Sophos protection updating failed

05 May

In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment.

Payloads may display a fake warning purportedly by an entity such as a law enforcement agency, falsely claiming that the system has been used for illegal activities, contains content such as pornography and "pirated" media.

Payment is virtually always the goal, and the victim is coerced into paying for the ransomware to be removed—which may or may not actually occur—either by supplying a program that can decrypt the files, or by sending an unlock code that undoes the payload's changes.

The Crypto Locker technique was widely copied in the months following, including Crypto Locker 2.0 (though not to be related to Crypto Locker), Crypto Defense (which initially contained a major design flaw that stored the private key on the infected system in a user-retrievable location, due to its use of Windows' built-in encryption APIs), These LNK shortcut files install Locky ransomware by automating infection operations rather than relying on traditional user downloads of WSF files—all of which is made possible by the universal Power Shell Windows application.

Unfortunately, cyber criminals have been able to leverage Power Shell for their attacks for years.

This money collection method is a key feature of ransomware.

sophos protection updating failed-85

In 2011, a ransomware Trojan surfaced that imitated the Windows Product Activation notice, and informed users that a system's Windows installation had to be re-activated due to "[being a] victim of fraud".

They referred to these attacks as being "cryptoviral extortion", an overt attack that is part of a larger class of attacks in a field called cryptovirology, which encompasses both overt and covert attacks. Encrypting ransomware returned to prominence in late 2013 with the propagation of Crypto Locker—using the Bitcoin digital currency platform to collect ransom money.

In December 2013, ZDNet estimated based on Bitcoin transaction information that between 15 October and 18 December, the operators of Crypto Locker had procured about US million from infected users.

The notion of using public key cryptography for data kidnapping attacks was introduced in 1996 by Adam L. Young and Yung critiqued the failed AIDS Information Trojan that relied on symmetric cryptography alone, the fatal flaw being that the decryption key could be extracted from the Trojan, and implemented an experimental proof-of-concept cryptovirus on a Macintosh SE/30 that used RSA and the Tiny Encryption Algorithm (TEA) to hybrid encrypt the victim's data.

Since public key crypto is used, the cryptovirus only contains the encryption key.