Security researcher opens up on ransomware

By Balamurugan Selvaraj Published on May 23, 2017 04:51 PM IST

In recent days, the word ransomware has become the most dreaded one in the Internet world. It is not just because of WannaCry alone but because of the havoc created by other ransomware, including Jaff, spora, etc., which went unnoticed.

Many believe that Microsoft alone was vulnerable to ransomware attack. But in this cyber world, nothing is safe.

The security flaws in new inventions and discoveries have left loopholes for attackers which they use to control files and actions of computers. These loopholes, commonly called vulnerabilities, often get patched by the manufacturer, after the ransomware or malware attack.

Here, the problem is not alone with manufacturers but with users, too, who overlook the patches and avoid upgradation.

Last week, XData, a new variant of ransomware was spoted in cyberspace under the twitter handle, MalwareHunter.

Security researchers are analysing the malware to find its root cause of infection. As per reports, XData has been rapidly spreading across the states of Ukraine, Russia and Germany.

Similar to other ransomwares, XData uses AES encryption to lock the files. As soon as it locks, it changes the extension to ~xdata~. And the process behind the distribution is still unknown.

To find an in-depth view on ransomwares, News Today asked some questions to a security researcher, the person behind the twitter handle @PolarToffee, a malware researcher from overseas. Excerpts from his interview:

How does XData infect a system?

Currently, we don't know. In general, most ransomware does the same kind of things, such as deleting shadow copies, encrypting files. XData seems to be no different.

Is it a new variant in ransomware category?

Well, it is a new variant as in we haven't seen this specific ransomware before.

What is the reason behind large number of ransomware attacks?

Such attacks have been happening for a few years now. It sucks, but hopefully, it encourages people to be more secure. You can limit the damage that ransomware can cause by doing Windows updates, installing a decent AV and making reliable multiple backups.

Most people tend to avoid updates. What is your opinion on this?

I would link them to what happened with WannaCry. By not installing updates, they risk people possibly getting access to their system.