New type of ransomware more sophisticated and harder to defeat

New type of ransomware more sophisticated and harder to defeat
Window informing the victim that files on the computer have been encrypted. Credit: Kaspersky Lab

A new type of ransomware known simply as Onion, has been discovered by Russian based security firm Kaspersky Lab. To force victims to hand over money, the software encrypts stored data files and then uses Tor (anonymity network) to facilitate transfer of funds anonymously. Thus far, the ransomware appears to be restricted mostly to Windows users in Russia and other eastern European countries.

Ransomware is a relatively new development, it's not a virus, per se, but instead is software that runs without permission on a user's computer. In the past, the software would display a full screen message demanding money be sent with instructions on how to do so. The full screen message would, theoretically remain on the screen (even after rebooting) preventing any other applications from running, thus preventing the user from using their computer until they paid up. Antivirus makers quickly developed workarounds for most such ransomware, and authorities discovered the source of most of the software and blocked it from working—in the end the threat was mitigated in most places. Now it appears, its back and this time it's much more sophisticated.

A user is typically attacked when they click on a link in a piece of junk mail. That sets in motion a series of events that leaves the victim stuck with little choice but to pay the ransom. A popup is displayed informing the user that their files have been encrypted (along with a list of files that have been encrypted) and telling them that they must pay in Bitcoins, or else the key to unlock their files will be destroyed, forever preventing the user from regaining access to them.

Using the Tor network makes it nearly impossible for authorities to track down the people behind the malware—also the makers have used an unorthodox encryption scheme that disallows decryption even if the communications traffic is intercepted. Inspection of the code by researchers at Kaspersky Lab revealed the programmer was likely a native Russian speaker.

Thus far computer users impacted by the ransomware have been restricted to those living in Russia and several countries that were formerly part of the Soviet Union. Experts predict it will only be a matter of time, however, before it spreads, thus efforts are underway to subvert the threat and to find those responsible for it. In the meantime, security experts are advising computer users to back up their files onto removable media.


Explore further

Ransomware no cause for New Year celebration: Sophos

© 2014 Tech Xplore

Citation: New type of ransomware more sophisticated and harder to defeat (2014, July 29) retrieved 20 October 2019 from https://techxplore.com/news/2014-07-ransomware-sophisticated-harder-defeat.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
1223 shares

Feedback to editors

User comments

Jul 29, 2014
This comment has been removed by a moderator.

Jul 29, 2014
If he uses Tor professionally, nobody will catch him.

Jul 29, 2014
Tor only uses 64 bit encryption. Easy to crack relatively

Jul 29, 2014
Easy fix: Don't use Windows. Don't be stupid.

No OS is safe against viruses.
Linux/Unix has a long history of root exploits.
Don't even get me started on Apple OSs.
And Chrome OS willsurely not be without its faults.

That Windows is the most targetted OS doesn't mean the other ones are safe.
These guys want to make money. Of course will they target the OS with the widest distribution first.

Jul 29, 2014
Easy fix: Don't use Windows. Don't be stupid.


You should follow your own advice when posting.

In any case, here's what you meant to say: back up important files regularly, and the most this will do is inconvenience you, just like other malware.


Jul 29, 2014
according to sources TOR was codeveloped with nsa.. so it can be cracked..

Jul 29, 2014
" back up important files regularly"

...and make sure to disconnect your backup drive after you're done. Otherwise it'll just get encrypted, too.

Jul 29, 2014
according to sources TOR was codeveloped with nsa.. so it can be cracked..


It is open source so it does not matter that much who originaly contributed to its development

Tor is not easy to crack

Jul 29, 2014
This comment has been removed by a moderator.

Jul 29, 2014
> Don't even get me started on Apple OSs.

I've been using Macs for many years. I've never run an antivirus product. I've never seen any evidence of virus infection. Most of my friends run MacOSX at home. None of them has ever experienced a virus on their machines. Meanwhile I have to put up with an endless stream of phishing and spam from my friends of family with Windows machines that have been compromised. I was pretty happy when I threw the last Windows machine out of the house. Apple machines are far safer than Windows machines. People who tell me Macs aren't safe from viruses have to stretch things pretty hard with claims like "you could get a Word macro virus".

Jul 29, 2014
This comment has been removed by a moderator.

Jul 30, 2014
This sort of (mis)use of Tor - if it becomes widespread I can easily imagine movement towards charging operators of Tor nodes as accomplices or otherwise involving them in legal woes. Thus far, little traffic carried on the Tor network makes much negative impression on the public. This changes that.

Jul 30, 2014
This sort of (mis)use of Tor - if it becomes widespread I can easily imagine movement towards charging operators of Tor nodes as accomplices or otherwise involving them in legal woes.

It's a bit worse than that. It's already come to light that the NSA has put a student in germany on their surveillance list just because he ran a Tor server.
(If you google you will find numerous, politically backed, attempts at sueing Tor. Not to win, but just to drive the people involved into bankruptcy from the legal bills)

One of the more nasty ways to get at Tor is server posioning (i.e. someone in the pay of the NSA et al. sets up a number of Tor servers and tracks what comes through). That's one of the weaknesses in the Tor architecture: You rely on people running the servers being good guys.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more