Ransomware is malicious software designed by some of cybercriminals to block a computer system until some amount of money is paid to them.
Although Ransomware is usually aimed at individuals, it's only a matter of time before business is targeted as well.
The process is similar to how a virus or malware gets into a computer. Emails messages claiming to contain important attachments drive-by download-- from websites or ads that seem to offer valuable/illegal stuff for free. Fake antivirus/anti-malware downloads, social engineering methods, friends on social networks enticing you to click on certain links, through botnets, etc.,
Ransomware has some key characteristics apart from malware:
1). Unbreakable encryption: you can't decrypt the files on your own.
2). It encrypts all kinds of files like audio, video, images, etc.,
3). It can shuffle your filenames so you can't predict the effected data.
4). It can display an image or message that lets you know that your data has been encrypted and you have to pay some specific amount of money to the attackers to get your data back.
5). It requests payments in Bitcoins because this crypto-currency cannot be tracked.
6). It can spread to other PCs connected to the local network. Which causes further damage.
And it can lead to many more severe damages...
Ransomware variants observed so far are cryptolocker, wanna cry, Bad Rabbit, Cerber, Crysis, Goldeneye, crypto will, jigsaw, and locky.
Methodology:
Phase 1:
Exploitations and Infection: when an attack has been successfully done, the malicious ransomware files need to execute on a computer.
Though some attacks like phishing attacks, exploit kit exploitation has been done. In the case of CryptoLocker malware, the angel exploits kit is a preferred method to gain execution.
Phase 2:
Delivery and execution: During this phase, the actual ransomware executables are delivered to the victim's system. Through which it can attach the victim system.
Phase 3:
Backup spoliation: The ransomware targets the backup files and folders on the victim's system and removes and removes them to prevent restoring from backup.
Phase 4:
File Encryption: once phase 3 has completed the malware will perform a secure key exchange with the command and control (C2) server. Those encryption systems are used on local systems.
Phase 5:
User Notification and Cleanup: After removing the backup files and encryption work done the demand instructions for extortion and payment are displayed. The victim will have a time limit to pay.
How to protect your computer from Ransomware:
Several anti-virus companies have come up with ways to remove the virus, but that doesn't decrypt the encrypted files. Unfortunately, you don't have many options unless you have backups of your data, but you can protect your computer with some common sense.
Finally, always keep backups of your files.
0 Comments