A couple of weeks ago a new ransomware came onto the scene; introducing RensenWare, a type of ransomware that will encrypt your files until you can reach 200 million points on a game called TH12 – Undefined Fantastic Object.
Ransomware is a type of malicious software which holds your data hostage until a ransom (usually a sum of money in bitcoin) is paid. It was estimated that $1 billion was paid out in 2016, that’s right, it’s a billion dollar industry!
Now you will see why RensenWare is so intriguing, why do I have to reach 200 million points to get my data back? Why do the attackers care? Well, it all seems to have started from an open-source code called Hidden Tear.
In mid-August 2015 a Turkish programmer named Utku Sen created a proof-of-concept ransomware code and published it on his GitHub page, with the idea being to educate researchers on how ransomware works in the hope of protecting themselves against it. After the code was replicated and spread worldwide by opportunistic hackers, it shined a light on open-source code used for bad. Tripwire summarises this story succinctly;
“Now that Hidden Tear is no longer available on official resources, there’s no guarantee that interested parties will discontinue using it in new rip-off campaigns. It’s naive to believe that cybercriminals failed to make and distribute copies of the code. Meanwhile, security professionals should think twice before publishing similar POCs. Even with backdoors under the hood, they may get out of hand.”
With open-source ransomware code on the lose, script kiddies and novice cybercriminals galore have used it for their own marginal gains, if not for money then to merely annoy. Only yesterday did Trend Micro post a summary of three types of ransomware developed from Hidden Tear.
It seems we cannot and should not underestimate the seriousness of ransomware, especially as it is being used by everybody bar your next door neighbour to exploit that last penny out of users.
On the bright side I came across this nifty article from Digital Guardian; they interviewed 44 security professionals and asked them “How can businesses best defend against ransomware attacks?”. In summary, there seem to be three main damage-reducing activities you can do as an end-user:
- Backup, backup and backup again
- Use good anti-virus software and keep it up-to-date
- Do not open or click around a dodgy emails or website links (that’s right, you know which “dodgy” websites I’m talking about)
Oh and if you were curious about RensenWare and whether users manage to beat the game, you can read the apology from the creator below… along with the decryption tool.
So, the creator of rensenWare created a tool which writes the values to memory which are needed for the decryption.… twitter.com/i/web/status/8…—
MalwareHunterTeam (@malwrhunterteam) April 07, 2017
Zoe Mackenzie 