Thursday 14 January 2016

Ransomware: A Badly-Coded New Malware That Can Destroy Your Files


Ransomware: A Badly-Coded New Malware That Can Destroy Your Files

A malware that restricts the users to access the infected computer system and demands some amount of ransom that is paid by the user to the malware operators to gain access is known as “Ransomware”. 

There are many different forms of this malware “Ransomware”.  It may infect the computer system in two ways:

  • It may systematically encrypt files on the system’s hard drive. It is impossible to decrypt it without gaining the encryption key for which we have to pay some ransom.
  • Some may simply lock the system with a display message.

A home-made ransomware named as Hidden Tear was created by a Turkish security group on GitHub(code of ransomware)for educational purposes. In actual it was a Honeypot to fool ransomware authors so that they can’t create their own  code and instead of that they use this code. It uses AES encryption and as it’s a new malware it enables to evade conventional AV platforms.
If any of the ransomware authors use the Hidden Tear code then it becomes easy for the researcher to decrypt files because it contains the crypto flaw.

The creator was very explicit about not using Hidden Tear as ransomware:
While this may be helpful for some, there are significant risks. The Hidden Tear may be used only for Educational Purposes. Do not use it as a ransomware! You could go to jail on obstruction of justice charges just for running hidden tear, even though you are innocent.
Ransomware Hidden Tear

A Brazilian hacker hacks a website from Paraguay in between September 15 to Dec 17  that distribute ransomware detected as RANSOM_CRYPTEAR.B, and that malware was created by using the modified Hidden Tear code. Again on December 18 hacker redirects, this website to a fake site of Adobe Flash and there was a prompt box displaying a message to download it, and once the download completed files will run automatically. After, then the desktop user changes into an image with a text in the Portuguese language along with a ransom note demanding R$ 2,000.00 (US$496. 94 as of Jan. 11) via Bitcoin, is also written in Portuguese(Message is given below).

There was one unique thing happened that after paying a ransom money also the user was unable to recover his file because the generated key gets lost within the valid file.

Also in last November, a version of the Power Worm ransomware also lose its encryption key, permanently locking user files as well.

To prevent your system from this malware just watch the below video:

Image Source:


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer