Ransomware

Posted by in Security+ | 0 comments

While working on the next version of the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (for the 401 exam), I dug into ransomware. Ransomware is a new topic added to the Security+ 401 exam.

Ransomware is a specific type of Trojan.  Attackers take control of the user’s computer and then demand the user pay a ransom to get control back. A common way criminals deliver ransomware is via a drive-by download – a type of Trojan horse. Users visit a malicious website and the website downloads the malware to the user’s system. Some ransomware is embedded in other software similar to a typical Trojan horse. Two ransomware viruses that have attacked many people are the Police Virus and CryptoLocker, and they provide good examples of how ransomware works.

The Police Virus Ransomware

The Police Virus (also known as Trojan Reveton, Police Ukash, and Moneypak virus) accuses users of being involved in illegal activities and demands they pay a fine. It often displays a notification from a law enforcement agency such as the U.S. FBI, the Australian Federal Police, or the Metropolitan Police when the computer boots. In some cases, it takes control of the webcam and displays activity in the user’s room. The Police Virus typically demands victims pay $100 or  €100, depending on their location. In some cases, the Police Virus demands as much as $300 or €300 as a fine or penalty, and if they pay, the virus promises to remove the messages and return full control of the computer to the user.

One piece of good news is that the Police Virus doesn’t actually encrypt or destroy any data. That isn’t the case with CryptoLocker, another Ransomware example.

Free Mastering Security Basics Course

Free Mastering Security Basics Course

This course contains all of the content from Chapter 1 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide, including all of the practice test questions in that chapter.

Sign up for free here

CryptoLocker Ransomware

CryptoLocker doesn’t try to trick the user but instead uses basic kidnapping and ransom tactics. Compare this to criminals that kidnapped famous singer Frank Sinatra’s son in 1963 and then demanded a $240,000 ransom. His son was released after the ransom was paid. These stories don’t always end so well though. Two criminals kidnapped Bobby Greenlease, the son of a millionaire car dealer and demanded $600,000 in ransom. After it was paid, the criminals killed the boy.

Similarly, CryptoLocker encrypts valuable user  files, such as photos, videos, and text documents, and then demands the user pay a ransom of up to $300 or €300. It typically displays a message indicating that the criminals will destroy the decryption key in 72 hours if the user doesn’t pay, effectively locking the user’s data forever. In some cases, it shows a timer counting down to zero, adding a sense of urgency to the user.

Because CryptoLocker uses strong asymmetric encryption techniques to encrypt valuable user files, it is almost impossible to decrypt the data in any reasonable amount of time. In addition to encrypting data on the user’s computer, it also searches for any network drives and encrypts files on them too.

As another twist, the CryptoLocker criminals have recently been offering to restore data after the 72 hours expires, at a highly inflated price of as much as $2300. It indicates the criminals have saved the decryption key, but removed its association with the victim. If the victim gives them an encrypted file, they’ll use it to discover the original encryption key.

Just as many parents are willing to pay ransom to save their children, the success of these types of ransomware indicate many people are willing to pay ransom to restore their data. Pandalabs reported in their 2013 annual report that ransomware has been on the rise and is one of the most common types of malware. They predicted it will be one of the most pervasive threats in 2014.

Remember this

Ransomware is a type of malware that takes control of user’s systems or data. Criminals then attempt to extort payment from the victim. Ransomware often includes threats of damaging a user’s system or data if the victim does not pay the ransom.

Protections

The best protection against this type of ransomware is to have good backups. If your system becomes infected and you can’t get it off, you can rebuild your operating system from scratch and restore your data. Admittedly, that will take some time and be a little painful, but not nearly as painful as losing all your data.

Of course, it’s also useful to practice safe computing practices to avoid infections from this type of malware or any other. This includes:

  • Don’t click on links within emails from unknown sources (no matter how curious you might be)
  • Don’t open attachments from unknown sources (malware can be embedded into many different files such as PDFs, Word documents, Zip files, and more)
  • Be wary of free downloads from the Internet (many entice you with something free but include malware)
  • Limit information you post on social media sites (criminals use this to answer password reset questions)
  • Keep the computer up-to-date with current patches (but beware of zero-day exploits)
  • Keep antivirus software up-to-date (but don’t depend on it to catch everything)

Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.