Ransomware is a type of malicious code that encrypts a victim’s files. After the victim has paid the ransom, the attacker demands access to the files.
Instructions are given to users on how to pay the fee to obtain the decryption keys. Cybercriminals can pay thousands of dollars for the decryption key.
How ransomware works
Ransomware can use a variety of methods to gain access to a computer. One of the most popular delivery methods is Phishing Spam — attachments sent to victims in an email pretending to be filed they trust. They can be downloaded and opened by the victim, particularly if they include social engineering tools to trick users into giving them administrative access. Other ransomware, such as NotPetya exploits security holes to infect computers.
Although there are many things that malware can do to the victim’s computer once it has taken control, the most common is to encrypt all or some of the files. The Infosec Institute provides a detailed look at how ransomware encrypts files. The most important thing is to understand that the files can’t be decrypted unless the attacker has a mathematical key. A message is displayed to the user explaining that the files are now inaccessible. The attacker will decrypt the file only if the victim makes an inexplicable Bitcoin payment.
Some forms of malware may pretend to be a law enforcement agent shutting down a victim’s computer because it contains pornography or pirated programs. The attacker might also demand payment of a “fine” to deter victims from reporting the attack to authorities. Most attacks do not use this pretense. Another variant is leakware and does ware. In this case, the attacker threatens to make public sensitive data stored on the victim’s hard drives if a ransom payment is not made. Encryption ransomware is the most popular type of ransomware, as it is very difficult for attackers to find and extract such information.
Who is a potential target of ransomware?
There are many ways that attackers choose which organizations to target with ransomware. Sometimes, it’s just a matter of chance: attackers may target universities due to their smaller security teams and diverse user base who do a lot more file sharing. This makes it easier for them to penetrate their defenses.
Some organizations, on the other hand, are more attractive targets as they are more likely to pay a ransom in a short time. Government agencies and medical facilities, for example, often require immediate access to files. Some law firms and other sensitive organizations might be willing to pay for the silence about a compromise — these organizations could be particularly sensitive to leak attacks.
However, don’t think you are safe if your information doesn’t match these criteria. Ransomware can spread automatically and randomly across the internet.
How to stop ransomware
You can take a variety of steps to stop ransomware infection. These are good security tipshttps://ssl.reviews/ransomware-security-tips/ and will help you defend against all types of attacks.
- To ensure that you are less vulnerable to attack, keep your operating systems up-to-date.
- Don’t Install Software or Give It Administrative Rights Unless You Know What It Is and Does.
- Antivirus software detects ransomware and other malicious programs as soon as they arrive. Whitelisting software prevents unauthorized applications from running.
- Your files will be backed up frequently and automatically. While it won’t prevent a malware attack from happening, it can help to minimize the damage.
You will need to take back control of your computer if it has been infected by ransomware. CSO’s Steve Ragan created a video showing how to do this with a Windows 10 computer.
You can see all of the details in the video, but the most important steps are:
- Reboot Windows 10 to Safe Mode
- Install antimalware
- To find ransomware, scan the system
- Restore your computer to its previous state
Here’s what you need to remember: although these steps will remove malware from your computer and allow you to restore control of it, they will not decrypt your files. If the malware is extremely sophisticated, it will be impossible to decrypt them without the key the attacker has. You have effectively ruled out the possibility that the attackers will be able to restore your files if you remove the malware.
Facts and figures about ransomware
Ransomware is big business. Ransomware is a big business. The market has grown rapidly since the beginning of this decade. In 2017, ransomware caused $5 Billion in losses. This includes ransoms paid as well as lost time recovering from attacks. This is 15 times more than in 2015. This is 15 times more than 2015’s.
Ransomware is more common in certain markets than others, and some markets pay the ransom. Ransomware is more common in certain markets, such as hospitals and other medical institutions. Attackers know that these organizations are more likely than others to pay a ransom to fix the problem. It is estimated that 45 percent of ransomware attacks on healthcare organs are targeted, and 85 percent of malware infections at healthcare organizations are ransomware. Another lucrative industry? Another lucrative industry is the financial services sector. Willie Sutton once famously said that this is where the money is. In 2017, 90% of financial institutions were hit by ransomware attacks.
Your anti-malware program won’t always protect you. Ransomware is continually being updated by its creators, so anti-virus software won’t always catch its signatures. As many as 75% of ransomware victims were that had up-to-date protection for infected machines.
Ransomware is not as common as it once was. The good news is that ransomware attacks have been declining, even though they were still very common in the early ’10s. In the first quarter of 2017, ransomware attacks accounted for 60% of malware payloads. Now it’s only 5 percent.
Ransomware in decline
Why is there such a big dip? It’s a decision made by the cybercriminal based on bitcoin as their currency of choice. It’s not easy to extract ransom money from victims. They might not pay or they might not know enough about bitcoin to do so.
Kaspersky explains that the decline in ransomware was matched by an increase in crypto mining malware. This infects the victim’s computer and uses it to create (or mine in cryptocurrency parlance). This is a great way to use someone else’s resources to obtain bitcoin. It has become more attractive since the spike in bitcoin prices in 2017 and 2018.
However, this doesn’t mean that the threat is gone. There are two types of ransomware attackers. The first is the “commodity” attack, which attempts to infect computers randomly by sheer volume. Criminals can rent “ransomware-as-a-service” platforms. The second is targeted attacks, which target particular market segments or organizations. Even if the ransomware boom is over, you should still be vigilant if you are in this latter category.
The price of bitcoin has dropped over 2018 and attackers may be able to shift their cost-benefit analysis. According to Steve Grobman (chief technology officer at McAfee), using ransomware and crypto mining malware can be a business decision. “As cryptocurrency prices fall, it’s normal to see a shift back (to ransomware].
Do you have to pay the ransom money?
Should you pay a ransom if your computer has been infected by malware and you have lost important data that you cannot restore from backup?
The majority of law enforcement agencies advise you to not pay ransomware hackers theoretically. This is because it only encourages hackers to create more ransomware. Many organizations who are afflicted with malware find it hard to think in terms of the “greater benefit” and instead start to do a cost-benefit assessment. This involves weighing the ransom price against the value of encrypted data. Trend Micro research shows that while 66% of companies claim they wouldn’t pay the ransom out of principle, only 65 percent pay ransom when they are hit.
Ransomware attackers keep ransomware prices low, usually between $700 to $1,300. This is a price company can afford to pay in a short time. Sophisticated malware can detect which country the infected computer is located in and adjust the ransom accordingly to the economy. Companies in rich countries will be charged more than those in less developed countries.
Act fast to get discounts so that victims pay as soon as possible and not think too much about it. The price point is usually set at a level that’s high enough for criminals to justify paying it, but low enough to make it affordable to victims who would otherwise have to pay more to recover their computer or rebuild the data. Some companies are now beginning to include ransom payment in their security plans. For example, large UK companies have some Bitcoin in reserve for ransom payments.
Keep in mind that you are dealing with criminals. There are some tricky points to keep in mind. It’s possible that the ransomware you think is running may have not encrypted your data. Before you send money to anyone, make sure you don’t deal with ” scareware”. Second, just because you pay the attackers isn’t a guarantee that your files will be returned. Sometimes, the criminals simply take your money and run. They may not even have included encryption functionality in the malware. However, any malware of this nature will quickly gain a reputation and not generate revenue so in most cases, Gary Sockrider (principal security technologist at Arbor Networks), estimates that between 65 and 70% of the time, the crooks get through and your data gets restored.
Although ransomware is technically around since the 1990s, it has only seen a rise in popularity over the past five or so years, largely due to the availability of anonymous payment methods such as Bitcoin. The worst ransomware offenders are:
- CryptoLocker was a 2013 attack that launched the modern ransomware age. It infected as many as 500,000 computers at its peak.
- TeslaCrypt targeted gaming files and saw continuous improvement during its reign.
- SimpleLocker was a ransomware attack that targeted mobile devices.
- WannaCry spread autonomously between computers using EternalBlue. This exploit was developed by the NSA and later stolen by hackers.
- Also used EternalBlue, and could have been part of a Russian cyberattack against Ukraine.
- began spreading in 2016, and was ” very similar in its attack mode to Dridex, a notorious banking software. Another variant, Osiris was distributed through phishing attacks.
- Leatherlocker was first discovered in 2017 by two Android apps: Wallpaper Blur HD and Booster & Cleaner. It locks the home screen instead of encrypting files to prevent data access.
- Wysiwyg was also discovered in 2017. It scans the internet for remote Desktop Protocol (RDP), servers. The malware then attempts to steal RDP credentials and spread the virus throughout the network.
- Cerber was very successful when it first came out in 2016. It netted attackers $200,000 by July that year. It exploited a Microsoft vulnerability to infect networks.
- BadRabbitspread throughout media companies in Eastern Europe, Asia, and the Middle East in 2017.
- SamSam is a tool that has been in use since 2015 and is mainly for healthcare organizations.
- Ryuk was first introduced in 2018. It is used to attack vulnerable organizations like hospitals. It is often combined with malware such as TrickBot.
- Maze is a relatively recent ransomware group that releases stolen data to the public if the victim doesn’t pay.
- Robinhood was another EternalBlue variant that brought Baltimore, Maryland to its knees in 2019.
- GandCrab could be the most lucrative ransomware. The victims who were harmed by the program, as well as their developers, claimed more than $2 billion in victim payments, according to July 2019.
- Sodinokibitargets Microsoft Windows Systems and encrypts every file except configuration files. It is related to GandCrab
- Thanos, the newest ransomware on this list, was discovered in January 2020. It is used as ransomware and is available as a service.
This list will only get longer. To protect yourself, follow the tips below.