{"id":3582,"date":"2014-06-10T10:38:31","date_gmt":"2014-06-10T14:38:31","guid":{"rendered":"http:\/\/www.kaspersky.co.in\/blog\/?p=3582"},"modified":"2020-02-26T20:28:05","modified_gmt":"2020-02-26T14:58:05","slug":"ransomware-outbreak","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/ransomware-outbreak\/3582\/","title":{"rendered":"Cyber-extorters Encrypt Both PCs and Smartphones"},"content":{"rendered":"

Ransomware became one of the most convenient rackets for cybercriminals. On reading recent news on the GameOver Zues botnet<\/a> we found out that its owners were also actively distributing the CryptoLockerransomware<\/a>, which encrypts the victim\u2019s files and asks for ransom in a case when Zeus banking trojan<\/a> did not have any success while on rampage in your PC. A similar scheme is now gaining traction on smartphones: iOS-based devices are blocked with the help of the Apple\u2019s Find My iPhone service<\/a>, while for Android smartphones the culprits have coded a mobile version of Cryptolocker, Pletor.a<\/a>. Unfortunately, the news resources tend to serve such information lavishly seasoned with panic, and you are very likely to have seen headlines like \u2018Only Two Weeks to Protect Your Computers from a Dreadful Threat\u2019. You need not panic; just know your enemy and follow our protection action plan.<\/p>\n

\"ransomware\"<\/a><\/p>\n

<\/h3>\n

Why Cryptolocker and its likes are dangerous<\/h3>\n

Unlike previous examples of \u201cblockers<\/a>\u201c, which used to just block the PC screen to disturb your PC experience, cryptolockers, as is read in the name, encrypt the user\u2019s files.<\/p>\n

Even having managed to delete the malware, you cannot continue working with your files.<\/div>\n

It means that, even having managed to delete the malware, you cannot continue working with your files. A number of such lockers, owing to mistakes and imperfections in their code, are quite likely to be deciphered by third-party anti-virus utilities. With regard to better-crafted samples of cryptolockers, they use strong encryption and do not store the key on the affected PC, making user-initiated deciphering impossible, keeping this opportunity open only for the cybecriminals (who, obviously, demand $50-2000 for this \u201cservice\u201d). This approach is now used on Android devices: Back in May, we discovered the Pletor.a ransomware<\/a>, which is able to encrypt files stored on an SD card and place a threatening message on a display, asking for a ransom. Current Pletor versions do have the aforementioned flaw, so third parties (read: antivirus companies, e.g. us) are able to help the victim with file deciphering, but as of today, there are more than 30 modifications of this ransomware, and the version which does not allow for third-party deciphering, might be just around the corner.\u00a0<\/p>

New \u201cmilking\u201d scheme for cybercriminals: First, steal your banking credentials, then encrypt your files and demand a ransom.<\/p>Tweet<\/a><\/blockquote>\n

Also, last week in the US we have discovered a new version of mobile banking Trojan Svpeng<\/a>, which is evidently walking in GameOver Zeus\u2019s shoes. The current version is able to efficiently block the device, demanding a ransom. Additionally, the malware\u2019s code shows developers\u2019 intent to steal financial data from the smartphone and contains a link to a not yet implemented Cryptor method, which is likely to offer the file blocking capability to the cybercriminals. Curiously, not only do mobile Trojans encrypt the files, but blackmail the user with mailing the compromising text messages or photos along the victim\u2019s contact list. That means the bleeders now have one more trick in their sleeve.<\/p>\n

\"mobile-cryptolocker-1\"<\/a>
\n<\/strong><\/p>\n

\"mobile-cryptolocker-2\"<\/a><\/h3>\n

<\/h3>\n

Protecting your PC from Cryptolocker, PrisonLocker, Cryptowall and their likes<\/h3>\n