New Ransomware Hides inside Tor from SecurityAdded: Saturday, August 2nd, 2014
Category: Recent Headlines Involving File Sharing > Current Events
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2013, www.extratorrent.cc
According to security experts at Kaspersky Lab, a new strain of ransomware emerged. Dubbed “Onion”, the malware uses Tor to hide and to make it hard to track the hackers behind the campaign.
Ransomware is spreading across the globe. Another malware representative is a successor to the well-known Cryptolocker: when infected, it would scan your machine for important documents, particularly Microsoft Office files and pictures and encrypt them with a secret key to later demand payment from you.
The ransom the virus claims is high – normally several hundred dollars – and demanded in Bitcoin. However, many users did comply and paid up trying to retrieve their files. A few months ago, even a US police force had to pay a ransom of $1,338 to get their documents back.
As for Onion, it works in a similar way: once a machine is infected, it encrypts your files, just like Cryptolocker does. Then it initiates a countdown to warn you that you have only 3 days to pay up or lose your files forever. The difference between Cryptolocker and Onion (which researchers think originates from Russia) is in the way how it communicates with the “command and control” server which accepts the payment and, if the hackers decide to keep their word, releases the decryption codes.
Onion communicates using Tor – the anonymizing service encrypting communications known worldwide. The malware then bounces them via a series of relay nodes to cover its traces and hide where the connection originated. Onion so far only affects computers running Windows, but it is far not the first malicious software to use Tor to hide its trail. For instance, the banking malware Zeus, seen in the wild in the first half of 2013, was also using the anonymizing network.
Now security researchers at Kaspersky Lab admit that Tor has become a proven means of communication and is being widely used by other types of malware. They also point out that the Onion malware has some technical improvements on previous cases where Tor functions were used in similar campaigns. Apparently, hiding the command and control servers in Tor network largely complicates the search for the cybercriminals. In addition, using an unorthodox cryptographic scheme makes file decryption virtually impossible, even if the security experts manage to intercept traffic between the malware and the server.
These features make Onion a highly dangerous threat. The experts recognized the ransomware one of the most technologically advanced encryptors existing at the moment. In addition, the use of Tor leaves cybersecurity experts with fewer options for fighting the ransomware. While Cryptolocker could be halted temporarily by a concerted effort to take down the servers controlling it, Onion’s commands originate from a darkweb server, so it is impossible to trace them back to somewhere.
Kaspersky lab recommends everyone to make sure their antivirus software is regularly updated and keep regular backups in case Onion finds its way onto their PC.
Posted by: Date:
Saturday, August 2nd, 2014
|What difference would it make if your pc has anti malware software on it? I have an exception in my antivirus software to exclude areas from detection; typically the downloads folder where torrents are stored. How can I protect myself from this ransomware, while keeping my exclusions in place? Or should I delete all exclusions then deal with my antivirus software warning me every time I download a file?|
|posted by (2014-08-03 12:26:01)|
|Don't sweat it! just keep regular backups of your stuff !!|
|@Pympjuice I agree 100% with you.|
|TOR is not remotely secure.|
|posted by (2014-08-03 23:25:14)|
|Some confusing drivers what windows said to me made dark screen monitor while windows update trying to be screensaver until boot and while windows install too if searching reviews killing me thinking how windows are! and,Tor maybe can't get windows to encrypted and use dark web server to make windows work correctly online within making antivirus rules to turn off making freezes and finally,Linux with Ubuntu don't work for me if I don't erase amazon Why? online reviews said for fix so how maintain if Ubuntu drivers are like programs together and 2nd finally maybe Tor work for now in working just native Linux pc devises!|
|posted by (2014-08-04 00:39:07)|
|Tor is CIA/NSA. Same with cryptolocker malware,|
Because if it were not the same evil empire agencies would be on to them like a tone of bricks.
|linux based OS is the way to go... i gave up on micro$oft a long time ago...|
|Linux Live and a USB Drive is pretty good, but I think all these things are being created to discredit Tor, make it seem like the bad guy in all of this. All you need to do is plant the seed of doubt and watch it grow, plus the black ops people earn a bit of money for their time.||
Most Popular Stories