Security Market Segment LS


JUser: :_load: Unable to load user with ID: 3653
Tuesday, 29 July 2014 13:02

Onion ransomware is a huge threat to your Windows computer Featured

The Onion splash screen The Onion splash screen Kaspersky

A new piece of dangeorus ransomware has been uncovered and is potentially the 'next Cryptolocker', according to security researchers with Kaspersky.

The encyprypting ransomware is called 'Onion' due to the fact it uses the anonymous network Tor (the Onion Router) in a bid to hide its malicious nature, and to make it hard to track those behind this ongoing malware campaign," according to Kaspersky.

Onion is being described a successor to the Cryptolocker ransomware, which we reported on last year, that wreaked havok across the world as users infected by the malware were forced to hand over bucketloads of money in Bitcoin form to keep their data.

The new malware, which currently only affects Windows PCs, encrypts files in the same way as Cryptolocker and starts a similar countdown that lasts for 72 hours by which time all the files are deleted forever if a ransom isn’t paid.

Kaspersky Lab senior malware analyst, Fedor Sinitsyn, said the malware demonstrates how Tor has become a proven tool and is being implemented into other types of malware.

“The Onion malware features technical improvements on previously seen cases where Tor functions were used in malicious campaigns,” he said.

“Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals, and the use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server,” stated Fedor Sinitsyn, senior malware analyst at Kaspersky.

"All this makes it a highly dangerous threat and one of the most technologically advanced encryptors out there."

The Onion transfers secret data and payment information with command and control servers within an anonymous network.

Sinitsyn said this kind of communication architecture existed in the past, though it was limited to banking malware families such as the Tor-enhance 64-bit ZeuS. He said these characteristics add up to a “highly dangerous threat,” as well as one of the “most technologically advanced encryptors” in existence today.

Kaspersky says that by looking at the certain strings within the body of the malware - along with the recent release of a Russian language GUI - this gives them "ground to assume that its creators are Russian speakers".

The first version of the Onion ransomware was targeting English-language users, with the splash screen which is set as the computer's default desktop wallpaper written in English.

The malware demands payment of 0.159999 bitcoins (approximately $130 AUD),  giving users 72 hours to pay up or risk losing data forever.

Kaspersky recommends "your security solution should be turned on at all times and all its components should be active. The solution's databases should also be up to date." For more see the Kaspersky post in question here.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.



Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News