No time to lose vigilance
Perhaps there isn‘t a day which passes without hackers releasing new ransomware. Observing latest trends in the ransom world, several ransomware families dominate. After a short break, Locky ransomware continues terrifying the virtual community with its latest edition Ykcol.
CryptoMix developers published Shark ransomware whose name intertwines with Shark RaaS ransomware released last year. In addition, cyber villains have managed to corrupt CCleaner v5.33 version which foisted malware to more than 2 million users.
Ransomware you should be especially wary of
Since 2016, Locky does not retreat from its position as one of the most destructive ransomware. Along with Cerber, which has maintained unusually low profile recently, it remains to be headache for the virtual community.
At the moment, it is still undecryptable. Furthermore, its campaign, IKARUS.dilapidated, presents some new peculiarities which raise more concern. Locky or Ykcol uses Necurs botnet to bombard users with malicious spam campaigns. The malware replaces in a .7z folder which includes a VBS script.
The developers intend to spark users curiosity with the following content:
Could you please let me know the status of the attached invoice? I appreciate your help!
Later on, counterfeited credentials of a representative of certain company are indicate to grant more credibility. IT experts warn users not to open similar emails without verifying the identity of a sender.
While it is possible to evade such felony, company employees might find it more challenging. Some samples of Locky target company servers with the messages containing supposed scanned pictures of a printer. However, if company employees indeed tend to send emails with similar content, they might fail identify Ykcol or Lukitus (another Locky variation) menace. Double-checking will might save you from the threat.
Another troublesome ransomware family is CryptoMix. The racketeers keep releasing new samples almost every week. Though this peculiarity is indeed alarming, CryptoMix versions do not differ much. The latest one, Shark version, appends its distinctive .shark extension to the encrypted data. The malware uses an astonishing number of 11 RSA-1024 keys to encrypt the AES key which encodes users’s data.
Consequently, it grants the malware capability to function offline. Other improvements are minor – _HELP_INSTRUCTION.TXT file indicates new [email protected], [email protected], or [email protected] emails in case users encounter technical difficulties.
Anti-malware tool delivers malware
Besides ransomware threats, the virtual community was struck with astonishing news this week: the well-known CCleaner anti-malware tool downloaded backdoor into operating systems. The malware developer managed to use legitimate digital certificate copy which allowed the corrupted version to slip past the malware detection system. More than 2 million users were said to have downloaded the corrupted version.
After settling on the system, the infection connects to a remote Command and Control data and transmits technical details about an infected system. Further analysis revealed that the initial mission of the backdoor malware was to infect Microsoft, Sony, Cisco Talos and other major companies. At the moment, the malware is removed from the version. Make sure you update to v.5.34 version if you have been using the tool.
On the final note, you should employs several prevention techniques. While it is nearly impossible to avoid malware when it is wrapped in the cover of a legitimate app, retain vigilance and update your system as well as key security tools daily.