Ransomware

What is Ransomware

Ransomware is a form of malicious software or malware which restricts access to your computer or mobile device or encrypts data until you pay a ransom in exchange for accessing your device or data again.

One typical example of ransomware is called Dead-Krypter which locks your devices and files until you’re forced to pay a  ransom the payment that this malware demands is – bitcoins which is more than $1000.

This form of cyber blackmail is one of the most dangerous forms of malware today and one that’s spreading rapidly worldwide. The number of users infected with ransomware keeps growing along with continued increases in ransomware modifications making it a constantly evolving threat. Two forms of ransomware are currently the most widely used around the world Locker ransomware and Crypto ransomware. Locker ransomware locks you out of basic computer functions forcing you to pay a ransom to regain control crypto-ransomware on the other hand encrypts sensitive data like documents and important files threatening to destroy them unless you pay a fee.

Ransomware Attacks

Ransomware Attack

The three main ways ransomware can infect your computer is through spam, spear phishing and watering hole attacks.  Scareware tactics are also used to spread ransomware by creating fake software or messages purporting to be from a legitimate source but actually demand that you pay a ransom to regain control of your computer.

  • Spam : Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose (especially the fraudulent purpose of phishing), or simply sending the same message over and over to the same user.
  • Phishing : It’s a type of scam in which an email pretends to be from a bank or another trusted source in order to trick you into handing over your personal information by asking you to complete some sort of action. They may want you to re-enter a password, “verify” or “update” sensitive information like phone numbers, addresses,  or credit card numbers – and they almost always tell you to do so by following the links they provide.
  • Watering Hole Attack: A watering hole attack is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some members of the targeted group will become infected. hacker ambush unsuspected victims who visit a website by injecting malicious code into a vulnerable website. when a person visits a website they can redirect the person to an identical clone fake website or run a malicious script into a vulnerable website.

As dangerous as ransomware is you’re not helpless against it. It’s important to know how to recognize how ransomware is spread and the defensive measures you can take to stop it before it becomes a serious problem. Avoid phishing scams that spread ransomware by not opening any suspicious emails or links and also avoid visiting any suspicious websites that may contain ransomware.

Know how to recognize scareware tactics by cybercriminals to be sure to back up your computer or mobile device and always use up-to-date internet security software equipped with specific anti-ransomware technologies above all never pay a ransom as it only emboldens the cyber-criminals behind these scams  ransomware is a serious threat they can  affect you and all computer and mobile device users but by knowing how to avoid  and by using up-to-date security  software you can stay safe.

Ransomware Examples

Ransomware has been with us from a long time. These kind of ransomware attack increased immensely after the introduction of untraceable payment methods like bitcoin.

  • CryptoLocker, a 2013 attack, launched the modern ransomware age and infected up to 500,000 machines at its height.
  • TeslaCrypt targeted gaming files and saw constant improvement during its reign of terror.
  • SimpleLocker was the first widespread ransomware attack that focused on mobile devices
  • WannaCry spread autonomously from computer to computer using EternalBlue, an exploit developed by the NSA and then stolen by hackers.
  • NotPetya also used EternalBlue and may have been part of a Russian-directed cyberattack against Ukraine.
  • Locky started spreading in 2016 and was “similar in its mode of attack to the notorious banking software Dridex.” A variant, Osiris, was spread through phishing campaigns.
  • Leatherlocker was first discovered in 2017 in two Android applications: Booster & Cleaner and Wallpaper Blur HD. Rather than encrypt files, it locks the home screen to prevent access to data.
  • Wysiwye, also discovered in 2017, scans the web for open Remote Desktop Protocol (RDP) servers. It then tries to steal RDP credentials to spread across the network.
  • Cerber proved very effective when it first appeared in 2016, netting attackers $200,000 in July of that year. It took advantage of a Microsoft vulnerability to infect networks.
  • BadRabbit spread across media companies in Eastern Europe and Asia in 2017.
  • SamSam has been around since 2015 and targeted primarily healthcare organizations.
  • Ryuk first appeared in 2018 and is used in targeted attacks against vulnerable organizations such as hospitals. It is often used in combination with other malware like TrickBot.
  • Maze is a relatively new ransomware group known for releasing stolen data to the public if the victim does not pay to decrypt it.
  • RobbinHood is another EternalBlue variant that brought the city of Baltimore, Maryland, to its knees in 2019.
  • GandCrab might be the most lucrative ransomware ever. Its developers, which sold the program to cybercriminals, claim more then $2 billion in victim payouts as of July 2019.
  • Sodinokibi targets Microsoft Windows systems and encrypts all files except configuration files. It is related to GandCrab.
  • Thanos is the newest ransomware on this list, discovered in January 2020. It is sold as ransomware as a service, It is the first to use the RIPlace technique, which can bypass most anti-ransomware methods.

The list goes on and on. These are just few of the ransomware.

How Does Ransomware Work

How does Ransomware Work

Malware has been around since the dawn of the Internet, and in short, it’s software created for malicious purposes. Malware spreads to computers via spam emails, misleading links, fake software updates, and through exploiting vulnerabilities in web browsers and popular software. Ransomware is designed to do novel things, like encrypt large amounts of files, delete the Shadow Copies that allow users to restore from backup, and use C&C servers to store the encryption keys that allow users to unlock their files after they’ve paid up.

How To Prevent Ransomware Attacks

  • Keep Your System Up-to-Date
    Software manufacturers regularly issue updates, or patches, to shore up any vulnerabilities they discover in their software. So make sure all your programmes, your operating system, browser and anti-virus software are kept up-to-date and that you know how to keep them updated. In most cases, it’s best to set the software to do this automatically when an update is released.   
  • Regularly Backup your Data
    Regularly back up your data to an external drive or to a cloud based system. Do this, so that you have an alternative way to access your files if they were locked. The more valuable your data is to you, the more frequently you should back it up.
  • Don’t click on suspicious emails   
    Be cautious. Many ransomware attacks start with phishing emails and as these are getting more and more sophisticated, be careful before clicking on any links, or opening any attachments, in the emails you receive.
  • Don’t click on every ad you see on the internet   
    Criminals also create web ads that are designed to make us curious or feel that we’re missing out on something, and they also play on our emotions in order to get us to click, or tap,  on malicious links. So if you see signs of this or something that doesn’t feel right, be especially cautious.

Ransomware Attacks Over The Years

In 2005, Russian criminals created the first ransomware detected as Trojan Crysis.  It was a crude parasite that zipped and password-protected a user’s personal documents. The user would then find the ransom note on their desktop.    Fast forward to 2012. Ransomware exploded across Europe and North America posing as law enforcement alerts accusing victims of piracy, terrorism, and even child pornography. The victims were then urged to pay a  two-hundred-dollar fine or face criminal charges.  In 2013, ransomware makers were already extracting more than 3 million dollars per year from their victims. Then, CryptoLocker was released, and the stakes quadrupled almost overnight.   

CryptoLocker represented a totally new family of malware, which encrypts user’s photos, documents, and other personal files with a uniquely customized secret key. These files could only be restored by paying a ransom to obtain the secret key.    On January 10, 2015, the FBI made an official statement that ransomware was on the rise emphasizing that a new ransomware variant, CryptoWall, was encrypting user’s files and charging anywhere from 200 to five thousand dollars in bitcoins to restore them.  In 2016, more than 15 million dollars has already been extorted from users. A vicious parasitic cycle has begun.   

Every time a victim pays the ransom, the malware creator receives the funds. Naturally, some of this money is reinvested into the development cycle, and crypto-ransomware gets progressively smarter, more effective, and harder to defeat, and thus, the cycle continues.

Ransomware Removal

Steps to removal of ransomware from system.

  • Reboot system to safe mode
  • Install anti-malware software
  • Use the anti-malware software to scan for a ransomware program
  • Restore the system to a previous state
Credits : CSO Youtube Channel

Recommended Antivirus for improved Security & Protection

Listed below are some of the best Antivirus available in the market which will provide an additional layer of security for your system and keep you safe.

Image Product Details   Price
McAfee McAfee Total Protection McAfee Total Protection (Windows / Mac / Android / iOS) – 1 User, 3 Years (Email Delivery in 2 hours- No CD) Buy on Amazon
norton Norton 360 Standard Norton 360 Standard – 1 User 1 Year |Includes Secure VPN & Firewall |Total Security for PC, Mac, Android or iOS |Code emailed in 2 hrs. Buy on Amazon
cordlessblower Kaspersky Internet Security Kaspersky Internet Security Latest Version – 1 PC, 1 Year (Code emailed in 2 Hours – No CD) Buy on Amazon
Eset Internet Security Eset Internet Security – 1 User, 1 Year (Email Delivery in 2 hours- No CD) Buy on Amazon