By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Surface Laptop and Surface Pro are now available
    12 months ago
    Emotet’s Uncommon Approach of Masking IP Addresses
    10 months ago
    Scam e-mails from “cloud-mining platform”
    6 months ago
    Latest News
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
    4 days ago
    Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
    5 days ago
    Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
    6 days ago
    Agent Tesla’s Unique Approach: VBS and Steganography for Delivery and Intrusion
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro released and the 128 GB version already sold out at the online Microsoft Store [Updated]
    12 months ago
    Windows 11 build 22622.590 (KB5017846) outs in the Beta Channel
    12 months ago
    How to protect computer from virus and hackers on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    7 months ago
    Now you can speed up any video in your browser
    7 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    8 months ago
  • How To
    How ToShow More
    Welcome to Birthday Week 2023
    Welcome to Birthday Week 2023
    17 hours ago
    A new wave of innovation with Edge, your AI-powered browser
    2 days ago
    Curator can help you with PC Game Pass picks
    2 days ago
    Cloudflare Email Security now works with CrowdStrike Falcon LogScale
    Cloudflare Email Security now works with CrowdStrike Falcon LogScale
    4 days ago
    New! Rate Limiting analytics and throttling
    New! Rate Limiting analytics and throttling
    6 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to find out what games your computer is pulling?
    11 months ago
    Winamp Skin Museum
    11 months ago
    How to view saved password in Safari on iPhone and iPad?
    11 months ago
    Latest News
    How to use image layers on Paint for Windows 11
    5 days ago
    How to disable Copilot on Windows 11 (completely)
    1 week ago
    How to blur image background in Photos for Windows 11
    1 week ago
    How to hide text from screenshots on Snipping Tool for Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: Kaspersky Lab expert Andrey Pozhogin answers questions about ransomware
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Kaspersky Lab expert Andrey Pozhogin answers questions about ransomware

Vitus White
Last updated: 13 October
Vitus White 12 months ago
Share
13 Min Read

The problem of ransomware isn’t getting better. Recent examples of wide-spread ransomware attacks, including CoinVault, CryptoLocker, and others indicate that cybercriminals are increasing their use of these types of attacks. However, despite the increase in ransomware attacks, a recent Kaspersky Lab survey found that only 37% of companies consider ransomware a serious danger.

Kaspersky Lab expert Andrey Pozhogin answers questions about ransomware

Andrey Pozhogin, cybersecurity expert at Kaspersky Lab, provides his expertise on the growing trend of ransomware attacks, how a ransomware attack operates, consequences associated with paying the ransom, and what home users and companies can do to protect themselves.

1. What is ransomware?

Ransomware is a type of malware used as a digital mechanism for extortion. It is a type of software to block access to a computer system until a ransom is paid. CryptoLocker, CryptoWall, CoinVault, TorLocker, CoinVault, TeslaCrypt and CTB-Locker are all examples of ransomware.

#TeslaCrypt 2.0 disguised as #CryptoWall https://t.co/vBy9PKo2Cx #GReAT #research pic.twitter.com/f6mxNGAPVq

— Kaspersky Lab (@kaspersky) July 14, 2015

2. Who are the victims of ransomware?

The average consumer and both large and small businesses can be victims of ransomware. Cybercriminals do not discriminate, and often times are looking to impact as many users as possible to reap the highest financial gain.

3. How does a ransomware attack work?

A ransomware attack is typically delivered via an email that includes an attachment that could be an executable file, an archive, or an image. Once the attachment is opened, the malware is deployed on the user’s system. Ransomware could also launch on a user’s machine by visiting a website that has planted malware. Once on the site, a user unknowingly executes unsafe script (sometimes by clicking a link or downloading a file) and the malware is deployed to the system.

When a user’s machine is infected, nothing visible happens right away. The malware silently operates in the background until the system or data locking mechanism is deployed and engaged. Cybercriminals are becoming more and more skilled at developing ransomware that can operate without being noticed, and they have many tools and techniques at their disposal to ensure that the ransomware isn’t discovered by the victim. Then a dialogue box appears, that notifies the user of the data lock and demands that a ransom be paid to retrieve access to the data.

Ransomware news: A new spam campaign is pushing ctb-locker. Back those files up! – http://t.co/Q74hbq3Ah6 pic.twitter.com/5Pjd9csEJJ

— Kaspersky Lab (@kaspersky) May 2, 2015

When a user sees the dialogue box it is already too late to attempt to save data through security countermeasures. The cost demanded by cybercriminals during these attacks varies, but we have seen asking prices in the hundreds and sometimes thousands of dollars to decrypt the victim’s data.

4. Could you provide an example of a ransomware attack?

One example is TorLocker. This ransomware starts its infection by decrypting its data section with a 256-bit AES key – an encryption mechanism that is nearly impossible to crack – and launching on the user’s system. The first four bytes of this key are used as a unique sample ID, added to the end of the encrypted files. Then the malware is copied to a temporary folder, and a registry key for that copy’s autorun is created. Next, the malware conducts the following:

  • It searches for and terminates crucial system processes.
  • Deletes all system recovery points.
  • Encrypts the user’s Office documents, video and audio files, images, archives, databases, backup copies, virtual machine encryption keys, certificates and other files on all hard and network drives.
  • Launches a dialogue box that demands that the user pay a ransom to decrypt the data.

What’s troubling is that TorLocker infects each system in a unique way, so even if somehow a key to decrypt data is found, the key is not useful to decrypt data on other systems. The cybercriminals give users a certain number of days (typically 72 hours) to pay for a key to decrypt the data or their data will be lost. Cybercriminals typically offer many different payment methods, including Bitcoins and payment through third-party sites.

5. What are cybercriminals after when they execute a ransomware attack?

A key motivation for cybercriminals executing a ransomware attack is to extort money from victims; however, we are seeing that the average case of a ransomware attack against a business is quite damaging given that the target of an attack is typically the company’s intellectual property.

The #ransomware #epidemic: why you should be more concerned

Tweet

6. How prevalent are mobile ransomware attacks?

Mobile ransomware attacks are becoming much more prevalent. Mobile malware is moving toward monetization as more cybercriminals create malware capable of stealing and extorting money. In fact, the Kaspersky Lab Q1 Threat Report found that 23% of the new malware threats that were detected were created to steal or extort money.

In addition, Trojan-Ransom malware demonstrated the highest growth rate of all mobile threats. The number of new samples detected in Q1 was 1,113, which is a 65% increase in the number of mobile ransomware samples in our collection. This is a dangerous trend since ransomware is designed to extort money, damage personal data, and block infected devices.

7. What should users do if the system is already infected?

Unfortunately, in many cases, once the ransomware is launched, unless there is a backup or preventive technology in place, there is very little a user can do. However, sometimes it’s possible to help users  decrypt their data that has been locked by the ransomware without having to pay the ransom. Kaspersky Lab recently partnered with the National High Tech Crime Unit of the Netherlands’ police to create a repository of decryption keys and a decryption application for victims of the CoinVault ransomware.

Learn how to remove CoinVault ransomware and restore your lost files – http://t.co/OB02O372Yy pic.twitter.com/QjwzvIdKnz

— Kaspersky Lab (@kaspersky) April 17, 2015

In addition, I caution victims about using uncredited software that they’ve found on the Internet that claims to fix encrypted data. In the best case, this software is a useless solution and the worst case scenario is the software distributes additional malware.

8. If attacked, should one pay the ransom?

Many of victims are willing to pay to get files back. According to a survey conducted by Interdisciplinary Research Centre in Cyber Security at the University of Kent in February 2014, more than 40% of CryptoLocker victims agreed to pay. CryptoLocker has infected tens of thousands of machines and generated millions of dollars in revenue for the cybercriminals behind it. Moreover, a Dell SecureWorks report shows that the same malware rakes in up to $30 million every 100 days.

The best line of #defense against any #ransomware is to have backed up your machines yesterday. https://t.co/cpcBqX1Qy2

— Kaspersky Lab (@kaspersky) January 30, 2015

Paying the ransom is unwise; primarily because it does not guarantee that the corrupted data will be decrypted. There are also a number of ways things can go wrong even if one decides to pay the ransom, including bugs in the malware itself that make encrypted data unrecoverable.

In addition, if the ransom is paid, this validates to the cybercriminals that the ransomware is effective. As a result, cybercriminals will continue to find new ways to exploit systems and could lead to additional infections targeting that individual user or company.

9. How do users prevent a ransomware attack? Is backup enough to protect the data against cybercriminals?

It is impossible to decipher files encrypted with properly implemented and strong cryptography, so it is an important best practice to employ comprehensive security together with a robust backup solution as part of a sound cybersecurity strategy.

In addition, some ransomware variants are smart enough to also encrypt every backup they are able to locate, including those residing on network shares. That is why it is important to make “cold” backups (read and write only, no delete/full control access) that cannot be deleted by the ransomware.

How does Kaspersky Internet Security protect you from #ransomware? – http://t.co/7drBP7PWxL pic.twitter.com/f5BDXJOC47

— Kaspersky Lab (@kaspersky) May 23, 2015

Kaspersky Lab has also developed a countermeasure called the System Watcher module. System Watcher is able to keep local protected copies of files and revert changes made by crypto malware. This enables automated remediation and saves administrators the trouble of having to restore from backups and the burden associated with downtime. It’s important to have security technology installed and to make sure that users have this module running.

10. How do Kaspersky Lab solutions protect from unknown threats?

Our security solutions include the Kaspersky Security Network (KSN), which provides a response to suspected threats much faster than traditional methods of protection. KSN has more than 60 million Kaspersky Security Network volunteers worldwide. This security cloud processes over 600,000 requests every second.

Kaspersky users around the globe provide real-time information about threats detected and removed. This data and other research are analyzed by an elite group of security experts — the Global Research and Analysis Team. Their main focus is the discovery and analysis of new cyberthreats, along with predicting new types of threats.

Just how does the Kaspersky Security Network work? It's simpler than it sounds – http://t.co/4zKames5K2 pic.twitter.com/6IhPqfkW6T

— Kaspersky Lab (@kaspersky) May 14, 2015

While today’s threats are becoming more sophisticated, we have found that too many users – both on the corporate and consumer side – could improve their cybersecurity practices. What’s worse is that some are using either outdated or unreliable security solutions that do not provide them with the necessary protection.

As a result, it is important to choose the most effective protection available. In fact, just last year Kaspersky participated in 93 independent tests and of all the vendors taking part in these tests, Kaspersky Lab achieved the best results. Sixty-six times Kaspersky Lab was named in the Top 3 and 51 times was rated first place. Information security is in Kaspersky Lab’s DNA and we are always working to improve the effectiveness of our technology so our users are provided with the most reliable security solutions.


Source: kaspersky.com

Translate this article

TAGGED: Encryption, Malware, Networking, RC4, Security, Software, Split tunneling, Targeted Attack, Threat, Threats
Vitus White October 13, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Welcome to Birthday Week 2023
Welcome to Birthday Week 2023
Apps 17 hours ago
A new wave of innovation with Edge, your AI-powered browser
Windows 2 days ago
Curator can help you with PC Game Pass picks
Windows 2 days ago
Cloudflare Email Security now works with CrowdStrike Falcon LogScale
Cloudflare Email Security now works with CrowdStrike Falcon LogScale
Apps 4 days ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
Wordpress Threats 4 days ago

You Might Also Like

Welcome to Birthday Week 2023
Apps

Welcome to Birthday Week 2023

17 hours ago
Cloudflare Email Security now works with CrowdStrike Falcon LogScale
Apps

Cloudflare Email Security now works with CrowdStrike Falcon LogScale

4 days ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
Wordpress Threats

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)

4 days ago
Threats

Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog

5 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
Critical Vulnerability in Forminator Plugin
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme
How to download Windows 11 22H2 ISO after 23H2 releases
Previous Next

10 New Stories

Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
How to use image layers on Paint for Windows 11
New! Rate Limiting analytics and throttling
Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
Agent Tesla’s Unique Approach: VBS and Steganography for Delivery and Intrusion
Privilege Escalation Vulnerability in Essential Addons for Elementor
Previous Next
Hot News
Welcome to Birthday Week 2023
A new wave of innovation with Edge, your AI-powered browser
Curator can help you with PC Game Pass picks
Cloudflare Email Security now works with CrowdStrike Falcon LogScale
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?