Latest Ransomware Threats in 2017
Ransomware threats have been around for long affecting users around the world. These threats are designed and spread around the world affecting millions of users every year. The recent in the list is “WannaCry” which has affected thousands of users around the world. It is another stereotype ransomware variant which locks up victim’s system demanding a ransom to free it up. There have been numerous ransomware threats around in 2017. Let’s discuss some of them here.
WannaCry Ransomware: This recent threat has affected multi-thousand users worldwide. WannaCry aka WannaCrypt aka WannaCryptor 2.0 is designed to affect your system by exploiting its vulnerabilities called EternalBlue as reported by NSA. It locks up your system until the user agrees to pay the ransom. It demands around $300 in the form of Bitcoin from the victim. If you don’t pay, hackers threaten you to permanently delete your data. It attacks users in multiple ways including phishing emails and on unpatched computers as a computer worm. It demands ransom in Bitcoin cryptocurrency and provides you complete detail about how to buy it and Bitcoin address where you are required to send this amount. Bitcoin is majorly decentralized and unregulated currency thus cyber criminals use it mostly to avoid trace.
Philadelphia Ransomware: The Philadelphia ransomware is from the Stampado family. It is designed to target the healthcare organizations. It is spread via spear-phishing emails, which are sent to the different hospitals with a message body of a shortened URL which directs you towards a personal storage space. This storage space is designed to serve a weaponized DOCX files with the logo of victim healthcare organization. Once you click on the link it starts spreading on your system.
It further contacts its Command & Control (C&C) server and shifts all the information of the targeted system like operating system information, system language, country and username of machine. It then generates a victim ID, ransom price and Bitcoin wallet ID to send it to the victim. It uses AES-256 encryption technique and demands ransom of 0.3 Bitcoins. It encrypts your files with different extensions like .doc, .avi, .bmp, .7z, .pdf etc. It uses an asymmetric encryption algorithm that creates a public (encryption and private (decryption) keys during encryption and locking the files.
Quick tip: To deal with ransomware threats you can use one impressive tool called “Ransomware Protector” which offers extensive data security. It maintains a data backup on regular intervals from multiple devices. It uses standard encryption to ensure that your data is safe from any breach. It ultimately makes your data access and sharing easy for you.
Kirk Ransomware: Kirk ransomware was discovered recently on March 16th, 2017. It is themed after most popular and well known Start Trek series. Kirk is designed to target around 625 file types. It scans your C drive to encrypt specific extensions. Once it encrypts the file, further it adds an extension called “.kirked” to the encrypted file. It is believed to be the first ransomware threat which demands Monero digital currency as ransom. It sends a ransom note to compromised systems asking for transferring Monero currency to Monero wallet and to write to email including information like wallet address and computer name to email@example.com or firstname.lastname@example.org.
It generally hides as the network stress tool called Low Orbital Ion cannon in your system. Once you execute it, ransomware generates an AES key to encrypt your files. It supports RSA-4096 to encrypt AES key, which is saved in a file called pwd needed for decryption. Once it completes the encryption it drops a ransom note on your system with a message.
Doxware: Doxware is the new breed to extortion-ware. It is designed to target and expose sensitive information of victim on the Internet. It harvests all information from user’s system and threatens to publish it on the Internet and to contacts in their address book. It is based on word “Dox” that means a practice of publishing private and sensitive user information on the Internet with a malicious intent. This information may include user’s name, address, phone numbers, credit card details, SSN and much more. So, when the person is “doxed” he is exposed to the world via Internet using its personal information. Though Doxware also includes some threat to the attacker as well. When they publish information on the open web it requires an access to servers or public file-sharing accounts which are traceable.
There have been more registered and unregistered ransomware attacks around the world in 2017. These threats are ever increasing affecting users around the world. You can look for certain precautions to deal with these real-time threats.