Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 28 May, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Researchers detect new and improved Cryptowall ransomware

by The Gurus
October 3, 2014
in Editor's News
Share on FacebookShare on Twitter

A new version of the Cryptowall ransomware may be about to hit businesses and consumers, with suspicion that the first version was just a test.
 
According to research by F-Secure, the first samples of ransomware calling itself “CryptoWall 2.0” were spotted in the wild. It said that CryptoWall 2.0 appears to use a new packer/obfuscator with an increased amount of anti-debugging and anti-static analysis tricks. However upon infection, CryptoWall 2.0’s payload is almost identical to the samples seen in the original version earlier this summer.
 
Sean Sullivan, security advisor at F-Secure, told IT Security Guru that the different packer/obfuscator on the shell is the same, but the outside is different, meaning that static detection will not detect it and a modern anti-virus that runs an emulated sandbox will detect it.
 
“For most organisations, that repacking and obfuscation will be a problem,” he said. “The unique obfuscation would be spotted by our product and not let it run, but businesses do not like a cloud query and it is usually locked down by firewalls. Businesses don’t use the modern features and are not protected; consumers would be if they have the latest and greatest technology.”
 
Asked if those who were protected against the first version would be protected here, Sullivan said they would from the core if their anti-virus runs a sandbox, as the behavioural engine would be able to detect it.
 
“One layer should be able to detect it, but it depends on how good the anti-virus is at looking at the individual layers,” he said. “A lot of businesses rely on the static signature layer, which is not really good enough.”
 
Troy Gill, manager of security research at Appriver, said that it had seen the recent push of Cryptowall and since the 1st October, it had quarantined just over five hundred thousand of these messages, which is obviously only a small portion of the actual traffic from this group.
 
He said: “Since businesses rely heavily upon signature-based malware detection, unfortunately it is still possible for those protections to be evaded. In this case the original email contains a smaller ‘dropper’ type program.
 
“Once the dropper has gained a foothold on the victim’s machine it will reach out to download additional malware. Cyber criminals are constantly repackaging their software in an attempt to evade anti-virus systems. So while the initial infection vector can change, the payload can remain the same.”
 
Asked if he felt that this would resurrect the trend of ransomware after a “strong” trend in early 2014, Sullivan said he felt it could as CryptoLocker’s distribution was cut off due to the GameOver Zeus takedown, and that suspended things.
 
“We are seeing a trend, as banks as protecting against man-in-the-middle attacks and the trend is moving from banking transactions being secure from client to server,” he said.
 
“The bad transactions are also blocked, so ransomware is an option as CryptoLocker did a job in the English language and it is a learning curve and once they manage that, they are off to the races as the money is on the table. The bots have been converted and it is the most effective way of monetising those bots that belong to consumers and small businesses.”
&
nbsp;
Gill said: “Ransomware, like Cryptowall, never really went away but there was a period of relative calm over the summer months. This ebb and flow of malicious activity is the norm in the malware underworld.
 
“Just like legitimate developers, malware authors need to take time to go through development phases as well. This new brand of aggressive style ransomware has proven quite effective, so it is not going anywhere any time soon.”
 
He recommended having solid security measures in place to protect against this infection and also maintain a backup system that can mitigate any damage caused by this malware(this goes for everyone and not just the enterprise).
 
TK Keanini, CTO of Lancope, said that regardless of the version, one thing that is true is that a proper backup of the file system on a regular basis is the best countermeasure. “These attackers are banking on the fact that no one practices good backup procedures,” he said.

FacebookTweetLinkedIn
Tags: CryptowallF-SecureRansomware
ShareTweet
Previous Post

Why no data is OK to lose

Next Post

JP Morgan Chase – another breach, where is the security?

Recent News

SnapDragon Monitoring scam advice

Tips to Protect Against Holiday and Airline Scams

May 25, 2023
Access Segmentation & Encryption Management from MyCena

New security model launched to eliminate 95% of cyber breaches

May 25, 2023
KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

May 25, 2023
Purple Logo, capitalised letters: SALT.

Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated

May 24, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information