It's been more than a year since the first vicious ransomware stuck up its ugly head.
Turns out this was a hugely successful criminal business model, and more than 10 competing copycats followed soon. Here is a whitepaper that gives you the short history of ransomware.
Some were more professionally implemented than others, but most of them use strong cryptography to grab data files from drive C and follows up with all mapped drives in alphabetical order. The latest strain has a new trick up its sleeve: it allows victims to decrypt one of the encrypted files for free, and starts out cheaper than the rest. It's "only" 200 bucks instead of 500.
The critter is called CoinVault (not to be confused with the legitimate online coin exchange service) and even has a snazzy logo. The malware authors tried to make the process as simple as possible for the victim. They must have found out that the average small business does not know what Bitcoins are, and how to get them. They went as far as adding a user-friendly button for copying the bitcoin wallet address and included a 24-hour countdown timer that lets you know how much time you have to pay the ransom until it doubles. Jeez, thanks!
Tyler Moffitt over at Webroot blogged about it and said it uses similar technology as CryptoLocker / CryptoWall, it deletes the Windows built-in Volume Snapshot Service, and uses Bitcoin for payment. The algorithm used for locking up the data is the AES-256, a more rudimentary symmetrical one compared to what other cryptomalware families rely on; however, this does not make CoinVault any less dangerous.
Moffitt said: "What’s unique about this variant that I wanted to share with you all is that this is the first Encrypting Ransomware that I've seen which actually gives you a free decrypt. It will let you pick any single file that you need after encryption and will decrypt it for you."
"This is a really interesting feature and it gives a good insight into what the actual decryption routine is like if you find yourself actually having to pay them," Moffitt said. "I suspect that this freebie will increase the number of people who will pay."
Yeah, definitely more "user-friendly" but still a significant threat to your data if your backups are old or fail during restore.
You really need to get all your employees stepped through effective security awareness training, because these ransomware infections usually are caused by phishing attacks. Find out how affordable this is for your organization. Click on the button and we will email you a quote.