homehome Home chatchat Notifications


The FBI issues warning of new ransomware targeting Windows XP

The venerable operating system has a new foe.

Alexandru Micu
April 1, 2022 @ 11:19 am

share Share

The FBI warns that personal and corporate systems running Windows XP or its virtual machine variations are vulnerable from a particularly insidious foe: ransomware known as RagnarLocker.

A rendering of IBM Q System One, the world’s first fully integrated universal quantum computing system, currently installed at the Thomas J Watson Research Center in Yorktown Heights, New York, where IBM scientists are using it to explore system improvements and enhancements that accelerate commercial applications of this transformational technology. For the first time ever, IBM Q System One enables quantum computers to operate beyond the confines of the research lab.

Ransomware is software designed to infect devices and encrypt the files they contain, with the purpose of allowing cybercriminals to hold them to ransom (hence the name). They work by finding vulnerabilities in different operating systems (OS), and as such, each is specifically tailored to attack a certain OS.

Windows XP is a tested-and-true veteran of the OS world. Despite its age — Windows XP was released in 2001 — its versatility, ease of use, and stable operation have allowed it to remain in wide use with households and institutions around the world. At the beginning of March, the FBI issued a warning that weaknesses in the system have led to the emergence of insidious and powerful ransomware that has been quite successful until now.

Locked for ransom

According to the FBI, RagnarLocker is best identified by looking for the extension “.RGNR_”. The actors behind an attack will start by compromising a company or individual’s private network, through which they will install the ransomware on any connected devices. This step is achieved either by brute-forcing weak passwords (i.e. automatically generating and inputting passwords) or by using stolen or leaked credentials.

After getting access to a machine, RagnarLocker sets to its inglorious work. The program will scan the device for any files of interest. It will then decide which files need to remain unencrypted to ensure the device continues running normally — such as Windows-specific files. Next, it sets up a specially-crafted virtual machine image on the computer, so any users continue believing everything is normal. The software then copies and transfers sensitive data to a different computer before encrypting them on the compromised terminals. The ransomware code is protected with various obfuscation techniques such as adding junk code that doesn’t do anything, as well as adding some encryption to the files to prevent recovery of the data.

The final step is for the criminals to spring the “double extortion” tactic. According to the FBI, this consists of the attacker demanding ransom for the encrypted files, while also threatening to leak the data if the victim refuses to pay.

Despite this, the FBI advises victims not to pay up, as this encourages the criminals to continue plying their trade. There is also no guarantee that they will not leak or sell the data after receiving the ransom, either, nor that they will actually decrypt your files.

At least 52 entities in sectors ranging from financial services, information technology, manufacturing, energy, all the way up to government institutions have suffered from RagnarLocker attacks since January 2022, the FBI explains.

Due to the way it operates, local backups or virtual machine backups may also be exposed to RagnarLocker. Virtual machine backups are more effective in allowing you to maintain access to your files. However, the threat of having your data leaked still remains.

As of 2014, Microsoft has discontinued support for Windows XP. This leaves it vulnerable to ill-intended actors, who have had ample time to study and exploit its weaknesses. Despite this, the OS is still heavily used, being the primary operating system of desktop PCs in several parts of the world. Several companies have started offering guidance and protection services for the venerable OS as a result, although the safest way forward probably still is upgrading to an OS that is actively receving updates and support.

share Share

New Nanoparticle Vaccine Clears Pancreatic Cancer in Over Half of Preclinical Models

The pancreatic cancer vaccine seems to work so well it's even surprising its creators

Coffee Could Help You Live Longer — But Only If You Have it Black

Drinking plain coffee may reduce the risk of death — unless you sweeten it.

Scientists Turn Timber Into SuperWood: 50% Stronger Than Steel and 90% More Environmentally Friendly

This isn’t your average timber.

A Provocative Theory by NASA Scientists Asks: What If We Weren't the First Advanced Civilization on Earth?

The Silurian Hypothesis asks whether signs of truly ancient past civilizations would even be recognisable today.

Scientists Created an STD Fungus That Kills Malaria-Carrying Mosquitoes After Sex

Researchers engineer a fungus that kills mosquitoes during mating, halting malaria in its tracks

From peasant fodder to posh fare: how snails and oysters became luxury foods

Oysters and escargot are recognised as luxury foods around the world – but they were once valued by the lower classes as cheap sources of protein.

Rare, black iceberg spotted off the coast of Labrador could be 100,000 years old

Not all icebergs are white.

We haven't been listening to female frog calls because the males just won't shut up

Only 1.4% of frog species have documented female calls — scientists are listening closer now

A Hawk in New Jersey Figured Out Traffic Signals and Used Them to Hunt

An urban raptor learns to hunt with help from traffic signals and a mental map.

A Team of Researchers Brought the World’s First Chatbot Back to Life After 60 Years

Long before Siri or ChatGPT, there was ELIZA: a simple yet revolutionary program from the 1960s.