Ransomware Threats Surge During Holidays

By Paul Liu
Thursday, December 31st, 2015

---

Security experts have witnessed a sharp surge in the number of ransomware attacks during the 2015 holiday season. According to the experts working for security firms Heimdal Security and FortiNet, cyber criminals are using new and improved versions of CryptoLocker and CryptoWall ransomwares to lure online users into revealing their personal details which can then be used to lock devices and/or personal accounts. This trend is at par with the previous years which also saw a marked increase in the number of ransomware attacks during the busy holiday season.

In a blog post published on the company’s website in mid-December, Heimdal Security reported a new wave of CryptoLocker version 2 based attacks. CryptoLocker is a notorious ransomware spreading via email which targets Windows based computers and encrypts important files which can only be decrypted with a decryption key. Once a computer is infected with the ransomware, it displays a message that the key would be sent to the user only after he/she has paid a ransom via bitcoins or prepaid vouchers.

Researchers working at Heimdal Security reported that the latest set of attacks used PostNord as bait and tricks users into believing that they have received a Christmas present awaiting delivery. Once the user clicks on the link contained within the email, he/she is redirected to an infected website which installs CryptoLocker into the machine. While CryptoLocker attacks were witnessed in the earlier months as well, experts say that the new campaigns are much more refined and the language used in the spam emails seems a lot more authentic. Heimdal Security warns that although the latest wave of attacks are not using the latest version of CryptoLocker, they are nonetheless very dangerous.

California based Fortinet Inc. has similarly reported a surge in CryptoWall based attacks during the holiday season. CryptoWall is a dangerous piece of code which uses similar methodology as other ransomwares and locks crucial files that cannot be decrypted without providing the correct key. As per Fortinet, criminals are now spreading CryptoWall version 4 via fake unpaid invoice emails. The spam mail seemingly contains details about an unpaid invoice but in reality it tricks users into downloading an infected Microsoft Word file. The Word file in turn contains a dangerous snippet of code which locks crucial files on Windows based machines with a strong encryption. Users are also instructed to visit specific Tor links which contains details regarding how to unlock the files and get the machine unlocked.

Perhaps the most dangerous thing about the latest waves of attacks is that they cannot be detected by many anti-virus softwares. Since Christmas is a busy season and people are eager to complete their shopping, criminals are using the opportunity to target individuals as well as businesses. If you come across a suspicious invoice/delivery email or an offer which sounds too good to be true, delete it immediately to remain safe from such attacks. Remember that once infected, your computer cannot be unlocked unless you pay $500-$1000 to the attacker so it is better to be safe than sorry.

---

• VPN Articles and News

December 31, 2015

• 0 Comments
• Leave Comment