Posts Tagged ‘decryption’

Apple Ransomware

Posted by

apple now targeted by ransomewareApple computers are not immune to malware vulnerabilities. A new form of malware called “ransomware” is targeting Apple’s Mac OS X operating system. Ransomeware is a computer virus that encrypts important data such as pictures, videos, music, and documents in order to “hold it for ransom” at an unsuspecting victim’s expense. If the victim pays the ransom then, hopefully, they would receive a key to decrypt their data, known as a decryption key. Unfortunately many times there is no decryption key and the victim loses not only their data but possibly up to $700 USD in ransom payment. The ransom payment transaction occurs using an anonymous payment method in order to conceal the identity of the scammer holding the data ransom so that there is no trace. Ransomware is usually spread via email attachments, peer to peer file sharing, and more recently removable devices such as external hard drives and USB flash drives.

While this is not the first time Apple computers have been vulnerable to malware attacks, such as the FBI virus a few years ago, a recent Reuters report revealed that ransomware was targeting Apple computers for the first time. Ransomware is already rampant on computers running the Windows operating system. Many variants of the trojan horse already exist such as Bitlocker, CryptoWall, Cryptorbit, and CryptoLocker or Crypto-malware. So far the ransomware has infected Apple computers via peer to peer file sharing networks using bit torrent.

There is no easy fix for the data that has been affected by the ransomware. Without the decryption key the data is scrambled to a point that it cannot be deciphered using current technology.

“The best way to protect your data from a ransomware attack is to have an archive backup of the important data on a computer” says South City Computer security expert Nestor Wheelock. “Because the archive is completely disconnected from the live file system the ransomware will not encrypt the data”. While this form of data backup service is complex and daunting to most computer users, South City Computer offers a service package that includes this type of backup service. If you need assistance setting up this type of backup service contact South City Computer or a local computer repair store near you.

ALERT: CryptoWall 3.0 ransomware. Backup or pay BIG!

Posted by

Crypto malware scrambles dataSince 2012 a very sophisticated new form of ransom-ware has been infecting millions of Windows computers. CryptoWall, Cryptorbit, and CryptoLocker or Crypto-malware is a Trojan horse that encrypts files on the compromised computer. The malware uses RSA 2048 bit encryption to scramble important data files using public/private key cryptographic technology making the data files unusable. The victim is instructed to pay a hefty ransom fee ranging from $150 to $750 USD using an anonymous bitcoin payment method to purchase the decryption key that will allegedly decrypt the users files. Even if the user pays the ransom, there’s no guarantee that the attacker will provide the decryption key needed to unlock their files.

After the CryptoWall ransomware seemed dormant for several months a more sophisticated new release known as CryptoWall 3.0 appeared this Monday and has already infected thousands of computers.

Can the malware be removed to get the data back?

While it may be possible to remove the virus from the infected computer, it will not unlock the encrypted files.

How does the ransomware get on the computer?

The ransomware is usually disguised as a fake Windows update for applications such as Adobe Reader, Adobe Flash Player or Java. These types of updates often appear as pop-up windows when the victim visits an unsafe website. The malware may also be distributed as a spam email attachment or as a device driver download from a compromised website.

Is an external drive or cloud sync drive safe?

The ransomware looks for important user files on the hard drive and any devices connected to the computer in order to do the most damage. The ransomware also encrypts files located in the computer users sync folders such as Google Drive or DropBox. So external hard drives, thumb drives and even cloud backup solutions are vulnerable to the attack. Always unplug your external backup drives from your computer.

Can the encryption be cracked?

Currently there is no easy way to crack the encryption methods used by the Crypto malware that scrambled the users important data files. Even the most powerful super-computers cannot easily break the encryption. The only known method to attempt breaking the encryption is to brute force (guess) the private key. This is a highly unlikely solution as it would possibily take 6.5 billion years for a desktop computer to make the correct guess, but is the only solution available at this time.

Will the encryption be cracked in the future?

Possibly with the advancement of quantum computing, current forms of encryption will become less secure and possibly exploitable. Only time will tell at this point.

How to not become a victim of Crypto-malware?

The best known method to safe guard your data against cryptographic malware and other types of virus data loss is to have a reliable incremental backup solution in place. An incremental backup system keeps snapshots over time of your data that can be restored in the event of a data disaster. Talk to South City Computer about an incremental backup solution that will work for you.

// //
//