(테크놀로지) 피해자에게 몸값 요구하는 악성코드 랜섬웨어(ransomware)에 대한 경고

출처: http://www.bbc.com/news/technology-35916425

밝은 하늘: 랜섬웨어(ransomware)는 일종의 악성코드로, 여기에 감염되면 몸값 요구 악성코드가 사용자의 파일을 암호화 한다음, 사용자가 악성코드를 보낸 자에게 돈(ransom/몸값)을 보내면, 암호를 해제하여 사용자가 그 파일을 다시 사용할 수 있게 해주는 악성코드 인 것으로 보인다.

Warning over 'nasty' ransomware strain 피해자에게 몸값 요구하는 악성코드 랜섬웨어(ransomware)에 대한 경고 (nasty: 끔찍한) (ransom: 몸값, ware: malware의 약자로 악성코드임) (strain: 부담, 중압, 압박)

• 29 March 2016
 
• From the sectionTechnology

Image captionThe Petya ransomware makes a computer unusable until a ransom is paid

The FBI is seeking help from US firms as it investigates a nasty strain of ransomware, Reuters reports.

Ransomware encrypts data on infected machines and then asks for money before restoring access to information.

The FBI is analysing a strain of ransomware called MSIL/Samas that tries to encrypt data across entire networks rather than single computers.

The plea comes as security firms warn about other novel strains of the fast-growing, data-scrambling cyber-threats.

Bulk discount

The FBI sent out the request for help after discovering that the group behind MSIL/Samas had stepped up its efforts to find victims.

In the confidential advisory obtained by Reuters, the FBI said the group used a publicly available security program called Jexboss to scan networks looking for vulnerable versions of the widely used JBoss software.

When a vulnerable system is found, the malware launches an attack that seeks to scramble data on servers. It also finds and deletes the back-up files firms could use to restore data scrambled by ransomware.

Cisco said it had seen a "widespread campaign" using Samas targeting firms involved in healthcare. Early versions of the malware charged a ransom of one bitcoin (£300) for every machine hit but later versions upped this to 1.5 bitcoins.

Image captionMany hospitals in the US have been hit by ransomware infections

"It is likely the malware author is trying to see how much people will pay for their files," wrote Cisco security analyst Nick Biasini in an advisory. "They even added an option for bulk decryption of 22 bitcoin (£6,600) to decrypt all infected systems."

The FBI's request for aid comes as security firms warn about recently created ransomware variants that use different methods to lock up systems and force victims to pay.

The Petya malware targets a key Windows system file called the Master Boot Record that helps a PC get started. By overwriting this file, people are prevented from getting at any data on their PC unless they pay up.

Trend Micro said it had seen Petya distributed in email messages crafted to look like they are from someone looking for work. The CV attached to the message is a booby-trapped program that launches Petya, said Trend security engineer Jasen Sumalapao in a blogpost. Petya charges a ransom of 0.9 bitcoins (£265) to unlock infected machines.

Security firm Carbon Black has found another novel strain that goes after many firms that use Windows PowerShell - a scripting program widely used to administer machines running Windows.

Dubbed PowerWare, this strain hides malicious code in Word documents and calls on PowerShell to execute the attack code when the booby-trapped files are opened.

"Deceptively simple in code, 'PowerWare' is a novel approach to ransomware, reflecting a growing trend of malware authors thinking outside the box in delivering ransomware," said Rico Valdez from Carbon Black.