What is Ransomware?

Leave a Comment / Cyber Security

Supposedly you wake up in the morning, all ready to do your daily work. You start your system and your system’s screen looks something like this-

Image by pandasecurity.com

There are high chances your system has been infect by a ransomware.

What is Ransomware?

Ransomware is a malicious software that infects your system and displays messages demanding a price to pay in order for your system to work again.

In most of the cases the files are encrypted so that you can’t open them. It is often distributed as a trojan, or malware disguised as a legitimate file. Once installed, it may lock your computer and display a “lockscreen” with a message saying you must pay a ransom to regain use of your computer. 

Ransomware is often designed to spread in and across a network to target the database and the file servers, thus being able to paralyze an entire organisation resulting in generation of large amounts of money in payments to the cybercriminals and causing a major damage to the business and government organisations.

History

The first ransomware was the AIDS Trojan written by an educated biologist Joseph L. Popp in 1989.  He sent 20,000 compromised diskettes named “AIDS Information – Introductory diskettes”. The trojan encrypted the file names on the customer’s computer and hid the directories.  Since then It has become one of most profitable cyber-crimes.

In the intervening years, ransomware experienced multiple evolutions. When the Internet was introduce to the world, it became easier for the cyber-criminals to carry out Popp’s ransom idea. 

The internet offered new opportunities to It in 2005.

The Archievus – A trojan that encrypted every file of My Documents Directory.  Access to the 30-digit password was provide only when the victim purchase something from an online pharmacy.

The GP Code – A trojan which initially spread via email attachment purporting to a job application and use a 660-bit RSA key.

In 2008, ransomware was further evolve with the invention of bitcoin. Bitcoin enabled cyber-criminals to  make ransom demands in digital currency, adding a layer of anonymity and security to the process.

After 2012, It started spreading worldwide and transforming into more sophisticated forms. Around 60,000 new ransomware were discover which double to 200,000 by the end of 2012. 

Over the next few years It was launch via phishing attacks which lock victims out of their files and system and was deploy on a global scale.

Image via officetimeline.com

How does Ransomware work?

Ransomware enters your network in various ways. Most of the time ransomware is deliver through an email that appears to be legitimate, convincing you to click a link or download an attachment which contains the malware. Social engineering,  downloads of a malicious software from the web that can be from a site or by clicking on fake ads.

There are 5 phases of a ransomware attack-

Phase 1 – Exploitation and Infection –

For an attack to be successful, this need to get executed on a computer often done through a phishing email or an exploit kit.

Phase 2 – Delivery and Execution – 
In this phases, the actual ransomware executables are deliver to the victim’s system.
Phase 3 – Backup Destruction –

Within a few seconds, it targets the backup files and folders on the victim’s system and removes them to prevent restoring from backup.

Phase 4 – File Encryption – 

After completely removing the backups the malware will perform a secure key-exchange with the C2 (Command and Control) server.

Phase 5 – User notification and Clean-up – 

After successfully removing the backup files ad completing the encryption work,  the demand instructions for extortion and payments are presented.

Finally, the malware self-destructs in no-time. It cleans itself off the system so there are no significant forensic evidences left behind.

Image via fiercehealthcare.com

Types:

Ransomware are mainly classified into two types –

  1. Crypto-ransomware
  2. Locker-ransomware

1. Crypto-ransomware – 

This ransomware encrypts the important files on the victim’s computer so that he cannot access them.

2. Locker-ransomware

Locker-ransomware  does not encrypt files instead locks the victim out of their device preventing them by using it. The attacker then demands a cost to unlock the device.

Prevention 

  1. Avoid opening attachments that look suspicious-

This also includes senders who you believe are your known ones. Phishing emails may masquerade as  notifications from anywhere.

  1. Avoid giving out personal information-

Attackers need to get your information from somewhere so that they can send you the phishing email that contains ransomware as its payload.

  1. Keep your software up-to-date-

Attackers can exploit a vulnerability in your system if the patch is not present. These threats contain exploit code for known vulnerabilities.

You must make sure that your vulnerability management covers all your software assets

  1. Only download from sites you trust-

You should authorize downloads from locations you trust. Those include “HTTPS” websites and official app marketplace for your mobile device(s).

  1. Always keep the windows firewall turned on and properly configured-

The windows firewall can help protect your system from authorized access such as ransomware attacker trying to infect your system.

  1. Add the ad-blocker extensions to block pop-ups-

Pop-ups act as an common entry point for the attackers to launch ransomware attacks. The browser ad-ons can help you avoid these unnecessary pop-ups.

Written By: Kalpesh Patil

Reviewed By: Sayan Chatterjee

If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs

Leave a Comment

Your email address will not be published. Required fields are marked *