Search This Blog

Monday, April 4, 2016

Malware - Ransomware (Week 4)

Malware is a nonspecific term referring to diverse forms of malicious software based on their function: viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other. For sometime, the latest craze has been ransomware. Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems or to get their data back. 

Three US hospitals have been infected with ransomware within the last three weeks: Chino Valley Medical Center and Desert Valley Hospital in California and Kentucky Methodist Hospital. The last thing anybody want to see is something like this:



The latest ransomware type attack was identified by Trend Micro that has been named Petya, which is delivered to victims who believe they are linking to a resume stored on a cloud storage site like DropboxThe ransomware overwrites the affected system's hard drive master boot record (MBR) in order to lock out users. The process of overwriting the MBR of the system and putting the ransom note in the startup process of the machine makes this variant of ransomware unique. The scam starts with the attackers using phishing emails disguised to look and read like an applicant seeking a job. The email provides a link to a Dropbox storage location. The email is supposed to link to the applicant's resume, but instead the link is connected to a self-extracting executable file that unleashes a trojanThe cybercriminals asked for 0.99 Bitcoins to unlock the computer. 

Trend Micro Senior Global Marketing Manager, Jon Clay, stated that "users can avoid infection by improving their email security and implementing messaging solutions that employ advanced detection features specific to phishing and socially engineered emails." Mr. Clay is suggesting that users obtain behavior based applications that scan incoming email and their attachments. However, most product on the market for individuals are signature based, these only know threats that have already been identified virus how the malware is working, access it attempts, etc. These behavior based solutions are for corporate uses through appliances such as SOURCEfire and Sophos.   

Since these solutions are not widely available for individuals, there are other methods that can protect their system. One solution is to implement a web reputation control like OpenDNS. Open DNS automatically categories website: social, parked domains, uncategorized, sports, entertainment, etc. Most infected websites are parked domains and uncategorized. Utilizing this tool can help prevent your devices from going to a bad site. However, this tool itself wouldn't have protected against this particular attack, but is very helpful when surfing the web in general. Another solution, is to install virtual machine application. Virtual machine software allows a user to run a guest operating system. It can be setup in different was: live boot and persistent. Persistent is where it stores data just like your normal operating system; thus if infected it stays infected, however you can take a snapshot prior to surfing the web and role back to a pristine image. As for a live image, the data is wiped when it is turned off or rebooted. Malware is also delivered heavily through ads on website. In addition to the other controls, ad blocks such as "adblock" work well. As stated on 3/27/16 posting (Meatware), humans are the weakest link because it is their actions that compromise the system. It is difficult for users now-a-days to determine if a well crafted email is legitimate. These are technical controls to help users, however a user needs to have a questioning attitude. 

References: 
  
Abel, R. (2016). UPDATE: Petya ransomware leverages Dropbox and overwrites hard drives. Retrieved April 03, 2016, from http://www.scmagazine.com/petya-ransomware-overwrites-mbrs-and-leverages-cloud-services/article/485833/?utm_medium=email

No comments:

Post a Comment