Keeping up with Ransomware!

“Barely a year ago, ransomware was a concerning trend on the rise. Now, ransomware is a fully established business model and a reliable profit engine for cybercriminals, as threat actors involved treat it as a legitimate industry by selling information, tools and resources to peers based all around the world,”
— Rohyt Belani, CEO & Co-Founder, PhishMe.

Bantu Tech is committed to ensuring that our readers stay up to date with the trends in Ransomware and protecting your data.  Currently, there well over 120 separate ransomware families, and we’ve seen a 3,500% increase in cybercriminal internet infrastructure for launching attacks since the beginning of this year.  For the all threats listed below, Bantu Tech still actively recommends backup solutions as the strongest way to combat Ransomware.

Satana Ransomware

It's the second ransomware threat after Petya that leaves computers unable to boot into the OS. Santana has been very active in 2016 and is designed to attack the  Master Boot Record. Satana or Satan arrived in July and is a Windows® OS-specific twist on Petya, which appeared in May. Petya replaces the infected computer’s Master Boot Record (MBR) to launch its own bootloader, which then encrypts the system’s Master File Table. (The MFT holds information on all other files like their names, sizes and hard disk sectors.) It begins by encrypting specific file extensions, then waits for a system reboot to replace the MBR and store an encrypted version of the original MBR on the chance that the ransom is paid. After rebooting, the user sees a ransom screen that asks 0.5 bitcoin, around £237 to release their PC. Satana uses a combination of both traditional file encryption and boot record encryption.


Bantu Tech does not recommend paying any ransoms due to the fact malware such as Ranscam ecists. Ranscam destroys data regardless of paying the ransom making it a very dangerous malware. It was unearthed by Cisco’s Talos Research Unit. It behaves like a crypto ransomware by appearing to encrypt files and then demanding ransom for their return. In actuality, it does not encrypt the files, but destroys them instead. Ranscam malware is a strong reminder that paying the ransom does not guarantee having your files returned. Talos also added that the Ranscam malware indicates the presence of less sophisticated and less well-funded criminals taking advantage of ransomware-style malware.


$39 USD lifetime licenses and random files deleted if you don’t pay in time? Ransomware-as-a-Service (RaaS) is alive and well. According to an Infosecurity article, a new, inexpensive ransomware called Stampado is available. Stampado is similar to CryptoLocker in functionality but includes some interesting twists, such as not needing administrator privileges to infect computers. It also gives victims up to 96 hours to pay, after which it further incentivizes payment by deleting a random file every six hours. 


To bully you into paying, PowerWare has a similar behaviour to the infamous Locky ransomware. A new version of the PowerWare ransomware is borrowing from Locky by using the ".locky" file extension to encrypt files, according to Palo Alto Networks’ Unit 42. This demonstrates how ransomware is evolving its tactics.  It also uses Locky’s ransom note and the same wording as Locky’s Help instructions. In this way, PowerWare makes the victim believes they have a much more sophisticated infection, when PowerWare may be defeated.

 For more information and monthly Ransomware updates, check out the WEBROOT Blog for more information.

For more information and monthly Ransomware updates, check out the WEBROOT Blog for more information.