Any user should know how to avoid ransomware attacks as they are, in fact, malware attacks that encrypt victim’s files. Then, the attackers ask victims to pay a ransom, in order to decrypt them. Usually they ask for huge amounts of money in cryptocurrency. Recently, RagnarLocker group, well known for their care in selecting targets, has decided to adopt innovative attack vectors.
RagnarLocker hid in the Oracle virtual box
RagnarLocker‘s operators started running Oracle virtual box, in May, in order to avoid detection and start internet attacks for money. In fact, it is the first time the group abuses virtual machines for attacks.
They used victim’s Windows XP virtual machine to hide. First, in order to be able to do this, the ransomware downloads and installs Oracle VirtualBox. The it configures it in order to gain full access to all the drives. This way, the virtual machine can interact with all the files outside its storage.
Afterwards, VirtualBox app uses encrypted versions of the files from both the local system and shared drives to replace the original ones. The attackers do this wisely, as the changes are undetectable for the antivirus solutions.
In their previous attacks, the operators used botnets, email spam with malicious attachments, fake updates, infected installers etc.
The ransomware scheme
Usually, attackers come to ask for money as ransom, after they manage to encrypt sensitive files on the victims’ computers. But, in order to achieve this, there is a more complicated mechanism behind, which uses malware.
Usually, they send an email to victims, in order to convince them download an attachment or a file. Once they download or open the file, the malware installs on the system and encrypts important files. Users can not decrypt those files without the decryption key, which is only in the attacker’s hands.
Sometimes, hackers try to get access to sensitive information, be it pictures, movies, docs or PDFs. Then, they ask for a ransom, in order to prevent leaking these online.
Avoid ransomware attacks
Although it might look scary, users can avoid ransomware attacks by following a few simple rules. One of the most important is to always keep the system and the antivirus solution up to date. Secondly: only install software from trusted sources. Thirdly: regularly backup the most important files on the computer, to prevent data loss. Of course, using a whitelisting app might be of huge help for any user.