Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Endpoint Security, a leading provider of Windows, Mac and Android SolutionsThirtyseven4 Endpoint Security, a leading provider of Windows, Mac and Android Solutions

 

 

Security Alert Ransomware: What you need to know

Definition: Ransomware is a form of malware developed to encrypt (prohibit access to) files on a computer with the sole intent of extorting money from its victims (paying a ransom to recover encrypted files).

Thirtyseven4 Endpoint Security, a leading provider of Windows, Mac and Android Solutions

The payment is usually requested in the form of direct credit card payments or via Bitcoins (online payment currency). 

Generally speaking there are two main classifications for ransomware, Encryptor (encrypts all important files and demands a ransom to decrypt files) and Screen Locker (locks an infected system, preventing proper access until a ransom is paid).  Most of the latest strains intercepted by the Thirtyseven4 lab fall under the Encryptor classification.  The top ransomware threats include, Cryptorbit, Cryptolocker, CryptoWall, PornoBlocker, ZedoPoo.

Ransomware is spread using social engineering tricks via social networking sites and email attachments. It is very similar to the infamous FBI Moneypak virus. Spammed email messages are the major contributor in ransomware propagation.

Ransomware targets file types that are most valuable to the user: documents, images, photos, etc.  While the file extensions ransomware targets can vary per variation, the general list of targeted file extensions for encryption include:

*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.pdf, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c

The following graphics show the events when trying to access an encrypted file:

Thirtyseven4 Endpoint Security, a leading provider of Windows, Mac and Android Solutions

Above:  Shows the error window displayed when attempting to open an encrypted file.


Thirtyseven4 Endpoint Security, a leading provider of Windows, Mac and Android Solutions

Above:  Shows the password prompt required to decrypt the file. In many ransomware cases, the developer of the malware claim a password would be sent if the desired ransom was paid.


Thirtyseven4 Endpoint Security, a leading provider of Windows, Mac and Android Solutions

Above:  Once the malware finishes encrypting the data, it will change the background wallpaper of the desktop to the image of the payment instructions.


Thirtyseven4 Endpoint Security, a leading provider of Windows, Mac and Android Solutions

Above: An example of CryptoLocker


Ransomware Detections Increasing

Malware writing is big business for cybercriminals, and ransomware creators are fully aware that millions of dollars were extorted in 2014 from helpless victims through this style of malware. 

Below are real world ransomware statistics, based on actual intercepted and prevented infections for Thirtyseven4 Endpoint Security users over the last few months

“Ransomware Detections” reflects the total number of ransomware detections for the month. In other words, Thirtyseven4 proactively prevented 136,990 infections in January 2015. 

“Cryptolocker.Susp Email attachments” is the number of malicious emails stopped by the Thirtyseven4 module Email Security though which ransomware infections propagate. 

The remaining entries reflect the virus signature associated with the top four ransomware family detections for the month. 

Thirtyseven4 Endpoint Security, a leading provider of Windows, Mac and Android Solutions

Thirtyseven4 Endpoint Security, a leading provider of Windows, Mac and Android Solutions


Thirtyseven4 Cryptobit Decryption Tool Stats

Another indirect gauge for monitoring ransomware activity is tracking the popularity of the Thirtyseven4 free Cryptobit decryption tool.  The Cryptobit decryption tool was made available to the public as a free tool in the Spring of 2014.

Below is a snapshot of the download data captured:

Number of downloads (as of February 17th, 2015):
232,337

Top 5- Countries requesting downloads (as specified by the user):
1. USA (47.80%)
2. Australia (7.71%)
3. India (5.50%)
4. Czech Republic (4.18%)
5. Italy (4.02%)

Top 5 - States requesting downloads (as specified by the user):
1. California (15.21%)
2. Florida (12.85%)
3. Texas (11.33%)
4. New Jersey (6.64%)
5. Illinois (5.18%)

Top 5 - Antivirus software installed at time of infection (as specified by the user):
1. AVG (19.03%)
2. Norton/Symantec (14.80%)
3. Microsoft/MSE/Forefront (11.18%)
4. Avast (10.42%)
5. Mcafee (8.93%)


Tips to avoid a ransomware infections

Installing strong antivirus software like Thirtyseven4 Endpoint Security (which includes the Behavior Detection System, as well as, other important proactive security modules such as Email Security and Browser Sandbox).

Proactive Protection Against CyptoLocker and Simailr Threats

Above: The graphic is the message displayed when the Thirtyseven4 Behavior Detection System proactively blocks a ransomware infection.


The following suggestions are also recommended:

- Ensure that all important software on your machine, such as the Operating System, Adobe Reader, Microsoft Office, and internet browsers (to name a few) are patched and up-to-date.

- Keep your machine’s security software up-to-date.

- Avoid clicking URLs and opening unsolicited email attachments, particularly from unknown sources.

- Be careful while using removal devices such as pen drives, external hard disks, etc. These devices may be coming from machines not protected by updated security software.

- Always keep a backup of all your important documents using a reliable backup software.

FacebookLike

Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4