Kaspersky Lab, the maker of the popular Windows anti-virus Kaspersky, has identified a potential virus/malware which is ‘ransomware’ and is spreading quickly, named Onion. You might ask what is a ransomware. Well, as the name suggests, it is a program which ‘abducts’ your personal and/or important files and then asks for a payment to release those. If you don’t comply, your documents, which might be sensitive, are killed, err… deleted beyond recovery. This might include your financial details, your academic records, some potentially personal and private images or videos. You will agree to pay for those, won’t you?
Those who are already aware of ransomwares might ask, why is this one different from any other ransomware? It is, because it uses TOR to hide its traces. TOR is a network which hides a user on the internet by using random-relay technique (a detailed explanation of how TOR works is provided on their site). As a result of this, you, your police force or even your cyber crime expert won’t be able to track those hackers who are beyond their league. This isn’t the first malware to use this sneaky method. Zeus, the fraudulent malware which hit us during the beginning of year 2013 used this exact same technique to hide itself.
The list of victims is growing rapidly. The demand is a few hundred dollars. Even one USA police force ended up paying $1338 to recover some of their files. Doesn’t make us feel very safe, does it? The payments are -of course some clever ones have guessed it- made via Bitcoin, the internet’s version of token currency. So no, tracing their bank accounts isn’t possible either. Once your PC is affected, you generally lose access to your files and you are given 3 days to pay or to lose everything.
Cracking down on them -the hackers who are supposedly Russian- like every other 1980s American films, is difficult on many counts. Firstly, Onion does a better job of exploiting the TOR to hide itself than Zeus did. Hiding the command and control centers are done so efficiently that it is next to impossible to guess where they are. But even if I were to be an expert and help to track the servers down (could you feel the intended pun?), it might not be so easy to decrypt the intercepted message if the encryption method is unconventional. If any reader knows what is Elliptic Curve Diffie-Hellman (ECDH) cryptography, they will understand that it is the most difficult cryptography to ever evolve.
After guiding people on online safety for a few years now, here’s my two cents on this issue:
- STOP CLICKING NEXT-NEXT-NEXT ON YOUR WINDOWS PC. Know what you are doing, read, and understand.
- Firefox and Chrome users, please install Web of Trust (WOT), which should ideally keep you safer online.
- Kaspersky Lab claims their anti-virus keeps back up of your files regularly so you might give it a try as well.
- And finally, try using an online storage or cloud storage back-up all your files. I recommend using Google Drive or Copy.com or Yandex Disk.
Mac users and Linux users might feel safer at this moment as this virus is working only in Windows PC. Thank God I use Linux everywhere. I wouldn’t want to lose the meagre payments I receive from here and there just to get my files back.