RANSOMWARE MADE EASY: How To Save The Day Part 2

Today’s Leading Ransomware Strains

As a business owner, you know Ransomware is a threat to individuals and businesses alike. As a business owner, it’s important for you to know the latest ransomware developments and whether specific verticals are being targeted. The more informed you are, the better you can protect your business data. There are a variety of forms of ransomware proliferating today. The following is not meant to be an exhaustive list, but it will give you an idea of what is out there potentially affecting your business.

CryptoLocker: Ransomware has been around in some form for over a decade, but came to prominence in 2013, with the rise of the original CryptoLocker malware. While the original was shut down in 2014, the approach has been widely copied. So much so, in fact, that the word CryptoLocker has become nearly synonymous with ransomware.

Cerber: Cerber targets cloud-based Office 365 users and is assumed to have impacted millions of users using an elaborate phishing campaign. This type of malware emphasizes the growing need for SaaS backup in addition to on premises.

CryptoWall: CryptoWall first appeared in early 2014, and variants have appeared with a variety of names, including: Cryptorbit, CryptoDefense, CryptoWall 2.0 and CryptoWall 3.0, among others.

Crysis: Crysis is a new form of ransomware that can encrypt files on fixed, removable, and network drives and it uses strong encryption algorithms and a scheme that makes it difficult to crack within a reasonable amount of time.

CTB-Locker: The criminals behind CTB-Locker take a different approach to virus distribution, outsourcing the infection process to partners in exchange for a cut of the profits. This strategy allows the malware to achieve large volumes of infections and generate huge profits for the hackers.

Jigsaw: Jigsaw encrypts then progressively deletes files until ransom is paid. The ransomware deletes a single file after the first hour, then deletes more and more per hour until the 72-hour mark, when all remaining files are deleted.

KeRanger: KeRanger is not widely distributed at this point, but it is worth noting because it is known as the first fully functioning ransomware designed to lock Mac OS X applications.

LeChiffre: “Le Chiffre”, which comes from the French noun “chiffrement” meaning “encryption”, is the main villain from James Bond’s Casino Royale novel who kidnaps Bond’s love interest to lure him into a trap and steal his money. GREAT name. Unlike other variants, LeChiffre needs to be run manually on the compromised system. Cyber criminals automatically scan networks in search of poorly secured remote desktops, logging into them remotely and manually running an instance of the virus.

Locky: Locky is typically spread via an email message disguised as an invoice. When opened, the invoice is scrambled, and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption. The spam campaigns spreading Locky are operating on a massive scale. One company reported blocking 5 million emails associated with Locky campaigns over the course of two days.

TeslaCrypt: TeslaCrypt also uses an AES algorithm to encrypt files. Typically distributed via the Angler exploit kit, this ransomware targets Adobe vulnerabilities. TeslaCrypt installs itself in the Microsoft temp folder.
When the time comes for victims to pay up, victims are given options for payment: Bitcoin, PaySafeCard and Ukash. And who doesn’t love options?

TorrentLocker: TorrentLocker isn’t new to the malware scene but the 2016 version is more destructive than ever. Like the mono-nucleousis of ransomware, TorrentLocker, in addition to encrypting files, collects email addresses from the victim’s address book to spread malware beyond the initially infected computer/ network.

ZCryptor: ZCryptor is a self-propagating malware strain that exhibits worm-like behavior, encrypting files and also infecting external drives and flash drives so it can be distributed to other computers.

Thank you for joining on this series on NATURAL DISASTER SURVIVAL GUIDE FOR BUSINESSES Part 2. If you would like more information on Data Backup and Disaster Recovery, download your Free Business Advisory Guide Here.

Don’t worry about some sales person calling you from our office because you downloaded information off our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.


 If you would like to chat about this, or anything call us at 503.359.1275

Dedicated to your success,

Wally Moore
dts|infotech . . . computer networks that work