1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Badly coded ransomware locks away data forever

Discussion in 'Security Updates' started by starbuck, Nov 9, 2015.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    6f9b4f9e8cadb3136917b64a1485f5e7.jpg

    Coding mistakes in a malicious program that encrypts data mean anyone hit by the Power Worm virus will not be able to recover files, say security experts.

    Usually viruses known as ransomware decrypt files when victims have paid a substantial fee.

    But one variant of Power Worm destroys keys that could help recover any data that it scrambled.

    The news comes as hackers produce ransomware that is aimed at websites and encrypts data sitting on servers.

    Cashing in

    Power Worm infects Microsoft Word and Excel files but the latest poorly written update of it goes after many more types of data files it finds on a victim's machine.

    Malware researcher Nathan Scott discovered the variant and uncovered the mistakes its creator made when updating it.

    Mr Scott believes the errors arose when the creator tried to simplify the decryption process. They tried to make it use just one decryption key but mangled the process of generating it.
    As a result, there is no key created for the files it encrypts when it compromises a computer.

    "There is unfortunately nothing that can be done for victims of this infection," wrote malware researcher Lawrence Abrams on the Bleeping Computer tech news website. "If you have been affected by this ransomware, your only option is to restore from a back-up."

    Mr Abrams said anyone hit by Power Worm should not pay the 2 bitcoin (about £500) ransom it asks for because they will not get any data back.

    392d762dfe0a84a9e1bf80bca2a249ac.jpg

    Ransomware is proving increasingly popular with hi-tech thieves and one group has now extended its list of potential targets to web servers that run Linux.

    Russian anti-virus firm Dr Web has discovered a novel ransomware variant called Linux.encoder that tries to infect sites via add-ons such as shopping systems that many of them use.

    Once it lands on a server, the software encrypts any files, images, pages, scripts and stored source code it finds on the machine's main and back-up directories. Linux.encoder leaves behind a text file detailing how victims can pay the 1 bitcoin ransom required to recover their data.

    "In the volume cybercrime space, ransomware is one of the most prolific problems we face," said Greg Day, chief security officer for Europe at Palo Alto Networks.

    "Credit card theft is getting to the point where the value of each card is very low. As a result ransomware has stepped into that gap and gives a higher value for each victim."

    Research by Palo Alto and industry partners suggests the well-known Crypto Wall family of ransomware has generated about $325m (£215m) for the gang behind it.

    "The return is so much better," Mr Day said. "That's why it's escalated to such a level."

    He said regularly backing up data would help people and companies avoid having to pay criminals if they got caught out by ransomware.


    Source:
    http://www.bbc.co.uk/news/technology-34765484
     
    starbuck, Nov 9, 2015
    #1

Share This Page