Ransomware and Crypto-Malware – CompTIA Security+ SY0-501 – 1.1

| October 28, 2017


Ransomware is the latest generation of malware that attacks both your data and your pocketbook. In this video, you’ll learn how ransomware targets critical data storage at both home and work.

<< Previous Video: Viruses and Worms Next: Trojans and RATs >>


The most valuable asset associated with your computers, whether their computers at home or computers at work, is your data. That is the most important asset on there. At home, you probably have family pictures. There’s videos of trips that you’ve taken. There’s important documents that you’ve scanned, and they’re all on these storage devices at home.

At work, you probably even have a broader set of data. There’s planning information, employee details, you’ve got financial information, and of course, company proprietary data. There’s a lot of valuable information here, and there’s probably a certain amount of money that you would be willing to pay if all of this data disappeared tomorrow and somebody offered to give it back to you.

This is the business model for ransomware. It’s one where the bad guys want your money and the best way to get the money from you is to take the data away from you. Your entire computer becomes unusable because everything that is important on that computer suddenly becomes encrypted. In some cases, ransomware is not even legitimate. It’s simply a fake message that’s put on your screen.

They might use the Department of Justice logo or mention the FBI, and they’ve told you that the police have locked your computer. If this is ransomware that is not real, then you may be able to take it to a security professional and have them retrieve the files and remove the fake ransomware from your computer without damaging or losing any data.

These days, however, there is an entire new generation of malware called crypto-malware. This is ransomware that encrypts all of the data on your computer and holds that data for ransom. It’s going to encrypt all of your data files. So on your home computer, you probably have those pictures, and your documents, and your movies, and your music. And it encrypts everything except the operating system. It wants your system to continue working so that it can present a message to you saying that all of your files have been encrypted, and this is the process that you should go through to send the bad guys some bitcoin so that your computer can then have a decryption key apply to all of these files and you can regain access to your data.

This has become a very lucrative and very successful business model for the bad guys. They know that they’re using a payment system that is untraceable, so you have no idea who you’re sending this money to, or where they happen to be. And it is using public key cryptography. So it’s using a very strong encryption, and there’s no way to decrypt the data. You have to get the key from the bad guys or all of this data will be lost forever.

Or will it, because if you’re someone who is very smart with handling your data, then you probably have a backup of this data somewhere, and you’ll be able to recover all of those pictures and all of those videos. Make sure you have a backup and make sure that this backup is kept offline.

A lot of the modern crypto-malware will find your backup systems if they’re online and encrypt the backups as well. One of the ways this crypto-malware embeds itself onto your computer is taking advantage of a known vulnerability. So make sure that you are always updating your operating system and all of your applications are updated to the latest versions.

One way to stop this malware from executing on your computer is to have your anti-virus already recognize the malware, and for that to occur we have to have the latest signatures for your anti-virus software. Make sure that you’re constantly updating these anti-virus signatures and you may be able to stop the malware right in its tracks. If you’re updating your anti-virus signatures, you’re updating your operating system, and you’re updating your applications, you’ve got the best chance at avoiding any type of infection from this crypto-malware.

Category: CompTIA Security+ SY0-501

Comments are closed.

X
My Security+ Study Group is Wednesday! Click here to register
My free Live Network+ Study Group is Wednesday. Click here to register!