Security exploits that lock down your files are already scary enough, but you had to go out of your way to activate them. Now, unfortunately, you don’t need to do much, and that’s a very bad thing.
A security company has just picked up on something particularly alarming in the malware and security space, and it could be a problem for the future of internet security, as well as staying on guard against the various threats in this space.
SophosLabs — makers of the Sophos Security application — has found a form of ransomware that doesn’t need you to switch on your macros or open up an attachment and click on the contents. Rather, it just works, firing up and potentially locking down your files.
Reported this week on the Sophos security blog, researchers have found a form of ransomware that differs from standard malware because of one big differentiation: while regular ransomware is triggered by a file to download the real ransomware, this new type is the ransomware. Open it without thinking or accidentally click and the ransomware kicks in, able to encrypt information on your computer just like that.
Generally, malware like ransomware has to be intentionally opened up, and you’ll have seen it from time to time when a dodgy email arrives asking you to download an invoice, a receipt, or lucky you because you’ve just inherited money to click here to download the way of getting it! (*sigh*)
Most of us know these are scams, and these days we’re pretty clued on to the fact that not only is there no such thing as a free lunch, but that scammers and cyber-con artists are alive and well, and so not clicking and opening these files is pretty easy, instead opting to delete the emails.
But the attachments to these emails still had to forcibly been open by the user, and what was inside these attachments were what scammers would use to lock down your files.
This latest generation isn’t stored in an attachment, however. Rather, it is the attachment, and due to the way that Windows allows JavaScript (one of the building blocks of common websites) to be run, simply clicking could result in your computer being locked down, or even files you value and treasure being encrypted and held for ransom.
In fact, Sophos discovered that when the file was opened, it showed up almost as a dummy document to suggest you actually opened a document when in reality you launched a security exploit.
If you were online at the time of launching, there’s a good chance the malware phoned home to its creator’s server and encrypted some of your files, leaving you with a file telling you how you can pay the ransom, which for the Sophos test case sat at around $250 USD.
Worse, the version of the ransomware discovered — “JS/Ransom-DDL” — featured a secondary payload, with a password stealing Trojan installed, so even if you did decide to pay the ransom, your passwords would be tracked, stored, and sent to someone else.
The solution?
Staying protected is one of the best ways to be on guard against malware and ransomware, so making sure you have an up-to-date internet security solution is critical.
Safe web tactics are also key, and if you don’t know the email or it looks suspicious, don’t click on any attachments. Rather, just hit the delete key. It’s easier than having to deal with a ransom or some other nefarious tactic to rid you of your hard-earned money.