Ransomware overview – on-line updates

By
Sergey Babkevych
-
0
3279

Ransomware overview – on-line updates!

What is ransomware ?


Yakes-ransomwareRansomware is computer malware that installs covertly on a victim’s computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to restore it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it.

Upon compromising a computer, ransomware will typically either lock a user’s system or encrypt files on the computer and then demand payment before the system or files will be restored.

More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer’s Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.

 

What does ransomware do?

 

_88981406_petya_figure1There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.

They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.

Ransomware can:

  • Prevent you from accessing Windows.
  • Encrypt files so you can’t use them.
  • Stop certain apps from running (like your web browser).

Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys.

There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.

 

Big news  – No-More-Ransom project 2016

no-more-ransomThe “No-More-Ransom” project has just started, but we are continuously working with other security companies and law enforcement agencies to identify as many keys as possible, for as many variants as possible.  If you have some information that you think can help, please share it with us.

Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections.

The “No-More-Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection. The more parties supporting this project the better the results can be. This initiative is open to other public and private parties.

htts://www.nomoreransom.org

 

 

#1 On-line ransomware updates -link

https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#

 

#2 On-line ransomware updates -link

https://www.barkly.com/ransomware-recovery-decryption-tools-search

 

*The general advice is not to pay the ransom. By sending your money to cybercriminals you’ll only confirm that ransomware works,
and there’s no guarantee you’ll get the decryption key you need in return.

 

Good luck and stay safe!