A terrifying new ransomware family has been unearthed that encrypts everything on your computer – and every PC that’s linked on the same network. Dubbed SNAKE, the new breed of ransomware bears little resemblance to the quirky serpent-based game that shipped with every Nokia 3310 back in the late 90s.
The ransomware was first discovered by the team at the MalwareHunterTeam, which shared the discovery with ethical hacker Vitali Kremez to reverse-engineer the code to find out what made it tick. And whether it could be stopped. Like all ransomware attacks, SNAKE is designed to lock-up your apps and files – everything you really care about on your computer – and charge you exorbitant fees to reverse the viper-tight encryption that it has applied to everything on your desktop.
Ethical hacker Kremez has concluded that SNAKE shows a much higher level of obfuscation than you’d typically find with this kind of infection. In a nutshell: if this thing slithers its way onto your home computer, or worse still, your business network – it’s really bad news.
- New Microsoft Edge is here: How to download on Mac, Windows and iPhone
While locking away your treasured data, SNAKE will also automatically disable any remote management tools or remote management software. That means your local IT technicians won’t be able to remote take-over your machine to have a snoop around and try to help resolve the problem. Instead, your computer will now be locked off from the system.
As it encrypts files on your system – being careful to skip any files located in Windows system folders as well as other system files, so that you can still happily boot-up your machine the next morning and discover the devastation (and more importantly than that, can still access the instructions to make the payment to the cyber criminals behind SNAKE) – the ransomware adds a random string of five characters to the end of every filename.
With everything locked down, the serpent adds a single new file to your desktop entitled Fix-Your-Files.txt. It includes some variation of: “We breached your corporate network and encrypted the data on your computers. The encrypted data includes documents, databases, photos and more.”
The note also contains an email address to contact the cyber criminals, who promise to provide a decryption tool loaded with a unique key that will reverse the encryption process. Not only that, but they will prove that they’re capable of dismantling the damage by requesting PC owners send them three files (up to 3MB in size, no databases or spreadsheets) from your machine. As tempting as that sounds for anyone impacted by this disastrous ransomware, security experts always advise against paying. After all, who is to say the criminals don’t just repeat the attack the following week – now they know you’ve got the money, and more importantly, that you’re willing to spend it to protect the data on your machines?
Anti-virus solution Sophos have some handy tips to counteract this type of ransomware attack. They are as follows:
- Don’t run unexpected attachments. The crooks probably won’t send you the ransomware directly, but they will try to trick you into running remote access malware that lets them get back in later so they can attack from right inside your network.
- Don’t open up remote access to your network unless you really mean to. Lots of ransomware attacks start because remote access systems such as RDP (remote desktop protocol) were open unexpectedly, and therefore hadn’t been secured properly.
- Don’t ignore warning signs in your security logs. Modern ransomware attackers usually spend hours, or even days, scoping out your network so they can scramble as many computers as possible to demand a bigger payout. If you spot them first, you may be able to head them off entirely.
- Don’t let users talk you into softening up login security. Features such as 2FA, where you need to copy a one-time code off your phone every time you login, add a tiny inconvenience for users compared to the extra difficulty they add for attackers.
- Don’t rely entirely on real-time, online backups. Most contemporary attackers search out and delete any online backups they can find, making it harder to recover without paying. Backups locked away in an old-school safe can’t be reached across your network!
Source: Read Full Article