Categories: Privacy Tips

How to avoid ransomware attacks? RagnarLocker case study

Any user should know how to avoid ransomware attacks as they are, in fact, malware attacks that encrypt victim’s files. Then, the attackers ask victims to pay a ransom, in order to decrypt them. Usually they ask for huge amounts of money in cryptocurrency. Recently, RagnarLocker group, well known for their care in selecting targets, has decided to adopt innovative attack vectors.

RagnarLocker hid in the Oracle virtual box

RagnarLocker‘s operators started running Oracle virtual box, in May, in order to avoid detection and start internet attacks for money. In fact, it is the first time the group abuses virtual machines for attacks.

They used victim’s Windows XP virtual machine to hide. First, in order to be able to do this, the ransomware downloads and installs Oracle VirtualBox. The it configures it in order to gain full access to all the drives. This way, the virtual machine can interact with all the files outside its storage.

Afterwards, VirtualBox app uses encrypted versions of the files from both the local system and shared drives to replace the original ones. The attackers do this wisely, as the changes are undetectable for the antivirus solutions.

In their previous attacks, the operators used botnets, email spam with malicious attachments, fake updates, infected installers etc.

The ransomware scheme

Usually, attackers come to ask for money as ransom, after they manage to encrypt sensitive files on the victims’ computers. But, in order to achieve this, there is a more complicated mechanism behind, which uses malware.

Usually, they send an email to victims, in order to convince them download an attachment or a file. Once they download or open the file, the malware installs on the system and encrypts important files. Users can not decrypt those files without the decryption key, which is only in the attacker’s hands.

Sometimes, hackers try to get access to sensitive information, be it pictures, movies, docs or PDFs. Then, they ask for a ransom, in order to prevent leaking these online.

Avoid ransomware attacks

Although it might look scary, users can avoid ransomware attacks by following a few simple rules. One of the most important is to always keep the system and the antivirus solution up to date. Secondly: only install software from trusted sources. Thirdly: regularly backup the most important files on the computer, to prevent data loss. Of course, using a whitelisting app might be of huge help for any user.

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.

View Comments

Recent Posts

Digital Advertising practices, under the pressure of fines

Its digital advertising practices continue to bring troubles for Google. Two separate cases will go to court in the UK…

2 years ago

Advertising discrimination, addressed by huge companies

WPP, Delta Airlines, Kellogg and Mindshare take the issue of advertising discrimination seriously, in order to combat bias in digital…

2 years ago

Ad fraud might hit $100B, advertising companies worry

Ad fraud has become a very big issue for both users and the advertising agencies. Different forms of it might…

3 years ago

The ad-based business model: Would Facebook change it?

The Facebook lead architect of the ad-based business model leaves the company. Let's see how her move could affect company's…

3 years ago

Here it comes: New Meta privacy policy. Does it matter?

A new Meta privacy policy comes soon for the company's platforms. Users would be notified of the updates about how…

3 years ago

Advertising company: ”Our customers don’t like ads”

As its “customers don't like ads,” Evite, an American online party planner, decided to just close its advertising business, while…

3 years ago