6 Ransomware threats to look out for in 2016

There’s no question that Ransomware has made its mark on the IT community—Cryptowall alone led to $325 million in damages in 2015. As we move into late 2016, we’re seeing that the Ransomware isn’t growing much more complex, but it’s growing in variety. Below are 6 new forms of ransomware to be aware of in 2016.

Biggest Threats of 2016

 

Cerber

Cerber is contracted by opening a downloaded file from a questionable email or website. It targets Windows users, but only those located outside Russia or the former Soviet Union (otherwise Cerber deactivates without harming files). Cerber is very common and known to be linked with ransomware-as-a-service attackers.

Solution:
There is no current solution for Cerber outside of prevention and data backup.
 

CryptXXX 3.0

Cryptxxx 3.0 is contracted by opening a downloaded file from a questionable email or website. It targets Windows users, and it comes packaged with a module that steals credentials, so that they can draw money from your account even if you refuse to pay the ransom.

Solution:
There is no current solution for Cryptxxx outside of prevention and data backup, but it is known that Adobe Flash and Adobe Reader are popular entry points, so remember to keep your software patched and up to date!
 

Dogspectus

Dogspectus is a form of Android ransomware contracted from infected websites, which downloads a file that automatically installs itself (no user input required). It only affects Android systems older than version 5, but instead of encrypting individual files for a ransom, it merely locks the user out until a ransom is paid.

Solution:
There is no current solution for Dogspectus outside of prevention and data backup.
 

Fantom

Fantom is contracted by opening a downloaded file from a questionable email or website. It targets Windows users, and once the file reaches your computer, it opens a window disguised as a Windows Update prompt. If the user approves the prompt, Fantom begins encrypting files, marking them with a .fantom extension, and leaving ransom notes throughout your computer.

Solution:
Currently Fantom has not been cracked, and there is no simple solution outside of prevention and data backup
 

Locky

Locky is contracted through malicious spam email. It targets Windows users, and it’s designed to fool many forms of antivirus software.

Solution:
There is no current solution for Locky outside of prevention and data backup, but Trustwave suggests modifying your inbound email policy to block inbound .js attachments and macro-enabled Office documents.
 

Petya

Petya is contracted by opening a downloaded file from a questionable email or website. It targets Windows users, and when run, it rewrites the master boot, which prompts a system restart, locking the user out, and delivering a message that files have been encrypted.

Solution:
Thankfully, an Petya has been cracked by a developer who created a decryption password generator, available here.

Share it wiht your team

There is still no blanket solution for ransomware, so it’s critical to use a strong backup solution and keep your team trained to spot malicious emails and webpages, and instructed on how to respond when you think you’ve contracted ransomware.

Posted in Business, Innovation, Security and tagged , , , .
Featured image:

About

Daniel Proczko has been working with organizations and individuals to build & grow the entrepreneur community of Kalamazoo, MI. From organizing TEDx events, hack-a-thons, and documentary screenings to engaging with business leaders, Dan strives to inspire individuals with new ideas and better thinking. Having always been interested in tech and understanding the value of innovation through IT, communicating the importance of strategic IT thinking is one of Dan's primary goals within Newmind Group.