Surely, you have read the word ‘ransomware’, a type of malware that sows panic among those who suffer it and who has now become a little more famous after first affecting the operating system of Apple, OS X.
This type of code is especially harmful for those who are affected by it because whoever infects us requests a rescue in order to be able to access the affected information again. Suddenly we find that our service, our website or our computer are absolutely blocked, and only the cybercriminal responsible for the attack can free us … after payment of a sum of money.
The terrible hijacking of your data
The technique has been used for decades, and usually consists of encrypting the hard drive of the victim machine, which makes it impossible to access their services and data unless we have the key that protects that information.
In many cases, those who carry out the attacks make clear what has happened and how to proceed in such cases: an email address or certain websites to contact the cybercriminal and even the amount that we will have to pay for us to regain “Rescue” everything that was blocked with the attack.
Attacks that hijack our information have grown as much or more than other forms of malware, and it has become a juicy form of income from cybercriminals. According to a McAfee study, such threats increased by 58% in the second quarter of 2015, and the way to inject this type of code is as varied as the scenarios in which it is applied.
In fact, the threat is obvious to end users, but it is much more worrisome for companies that can also be affected by this type of attacks that can block the operation of a product or service. Attackers do not steal data as such, they simply leave them where they are but encrypted.
Encryption and Bitcoins as Bases of Attacks
To “free the hostages” we will need to make an electronic payment that is usually done with a system that is perfect for this area: bitcoins arrive, as the medium preferred by cyberattacks, since this type of transactions are not revocable and is very complicated Know who gets to receive that money at the other end.
It is also about targeted attacks specifically to a particular or an entity, and the problem is that the popularity of these attacks has made ransomware can be exploited practically by anyone with some technical basis, as malware developers have developed Tools that precisely facilitate attempts to introduce ransomware on any machine.
There are already well-known cases of ransomware: a recent article on the Sophos blog reminded us that fearsome systems like Teslacrypt, TorrentLocker, Chickens Brothers (no joke) or the infamous Cryptowall (currently considered by many to be “version 4.0”) Have made the revenues for cybercriminals particularly high year after year.
You may also like to read: Five ways to generate disposable information to protect your identity on the Internet
How do we get infected?
As explained by Sophos experts, in the case of Cryptowall, which is analogous to other systems of this type, small files are installed in various key folders in our system – the application data directory, the startup directory and even some directory with A random name – that simply connect to a remote server controlled by the cybercriminal.
In that connection, you get the key that encrypts the contents of our hard disk, and for example in the case of Cryptowall 4 what is done is to focus on the application data directory and creating a registry entry to load into Every restart or logon.
From there, the encryption tasks begin, which in the case of Cryptowall 4 are especially damaging: the AES encryption algorithm is usually used and each file has a different encryption that makes even two identical files look different if one looks at the content Encrypted.
In the case of Cryptowall 4, the file names are encrypted to make life even more complicated, and although each file may have a different encryption key, they can all be decrypted with the same master key, one that is logically in Possession of cybercriminals and that is what we will get if we pay that ransom.
What to do to protect yourself?
It is impossible to be 100% sure that we will be free of threats, but we can take a series of steps to protect our systems and our computers. The first of them, keep our applications updated and also our operating system.
That first basic rule should be complemented by other, also logical, measures. Among them, the use of some type of antivirus that is updated and check our system regularly. Here the security solution makers try to compete with their own alternatives, but since attackers renew their techniques it is impossible to have the full guarantee that one or another solution will help us protect ourselves at all.
It will not hurt to return to common sense and avoid the download of documents and files suspected of even more suspicious senders, but as always one of the key methods to avoid problems later is to have backups of our data, and here We can help both cloud services and external storage systems that in fact we do not have connected to our computer at all times so that they are not affected.
There are other measures that we can take as the so-called Cryptolocker Prevention Kit that generates a series of group policies and that prevent ransomware from being installed in its usual directories. Beware of using the Tor network and the deep web – here the attacks are more frequent – and also with shared network folders, to which we should give access permissions only by the system administrator except when we need read access And writing, which we must activate and deactivate after these operations.