April was the one of the worst months ever for ransomware infections in the U.S., and the attacks are showing no signs of slowing down, according to researchers at security solutions firm Enigma Software Group.
“The experts at ESG looked at more than 65 million malware infections detected by its software in the US since April 2013,” the company wrote in a ransomware alert posted on its website. They found that ransomware in April 2016 more than doubled the total from March 2016. Additionally, ransomware made up a larger percentage of overall infections in April than in any other month in the last three years.
It’s never been more important to remain vigilant and take steps to protect your home and business computers before malicious hackers lock up your files. It’s also important to stay informed. Here’s a quick look at some of the latest developments in the battle against ransomware:
Petya ransomware gets a partner in crime
Petya ransomware has a nasty new ally in its mission to take your data hostage. Ladies and gentlemen: Meet Mischa, a new version of ransomware that steps in wherever Petya fails.
Back in March, Petya began making the rounds, and it stood out because of the creative way in which it goes after data. Rather than lock up the victim’s files directly, Petya encrypts the master file table (MFT) that NTFS disk partitions use to store information about file name, size and location, according to security researchers at BleepingComputer.com.
Before it encrypts the MFT, Petya switches out the machine’s master boot record with malicious code that renders the computer unable to boot and displays a ransom note. In order to accomplish this, Petya needs to get administrator privileges. It does this by hijacking the User Account Control (UAC) feature in Windows and asking users for permission.
In the past, when Petya failed to obtain administrator privileges, it would discontinue attempts to take over the computer. But now Petya has Mischa. And Mischa ransomware encrypts the user’s files directly – an action it can accomplish without administrator privileges. Mischa is a fallback measure that boosts Petya’s strength by giving the ransomware one last shot at succeeding.
A Twitter user known only by the handle @leostone recently created a decryption tool that lets victims of Petya get their files back without paying the requested $400 ransom. Security researchers at BleepingComputer.com then created a guide on how to use the tool successfully. Currently, however, there is no decryption tool available for victims of Mischa ransomware.
FireEye reports that Cerber, the malicious software that famously uses text-to-speech technology and a creepy voice to read its ransom note to victims, is becoming more successful by using the same spam distribution infrastructure as the highly effective Dridex virus that began spreading last fall.
“By partnering with the same spam distributor that has proven its capability by delivering Dridex on a large scale, Cerber is likely to become another serious email threat similar to Dridex and Locky,” FireEye researchers warned. “This is in addition to the fact that Cerber is already known to be delivered through exploit kits. We advise users to be cautious when opening documents and other files from unknown senders, especially when asked to enable macros.