Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Kaspersky AntiRansomware for Business beta- Part 1
Message
<blockquote data-quote="cruelsister" data-source="post: 547260" data-attributes="member: 7463"><p>I think it is well past the point that ransomware should be divided into some sort of categories, depending on who codes it and how it is used. Most broadly:</p><p></p><p>1). Stuff done by Script Kiddies- these are usually reverse-engineered from existing ransomware and can be distinguished pretty ransom overlays as well as a decryptor being almost immediately available. There will be limited distribution.</p><p>2). Stuff from Blackhats who sell packages on the DarkWeb to wanna-be criminals. Once again, limited distribution, fast decryption, and may or may not have and actual Command Server.</p><p>3). The most interesting- beta builds of novel ransomware released in order to see if the mechanism of attack is successful. They may or may not ever go into production.</p><p>4). The real thing- coded and controlled by those who know what they are doing, both the malware itself as well as any command server will change a number of times daily. Worse, the distribution channel can be massive including (but not restricted to) Mail bombers and maladvertising. There will be no decryption for these, and if one is actually made a new ransomware version will be coded to patch the flaw. Cerber3 and newer Locky comes to mind here.</p><p></p><p>Don't get me wrong- one can be infected by 1-3, but the probability will be a great deal lower and the effects potentially less devastating than an infection with category 4 ransomware.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 547260, member: 7463"] I think it is well past the point that ransomware should be divided into some sort of categories, depending on who codes it and how it is used. Most broadly: 1). Stuff done by Script Kiddies- these are usually reverse-engineered from existing ransomware and can be distinguished pretty ransom overlays as well as a decryptor being almost immediately available. There will be limited distribution. 2). Stuff from Blackhats who sell packages on the DarkWeb to wanna-be criminals. Once again, limited distribution, fast decryption, and may or may not have and actual Command Server. 3). The most interesting- beta builds of novel ransomware released in order to see if the mechanism of attack is successful. They may or may not ever go into production. 4). The real thing- coded and controlled by those who know what they are doing, both the malware itself as well as any command server will change a number of times daily. Worse, the distribution channel can be massive including (but not restricted to) Mail bombers and maladvertising. There will be no decryption for these, and if one is actually made a new ransomware version will be coded to patch the flaw. Cerber3 and newer Locky comes to mind here. Don't get me wrong- one can be infected by 1-3, but the probability will be a great deal lower and the effects potentially less devastating than an infection with category 4 ransomware. [/QUOTE]
Insert quotes…
Verification
Post reply
Top