carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · May 16, 2016

Two new ransomware threats you need to know about

April was the one of the worst months ever for ransomware infections in the U.S., and the attacks are showing no signs of slowing down, according to researchers at security solutions firm Enigma Software Group.

“The experts at ESG looked at more than 65 million malware infections detected by its software in the US since April 2013,” the company wrote in a ransomware alert posted on its website.  They found that ransomware in April 2016 more than doubled the total from March 2016. Additionally, ransomware made up a larger percentage of overall infections in April than in any other month in the last three years.

It’s never been more important to remain vigilant and take steps to protect your home and business computers before malicious hackers lock up your files. It’s also important to stay informed. Here’s a quick look at some of the latest developments in the battle against ransomware:

Petya ransomware gets a partner in crime
Petya ransomware has a nasty new ally in its mission to take your data hostage. Ladies and gentlemen: Meet Mischa, a new version of ransomware that steps in wherever Petya fails.

Back in March, Petya began making the rounds, and it stood out because of the creative way in which it goes after data. Rather than lock up the victim’s files directly, Petya encrypts the master file table (MFT) that NTFS disk partitions use to store information about file name, size and location, according to security researchers at BleepingComputer.com.

Before it encrypts the MFT, Petya switches out the machine’s master boot record with malicious code that renders the computer unable to boot and displays a ransom note. In order to accomplish this, Petya needs to get administrator privileges. It does this by hijacking the User Account Control (UAC) feature in Windows and asking users for permission.

In the past, when Petya failed to obtain administrator privileges, it would discontinue attempts to take over the computer. But now Petya has Mischa. And Mischa ransomware encrypts the user’s files directly – an action it can accomplish without administrator privileges. Mischa is a fallback measure that boosts Petya’s strength by giving the ransomware one last shot at succeeding.

A Twitter user known only by the handle @leostone recently created a decryption tool that lets victims of Petya get their files back without paying the requested $400 ransom. Security researchers at BleepingComputer.com then created a guide on how to use the tool successfully. Currently, however, there is no decryption tool available for victims of Mischa ransomware.

'Talking' malware attacks on the rise
Incidents of Cerber ransomware attacks have been rising sharply since April, researchers at cybersecurity solutions firm FireEye reported last week.

FireEye reports that Cerber, the malicious software that famously uses text-to-speech technology and a creepy voice to read its ransom note to victims, is becoming more successful by using the same spam distribution infrastructure as the highly effective Dridex virus that began spreading last fall.

“By partnering with the same spam distributor that has proven its capability by delivering Dridex on a large scale, Cerber is likely to become another serious email threat similar to Dridex and Locky,” FireEye researchers warned. “This is in addition to the fact that Cerber is already known to be delivered through exploit kits. We advise users to be cautious when opening documents and other files from unknown senders, especially when asked to enable macros.

Read about five reasons why ransomware remains a serious threat.

Author

Mark Brunelli

Senior Writer

Mark Brunelli is a Senior Writer on the Corporate Marketing team at Carbonite. He blogs about Carbonite happenings and IT industry trends.

Related content