Ransomware Shadow

 




What is Shadow?

Shadow is known as a new variant of a high-risk ransomware, BTCWare, discovered by Michael Gillespie. It infiltrate the network and encrypts most of the stored files. After that, it appends the filenames with its extensions. Once the encryption happens, Shadow opens a pop-up window with a ransom demand message. 

The type of cryptography used by Shadow is unknown. The popped-up ransom message informs the victims about current situation and asks them to a pay a ransom in Bitcoins or Dollars, to restore the encrypted files. They also provide an email address to contact the Shadow's developers. 

However, sending money to cybercriminals simply encourage their malicious activities. They often ignore their victims and there is a high chance that files will not be decrypted even after the reception of the said ransom. Unfortunately, files encrypted by Shadow cannot be restored with the present tools as of now. The only way to restore everything is via backup. 

Note- The backup file must be stored in a remote server (like Cloud) or in an external storage, otherwise the ransomware might infect the backup as well.

How does it works?

Threat actors spreads ransomware via spam emails, unofficial software download sources networks, fake software updaters, and trojans. These files contains infectious attachments in the format of JavaScript files or MS Office documents. When these attachments are opened, they automatically download and install the malware in the system. 

Hence, the cybercriminals tricks the users into downloading and installing the malware. Fake software update tools exploits the bugs or flaws of an outdated software and corrupt the system. Trojans are the simplest, as they simply open "backdoors" for malware to infiltrate the system. 

How to protect against these ransomwares?

Lack of knowledge and mishandling of the system is the key cause of computer infections. Hence, one should be very cautious while browsing the internet and follow following instructions for safety:
  1. Don't open attachments from suspicious email addresses and delete them without reading.
  2. Download applications from official sources only.
  3. Stay up-to-date and use legitimate antivirus or antispyware suite. 
  4. Store backup in a remote server or an external storage. 
  5. Train regularly to handle these situations. 
  6. Update and maintain the backups regularly.



























































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)