• In 2012, a major ransomware worm known as Reveton began to spread.
• It is also known as "police trojan". • Its payload displays a warning from a law enforcement agency. • Claiming that the computer had been used for illegal activities, such as downloading pirated software, promoting terrorism, copyright etc. • The warning informs the user that to unlock their system they would have to pay a fine. • To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's IP address and footage from a computer’s webcam. Crypto Locker (sep 2013) • A Encrypting ransomware reappeared in 2013. • Distributed either as an attachment to a malicious e-mail. • Cryptolocker was also propagated using the Gameover ZeuS. • Encrypts certain types of files stored on local drives using RSA public-key cryptography. • The private key stored only on the malware's control servers. • Offers to decrypt the data if a payment is made by a stated deadline. • Threatens to delete the private key if the deadline passes. • It was isolated in May 2014,when a Gameover botnet was knocked out. Torrnet locker (sep 2014) • TorrentLocker is a type of cryptographic ransomware, which is gaining increasing popularity nowadays. • The first modifications of this family were observed in February 2014, and as of December 2014 at least five major releases of this malware have been discovered. • it used the same key stream for every infected computer, making the encryption trivial to overcome. However, this flaw was later fixed. By November 2014, it was estimated that over 9,000 users had been infectedby TorrentLocker in Australia alone, trailing only Turkey with 11,700 infections KeRanger (March 2016) • KeRanger is a ransomware trojan horse targeting computers running macOS. Discovered on March 4, 2016, by Palo Alto Networks, it affected more than 7,000 Mac users. • KeRanger is the first malware and ransomeware on the OS X operating system.It encrypts the Mac user's files then demands a sum of one Bitcain to decryptthe files. It appeared on March 2016. • There is an executable in the .DMG that is disguised as a Rich Text File.The virus sleeps for three days, then starts to encrypt the files. It adds a text document for instructions on how to decrypt the files. It uses 2048-RSA public key to encrypt the files. It actually is a copy of Linux Encoder. 1 HOW TO PREVENT BEING A VICTIM? • Keep all of the software on your computer up to date. • Make sure automatic updating is turned on to get all the latest Microsoft security updates and browserrelated components (Java, Adobe, and the like). • Keep your firewall turned on. • Don't open spam email messages or click links on Suspicious websites. (CryptoLocker spreads via.zip files sent as email attachments, for example.) How to Remove? • Malwarebytes is a great free tool to remove this kind of malware. • Malwarebytes will load, update itself, and scan memory, in case you have malware that is already active. • Once it has checked for running malware, and got rid of it, then it scans your hard disk. • If it finds any malicious files, you can click a button to clean them up. • If ransomware is running and has already popped up its payment demand page, you can stillremove it and clean up, but the Virus Removal Tool cannot decrypt your scrambled files.
How to Remove? • Even if you don’t have CryptoWall or similar, it is well worth scanning your computer for malware.
• The criminals are known to be using existing malware
infections as “backdoors” to copyCryptoWall onto victims’ computers.
• I would assume their reasoning is that if you have existing,
older malware that you haven't spottedyet, you probably won't spot the ransomware either, and you probably won't have a backup — and that means they're more likely to get your money later on.