If You Use Yahoo, You Could Be The Target Of Ransomware

Yahoo logo

The threat of Cryptolocker style malware has been around for months, but evolving threats continue to emerge. Copycats and other forms of ransomware are being churned out due to the ease of production and the immediate benefits. As Ken Westin reports for State of Security, the latest variant of Cryptolocker is being spread through Yahoo messenger.

The malware was first spotted in Asia where it victimized a number of financial institutions. The nature of this ransomware allows it to spread quickly, however. Much like a malicious email that infects one computer, then emails itself to every contact in a user’s address book, this malware infects a computer and then sends a malicious file to contacts through Yahoo messenger.

First, you receive a message from a contact on Messenger. It appears to be an image file called “YOURS.JPG” but the actual extension is .exe. With some clever social engineering, users are coaxed to download and open the file. Once opened, the malware goes to work adding files to your system and injecting code into memory. Eventually, the malware begins encrypting files and locking down your computer.

Users are presented an alert that their files are encrypted and given a ransom note that demands payment to unlock their computer. New encryption keys are used in each attack, making decryption particularly difficult, if not impossible. While you deal with the encryption of your files, the malware spreads itself to new victims by sending the malicious file to your contacts.

As with other forms of ransomware, the best protection is to avoid infection. Even trusted contacts can send you malicious files. Even if you’re expecting a file to be sent to you over email or instant messaging, be sure to check it thoroughly before opening.

If your computer is infected with any type of malware, contact Geek Rescue at 918-369-4335.

January 28th, 2014