One of the biggest issues in security is not the number of bad guys out there or the number of zero day exploits that exist in the wild. Sadly it is that far too many companies and people do not update their devices and software. Now I know that it is a pain to run updates on every device you own, but in most cases these updates are important. This is the case we find with the recent brouhaha over a version of cryptolocker (SynoLocker) that appears to target Synology NAS devices with an older (and unpatched) version of Disk Station Manager (DSM).
Remember when we told you about the first ransomware for Android? No? Oh ok so let’s give you a quick background. Not that long ago some enterprising person came up with a way to use the locking portion of Find my iPhone to lock a number of iPhones in Australia. This started a number of rumors about the spread of this new threat to the iPhone including one that claimed iCloud had been hacked. In the end the number of locked phones was much smaller than reported and the users were able to get their phones back without paying out the relatively small ransom.
Imagine opening up a webpage when suddenly you see a notice saying all of your files have been locked. You have a limited amount of time to send a ransom or you will lose all of your data. This is what many people faced when the CryptoLocker Malware hit the PC world by surprise. Even now with many command and control servers down this threat still looms out there. Now imagine that instead of your PC it was your phone. The number of people that actually backup their phones in any real way is very small. A bit of malware like this could be disastrous to some.
Malware is a nasty thing that touches every corner of the consumer electronics market. No matter what type of device you have someone, somewhere will find a way to write malware to compromise it. Over the last two weeks there has been a resurgence of a very nasty bit of Malware called CryptoLocker. This malware sneaks in through poisoned websites or emails (typically in a .zip file) using multiple flaws in Java. Once in it reaches out and encrypts every Microsoft office file it can see including on shared drives. There is no real cure for this one and you end up losing data and time as you reload your computer.