Unusual Ransomware Types

Unusual Ransomware Types
Photo : Michael Geiger via Unsplash

Crypto ransomware is a big threat to home users, enterprises, critical infrastructure companies, and governments around the globe. The ubiquitous online extortion epidemic zeroes in on people's personal data and organizations' proprietary records and pressures victims into coughing up Bitcoins for recovery. Ever since the prototype of present-day ransomware called CryptoLocker surfaced in 2013, the attack workflow has been invariable for years: encrypt files on a target's local and network drives and then demand money in exchange for the decryption key.

However, the crooks are in perpetual search of new ways to make more money. As the mainstream ransomware market is highly competitive, innovative and offbeat things are taking root in this cybercrime ecosystem. Below is a list of some incidents that stand out from the crowd.

TV ransomware 

What seemed to be science fiction yesterday is today's reality. Researchers spotted a piece of ransomware infecting Android-based LG Smart TVs. The malicious code called FLocker displayed a rogue FBI-themed warning screen on top of an infected TV's standard interface and demanded a fee for unlocking. It came bundled with a multimedia app downloaded from an unofficial resource. The Trojan turned out persistent enough to prevent victims from resetting the plagued TV.

IoT thermostats are vulnerable, too

The Internet of Things (IoT) is still a major low-hanging fruit for threat actors. A group of white hat hackers from the UK created proof-of-concept ransomware that infects smart thermostats. Taking the floor at the DefCon event held in Las Vegas, Andrew Tierney and Ken Munro of Pen Test Partners LLP demonstrated how easy it is to execute ransomware on such devices, set arbitrary temperature and demand money to get control back.

Mac ransomware gaining momentum

Ransomware targeting macOS is not a new phenomenon, but it is still less common than its Windows counterparts due to the robustness of the platform's security architecture. However, a sample called Patcher gets around these defenses in the blink of an eye. Its downloader is camouflaged as a crack tool for Adobe and Office suites. Instead of patching the software as promised, though, it encrypts a victim's valuable data and requests Bitcoin for recovery. The worst part about this malware is that the crypto implementation is crude and buggy. Therefore it may be impossible to decrypt hostage files even if the ransom is paid.

By the way, the first-ever fully-fledged macOS ransomware campaign involving the KeRanger strain was much more professionally orchestrated. The infection chain involved a booby-trapped BitTorrent installer and featured flawless encryption.

Spora Trojan with quality tech support

The Windows ransomware known as Spora is backed by an exemplary business model. Most legit organizations cannot boast tech support practices as streamlined as those established by the operators of Spora. The customers, or rather victims, can use a live chat embedded in the decryption service site to get their queries addressed within minutes. What is more, the crooks offer those infected a discount if they leave good feedback for their "service." Another exciting thing is that the online payment console provides victims with several pricing plans to choose from.

Ransomware affecting databases

Cybercriminals have been trying their hand at hijacking databases since 2017. This disconcerting campaign initially targeted unsecured MongoDB servers, taking their content hostage and demanding Bitcoin for recovery. The number of contaminated databases around the globe reached hundreds of thousands. The subsequent few waves of these attacks hit Hadoop, CouchDB, ElasticSearch, and MySQL servers.

Website ransomware on the rise

The emergence of perpetrating programs that hold website content for ransom became another milestone in ransomware evolution. Strains like Linux Encoder and CTB Locker for websites started popping up several years ago and now pose one of the biggest security concerns for web admins. These infections typically leverage vulnerabilities in out-of-date Content Management Systems to perform SQL injection, circumvent authentication, access a site's database, encrypt data in it, and replace the homepage with a ransom note. WordPress, Joomla, Magento, and Drupal are the CMS platforms most heavily exploited by ransomware architects.

Protection tips

To protect yourself against ransomware, whether it is a commonplace or out of the ordinary, be sure to stick with the following simple recommendations:

  • Treat spam emails with caution and never open suspicious attachments sent by someone you do not know.

  • Configure the email system to filter incoming messages with potentially harmful files on board. These include objects with the following extensions: .exe, .js, .docm, .vbs, .bat, .cmd, .pif, .rar, and .zip.

  • Organize access to the organization's local network using VPN services. In this case, there is no need to open ports directly to the server. To establish a VPN connection, you can use various applications and even hardware equipment.

  • Make backups of your organization's critical data regularly. This security practice helps reduce the damage from any ransomware attack to a minimum.

  • Define new Software Restriction Policies to make sure no processes are automatically executed from AppData, UserProfile, or Temp folders. Doing so is useful because most ransomware samples drop their executables into these particular paths.

  • Use the Next-generation firewall solution. It blocks outbound traffic and therefore prevents ransomware from interacting with its Command and Control server.

  • Treat mobile devices with care. Some ransomware families use phone tracker apps to collect login and other sensitive data. 

  • Use reliable antimalware and keep it up to date.

  • Patch and update OS and other software on endpoints and servers. Centralized patch management is one of the best security approaches for organizations if they want to avoid vulnerabilities.

In case your company is infected - we cut down the server. Take out hard drives, connect them to a healthy computer and check what survived and what can be saved. If there is nothing to save, restore the backup of the operating system from the image or install it from scratch. You can seek help with dedicated forums like Bleeping Computer and try numerous free decryption tools. 

Conclusion

To wrap up, keep in mind that most ransom Trojans proliferate in an old-school way. They arrive with spam, so a little bit of paranoia with fishy-looking emails won't hurt. Also, do not underestimate the importance of data backups as they pose the most efficient plan B in any ransomware attack scenario.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.
* This is a contributed article and this content does not necessarily represent the views of itechpost.com

Tags

Company from iTechPost

More from iTechPost