantly reduce the risk of being infected.
What to do when a user is already infected by ransomware?
It is not advised to pay a ransom to cybercriminals for restoring access to files. Most likely, after the payment is made, nothing happens and the victim remains as she/he was with all files encrypted, or else cybercriminals may ask to pay again. You should contact the technical support of the antivirus product you are using as specialists can help decrypt the files in those cases when it is possible.
Why is it that hackers are always ahead of the security solution providers when it comes to creating newer threats?
The antivirus industry has emerged as an answer to growing threats. It is a continuous cycle in which cybercriminals will almost always be one step ahead of antivirus companies that are forced to integrate new mechanisms of protection against emerging threats into their products.
Diksha Gupta, TechGig.com
