Ransomware is a fairly new form of malware that most people are not aware of. In the past, it used to be a form of software that would run on a person’s computer without permission, and would display a full screen image that contained within it a message stating the computer is under lockdown and if the user wished to retrieve information, the user would need to send in a payment.
Instructions on how to do so would then be listed thereafter.
Antivirus makers quickly created workarounds for much of this type of malware, and authorities eventually discovered the source of most of this type of software and blocked it from working. This diminished the threat in most places, at least for a while, but now it appears that ransomware is back, and it’s much more sophisticated this time around.
The new type of ransomware hitting computers is called “Onion” and it was discovered by the Russian-based security firm, Kaspersky Lab. So far, Onion has only showed up in Windows users in Russia and other eastern European countries.
A user is attacked by the Onion ransomware when the user opens an e-mail and clicks on a link that downloads an Andromeda bot onto the device. Once the bot is officially on the system, it receives a command to download and launch Joleee. In the past, Joleee was used to distribute spam, but the Onion developers reconfigured it to instead launch Onion.
Once Onion is up and running, it begins encrypting the files on the computer by using Elliptic Curve Diffie-Hellman (ECDH) cryptography; this is interesting because standard cryptomalware methods use an AES+RSA combination. The problem antivirus experts run into with ECDH is that it’s pretty much bulletproof; that is, information still cannot be retrieved even if they’re able to intercept the communication line between the malware and its C&C server.
But that’s all the background stuff. On the screen, a user sees a splash display that states all of the computer’s files are encrypted. For verification, the user can review a list of these files and confirm their names. The message goes on to state that for the files to be saved, the user must pay a ransom of 0.159999 bitcoins which, at their current value, is equal to approximately $93. If they don’t do this, then the key to unlock their files will be destroyed.
Adding to the layers of difficulty built into Onion is that ransom payments are sent to Tor, an anonymity network. This makes it all but impossible for authorities to follow the money trail to the source of the ransomware.
While Onion is a local issue right now, experts predict it’s only a matter of time before it spreads globally. As antivirus experts are now aware of the malware, a global effort is underway to disrupt the threat and locate the people who created it.
In the meantime, security experts advise users to avoid clicking on links from unknown sources, and to back up all important files onto removable media.
Story via phys.org
Learn more about Electronic Products Magazine