Welcome to the

AdGuardian Plus Blog

Privacy Tips

How to avoid ransomware attacks? RagnarLocker case study

Avoid ransomware attacks

Any user should know how to avoid ransomware attacks as they are, in fact, malware attacks that encrypt victim’s files. Then, the attackers ask victims to pay a ransom, in order to decrypt them. Usually they ask for huge amounts of money in cryptocurrency. Recently, RagnarLocker group, well known for their care in selecting targets, has decided to adopt innovative attack vectors.

RagnarLocker hid in the Oracle virtual box

RagnarLocker‘s operators started running Oracle virtual box, in May, in order to avoid detection and start internet attacks for money. In fact, it is the first time the group abuses virtual machines for attacks.

They used victim’s Windows XP virtual machine to hide. First, in order to be able to do this, the ransomware downloads and installs Oracle VirtualBox. The it configures it in order to gain full access to all the drives. This way, the virtual machine can interact with all the files outside its storage.

Afterwards, VirtualBox app uses encrypted versions of the files from both the local system and shared drives to replace the original ones. The attackers do this wisely, as the changes are undetectable for the antivirus solutions.

In their previous attacks, the operators used botnets, email spam with malicious attachments, fake updates, infected installers etc.

The ransomware scheme

Usually, attackers come to ask for money as ransom, after they manage to encrypt sensitive files on the victims’ computers. But, in order to achieve this, there is a more complicated mechanism behind, which uses malware.

Usually, they send an email to victims, in order to convince them download an attachment or a file. Once they download or open the file, the malware installs on the system and encrypts important files. Users can not decrypt those files without the decryption key, which is only in the attacker’s hands.

Sometimes, hackers try to get access to sensitive information, be it pictures, movies, docs or PDFs. Then, they ask for a ransom, in order to prevent leaking these online.

Avoid ransomware attacks

Although it might look scary, users can avoid ransomware attacks by following a few simple rules. One of the most important is to always keep the system and the antivirus solution up to date. Secondly: only install software from trusted sources. Thirdly: regularly backup the most important files on the computer, to prevent data loss. Of course, using a whitelisting app might be of huge help for any user.

Related posts
NewsPrivacy Tips

2020 Review: The clash of the advertising industry

NewsPrivacy Tips

Advertisers can easier capture leads, with YouTube ads

NewsPrivacy Tips

Online privacy: what it is and how to protect it effectively

Privacy TipsSecurity Tips

Why and how to keep away from internet trackers?

Leave a Reply

Your email address will not be published. Required fields are marked *