All About Ransomware

Jun 17, 2016 | 11:01 am

Published by | Chandan Singh

ransomeware-pic-cyberops-infosec

Evolution and History of Ransomware:
The scope and sophistication of ransomware are evolving at very high rate and there is a need to develop a cyber-security model against ransomware attacks.
Adam L Young and Moti Yung knew traces of using public key cryptography for malware attacks for e-money in 1996.
First ransomware is written by Joseph Popp, was the 1989 “AIDS” Trojan (also known as PC Cyborg)which indicated users that the user’s license to use a certain piece of software had expired and for the same user need to pay US$189 to “PC Cyborg Corporation” for the means to unlock the system.
Second Instances of ransomware were found in Russia between 2005 to 2006. Trend Micro-distributed a report on a case in 2006 that included a ransomware variant (detected as TROJ_CRYZIP.A) that compressed certain files and records overwriting the original content , leaving just the secret key secured compress records in the client’s framework. Further, it created a text file as ransom note to inform users that the files can be recovered in exchange in return for $300.

rise-of-ransomware-cyberops-infosec

Introduction:
Health centers, Educational Departments, state governments, law authorization organizations, small organizations, MNC’s—these are only a fraction of the entities affected as of late by ransom ware, a type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

Thus it can be stated that Ransomware is a kind of intelligent malware, but unlike other malware that merely corrupts, delete files or does some other suspicious behavior, this malware locks your system, files, and apps, and demands money from you, if you want to get them back.

Impact of ransomware:
Encrypt records so you can’t utilize them.
Stop certain applications from running (like your web program).
Temporary or perpetual loss of delicate or exclusive data
Disruption to general operations;
Potential harm to an organization’s reputation

Types of Ransomware:

  • Lock Screen Ransomware – It limits the users from accessing the computer and demands the ransom to unlock the system by showing a full-screen message that prevents you from accessing your PC or files.
  • CryptoLocker –It is a variant that encrypts the entire data of the computer system. This demands ransom from the user for the decryption key to unlock the encrypted files.This ransom is normally in the range of $300–$600 dollars and is mostly demanded in Bitcoin (a virtual currency).

Recent Global Ransomware Stats

  • The university of Calgary was recently hit with a ransomware attack forcing them to pay $20,000 CAD (about $16,000 USD) to decrypt their files.
  • Locky is quite a recent encryption and posse’s 17% “market share” among all ransomware infections and effected 114 different countries as per Google stats.
  • Ransomware Makes More Annually Than Security Businesses Sell For A type of ransomware Cryptowall 3.0, made over $325 million from US victims in 2015 alone.

Stats at India Re alarming and rapidly increasing: (by Kaspersky Labs)

  • India Among Top 5 Countries Attacked by Ransomware
  • India takes the first spot in the list of countries that were attacked by Teslacrypt ransomware in March-May 2016 and ranked fourth in the countries that were attacked by Locky ransomware during the same period.
  • 150 computers at Maharashtra Mantralaya attacked by Locky Ransomware.

Locky Ransomware is on Facebook

  • Hackers using Facebook’s instant messaging (IM) feature to spread locky ransomware with .svg (Scalabe Vector Graphics) image file. 
  • Locky Ransomware has got the potential to bypass Facebook’s data file extension filter.
  • Now you might be thinking why hackers considered .SVG file for spreading the ransomware. Well, Javascript can be embedded in SVG extension so that it can open in a web browser. Hackers have embedded the Javascript code inside the which was actually a link to an external file.

Why Ransomware attacks are so effective:
Cyber Criminalsinculcate fear and panic into ransomware victims, that cause them to click on prescribed link or pay certain ransom amount in order to gain access to their systems with additional malware, messages like below:

  • “Your system has been infected with the unknown virus.Click here to remove the virus and gain access to your system”.
  • “Your System was used to visit websites with illegal content. To retain your system access, you must pay a $500 fine.”
  • “All files on your system have been encrypted. You must pay this $900 within 48 hours to recover access to your system and files.”

How Ransomware Attacks work/ Modus operandi of attackers

  • There are a number of ways an attacker can initiate an attack with the ultimate goal being to plant the malware/ransomware in the victim’s machine.
    Via malicious email attachment: The most common attack vector is a phishing email where the victim is tricked into clicking on a link in what appears to be a legitimate email / message / social media post.
  • Hackers hack into vulnerable websites and upload their malicious code into it. People visiting those websites become victims of the drive-by attack. An application will get installed into their system without their consent.
  • But if you decide to risk paying the ransom you should know that the cyber criminal will likely require you to pay using Bitcoin (0.5 to 1 btc) or another virtual currency over the Tor network, which is software used to make web browsing anonymous. This means that tracing the thieves is nearly impossible and if they decide not to unlock your computer you are pretty much out of luck and money.

Ransomware Defence:
There is no silver hit with regards to ransomware, yet a multi-layered methodology that prevents it from systems and networks is an ideal approach to minimize the risk.

  • Avoid opening unverified emails or clicking links embedded in them.
  • Visiting unsafe, suspicious, or fake websites.
  • Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
  • Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.
  • Regularly update software, programs, and applications to protect against the latest vulnerabilities.
  • Victims of ransomware attacks must disconnect their system from internet connections as the infected system can further infect other systems into the network.
  • Educate yourself on how to detect phishing campaigns, suspicious websites, and other scams
  • The most important defense mechanism of ransomware is to invest in cyber security and information security.
  • Do not click on unknown link and images such extension with .svg and others.
  • If you want to install some type of extension or add-ons then go to their official sites and then download.