Researchers at ESET have unearthed a media new threat to computer security that, given the number of users that Italian has already ‘hit, it becomes very important to learn and try, if possible, to avoid it. The threat in question is called Win32 / Filecoder.NFR and is the type ransomware , which is a type of malware that restricts access to the device it infects, demanding a ransom (ransom in English) to be paid for remove the limitation. There are ransomware that blocks the system and ask you to pay to unlock, while others encrypt user files asking to pay to make available again the files (which may be photos or documents stored in the personal computer). The threat Win32 / Filecoder.NFR, however, stands out from others because pose as the file that runs the Google Chrome browser .
ESET in his blog explains that Win32 / Filecoder.NFR works like a ‘ransomware as a Service’ (RaaS) that connects to a server hidden in the TOR network (acronym for The Onion Router, which allows navigation in the Deep Web, or the ‘ set of information resources of the Web that are not found in normal search engines). From this network cybercriminals can choose what the malware will infect the victim’s system, how many bitcoins as payment and ask what message display on the screen to urge the user to pay the ‘ransom’.
The ransomware in question can encrypt almost any kind of file, including those with the more ‘common extensions such as .txt, .doc, .jpg, .gif, .AVI, .MOV, and MP4. Cybercriminals can also have access to a number of statistics that allow them to know how many users have been infected as well as the number of those who paid the ransom.
Italian the most ‘affected worldwide . According to data from ESET, the ransomware family Filecoder it is threatening more ‘serious for Italian sailors, who in the first week of January 2016 were the most affected in the world, with a peak of infections recorded 6.35%.
How does the threat . Once Win32 / Filecoder.NFR is installed on the system and runs, pulling her dangerous files in the temporary folder and is configured to run every time the system is started The malicious file called chrome.exe – is the same name as the executable file that launches the web browser Google Chrome. The name is no coincidence probably need to trick users who believe they run the popular browser. However, analyzing the properties of this file, it can ‘see that is not digitally signed, that the version information and the name of the product have been deleted and that Filecoder.NFR weighs about 45 MB (probably because it tries to deceive the user falsely claiming the same size as the original file).
As the virus spreads . The spread of this threat is by the traditional methods used by cybercriminals to infect devices of the victims, such as malicious websites, attacks Drive-by-downloads, attached to e-mail and the use of backdoor. Files are encrypted using AES with a 128-bit key, creating a new key (encrypted using the RSA algorithm) for each encrypted document.
ESET Italy has the tips to defend against such threats :
1) using a non-administrator
2) maintain updated antivirus
3) maintain the firewall active
4) always install Windows security patches that Microsoft releases monthly
5) NOT download and install freeware programs that you know little about, particularly from unknown
6) Do not download email attachments from sources that you do not know
7) keep up to date all programs that connect to the Internet, especially the browser (Chrome, Firefox, Edge, etc.).
Add our RSS feed not to miss any news !!!
Share
No comments:
Post a Comment