Skip to content or view mobile version

Home | Mobile | Editorial | Mission | Privacy | About | Contact | Help | Security | Support

A network of individuals, independent and alternative media activists and organisations, offering grassroots, non-corporate, non-commercial coverage of important social and political issues.

Ransomware Viruses – A Growing Threat

James Gordon | 26.11.2015 14:58 | Technology

Ransomware is a computer virus that encrypts system and personal files and asks for payment. Ransomware may propagate in different ways, but commonly as a Trojan by entering a PC through a downloaded file, email or a vulnerability in a network or website.

Ransomware may propagate in different ways, but commonly as a Trojan by entering a PC through a downloaded file, email or a vulnerability in a network or website. It’s important to note, that paying for the required money does not ensure that the users can access the infected system. The demanded money vary, ranging from $USD 20 to more than $USD 1000.

After entering the system, ransomware runs in various ways. It may appear as a simple display of fake warning notice that sometimes imitate the warning notices issued by law enforcing agencies or as a gift.

Ransomware message may claim that the infected PC contains illegal content (pirated software or multimedia or porn or it has been used for unlawful activities. Some ransomware payloads falsely state that a computer's installation and activation is fake by imitating product activation notices.

By the action they perform, ransomware viruses can be categorized into two main types. First are those that encrypt files with an encryption key and the second type of ransomware just locks the system screen.

The first type encrypts documents, spreadsheets and other important files. Where in the second type, the malware shows a full-screen notification, preventing the victim from using their system (mostly web browsers) making it unresponsive to all commands. This notification shows the instructions on how the victims can pay to recover their computer system. Some of the examples of ransomware are given bellow.

In a case of encrypting files, the ransomware also installs spyware that may steal Bitcoin wallets and passwords.

Cryptowall is a major ransomware Trojan for now. It targets Windows mostly. It first appeared in 2014. In September 2014, one strain of it circulated as part of a malvertising campaign on a network named Zedoad. This strain targeted several major websites; the ads (redirected to rogue websites) used a browser plugin to download the payload. Cryptowall 4.0, which the most recent version, uses a JavaScript written payload as an attachment to an email, which downloads executables hidden as JPG images. This ransomware creates special fake svchost.exe or explorer.exe to communicate with its servers.

During only one month in 2015, nearly one thousand people reported Cryptowall infections to the authorities, and at least 19 million dollars were lost because of these Cryptowall attacks.

Crypt0L0cker is another encryption ransomware which appeared in late 2013. It generates a 2048-bit RSA key, uploads it to a command & control server, and encrypt files changing file extensions. If a payment was not made, usually within three days of the infection, the ransomware threatens the victim to delete the private key. Crypt0L0cker uses extremely large key due to which infected files are considered extremely difficult or impossible to repair.

Approximately 3 million dollars was lost by the victims of this malware before it was shut down.

James Gordon

Upcoming Coverage
View and post events
Upcoming Events UK
24th October, London: 2015 London Anarchist Bookfair
2nd - 8th November: Wrexham, Wales, UK & Everywhere: Week of Action Against the North Wales Prison & the Prison Industrial Complex. Cymraeg: Wythnos o Weithredu yn Erbyn Carchar Gogledd Cymru

Ongoing UK
Every Tuesday 6pm-8pm, Yorkshire: Demo/vigil at NSA/NRO Menwith Hill US Spy Base More info: CAAB.

Every Tuesday, UK & worldwide: Counter Terror Tuesdays. Call the US Embassy nearest to you to protest Obama's Terror Tuesdays. More info here

Every day, London: Vigil for Julian Assange outside Ecuadorian Embassy

Parliament Sq Protest: see topic page
Ongoing Global
Rossport, Ireland: see topic page
Israel-Palestine: Israel Indymedia | Palestine Indymedia
Oaxaca: Chiapas Indymedia
Regions
All Regions
Birmingham
Cambridge
Liverpool
London
Oxford
Sheffield
South Coast
Wales
World
Other Local IMCs
Bristol/South West
Nottingham
Scotland
Social Media
You can follow @ukindymedia on indy.im and Twitter. We are working on a Twitter policy. We do not use Facebook, and advise you not to either.
Support Us
We need help paying the bills for hosting this site, please consider supporting us financially.
Other Media Projects
Schnews
Dissident Island Radio
Corporate Watch
Media Lens
VisionOnTV
Earth First! Action Update
Earth First! Action Reports
Topics
All Topics
Afghanistan
Analysis
Animal Liberation
Anti-Nuclear
Anti-militarism
Anti-racism
Bio-technology
Climate Chaos
Culture
Ecology
Education
Energy Crisis
Fracking
Free Spaces
Gender
Globalisation
Health
History
Indymedia
Iraq
Migration
Ocean Defence
Other Press
Palestine
Policing
Public sector cuts
Repression
Social Struggles
Technology
Terror War
Workers' Movements
Zapatista
Major Reports
NATO 2014
G8 2013
Workfare
2011 Census Resistance
Occupy Everywhere
August Riots
Dale Farm
J30 Strike
Flotilla to Gaza
Mayday 2010
Tar Sands
G20 London Summit
University Occupations for Gaza
Guantanamo
Indymedia Server Seizure
COP15 Climate Summit 2009
Carmel Agrexco
G8 Japan 2008
SHAC
Stop Sequani
Stop RWB
Climate Camp 2008
Oaxaca Uprising
Rossport Solidarity
Smash EDO
SOCPA
Past Major Reports
Encrypted Page
You are viewing this page using an encrypted connection. If you bookmark this page or send its address in an email you might want to use the un-encrypted address of this page.
If you recieved a warning about an untrusted root certificate please install the CAcert root certificate, for more information see the security page.

Global IMC Network


www.indymedia.org

Projects
print
radio
satellite tv
video

Africa

Europe
antwerpen
armenia
athens
austria
barcelona
belarus
belgium
belgrade
brussels
bulgaria
calabria
croatia
cyprus
emilia-romagna
estrecho / madiaq
galiza
germany
grenoble
hungary
ireland
istanbul
italy
la plana
liege
liguria
lille
linksunten
lombardia
madrid
malta
marseille
nantes
napoli
netherlands
northern england
nottingham imc
paris/île-de-france
patras
piemonte
poland
portugal
roma
romania
russia
sardegna
scotland
sverige
switzerland
torun
toscana
ukraine
united kingdom
valencia

Latin America
argentina
bolivia
chiapas
chile
chile sur
cmi brasil
cmi sucre
colombia
ecuador
mexico
peru
puerto rico
qollasuyu
rosario
santiago
tijuana
uruguay
valparaiso
venezuela

Oceania
aotearoa
brisbane
burma
darwin
jakarta
manila
melbourne
perth
qc
sydney

South Asia
india


United States
arizona
arkansas
asheville
atlanta
Austin
binghamton
boston
buffalo
chicago
cleveland
colorado
columbus
dc
hawaii
houston
hudson mohawk
kansas city
la
madison
maine
miami
michigan
milwaukee
minneapolis/st. paul
new hampshire
new jersey
new mexico
new orleans
north carolina
north texas
nyc
oklahoma
philadelphia
pittsburgh
portland
richmond
rochester
rogue valley
saint louis
san diego
san francisco
san francisco bay area
santa barbara
santa cruz, ca
sarasota
seattle
tampa bay
united states
urbana-champaign
vermont
western mass
worcester

West Asia
Armenia
Beirut
Israel
Palestine

Topics
biotech

Process
fbi/legal updates
mailing lists
process & imc docs
tech