跳到主体内容

Saving Private Files: what extortionists demand for decrypting user data

2015年3月12日

Computer users in many countries are increasingly falling victim to so-called encryption malware – programs that encrypt important data on infected computers and then demand a ransom to decrypt it.

Computer users in many countries are increasingly falling victim to so-called encryption malware – programs that encrypt important data on infected computers and then demand a ransom to decrypt it. In 2014, over 7 million attempts to carry out such attacks were made against Kaspersky Lab users alone. Kaspersky Lab experts have prepared an overview of the evolution of encryption malware, as well as advice on how to avoid being affected by this threat.

Encryption malware gets special attention because cybercriminals are continually changing the tools they use, including cryptographic schemes, code obfuscation techniques, executable file formats, and infection vectors. This type of malware is usually distributed via spam or attacks against remote administration systems. The persistence of this form of extortion is easily explained: unlike banking Trojans, which generate an ‘income’ only if the victim uses online banking, a piece of encryption malware, having once infected a computer, will always find something to encrypt and hold to ransom.

Cybercriminals prefer to be paid in the Bitcoin cryptocurrency, which offers them a sufficiently high level of anonymity. At the same time, it is common for attackers to specify their rates in real-world currencies, such as US dollars, euros or rubles. The cost of decrypting data for home users starts at 1000 rubles (about $15) but can be as high as several hundred dollars. If a corporate computer is infected, the attackers’ demands increase five-fold. Cybercriminals are known to have demanded ransoms as high as 5000 euros to decrypt files. Sadly, companies that have lost their data often prefer to pay up rather than lose important information. It comes as no surprise, therefore, that businesses are a prime target for cybercriminals who use encryption malware to make money.

“If files have been successfully encrypted and there is no backup copy, the user has little chance of getting their data back. It would take a mistake by the attacker in terms of the design or implementation of the encryption scheme for a user to be able to decrypt the files - and this rarely happens now. This is why it is important to regularly back up important data and store the backup copies separately from the computer system. We also recommend using the latest versions of security solutions for protection. The System Watcher module included in all our current products not only scans the processes launched in the system and identifies any malicious activity, but also backs up user files if a suspicious program attempts to access them. If the analysis of a program indicates it is malicious, user data is automatically recovered,” commented Artem Semenchenko, malware analyst at Kaspersky Lab.

The full version of the paper on encryption malware and its characteristics can be found on Securelist.

Saving Private Files: what extortionists demand for decrypting user data

Computer users in many countries are increasingly falling victim to so-called encryption malware – programs that encrypt important data on infected computers and then demand a ransom to decrypt it.
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻