Pinterest Stumbleupon Whatsapp
Advertisement

Ransomware is a bit like sand. It gets everywhere, and makes your sandwiches crunchy. Okay, perhaps not the latter. But ransomware is invasive, and can encrypt more than you think. Having your personal files destroyed is painful enough without ransomware attacking your backups, too.

There are several ransomware variants that not only attack your main hard drive, but any other system drive. Cloud drives aren’t removed from the firing line, either. The time has come — you need to consider exactly how you backup your files, as well as where those backups are kept.

Ransomware Hits Everywhere

We know a ransomware attack can be devastating. Ransomware is a particular nuisance because of the files it targets: photos, music, films, and documents of all types, just to name a few. Your hard drive filled with personal, work, and business files is a primary target for encryption. Once encrypted, you’ll encounter a ransom note demanding payment — usually in almost untraceable Bitcoin What Is Bitcoin: The MakeUseOf BitCoin Guide What Is Bitcoin: The MakeUseOf BitCoin Guide Whether you just want to find out more about BitCoin or to actually use the currency, you'll want to check out "Virtual Currency: The BitCoin Guide", the latest manual from author Lachlan Roy. Read More — for the safe release of your files.

And even then, there is no guarantee you will receive the encryption key or a decrypt tool.

CryptoLocker

The CryptoLocker ransomware is one such variant CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker is a type of malicious software that renders your computer entirely unusable by encrypting all of your files. It then demands monetary payment before access to your computer is returned. Read More that encrypts more than just your local hard drive. It first appeared in 2013, propagating via infected email attachments. Once CryptoLocker is installed on a system, it scans the local hard drive for a specific list of file extensions. Furthermore, it scans for any connected drives, be that a USB or network drive.

Advertisement

A network drive with read/write access will be encrypted in the same way as a local hard drive. It presents a challenge for businesses where employees access shared network folders.

Luckily, security researchers liberated a copy CryptoLocker Is Dead: Here's How You Can Get Your Files Back! CryptoLocker Is Dead: Here's How You Can Get Your Files Back! Read More of the CryptLocker victim database, complete with every single encryption key. They created the Decrypt CryptoLocker portal to help victims decrypt their files Beat Scammers With These Ransomware Decryption Tools Beat Scammers With These Ransomware Decryption Tools If you've been infected by ransomware, these free decrypting tools will help you unlock and recover your lost files. Don't wait another minute! Read More .

But by their own admission, they “basically got lucky,” swiping the victim database during the global take-down of the enormous Gameover Zeus botnet 3 Essential Security Terms You Need to Understand 3 Essential Security Terms You Need to Understand Confused by encryption? Baffled by OAuth, or petrified by Ransomware? Let's brush up on some of the most commonly used security terms, and exactly what they mean. Read More .

Evolution: CryptoFortress

CryptoLocker emerged and claimed over 500,000 victims. According to Dell SecureWorks’ Keith Jarvis, CryptoLocker may have extorted as much as $30 million in its first 100 days of operation ($150 million if all 500,000 victims paid their $300 ransom). However, the CryptoLocker takedown wasn’t the beginning of the end for network driver mapping ransomware.

CryptoFortress was discovered in 2015 by respected security researcher Kafeine. It has the appearance and approach of TorrentLocker TorrentLocker Is A New Ransomware Down Under. And It's Evil. TorrentLocker Is A New Ransomware Down Under. And It's Evil. Read More , but one crucial advancement: it can encrypt unmapped network drives.

Normally, ransomware retrieves a list of mapped network drives e.g. C:, D:, E:, and so on. It then scans the drives, comparing file extensions, then encrypts those that match. In addition, CryptoFortress enumerates all open network Server Message Block (SMB) shares — and encrypts any that are found.

And Then Came Locky

Locky is another ransomware variant Your New Security Threat for 2016: JavaScript Ransomware Your New Security Threat for 2016: JavaScript Ransomware Locky ransomware has been worrying security researchers, but since its brief disappearance and return as a cross-platform JavaScript ransomware threat, things have changed. But what can you do to defeat the Locky ransomware? Read More , infamous for changing each file extension to .locky, as well as targeting wallet.dat — Bitcoin wallets. Locky also targets local files and files on unmapped network shares, completely scrambling files names in the process. This scrambling makes the recovery process a more difficult proposition.

As of yet, Locky has no decryptor available.

Ransomware in the Cloud

Ransomware has surpassed our local and network physical storage, transcending into the cloud. This presents a significant issue. Cloud storage is regularly touted as one of the safest backup options. Keeping your data backed up, away from your local and immediate network shares should provide isolation. Unfortunately, certain ransomware variants have removed that security.

The RightScale State of the Cloud report found 82 percent of enterprises were using multi-cloud strategies. A further study (Slideshare ebook) by Intuit found 78 percent of small businesses will be fully in the cloud by 2020. The drastic migration of businesses big and small makes cloud service creates a well-defined target for ransomware purveyors.

Ransom_Cerber.cad

Malicious actors will find a way in. Social engineering and phishing emails are the primary tools, and they can be used to evade solid security controls. Trend Micro security researchers found a specific ransomware variant named RANSOM_CERBER.CAD. It is used to target home and business users of Microsoft 365, the cloud and productivity platform.

The Cerber variant is able to “encrypt 442 file types using a combination of AES-265 and RSA, modify the machine’s internet Explorer Zone Settings, delete shadow copies, disable Windows Startup Repair and terminate processes” including Outlook, The Bat!, Thunderbird, and Microsoft Word.

Furthermore, and this is behavior exhibited by other ransomware variants, Cerber queries the affected system’s geolocation. If the host system is a member of the Commonwealth of Independent States (former Soviet Union countries such as Russia, Moldova, and Belarus), the ransomware will terminate itself.

The Cloud as an Infection Tool

The Petya ransomware first emerged in 2016. It was notable for several things. First, Petya can encrypt a PC’s entire Master Boot Record (MBR), causing the system to crash to a blue screen. This renders the entire system essentially unusable. On reboot, the Petya ransom note is displayed instead, showing a skull and demanding payment in Bitcoin.

petya ransomware lock screen

Second, Petya was spread to some systems through an infected file hosted on Dropbox, posing as resume. The link is disguised as the applicant’s details, whereas it actually links to a self-extracting executable that installs the ransomware.

In a turn of luck, an unidentified programmer managed to crack the Petya ransomware Will The Petya Ransomware Crack Bring Back Your Files? Will The Petya Ransomware Crack Bring Back Your Files? A new ransomware variant, Petya, has been cracked by an irate victim. This is a chance to get one over on the cybercriminals, as we show you how to unlock your ransomed data. Read More encryption. The crack is capable of revealing the encryption key needed to unlock the MBR and release the captive files.

Using a cloud service to spread ransomware is understandable. Users have been encouraged to use cloud storage solutions to backup data because it offers an additional layer of security. Safety is central to cloud service success. This faith can now be cruelly exploited, with peoples belief in the security of the cloud turned against them.

Ransomware Gets Everywhere

Cloud storage, mapped and unmapped network drives, and local files remain vulnerable to ransomware. This isn’t new. However, malicious actors actively targeting backed-up files does increase the level of worry. In turn, it means additional precautions must be taken.

Keeping a separate, offline backup Protect Your Data From Ransomware With These 5 Steps Protect Your Data From Ransomware With These 5 Steps Ransomware is scary, and if it happens to you, it can make you feel helpless and defeated. That's why you need to take these preemptive steps so you don't get caught off guard. Read More of important files is now vital to both home and business users. Do it now — it might be the action that helps you restore your vitals following an unexpected ransomware infection, from an equally unexpected source.

Have you had cloud storage infiltrated by ransomware? What did you do? What is your favored backup solution? Share your cloud storage security tips with our readers below!

Image Credits: iJeab/Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *