Antiviruses may need updating to help prevent ransomware from taking over PCs, security researchers say.
Key points:Antivirus company iScan claims ransomware was able to steal personal information from more than 30,000 PCs in a matter of daysIt says it has tested the software and it is likely to have vulnerabilitiesKey points:- iScan says it had detected the malware from more then 30,038 PCs in the past 12 months, with the majority of infections happening from March to June.
Its not known how widespread the infection was but it was detected in more than 2.3 million devices.
The company says it believes the ransomware was targeting a Windows 10 Mobile device, but has not yet confirmed that.- Affected PCs were sold in Australia, Canada, Europe, the United States, and South Africa.
The ransomware, which was not named in the report, was designed to take control of computers using a process called “crypto-linking”, which encrypts the files on the victim’s hard drive, making it easier to steal them.
Users of popular anti-virus software were not affected by the ransomware, iScan said.
It said the ransomware could be used to steal passwords, email, social security numbers, bank details, and other personal information, as well as financial data.
iScan also said it could be downloaded from the web and installed onto infected machines.
In Australia, a number of the affected PCs were purchased by Australians.
“The main problem we found was the ability to take advantage of this ransomware to steal the computer credentials,” iScan’s chief executive officer, Mike Smith, said.
“We did find some instances where a device was being used to download this malware.”
It is extremely likely that there are additional instances that we will be looking at and there are likely more vulnerabilities that need to get addressed.
“As we have been working on this for a few months, we are very confident that we have detected and identified these issues and we have mitigated those in the meantime.”
It has not been possible to independently verify whether the malware was used by people, but iScan suggested it might be, and warned users to use anti-malware software.
“While it may appear to some that we are not tracking these devices, we have confirmed that many devices are being used for this malicious activity,” Mr Smith said.
Affected users can find out whether their devices have been affected by ransomware by checking their system log files or by using iScans security alert tool.
“There are a number, many, of malware types that are circulating that are being designed to target devices,” Mr Thompson said.
He said he believed the ransomware may be targeted to people who had used computers for more than three years.
“This could be a device that you have been using for a long time and now you are no longer using that, but we do believe that if you are still using that device then we have a very high likelihood of finding a lot of this,” he said.
The report by iScan, which provides antivirus solutions for businesses, healthcare organisations and universities, was released ahead of the RSA Security Conference in Sydney on Monday.
It comes after security researchers at Palo Alto Networks and Trend Micro found ransomware was being actively exploited by criminals, including in a number-two market: the US military.
The researchers said they were able to detect ransomware being used by cybercriminals to collect money.
“In some cases, the malware has been found on military computers, as seen in the examples below,” the report said.
One example of a military computer infected by ransomware was a $500,000 military vehicle, the report noted.
Another example involved a $4,000,000 US$10,000 BMW vehicle, it added.
A third example involved $3,000 and $1,200,000 worth of a car, the analysis said.iScan said it did not identify any victims.
“I believe this is just a small number of cases, and I do not know if there are more cases that are still active,” Mr Brown said.
Mr Thompson said it was important for companies to monitor their systems and pay attention to possible attacks.
“Our recommendations are to install antivirus, update all your software and be very vigilant,” he added.
“And be vigilant about what you download from the internet and the sites you visit.”
Awareness of your software is absolutely critical to preventing any malware.