Onion ransomware on way…. serious data security issue with knock on privacy concerns

July 29, 2014 |

Ransomware is a particularly nasty tool in the hackers bag of tricks.  Once security has been breached the hackers use Onion ransomware to encrypt files on a device attached to a network and then demands a ransom.  And it is on the way according to The Australian’s Onion ransomware could take root here.  The usual route into a network is through a phishing attack.  Hence all the more reason for staff to receive proper privacy training and to develop proper programs and protocols in handling email communications and oral enquiries.  In my experience it remains hand slapped to forehead depressing how inadequate training in basic privacy protocols are and when businesses actually do some privacy training it is done as a one off event.  No repeat for, say, new staff or refreshers to deal with new systems.  And then businesses wonder how there is a breach a month or year down the track.  The Privacy Commissioner’s guidelines on data security makes it clear that training and policies are an important feature of complying with the Australian Privacy Principles.

The move by some cyber crooks into the world of extortion and blackmail should be taken extremely seriously.  Nokia reportedly paid several million euros to get back a stolen encrytion key in 2007 while €30,000 was demanded from Dominos when hackers stole 600,000 customer details.   Most recently the European central bank website was hacked by an extortionist who stole 20,000 email addresses and contact data.  In that case the Bank didn’t even know of the data breach until it was contacted by the villiain. That highlights a lack of internal security processes.  It may be difficult to stop a data breach on all occasions but a large organisation should have regular checks, sweeps and reviews in place to detect an intrusion and take remedial action.  Interestingly the European Central Bank said it had most of its data encrypted except for the database containing email addresses, street addresses and contact numbers of individual.  A significant lapse if there ever was one.

The article provides:

A NEW wave of sophisticated ransomware that encrypted files across computer networks and rendered them unreadable was expected to spread to Australia, antivirus firms said yesterday.

Written in the Russian language, the new “Onion” ransomware acts like Kryptolocker, which devastated business and private computer networks last year, including some in Australia.

After infection, the ransomware encrypts all files on devices attached to a network, such as PCs, network storage and backup devices. It typically offers victims 72 hours to pay a ransom in the cryptocurrency Bitcoin, and threatens to destroy decryption keys if no money is received.

Last year network security firms such as Check Point Software Technologies had partial success in disabling command centre communication between CryptoLocker and the criminals’ server that is necessary before encryption occurs.

But it seems the perpetrators have learnt from this perceived weakness and are using the anonymous Tor network to hide their server locations. This involved wrapping communications in layers and sending them via a series of random servers. The layers are unravelled like an onion skin.

Antivirus firms Kaspersky and Symantec have warned it is inevitable the ransomware will emerge in Australia.

“I would expect to see infections here,” Symantec senior principal systems engineer Nick Savvides said. He said criminals had replaced the 256-bit RSA-­encryption in Kryptolocker with stronger elliptic curve crypto­graphy.

Kaspersky Lab said the latest samples of the malware sup­ported a Russian-language interface. This, along with a number of strings inside the body of the Trojan, suggested the malware writers spoke Russian.

Onion ransomware has been detected in former Soviet states, Germany, Bulgaria, Israel, the United Arab Emirates and Libya.

Ransomware typically infiltrates computer systems through phishing exploits, but in June, Cisco Systems nominated infected advertising on Facebook, Altervista, eBay and The Guardian web site as sources. The best antidote is backups stored offline.

One Response to “Onion ransomware on way…. serious data security issue with knock on privacy concerns”

  1. Onion ransomware on way…. serious data security issue with knock on privacy concerns | Australian Law Blogs

    […] Onion ransomware on way…. serious data security issue with knock on privacy concerns […]

Leave a Reply