Threat of the month: Ukash ransomware

Share this article:
What is it?
What makes this threat unique is the effective use of localization and the impersonation of a law enforcement body. It highjacks the computer and holds it hostage for payment.

How does it work?
The malware is a PE file distributed via email or downloaded by other malware. It replaces the Explorer.exe file on the system and blocks GUI access to the file system and taskbar. A graphic is presented claiming the computer has been used to commit an act of terrorism. A demand for payment is levied in the form of a fine.

Should I be worried?
This attack vector is working throughout Europe. The bug removes the original Explorer.exe file, but doesn't target data. Recovery is possible by restoring the original Explorer.exe file via the command line and deleting the malware executable.

How can I prevent it?
Awareness goes a long way. Plus, performing regular backups will limit the impact if data is targeted.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Research

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in Research

2014 audit and compliance ebook

2014 audit and compliance ebook

We explore the landscape today with which security teams must contend and compile a number of best practices and strategies you can apply to protect your company.

2014 eBook on Encryption

2014 eBook on Encryption

The experts we spoke to for this new ebook agree that when deciding what data must be encrypted, it's a question of classifying it by level of importance.

PCI 2014: From compliance to security

PCI 2014: From compliance to security

The consensus from our panel of experts is that PCI DSS should be just one item on a far broader effort to integrate data security into enterprise risk management.