Avoid cryptocurrency ransom: new vaccine against ransomware is available
The ransomware is a type of malware that can affect anyone in the world and usually ask for payments in cryptocurrencies after hijack all your data remotely. According to a recent study by the cybersecurity firm Bitdefender, there was a 715% year-on-year increase in detected ransomware attacks.
On the other hand, the last prediction of Cybersecurity Ventures estimates that global ransomware damage costs will reach $20 billion by 2021, with attacks on businesses every 11 seconds by then. Undoubtedly this a very bad thing, but now the researcher Florian Roth, CTO of Nextron Systems, released a brand new digital-vaccine to kill wide varieties of ransomware before these infect completely the devices.
Dubbed “Raccine” by Roth, this is an open-source software that anyone can download and install from GitHub. It’s specifically designed to terminate any process that tries to delete volume shadow copies from Windows (the most affected OS), via vssadmin.exe program. This is because the first thing ransomware does, even before encrypting the device, is to delete those copies; since they’re automatic back-ups from which a user could recover lost data.
As Roth indicated about it:
“We see ransomware delete all shadow copies using vssadmin pretty often. What if we could just intercept that request and kill the invoking process? Let’s try to create a simple vaccine (…) We register a debugger [computer program] for vssadmin.exe which is our compiled raccine.exe. Raccine is a binary, that first collects all PIDs [Process IDs] of the parent processes and then tries to kill all parent processes”.
Thereby, the Raccine would kill the ransomware before the infection spread and have the chance to encrypt the files and ask for a cryptocurrency ransom.
However, it still has some disadvantages, because this first version of the vaccine may terminate legitimate software that uses vssadmin.exe as part of their routines, and it doesn’t work for the ransomware that uses different methods to vssadmin.exe. Roth promised new functions for the future, though.
Fight against ransomware
Beyond the new Raccine, there are already probed ways to protect your devices against this virus. We already talked to you about the evil and the shield triads: they are factors and tips you should take into account to avoid these kind of infections.
That way, you can get infected mostly by the evil triad: spammy emails in your Inbox delivering dubious links, unofficial downloads from external websites or P2P software (like BitTorrent), and exploits in non-updated operative systems (OS), i.e. Windows XP or old versions of firmware in IoT devices.
The shield triad tries to kill the evil triad: keep updated the OS, antivirus, and firmware of all your smart devices, don’t open links or attached files from dubious emails, and download files and software only from the official websites.
Besides, in case of infection, you should go to websites like No More Ransom, that offer free tools to recover your data; or notify directly to the authorities.
Featured image by Willfried Wende / Pixabay
Originally published at https://blog.alfa.cash on October 5, 2020.