This is what happens when your computer gets infected with ransomware

When attackers lock down your PC to extort you for money, this is what happens.

By - March 10, 2016 Share on LinkedIn
Ransomware

The first ransomware targeting Apple’s Mac computers running OS X recently infected the installer for Transmission, a cross-platform BitTorrent client.

Ransomware is nothing new, with infections reported on Windows machines, Linux servers, and Android smartphones.

Attackers use many methods to get their malicious software onto the devices of unsuspecting users.

These include e-mail trojans that exploit Microsoft Word macros, support scams, and compromising the website of an app like Transmission to replace the legitimate installer with one infected with ransomware.

YouTuber Rogueamp has published numerous videos showing what happens when ransomware takes over your machine.

Step-by-step breakdowns of two of his videos are shown below, beginning with the new KeRanger ransomware for OS X.


KeRanger for OS X

This ransomware infected the installer of Transmission 2.90 for OS X, as reported by Palo Alto Networks.

While updated OS X installations should no longer be vulnerable to KeRanger, Rogueamp’s demonstrations are conducted within a virtual machine. Don’t try this at home.

The infection begins after you install and run Transmission 2.90.

KeRanger install and run Transmission


Transmission 2.90 contains General.rtf, which looks like a document, but is actually KeRanger’s executable.

KeRanger General.rtf payload in Transmission.app package


When KeRanger executes, it encrypts all your documents and media files.

KeRanger files encrypted


KeRanger places a notice in each folder where it has encrypted files.

KeRanger readme with details on how and where to pay


It directs you to go to a URL, where you must log in with a key the attackers provide.

KeRanger log into Bitcoin payment system with key provided


You must pay the ransom of 1 Bitcoin (R6,300) to the wallet they specify to get the key you need to decrypt your files.

KeRanger payment page to get decryption key


Locky for Windows

Ransomware like KeRanger and Locky all work on the same principle: encrypt the victim’s files, and extort money from them in the form of Bitcoin.

Unlike KeRanger, Locky was distributed through a malicious Word macro in an e-mail with a fake invoice. After opening the invoice and enabling macros, it downloads and runs the ransomware from a server on the Internet.

As before, Rogueamp’s demonstration is conducted within a virtual machine.

After Locky runs, it encrypts all your files and then displays this notice.

Locky ransom note


 Locky can encrypt unmapped network shares.

Locky finds and encrypts files in unmapped network shares


As with all ransomware, it directs you to a page where you can pay to get a key to unlock your files.

Locky Decryptor page


Watch Rogueamp’s ransomware demonstrations below


Apple users targeted in ransomware attack

Ransomware – what it is, and how to protect your files from it

Android porn app ransomware warning

Linux encryption ransomware hacked – how to get your files back

Don’t give in to ransomware – prepare your system

Share your thoughts

Join the conversation

Connect with Us

androidappletwitterfacebookgoogleplusfeednewsletter

Poll

Do you think Brexit will benefit South Africa?

View Results

Loading ... Loading ...

More News

Oakbay confirms disciplinaries at ANN7

ANN7 logo

Oakbay Investments, the holding company of television station ANN7, has confirmed disciplinary proceedings at the company.

We are all living inside a computer simulation – here’s how it works

VR sex

In a recent interview, technology entrepreneur Elon Musk suggested we are living inside a computer simulation.

ANC is more powerful than ever

Jacob Zuma in Germany speaking

“We are not playing, do you hear me? We are the future of South Africa, we built South Africa,” said President Jacob Zuma at a recent ANC event.

Most reliable car brands in the world for 2016

Kia Serato

J.D. Power’s 2016 U.S. Initial Quality Study has revealed the most reliable car brands in the world.

X

Newsletter Subscription


Name
Email *
Enter the following to confirm your subscription *
Captcha image


Free MyBroadband Newsletter
Subscribe
×