Cybercriminals use Ransomware to keep you from accessing your own information by using malicious software. The digital extortors encrypt files on your device, install extensions and keep it "hostage" until the appropriate restitution has been charged. The ransomware will seek to spread to shared drives, servers, computers and other accessible devices in your network after an initial infection.When you do not follow the ransom demands within the cyber crook timeline, your device or encrypted data will not be available, or you can uninstall your data through the app and the decryption key will be removed. So to respond, What is Ransomware?? Ransomware presents for IT administrators a potentially unprepared nightmare.
Image Source : Pixabay
For years Ransomware has been one of the worst subjects of cybersecurity – and with good reason.
Ransomware is a sort of malware that lives up to its reputation, where a bad actor blocks access to data or applications prior to obtaining payment. In other words, it turns the hackers into kidnappers of your intelligence. And there is no guarantee that paying the ransom will result in a happy ending, just as kidnapping does.
This could sound like paranoia, like something from an episode of the Black Mirror – and yes, they did an episode of the ransomware.
But the fact is, such attacks have cost organizations around the world billions of dollars. They also threaten vulnerable data organizations such as governments, hospitals, and law firms. Any company with a presence online should know how ransomware functions.
Usually, an executable file which may have been in a zip folder or disguised as a fax or other viable attachment would bring the malware into your network. The download file then encrypts your info, adds an extension and makes them inaccessible to your files. More advanced software models replicate themselves, and can function without human intervention. Known as "drive-by" attacks, this type of ransomware exploits vulnerabilities in various browser plugins to compromise your device.
In 2016, email spam rose by 65%, and 40 percent of those emails contained threats to ransomware. Nearly one million phishing pages were hosted on more than 170,000 domain addresses used to send out malicious phishing emails in 2016.
Ransomware attackers are updating their delivery systems to target organisations that pay more ransoms, such as hospitals, the public authority, education and small companies.
Modern ransomware uses the same intrusion strategies as conventional malware, including the vulnerabilities in the software like phishing, social engineering and security. Another popular installation technique is malspam or malvertise. The payload disguises itself as a malspam email. Malvertising incorporates malicious code into legit website advertising by the wrong user.
After ransomware has been mounted, the bad actor will start reaping their payoff. Ransomware's exact technique varies but it typically falls into one of the following categories:
For years Ransomware has been one of the worst subjects of cybersecurity – and with good reason.
Ransomware is a sort of malware that lives up to its reputation, where a bad actor blocks access to data or applications prior to obtaining payment. In other words, it turns the hackers into kidnappers of your intelligence. And there is no guarantee that paying the ransom will result in a happy ending, just as kidnapping does.
This could sound like paranoia, like something from an episode of the Black Mirror – and yes, they did an episode of the ransomware.
But the fact is, such attacks have cost organizations around the world billions of dollars. They also threaten vulnerable data organizations such as governments, hospitals, and law firms. Any company with a presence online should know how ransomware functions.
How does Ransomware Function
Ransomware hits your network in a number of ways, the most common being a download from a spam email attachment. Then the download triggers the ransomware program which will attack your computer. Other ways to sign in include social engineering, installation of malicious web software from a website or click on "malverting" fake ads to unleash the ransomware. They can also distribute the malware via chat messages or removable USB drives.Usually, an executable file which may have been in a zip folder or disguised as a fax or other viable attachment would bring the malware into your network. The download file then encrypts your info, adds an extension and makes them inaccessible to your files. More advanced software models replicate themselves, and can function without human intervention. Known as "drive-by" attacks, this type of ransomware exploits vulnerabilities in various browser plugins to compromise your device.
Types Of Ransomware
Although there are various variations of thousands of variants, Tripwire lists the 10 most common ransomware strains:CryptoWall
CryptoWall was first discovered in 2014. It still has an influence as a persistent threat thanks to its sophisticated nature.Jigsaw
A ransomware which is particularly cruel. Jigsaw makes its victims pay up for 24 hours or it starts removing the files. In that volumes the system deletes files every hour. The remainder of your files get deleted after 72 hours of non-payment.SamSam
SamSam is mainly distributed by phishing attacks, this version scans a compromised server and transfers the data along the way in a network encryption.Petya/Mischa
The software, implemented as a portal for ransomware-as-a-service (RaaS), attempts to gain admin privileges and drops Petya if admin permission is denied they will install the Mischa encryption technology.Chimera
Chirmera uses peer-to-peer networking to build an encryption code which allows victims to join their affiliate network. The impact of the software has been hindered by a rival ransomware vendor. Petya / Mischa have dumped 3,500 decryption keys for the online program to allow victims to unlock their files.Cerber
This RaaS platform makes only affiliate revenue of $1 million a year. It is sold in 12 different languages and some models also have a ransom note spoken to them.HDDCryptor
HDDCryptor also encrypts files on previously connected drives and targets enabled drives. This malware hijacks users from starting device, so when booting, only the ransom note is open.CryLocker
This software customizes the ransom note to the username, date of birth, location, information about social media accounts, and more. The system threatens to release all the information collected, unless payment demands are met.Locky
This ransomware gained attention from the CA-based Hollywood Presbyterian Medical Centre, by infecting and collecting massive ransom. Although several iterations have passed, the software has used different distribution platforms, such as images in Facebook messenger, and fake websites updating Flash Video.TeslaCrypt
Spam campaigns have had this ransomware spread. But the software developers abandoned the project and the key to decryption is now available online for free.Ransomware phishing
Infosecurity estimated that Phishing volumes increased eightfold in 2016 as part of the effort to spread ransomware.In 2016, email spam rose by 65%, and 40 percent of those emails contained threats to ransomware. Nearly one million phishing pages were hosted on more than 170,000 domain addresses used to send out malicious phishing emails in 2016.
Ransomware attackers are updating their delivery systems to target organisations that pay more ransoms, such as hospitals, the public authority, education and small companies.
How do hackers use ransomware?
The first known ransomware case in 1989 was Cyborg, a trojan PC. It was an elaborate plan that contained a ludicrous amount of floppy disks, refused access to computers, and sent cash to a PO Box in Panama. It might not have been the most effective technique, but it does demonstrate that, for decades, extortion has been in the minds of hackers.Modern ransomware uses the same intrusion strategies as conventional malware, including the vulnerabilities in the software like phishing, social engineering and security. Another popular installation technique is malspam or malvertise. The payload disguises itself as a malspam email. Malvertising incorporates malicious code into legit website advertising by the wrong user.
After ransomware has been mounted, the bad actor will start reaping their payoff. Ransomware's exact technique varies but it typically falls into one of the following categories:
0 Comments