August 2, 2016
Muscat: Ransomware, a computer malware that holds your electronic device and files to ransom, which are released only after a payment, has been found on some Omani computers.
Initially found on Russian computers, the estimated $34 million industry of ransomware has created global havoc today, affecting computers and electronic devices, such as mobile phones.
The malware simply launches a cryptovirus attack on a computer and locks it, encrypting files, denying access to the user and showcases a message demanding ransom in order to access it again. The strong encryption of this malware makes it nearly impossible for the user to access the system without meeting the demands of the hacker, which in turn doesn’t guarantee access as more payment maybe demanded and continuous harassment of the victim becomes possible. To dodge law enforcement radars, the payment is demanded in bitcoins, which unlike a currency is hard to trace to an individual account.
Situation in Oman
Although world-class internet service providers have proactively defended users in Oman, blocking malicious websites and other threats, some users using VPN and low safety rated proxy sites in order to get around the ISP blockade to access particular websites, remain vulnerable.
While most large organisations house strong IT security systems, most small enterprises and individual users lack such infrastructure and are therefore susceptible to such threats. Due to the high security levels created by internet service providers in Oman, most malicious websites are blocked and therefore there is a very high usage of VPNs to be noted in Oman to access these sites according to Rakesh Salian, Research and Development Manager at Ingenuity Technologies.
Where VPNs themselves are not the root cause of malware infection, their misuse is what leads to trouble. An office user tunnelling their way past an ISP to access an offshore company website is not susceptible to it, but accessing a dangerous low security level website may just be asking for trouble.
“Largely commercial and governmental institutes have employed various technologies to defend themselves against threats and are carrying out periodic checks and audits to ensure a clean environment in their infrastructure. Individuals and small organisations do not take these matters seriously and have known to not even have a basic level of software, such as an antivirus, firewall in place and download tools/services that allow them access the complete internet, which ends in having tonnes of viruses and malware becoming installed in the system,” Salian explained.
Data from the Oman National Computer Emergency Readiness Team (OCERT) has conspicuously highlighted the amount of malicious content moving around the Omani networks. In 2015 alone, CERT discovered nearly 6,000 serious cyber security attacks and successfully handled all of them. They also found 298 damaging malware.
How does it spread?
It spreads mainly through malicious emails with bogus attachments, links to a bank website or those claiming to be law enforcement organisations. Recently, malware affected emails were sent out bearing the logo of the Royal Oman Police (ROP) demanding money in order to decrypt files. Other methods of infection are malicious websites, cracks and pirated software. It can be misused by nearly anyone with a good knowledge of encryption data and coding, whether in or out of Oman.
There are two types of ransomware infamously spreading across the internet. “Locky,” a ransomware sent mostly by email attachments. It encrypts the files and renames them with the extension of “.locky.” The “CTB Locker” is another well known ransomware whose presence had been fading until recently when it was discovered targeting website files. There are several others.
After the device is infected
The malware encrypts all the data in the system followed by a lockdown asking for a ransom. The system also shows a live feed from a webcam indicating the extent of the takeover. The intensity of damage by the malware cannot be easily determined as ransomware has variably evolved with a different digital footprint every time.
Victims of this malware are advised to restrain from any financial transactions with the attackers and instead call the ROP or the OCERT on their hotline number: +968 2416 6828