Ransomware is not only a real thing, it's a real pain in the tuchus. I point this out because I recently had a conversation with someone who, up until a recent ransomware breakout at her place of employment, thought it was a made up concept that only happens on TV. To the contrary, ransomware is a growing threat, and a new strain called zCrypt has caught the attention of Microsoft.
"We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. This ransom leverages removable and network drives to propagate itself and affect more users. We detect this ransomware as Ransom:Win32/ZCryptor.A," Microsoft stated in its Threat Research & Response blog.
Credit for bringing attention to the new strain goes to a security researcher named Jack. On his blog MalwareForMe, Jack explains that zCrypt uses a command and control server to check-in infected bots and also to pass the encryption key from the server to the infected machine. It also uses a bit of trickery to distract the user while it works in the background.
"When executed, the malware creates a pop-up that appears to be benign-- likely to confuse a user while the malware talks to the command and control server and begins the encryption routine. The pop-up will continue to appear while the malware is running," Jack explains.
There are two primary ways zCrypt spreads. One is through fake installers such as a Flash Player setup, and the other is through email spam. In other words, it's easily avoidable with a little PC savvy, unfortunately there are many people out there that still click on suspicious links, be it in email or through their daily travels on the web.
Those affected by the ransomware will receive a note in a dropped HTML file. The note explains what happen, the ransom payment being demanded (typically 1.2 Bitcoins, or $500), and how long they have to comply before the encryption key is lost forever.
Ransomware itself isn't new, but according to the FBI, law enforcement saw an increase in ransomware attacks in 2015, particularly against organizations due to the potential for big paydays.
"If the first three months of this year are any indication, the number of ransomware incidents—and the ensuing damage they cause—will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance," the FBI warned in late April of this year.