Tag Archives: Richard Chirgwin

If it’s encrypting, perhaps it’s ransomware

Researchers from the University of Florida and Villanova University suggest that ransomware can be mitigated by detecting its encrypting files early in the process:

CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data

A good idea, but some anti-malware programs already do something like this (i.e. flag programs that start encrypting files in bulk). But still a good idea. At The Register, Richard Chirgwin offers a round of applause:

Florida U boffins think they’ve defeated all – ransomware Crypto Drop looks for tell-tale signs that files are being encrypted

David Harley

Ransomware: Understanding Bitcoin

It probably hasn’t escaped your notice that ransomware gangs are fond of Bitcoin, and you may also be aware that some victims who decide to pay up are finding the Bitcoin technology somewhat daunting, to the extent that PadCrypt may be intended to offer advice on paying with Bitcoin by way of a live chat facility (offline at the time of writing). At any rate, Bleeping Computer’s Lawrence Abrams comments:

“A feature like this could potentially increase the amount of payments as the victim can receive “support” and be guided on the confusing process of making a payment.

I’m not familiar enough with Bitcoin at the moment to help much as far as that’s concerned, but I have noticed a number of articles recently that relate to it:

  • Bitcoin and Cryptocurrency Technologies assumes that ‘…you have a basic understanding of computer science — how computers work, data structures and algorithms, and some programming experience. If you’re an undergraduate or graduate student of computer science, a software developer, an entrepreneur, or a technology hobbyist, this textbook is for you.’ However, it is written using a fairly conversational tone, so it’s certainly worth a look if you’re reasonably IT-literate.
  • This primer from Princeton is about 296 pages shorter and more consumer friendly. And here’s Bitcoin’s own FAQ.
  • Richard Chirgwin points out that Bitcoiners are just like everybody else: They use rubbish passwords, which may not reassure you.
  • Imperva has published an interesting paper on ‘The secret of Cryptowall’s success‘ based Bitcoin wallet analysis.

William Hugh Murray comments in a recent SANS newsletter:

Cyber currency is too slow ever to play a major role as a medium of exchange.  It is too volatile to serve as a store of value.  However, anonymity will serve to encourage extortion.

That section of the Newsbites newsletter has a number of interesting links to commentary on the Locky ransomware, by the way.

David Harley

Ransom32 – Javascript Ransomware

[Update: English article at Emsisoft: Meet Ransom32: The first JavaScript ransomware]

Emsisoft’s Fabian Wosar, having recovered from the ‘shock’ of being badmouthed by the author of the Radamant ransomware kit, continues the good work by reporting on The First Ransomware in Javascript: Ransom32. There doesn’t seem to be an English version of the article at the moment, but there is a summary by Richard Chirgwin for The Register: Happy 2016, and here’s the year’s first ransomware story – JavaScript-ed nasty only spotted on Windows, so far.

Wosar points out that in theory at least, this malware could easily be repackaged for OS X and Linux:

Das sollte bedeuten, dass sich Ransom32 auch leicht für Linux und Mac OS X packen lässt – zumindest in der Theorie.

Added to the ransomware resources page and will also be added to Mac Virus.

David Harley