The latest virus called Windows users TeslaCrypt attacking, blocking access to the files needed and demanding money for their re providing – Sophos experts warn.
TeslaCrypt was first detected in January 2015 in the laboratories of Sophos. Its operation is largely similar to CryptoLocker or CryptoWall, but its range covers much more files. The virus searches for the most valuable data on your computer, sorting them according to their kinds. The danger zone are especially photos, spreadsheets and documents Office. The latest version of malicious middleware can, however, much more – also searches for records of games, configuration data and maps.
Especially vulnerable are items such as Call of Duty, World of Warcraft, DayZ, Minecraft, Fallout and Diablo, as well as the information stored on Steam. This is not the end harmful software – TeslaCrypt also finds files associated with tax returns, personal finance software, Intuit Quicken and iTunes.
TeslaCrypt draws in many ways from a successful pattern created by fraudsters responsible for CryptoLocker. The program uses public key cryptography, which is the point of containing separate buttons for locking and unlocking files. The public key can be distributed to each szyfrującemu files, but only the private key can decrypt it later. TeslaCrypt generates a public-private keys on their own servers, and then sends the public key to malware placed on your computer. As a result, malicious software can connect to the data on the computer, but the key needed to decrypt them never recorded on the device – do not have it or a disk or even in memory. To access the files, you need an additional private key, and to get it – you have to pay the ransom at a given time. The impending deadline reminds clock display on the screen. After this time, the private key is finally destroyed, and thus – no one is able to decrypt the files.
Just like the latest versions of CryptoWall and other followers CryptoLocker, TeslaCrypt demands payment in BitCoinach or other, largely anonymous payment systems such as Ukash. Warning screen provides a link to the page via Tor, which offers further instructions on how to pay. In addition, victims of software are encouraged to upload a single file, so to get one deciphered “for free”. This is the kind of evidence that is to convince the user that the scammers really are in possession of the private key, and after completion of the transaction fail to perform his part of the contract.
Why growing threat of ransomware programs? Software
ransomware is not really nothing new – the older form of the pest appeared many years ago. Its popularity is due to the extraordinary efficiency and cost-effectiveness, and therefore the more likely it becomes possible that soon will be a lot of new, improved variants of this type of virus. Although cyber criminals have developed many programs to make money from spam after stealing passwords and banking information, ransomware still offers the easiest profit.
The US Department of Justice estimates that the group speaking a type viruses CryptoLocker earned an estimated $ 27 million in just two months after the first attack, which took place in September of 2013. In view of the fact that so many of the victims were willing to pay for access to the files (according to the survey of more than 40 per cent. Of the victims), further attacks are almost certain.
How to protect against pest?
TeslaCrypt moves through spam, malicious attachments via e-mail or through links to other websites that charge a ransomware so that filtering and anti-virus software could not track down them. First, the program contacts the server to generate an encryption key pair of public-private. A new generation of firewalls and anti-malware software that can detect this type of suspicious traffic, they can already at this point to stop malware. However, if you become a victim of the pest and do not want to pay the ransom, the only solution is to use a backup, because the RSA encryption used by this type of virus is too strong to be broken without adequate access keys. Having a backup of valuable files is a fundamental principle of safe use of the computer. You should also remember that each backup should also save on other media, eg. An external drive.
No comments:
Post a Comment