New Windows 10 scam will encrypt your files for ransom

Discussion in 'Members News Depot' started by Spider, Aug 4, 2015.

  1. Spider

    Spider Super Moderator Staff Member

    Joined:
    Feb 3, 2015
    Messages:
    285
    Likes Received:
    74
    Trophy Points:
    28
    Location:
    Chicago, IL
    A cautionary tale in being patient, and not skipping the line.

    [​IMG] By Zack Whittaker for Zero Day | August 3, 2015 -- 18:12 GMT (11:12 PDT) |

    [​IMG]
    Ransomware known as CTB-Locker. (Image: Cisco/Talos Group)

    Just days after Microsoft released its latest operating system, hackers have begun targeting soon-to-be Windows 10 users with an emerging kind of malware.

    Cisco security researchers are warning users against opening email attachments purporting to be from the software giant. The "ransomware" malware, which encrypts files until a ransom is paid, is being sent as part of an email spam campaign.

    In a blog post, Cisco researcher Nick Biasini said the attackers are "impersonating Microsoft in an attempt to exploit their user base for monetary gain."

    The emails claims its attachment includes an installer that allows users to get the new operating system sooner.

    "The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign," said Biasini.

    Once a user downloads and opens the attached executable file, the malware payload opens, encrypting data on the affected computer, and locking the owner out.

    Often, the user is forced to pay in bitcoin, which is far more difficult to trace than using a traditional bank account. And, because attackers are communicating with a command server over the Tor anonymity network, it makes them almost impossible to trace.

    Biasini said the malware payload, called CTB-Locker, is being delivered at a "high rate."

    "The functionality is standard however, using asymmetric encryption that allows the adversaries to encrypt the user's files without having the decryption key reside on the infected system," said Biasini.

    That means that there's no clear way to get the decryption key until the ransom is paid.

    Ransomware attacks have been on the increase since the start of 2015 as a quick, easy, and often near-untraceable way to generate vast sums of money in a short space.

    In more than a year, a division of the FBI received almost 1,000 complaints related to crypto-locking malware, costing consumers $18 million in losses.
     
  2. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,342
    Likes Received:
    1,279
    Trophy Points:
    113
    Get Macrium Reflect and make regular images of your systems. The paid version even allows incremental backups. Even the FREE version is excellent and supports UEFI booting with Surfaces. Awesome!
     
    Spider and leeshor like this.
  3. Spider

    Spider Super Moderator Staff Member

    Joined:
    Feb 3, 2015
    Messages:
    285
    Likes Received:
    74
    Trophy Points:
    28
    Location:
    Chicago, IL
    I'd also suggest you keep your backups offline, except while updating them. My friend was hit by CryptoLocker and the six external hard drives he had online at the time were also encrypted by it.:(
     

Share This Page