Without a doubt, we are entering an entirely new era of cyber security and hacking. If you need any proof of this, all you need to do is scan the headlines of the latest news articles. Every other day, there is news about another cyber security crime that is making headlines. While some of these cyber security crimes are targeting large corporations, many of these crimes are after the individual. Therefore everyone, from large corporations to individual consumers, need to protect themselves against these attacks. Just recently, a new form of malware that can impact both corporations and consumers has been discovered.
Most recently, the malware experts of G DATA, which is a German security firm, have discovered an entirely new form of ransomware. This lock-ransomware works by utilizing a DoS-level lock screen. DoS stands for denial-of-service, indicating that the lock screen makes the computer and its network resources unavailable to the computer user. According to G DATA, the lock screen serves to prevent computer users from being able to access their files.
What is Ransomware?
Lock-ransomware is commonly referred to as lockers in the tech community. Before the advent of crypto-ransomware, lock-ransomware was the main type of ransomware used by hackers for attacks. While crypto-ransomware works by encrypting the files of the computer user, lock-ransomware works by blocking the user from being able to access his or her data.
When lock-ransomware is used, it typically places a lock screen at the desktop level. Therefore, the user has no way of accessing any files on his or her computer. However, in some cases, the lock-ransomware is specific to the browser window only. These types of ransomware are sometimes referred to as browser ransomware or browser lockers.
The main reason for the advent of crypto-ransomware is because lock-ransomware became so easy for computer users to deal with. Hackers had a much easier experience convincing their victims to pay to access the files if they used crypto-ransomware. In fact, due to the great prevalence of crypto-ransomware, many have considered it very strange to see new forms of lock-ransomware. The only exception to this rule is when it comes to mobile devices. Even today, lock-ransomware has proven itself very effective and efficient on mobile devices.
Targeting HR Departments
So far, hackers have been using this new Petya ransomware to target the human resources department of corporations across the world. The method used to target these human resource departments is spear-phishing campaigns.
Hackers send an email containing a link to a Dropbox file to HR employees. The employee is given the option of downloading the file, which is under the guise of the resume of an applicant.
How does Petya Ransomware work?
The file is named portfolio-packed.exe. The “.exe” extension indicates that the file is an EXE file, which can be executed. If the computer user makes the mistake of executing the file, the system crashes immediately and the computer user sees a Windows blue screen of death.
According to G Data, the lock-ransomware likely makes some changes to the MBR of the hard drive. These changes prevent the operating system of the computer from loading up. The boot process is essentially hijacked through these alterations.
Upon seeing the blue screen of death, the computer user has little choice but to restart the computer. After a fake check disk process, the computer will load the lock screen for the Petya ransomware. No matter how many times the computer user restarts his or her computer, it will always return to this screen. On the screen, there is a link that directs the computer user to the payment website of the ransomware. The user needs to buy a decryption key in order to decrypt his or her files. The payment website asks for about $400.
Since Petya ransomware utilizes both a lock screen and encryption, it can be considered a sort of hybrid form of ransomware.
As you can see, the tactics hackers are relying on to target unsuspecting computer victims are becoming more advanced and deceptive. Therefore, all computer users, from the employees of a vet clinic to the individual, need to work to educate themselves on cyber security. It is also important to keep anti-virus programs up-to-date to protect against these threats.
403Tech is one of the Top 50 Managed IT services companies in Canada.