Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: IT Wiser
New Onion Ransomware Could Bring Tears to Your Eyes
Ransomware has become the most prevalent and dangerous type of malware over the last couple of years, with the likes of Cryptolocker causing chaos across the world and fleecing thousands of pounds by way of the bitcoin virtually currency. It is a subject we have talked about a lot on this blog, highlighting the benefits of Cloud Web Security in ensuring protection.
Now, just as authorities get to grips with the proponents of Cryptolocker, a new more dangerous type of extortion-ready malware that leverages the power of the Tor (The Onion Router) to disguise the identity of hackers has been released into the wild.
Dubbed ‘Onion’, the ransomware was discovered by security experts at Kaspersky and it is thought to originate in Russia. Currently only affecting Windows PCs, Onion is being targeted specifically at English-speaking users and demands payment of 0.159999 bitcoins (around £55) within 72 hours or they risk losing essential data permanently.
Unlike Cryptolocker (which also used the countdown mechanism) however, Onion is much more sophisticated in how it takes advantage of Tor to change the way that it communicates with the command-and-control server that accepts payments and provides decryption codes.
“Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals, and the use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server,” said Fedor Sinitsyn, senior malware analyst at Kaspersky Lab.
“All this makes it a highly dangerous threat and one of the most technologically advanced encryptors out there.”
Three Steps to Protection
As with any type of malware, Onion can only affect your computers if you are without the necessary protection. In order to avoid putting your security and data at risk, there are three steps that you need to follow:
Step 1: Keep Critical Software Updated.
Make sure that your operating system, browser, and any add-ons are all running the latest versions. Hackers generally look to exploit flaws in out-of-date software.
Step 2: Backup Important Files
A consistent backup schedule is the best way to ensure safety of critical data. Through Cloud Online Backup, backups can be performed as often as required, with files scanned for changes live or every 24-48 hours. Having regularly updated files will help mitigate the effects of any attack.