Leave a comment

This new ransomware campaign paves the way for more attacks

This new ransomware campaign paves the way for more attacks

Ransomware is still the biggest software security threat out there. It targets everyone, big and small, and it can cripple individuals, businesses and government offices around the world.

In fact, some ransomware attacks can be so severe that employees are turning to old-school equipment like typewriters and calculators!

As we keep telling you, one thing about ransomware that's so appealing to cybercriminals, aside from its profitability, is its adaptability. It's constantly evolving, as cybercriminals change their code to suit their needs and to elude security software. For example, this newly discovered campaign that's rapidly spreading now allows the attacker to modify it on the fly!

Read on and learn what this ransomware is all about so you can stop it in its tracks before it hits you.

"KeyPass" ransomware campaign

A new campaign for the ransomware variant called KeyPass (not to be confused with the legitimate password manager KeePass) has been spotted and it looks like aside from locking users out of their files, it's planting the seeds for more sophisticated attacks in the future.

KeyPass first appeared on August 8 and has claimed hundreds of victims in more than 20 countries so far.

It's still not known how KeyPass is being spread but according to Bleeping Computer, the ransomware appeared after the victims downloaded and installed software key cracks from the internet. However, other victims are saying that KeyPass appeared on its own without user interaction.

Security researchers at Kaspersky Lab noted that while the ransomware is simple in its execution, it contains an option for its authors to manually take control of an infected computer then install more complex attacks on the victim's network.

KeyPass itself also includes a way for the attackers to customize the encryption process, including the encryption key, the ransom note, and the encrypted file extension. Bad news all around!

The ransom note

Currently, the KeyPass ransom note indicates that "All your files, documents, photos, databases and other important files are encrypted and have the extension .KEYPASS."

It also tells the victim that the only way to recover the encrypted files is to purchase the decryption software and the unique private key for $300 within the first 72 hours of the infection. This suggests that if the victim doesn't contact the provided email address for further instructions within that time period, the ransom amount will increase.

Image Credit: Kaspersky Lab

How to protect yourself against KeyPass

Since there are no free public decryption keys for KeyPass yet, it is currently impossible to recover a victim's files at this time without the private keys. In most cases, it is not recommended that you pay the ransom since there is no guarantee that the cybercriminals will fulfill their end of the bargain and successfully unlock your files.

Your best bet against a total disaster is to have a complete and reliable backup of your files (such as our sponsor IDrive).

Additionally, no one knows for sure how KeyPass is being distributed so it's important that you remain proactive to guard against malware in general.

Don't download and install software from unknown sources and beware of so-called software key crackers and pirated programs, which are illegal on their own anyway.

Other attackers may also be exploiting Remote Desktop Protocol (RDP) software, which lets attackers secretly control a victim's computer. (This explains why some users claim that the ransomware magically appeared on its own.)

If you're using RDP to access your computer remotely, make sure it is not directly exposed to the internet by using a VPN service to conceal it.

For your VPN needs, we recommend our sponsor F-Secure TOTAL

F-Secure TOTAL protects your smartphones, tablets and computers from viruses and malware, and it includes a VPN to keep you private, untraceable and anonymous online.

When you purchase a two-year, seven-device subscription to TOTAL, you get the F-Secure SENSE router absolutely free – so every other connected device in your home is protected, too. How’s that for the ultimate package? Supplies are limited, so to get your free security router, hurry over to F-Secure.com/totalsense and just enter the promo code KIM.

In other news, hackers can use voicemail to break into your online accounts

Voicemail offers tons of conveniences to plenty of people but in this age of email, text messaging, and social media, is it still relevant and necessary? It may still have its uses but according to this security researcher, your voicemail mailbox can be used for other malicious purposes. Click here and see what this attack is all about and what you can do to protect yourself.

Next Story
Source: SecureList
Hackers can use voicemail to break into your online accounts
Previous Happening Now

Hackers can use voicemail to break into your online accounts

Why won't this pacemaker manufacturer fix device's security flaws?
Next Happening Now

Why won't this pacemaker manufacturer fix device's security flaws?

View Comments ()