1714

Ransomware activities has notably gained attention since approx. 2012 and it's use has grown internationally.  Some of the more well documented ransomware exploits known are as:

Reveton
CryptoLocker
CryptoLocker.F and TorrentLocker
CryptoWall
Fusob
WannaCry
Petya
Bad Rabbit

Hence, due to an ever increasing popularity of Ransomware, this article released is to provide an information summary regarding what is Ransomware and any potential impact for consideration when it relates to SecureDoc Software.

What is Ransomware:
Ransomware is essentially a malicious type of software based on cryptovirology which is intended to threaten to publish a victim's data or perpetually block access to it unless a ransom is paid. Depending on the ransomware method used, some may lock the system from access while others may use more advanced malware technique called cryptoviral extortion, in which will attempt to encrypt the victim's data, making them inaccessible followed by a demand for a ransom payment to decrypt them.

Cryptoviral extortion occurs based on the following 3 step protocol between the attacker and victim:

attacker→victim
The attacker generates a key pair and places the corresponding public key in the malware. The malware is released.

victim→attacker
To carry out the cryptoviral extortion attack, the malware generates a random symmetric key and encrypts the victim's data with it. It uses the public key in the malware to encrypt the symmetric key. This is known as hybrid encryption and it results in a small asymmetric ciphertext as well as the symmetric ciphertext of the victim's data. It zeroizes the symmetric key and the original plaintext data to prevent recovery. It puts up a message to the user that includes the asymmetric ciphertext and how to pay the ransom. The victim sends the asymmetric ciphertext and e-money to the attacker.

attacker→victim
Once the attacker receives the payment, they will decipher the asymmetric ciphertext with the attacker's private key, and then sends the symmetric key back to the victim. The victim is then able to decipher the encrypted data with the needed symmetric key.

How does SecureDoc protect me from Ransonware?
WinMagic’s disk encryption products are not intended to offer protection for malware or ransomware infection, and do not protect users from such attacks. WinMagic’s file encryption features do however protect our customers from data exfiltration by unauthorized users.
Due to the real-time nature of modern malware, any favorable results after testing WinMagic full disk encryption product protection against particular variants of ransomware is likely to lead to a false sense of security, and we encourage our customers to seek assistance from dedicated anti-malware vendors when assessing their risk of infection, exfiltration, and compromise.