Antivirus

Everything you need to know about ransomware in 2019

Fabian Wosar makes a living ruining ransomware gangs’ days, and he has the hate-mail to prove it.“At one point, I managed to annoy a ransomware author so much that they literally renamed their ransomware in my name,” he says. “So they renamed their ransomware to ‘fabiansomware’, which is kind of really bizarre.” Wosar is the head…


Fabian Wosar makes a living ruining ransomware gangs’ days, and he has the hate-mail to prove it.

“At one point, I managed to annoy a ransomware author so much that they literally renamed their ransomware in my name,” he says. “So they renamed their ransomware to ‘fabiansomware’, which is kind of really bizarre.” 

Wosar is the head of research at IT security company Emsisoft, whose free ransomware decryption tools have been downloaded over a million times (1,144,351, to be exact, not including downloads from mirror sites). With the average ransomware writer demanding $522 (about £400, AU$750) to restore victims’ files, that’s a potential $597,351,222 (about £455,000,000, AU$833,000,000) kept out of the pockets of ransomware authors. Not bad for a 40-person company without an office.

“Emsisoft started out as a very, very small company with only two employees,” says Wosar. “When you try to get into the antivirus and antimalware field and you only have two people, there’s no way you can compete based on manpower with the big houses like Symantec and Kaspersky or Bitdefender, which all have thousands of employees.

Ransomware comment

Not all the comments Wosar receives are insults; some ransomware authors are impressed

“It was very evident from the very beginning that we just have to be more agile, that we need to make sure that all our internal processes have a lot less overhead and we also had to be a lot smarter about how we put our limited resources to good use. And this business mindset that was originally born as kind of a necessity soon became the core philosophy behind all our products.

Emsisoft has grown steadily over the last 15 years, with no outside investment. It’s still a lot smaller than many of its rivals, but that hasn’t stopped it competing with the security software giants.

“We started out very much as a very home user focused company,” Wosar says, “but we started moving into the business market in recent years, with growing success and we came to realise that home users and enterprises often have vastly different requirements and needs. Most traditional companies solve that by just throwing more resources at it, and often splitting the product line, having different products for different clienteles, but that’s something that we simply can’t do.

“So our philosophy of keeping things lean we now focus on making all these advanced enterprise-level protection features not only available to home users, but also to make them approachable and useful to them so they can actually understand them and know what is happening, and putting the user into power by making them a lot more accessible, which will become a lot more eminent with a couple of upcoming products that we are going to release in 2019 that I can’t tell much about. But that’s out focus now, just giving the power to the man.”

A brief history of ransomware

Wosar’s interest in security began when he was just 11. “I got infected by a virus called Tequila in the good old DOS days, and I just got kind of drawn in,” he says.

He first became interested in ransomware in 2012, when BleepingComputer founder Lawrence Abrams asked if he could help some forum users who’d fallen victim to the ACCDFISA (Anti Cyber Crime Department of Federal Internet Security Agency) virus – one of the first examples of file-encrypting ransomware.

“Ransomware first became big in the form of screen lockers,” Wosar explains. “Essentially you’re browsing the internet and suddenly a screen pops up locking your entire screen, telling you the FBI or GCHQ just saw you doing something naughty. Now you have to go to your local store and pick up a Paysafecard and type in the code to unlock your system. Because obviously the state would take Paysafecard, right?”

That is always kind of interesting, when people get so angry that they want to insult me so badly that they actually end up making their ransomware less secure in the process

Fabian Wosar, Emsisoft

It soon became common knowledge that screen lockers were relatively easy to remove (just restart the computer in Safe Mode and remove the infection), so the people behind them turned to file encryption instead. This is a much bigger issue, and one that Wosar has dedicated years to tackling – much to the annoyance of the criminals.

Wosar receives regular insults, and often finds them within the ransomware itself, which can have unintended consequences.

“There’s a certain kind of encryption called a block cipher that operates on blocks of data,” Wosar says. “When you think about it, if you don’t change your encryption from block to block, then even if you only have an encr

Read More

Be the first to write a comment.

Leave a Reply

Antivirus

Apps in the Microsoft Store caught illegally mining cryptocurrencies

A shocking new report by security firm Symantec alleges that at least eight apps on the Microsoft Store have been mining for cryptocurrency in the background after being downloaded.In a blog post describing the security threats, the apps, which include Fast-search Lite, Battery Optimizer, VPN Browsers+, Downloader for YouTube Videos, Clean Master+, FastTube, Findoo Browser…


A shocking new report by security firm Symantec alleges that at least eight apps on the Microsoft Store have been mining for cryptocurrency in the background after being downloaded.

In a blog post describing the security threats, the apps, which include Fast-search Lite, Battery Optimizer, VPN Browsers+, Downloader for YouTube Videos, Clean Master+, FastTube, Findoo Browser 2019 and Findoo Mobile & Desktop Search all engaging in ‘cryptojacking’.

  • The best antivirus software 2019
  • A closer look at Windows 10 S, Windows 10 on ARM and Windows 10 IoT
  • Microsoft’s Lite OS could run on almost any device

This means that unbeknownst to the users that download these apps, they secretly use the processors of the PC they are installed on to mine fo

Read More

Continue Reading
Antivirus

Google makes Chrome bug detection tool open-source

In its latest effort to aid developers in finding bugs in their software, Google has announced that its scalable fuzzing tool ClusterFuzz will now be open-source and available to all.The search giant has been using the tool internally for some years now and it has allowed developers to find over 16,000 bugs in Chrome.A few…


In its latest effort to aid developers in finding bugs in their software, Google has announced that its scalable fuzzing tool ClusterFuzz will now be open-source and available to all.

The search giant has been using the tool internally for some years now and it has allowed developers to find over 16,000 bugs in Chrome.

A few years ago, Google launched its OSS-Fuzz service which utilised ClusterFuzz, though it was only available to open-source projects.

  • EU to fund bug bounty program for top open-source software
  • HP launches bug bounty program for printers
  • Bitcoin bug exploited to print millions of Pigeoncoins

Fuzzing is a

Read More

Continue Reading
Antivirus

88% of UK businesses have been breached in 2018

Cyberattacks are growing in volume and the average number of breaches in the UK has increased according to Carbon Black’s second UK Threat Report.The endpoint security firm surveyed over 250 UK CIOs, CTOs and CISOs from organisations across a range of industries to compile its report which builds on its first survey conducted in August…


Cyberattacks are growing in volume and the average number of breaches in the UK has increased according to Carbon Black’s second UK Threat Report.

The endpoint security firm surveyed over 250 UK CIOs, CTOs and CISOs from organisations across a range of industries to compile its report which builds on its first survey conducted in August of last year.

Carbon Black found that 88 percent of UK organisations reported suffering a breach during the last 12 months with the average number of breaches per organisation over the past year reaching 3.67, up from 3.48 in its last report.

  • Over 59,000 data breaches reported in EU since GDPR
  • Remote working is

Read More

Continue Reading
Antivirus

Researchers exploit Intel SGX to hide malware

A team of researchers have discovered a way to run malicious code on systems with Intel chips in such a way that antivirus software is unable to detect it.When the chip giant released its Skylake processors back in 2015, the company included a new feature called Software Guard eXtensions (SGX) that allows developers to isolate…


A team of researchers have discovered a way to run malicious code on systems with Intel chips in such a way that antivirus software is unable to detect it.

When the chip giant released its Skylake processors back in 2015, the company included a new feature called Software Guard eXtensions (SGX) that allows developers to isolate applications inside secure enclaves. 

The enclaves operate within a hardware-isolated section of the CPU’s processing memory where applications can carry out operations dealing with sensitive details such as encryption keys, passwords, user data and more.

  • Intel launches neural network on a stick
  • Malware threats continue to rise and target IoT
  • Half a billion Android users downloaded malware from Play Store

Researchers Michael

Read More

Continue Reading