What is a ransomware?
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid. More modern ransomware families, collectively categorized as crypto ransomware, encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods to get a decryption key.
Ransomware type:
- Locker ransomware :This type of malware blocks basic computer functions. For example, you may be denied access to the desktop, while the mouse and keyboard are partially disabled. This allows you to continue to interact with the window containing the ransom demand in order to make the payment. Apart from that, the computer is inoperable. But there is good news: Locker malware doesn’t usually target critical files; it generally just wants to lock you out. Complete destruction of your data is therefore unlikely
- Crypto ransomware: The aim of crypto ransomware is to encrypt your important data, such as documents, pictures and videos, but not to interfere with basic computer functions. This spreads panic because users can see their files but cannot access them. Crypto developers often add a countdown to their ransom demand: “If you don’t pay the ransom by the deadline, all your files will be deleted.” and due to the number of users who are unaware of the need for backups in the cloud or on external physical storage devices, crypto ransomware can have a devastating impact. Consequently, many victims pay the ransom simply to get their files back.
Ransomware Attacks
1. Locky
locky was first used for an attack in 2016 by a hacker organization.The Lucky Ransomware is a cryptovirus that primarily attacks Linux and Windows servers aiming to encrypt its victims’ access to their data and demands a whopping 1 BTC in exchange for a decryption key. The encryption process affects a multitude of file types, leaving system files aside.
They encrypted more than 160 file types and spread their virus by fake emails with infected attachments. Users fell for the email trick and installed the ransomware on their computers. This method of spreading is called phishing — a form of social engineering. Locky ransomware targets file types that are often used by designers, developers, and engineers.
2. WannaCry
12th May 2017, that is the date many experts claim WannaCry changed cybersecurity forever. It was the biggest attack the world had ever seen and resulted in great aftershocks in the worlds of business, politics, hacking and the cybersecurity industry The cybercriminals responsible for the attack took advantage of a weakness in the Microsoft Windows operating system using a hack that was allegedly developed by the United States National Security Agency. Known as EternalBlue, this hack was made public by a group of hackers called the Shadow Brokers before the WannaCry attack.
WannaCry hit over 300 organizations spread across a huge 150 countries. It was so large that even after the kill-switch was found, the virus continued to terrorize all systems and data it had hitherto come into contact with. Estimates put the total cost at over $4 billion, the UK’s NHS alone suffering over £92 million worth in damage. The attack was traced to the Lazarus Group, which has strong links to North Korea, but an air of mystery still clouds the details on what exactly happened
3.Petya
Petya is a family of encrypting malware that infects Microsoft Windows-based computers. Petya infects the master boot record to execute a payload that encrypts data on infected a hard drives’ systems. The data is unlocked only after the victim provides the encryption key, usually after paying the attacker a ransom for it.
hough first discovered in 2016, Petya began making news in 2017 when a new variant was used in a massive cyberattack against Ukrainian targets. It quickly spread worldwide, crippling businesses and causing more than $10 billion in damages
4.Bad Rabbit
Bad Rabbit was discovered by users in Russia and Ukraine on 24 October 2017. It follows similar patterns to WannaCry and Petya by encrypting the user’s file tables, demanding a Bitcoin payment to decrypt them
Bad Rabbit spread through a bogus update to Adobe Flash and infected Interfax, Odessa International Airport, Kiev Metro and the Ministry of Infrastructure of Ukraine. Ransomware infections spread to other countries including Turkey, Germany, Poland, Japan, South Korea and the United States by piggybacking corporate network structures.
5.TeslaCrypt
TeslaCrypt is a now defunct ransomware trojan spread through the Angler Adobe Flash exploit. In its early forms, TeslaCrypt searched for 185 file extensions related to 40 different games including Call of Duty, World of Warcraft, Minecraft and World of Tanks and encrypted the files.
These files involved save data, player profiles, custom maps and game mods stored on the victim’s hard drive. Newer variants of TeslaCrypt also encrypted Word, PDF, JPEG and other file extensions, prompting the victim to pay a ransom of $500 in Bitcoin to decrypt the files.
6.Jigsaw
Jigsaw is a n encryption ransomware variant created in 2016. It was initially titled ‘BitcoinBlackmailer’ but later came to be known as Jigsaw due to featuring Billy the Puppet from the Saw film franchise. It spread through malicious attachments in spam emails. Once activated Jigsaw encrypts all user files and master boot record (MBR). Following this, a popup featuring Billy the Puppet appears with a ransom demand in the style of Saw’s Jigsaw for Bitcoin in exchange for decrypting files.
The victim has one hour to pay or one file will be deleted. Each hour the ransom is not paid the number of files deleted increases exponentially until the computer is wiped after 72 hours. Any attempt to reboot the computer or terminate the process results in 1,000 files being deleted. A newer version also makes threats to dox the victim and expose their personally identifiable information (PII) in a data breach. Jigsaw can be reverse engineered to remove the encryption without paying ransom.
7.Cerber
Cerber is an example of evolving ransomware threats. It is distributed as Ransomware–as-a-Service (RaaS), where cybercriminals can use it in exchange for 40 per cent of profits.
Cerber targets cloud-based Office 365 users and using an elaborate phishing campaign to infect anyone outside of post-Soviet countries. If the malware detects your computer is from Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine or Uzbekistan, it will deactivate itself.
Typically, victims receive an email with an infected Microsoft Office document attached. Once opened, the ransomware runs in the background during the encryption phase and doesn’t provide any indication of infection.
After the encryption is complete, the user finds ransom notes in encrypted folders and often as their desktop background.
8.CryptoWall
CryptoWall gained notoriety after the downfall of the original CryptoLocker. It first appeared in early 2014 and other variants have appeared including CryptoBit, CryptoDefense, CryptoWall 2.0 and CryptoWall 3.0 The ransomware upon installation encrypts files and scrambles names to make it hard for victims to know which files were affected, system restore points are deleted to remove the option of returning to a previously saved state.
The ransomware demands payment in Bitcoin and uses a command-and-control server to store decryption keys, making local decryption impossible.
Leave a Reply