New Strains of Ransomware Show New Tactics

Sue Marquette Poremba
Slide Show

5 Security Steps to Protect Users from Ransomware

A new variant of ransomware shows just how low and dirty malware developers are willing to get. Even the name is offensive. When Hitler-Ransomware (yes, that’s the name) infects a computer, it locks the screen with a picture of Hitler and the phrase, “This is Hitler-Ransonware” (sic) in a black box and tells you that your files have been encrypted. The screen goes on to direct the victim how to pay the ransom to recover the encrypted files.

But here is the cruelest part to this ransomware strain: It doesn’t encrypt files. It deletes them. As Stephen Brown, director of Product Management with LANDESK, said in an email comment, this new ransomware presents two new approaches: offensive presentation and destroying files that doesn’t involve encryption. He went on to state:

Using an image of an offensive figure creates immediate negative emotions which, compounded by the ransom demand, is more likely to trigger irrational responses. Part of ransomware's power is fear ­ the fear of loss of personally valuable files.

Brown added that the lack of encryption could mean that the developer was either lazy or inept. In lieu of encryption, the user is given an hour's warning to pay the ransom and when that doesn’t happen, the malware simply crashes the computer and begins the deletion process on the reboot.

The ransomware appears to be German in origin because some of the code in the malware is in German. In fact, that code string translates to “This is a test.” It’s why there are concerns that a more mature and more dangerous version will be showing up soon.  

If the Hitler images mock the fear and disgust most of us have for ransomware, what do cat pictures do? McAfee recently discovered a new strain of ransomware targeting Android devices. It is dubbed El Gato because it uses a cat picture to lock the screen while in the background the malware is encrypting the files on the SD card. As Computerworld explained:

Once El Gato, Spanish for ‘the cat,’ is installed, the attacker can control the ransomware and send commands to the Android via a web-based control panel. McAfee Labs researcher Fernando Ruiz said the malware runs on a legitimate cloud service provider and has botnet capabilities. The kicker is that the malware uses AES encryption with a hardcoded password, making decryption ‘trivial.’

Like Hitler-Ransomware, El Gato is likely in its testing phase. It shows us that ransomware is still evolving and cybercriminals continue to come up with new tactics that play off of fear or naiveté of users. 

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.


Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Aug 15, 2016 4:38 PM fred zepellin fred zepellin  says:
Where has this surfaced? I am betting that porn and pirate sites are the breeding grounds for this particular infection. No matter. I guess the bottom line here is that if a user gets hit, they had better have a good backup! Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.