A new ransomware that targets computers in countries that have been hit by cyber-attacks could have the potential to take over a whole nation.
The cyber-weapon is named ‘D-Link,’ and it is a Trojan that encrypts files and sends them to other servers.
According to a report by security firm Sophos, D-Link has been in use in China for a long time and is believed to be around for at least three years.
However, the ransomware has been known to target multiple countries in the past, and it has a history of infecting machines on Windows systems.
It has been reported to be able to infect servers in Australia, France, Italy, Germany, Japan, Russia, Singapore, Spain, Turkey and the United Kingdom.
Sophos says that D-Lite is a variant of a ransomware known as DLL, and that it is likely to be similar to ransomware called DLL-L, which has been around for around a year and a half.
“D-Lites variants can be deployed in a number of ways, including by remote code execution and by taking over systems by injecting code directly into them,” it said in a statement.
What is D-LL?
DLL stands for DLL encryption module, which means it encrypts a file by encrypting it and then sending it to a remote server.
When a victim clicks on a link, the file will be encrypted and sent to a server where the file is encrypted and encrypted again.
A DLL encrypts its data in such a way that it leaves behind nothing of its original contents.
This means it is able to encrypt the data and send it to an unknown remote server for the victim to retrieve.
What are DLL variants?
D-Links variants are also known as CryptoLite, CryptoLit and CryptoLuxe.
D-LS has been found on systems in France, France (including the Paris metropolitan area), Italy, Poland, Spain and Turkey.
On January 25, 2017, malware researcher and researcher at Malwarebytes, Jonathan Zdziarski, revealed that DLL had been found in the same area.
‘DLL variants can also be deployed on machines in France (in particular Lyon) and the French capital (in Lyon and Paris) by remote malware injection.’
The variant of the malware we observed was a variant dubbed CryptoLiz, which was detected on a machine in Paris and Lyon, along with another variant called D-ls.
CryptoLiz was first spotted in February 2017.
Researchers have since traced the infection back to a computer in Lyon that was being used to access the DLL variant on multiple machines, and have confirmed that the infected machine is still operational.
Why is DLL a threat?
The cyber-virus is believed by some to have been used by the Russian government to steal US government data.
In 2017, a Russian hacker called ‘Kaspersky Lab’ revealed a large group of DLLs that had been deployed by the US government and other organisations, including the Pentagon, CIA and US military.
But the ransomware is likely much more sophisticated than the Russian malware, and is able to encrypt data and transmit it via the Tor network.
How does it work?
The ransomware encrypts the files with an encryption key and then sends them via Tor to the infected system.
Once the encrypted files are on the victim system, the ransomware will encrypt the file and send the encrypted file to the remote server to decrypt it.
After the encrypted data is decrypted, the system will return to the original file, which is still encrypted, and the victim can get back to it by clicking on the encrypted link.
If the victim clicks the link again, the encrypted version of the file will be returned to the server, which will send it to a server in the attacker’s country.
For this reason, this ransomware can potentially take over the entire nation.
How to protect yourself from ransomware?
In general, it is best to be on the lookout for the first signs of ransomware as soon as possible.
While it is possible to protect your data by running anti-viral software or other measures, this is often the only way to get rid of ransomware.
There are a few steps you can take to ensure that your data is safe from ransomware.
Firstly, make sure that you have a strong password that has no ‘password’ symbols in it, and a strong ‘remember me’ button in your browser.
Second, make backups of your data regularly.
Third, make copies of your files, in case you lose them.
Finally, make a backup of your email and any other email attachments you may have on your computer.
These things are crucial to protect you from ransomware, as they will help to ensure the files are safe to access.