Ransomware is a malware designed to block access to a computing system (locking data in that system / threaten to publish the victim’s data) via encryption, until a demanded some of money is paid. As per records, ransomware variants were found as early as 1980s, demanding payments via snail mail. In today’s evolved cyber world, payment has been demanded in the form of cyptocurrency or through credit card.
Ransomware malware come in the credit of ‘cryptovirology’, an area which studies how to use cryptocurrency for designing malicious softwares. There are several ways through which a ransomware attack can be launched on a computer. The most popular ones among them are,
- Malspam (Malicious spam) – These are unsolicited emails which deliver malware through social engineering, which can trick recipients into opening attachments or clicking links by appearing as from trusted sources.
- Malvertising (Malicious advertising) – Here, while browsing (even legitimate websites), end users can be directed to a criminal serves without even clicking an online advertising, which will be used to distribute ransomware. These criminal servers catalouge details about the attacked computing systems as well as their location, to decide upon the ransomware to be delivered to those systems.
Mainly, ransomware is categorized into three, on the basis of severity. Let’s have a look at them:
- Scareware – Least severe. This ransomware variant delivers a pop-up message claiming malware was discovered and the only way to get rid of it is to pay money. Ignoring the message can bombard the attacked computing system with a pop-up, but files will usually be safe.
- Screen lockers – Little severe ransomware variant with orange alert, which can completely freeze the attacked computing system. Here, starting the attacked system will deliver a full-size window along with an ‘official-looking’ (like from government or other similar authorities) seal informing that some illegal activity has been detected on that system and demanding payments as fine.
- Encrypting ransomware – Highly severe ransomware variant, which will get hold of the attacked system’s files, encrypt them and demand payment to decrypt and retrieve them. Because no security systems can return the affected files in an attacked computing system unless the demanded payment has been done, this type of ransomware is considered extremely dangerous. And to be added, there is no guarantee that the respective attackers will deliver the affected files back to its owners.
Now we can see examples of some recent ransomware attacks.
- WannaCry – Spreads by exploiting Windows operating system vulnerabilities, using a trojan.
- Petya-esque – Refers to two ransomware variants, Petya and esque. Petya aims to erase the unique and randomly generated key used to encrypt the MFT (Master File Table). Multiple computers can be affected by esque.
- BadRabbit – Here, a website is used to drop a fake flash update and drops its payload. Likely to be written by the authors of Petya-esque itself and, this ransomware variant has been recently spread through Eastern Europe.
Ransomware is one among the popular cyber attack-types in today’s sophisticated cyber world and, robust measures should be established to prevent them, just like any other security vulnerability.
Read more at:
https://www.nodericks.com/cyber-attack-types-to-watch-out-for-in-2018/
https://www.nodericks.com/managing-increased-security-threats/
https://www.nodericks.com/security-threats/