This is an old issue but it is noted to be a significant increase in Filecoder activity this summer.
ESET has detections of this malware category flagged as Win32/Filecoder, Win32/Gpcode, and other family names.
Statistics on ESET LiveGrid telemetry shows Win32/Filecoder detections have risen by 200% just in the last few months. From January to June 2013 the detections have been at a normal level, but the spike since July is alarming.
Russia is most affected by these malware families, although these campaigns are spreading throughout the entire world.
Infection TrajectoryCybercriminals that incorporate Filecoder randomware use various methods of getting the malware to victims' systems:
- Downloads from malware-laden websites
- E-mail attachments
- Trojan-downloader or backdoor
- Manual instillation (this hurts the most)
- Infection vectors
The Trojan is not stored as a file on the hard drive, but is ran in the memory of the computer.
There are other cases where the attacker manages to install Filecoder ransomware through Remote Desktop Protocal. The keylogger is infected and weak passwords enable the attacker to gain full access to the aimed machine.
This "break in" disables antivirus protection while installing malware onto the compromised desktop.
Sometimes manual installation is needed due to the fact that a number of variants call for "user interaction", to set the encryption password.
Encryption MethodsVarious encryption methods are used like:
- Blowfish - a keyed symmetrick block cypher
- AES - an encryption of electronic data based on the Rijndael cipher
- RSA - an algorithm for public-key cryptography based on factoring large integers
- TEA - a block cipher with implementation of a few lines of code
- Hard coded in binary numbering system
- Entered manually by command-line or dialog box
- Randomly created and sent to the machine
It is also equally important to backup your computer regularly, make sure all your anti-virus software is up-to-date and all setting preferences are correct.
Here is a good reference for cybersecurity: How FireEye has redefined cyberdefense on USATODAY.com: http://www.usatoday.com/videos/tech/2013/09/24/2861507/
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.
Filecoder: Holding your data to ransom - We Live Security
September 23, 2013