New, dangerous ransomware appears in the wild

In class we talked briefly about ‘Ransomware,’ software that compresses / encrypts / locks up your files, then demands payment for the password or key or whatever to get your files back. We also discussed that the amounts of money demanded are never too much to prevent someone from actually paying – if they asked for a million dollars no one would pay it, and the encryption was normally breakable if you knew what you were doing.

Now, in an event that involves many of the topics we discussed in our last class, a scary new ransomware attack is changing all that. Known as OphionLocker (this article shows it may not be as sophisticated as everyone is saying, possibly breakable through a C++ IDE ), it uses what is known as elliptic curve cryptography, a practically unbreakable form of encoding, to hold files hostage, and it is delivered through malicious ads displayed on web pages.

At least they're polite

At least they’re polite

Characteristic of ransomware, it directs the victim to a TOR URL to learn how to deliver the ransom, which turns out to be one bitcoin, which currently has a value of about $350. Although the ‘OphionLocker’ link above shows that even after paying the ransom, nothing was decrypted. In fact, those articles show both sides of the malware, and have many graphics showing the process of hacking and responding to the infection. Here’s my favorite, showing that if the attack can’t connect to its command & control servers, it actually displays a standard Windows crash screen!



Be very careful. Judiciously use adblockers, but know they can deprive sites you enjoy of revenue, keep all programs – especially your OS – updated and use robust anti-virus software, all things we discussed in class. You don’t have to be paranoid, just careful.